name: Sync flake lock with main nix-configuration project

on:
  schedule:
    - cron: "15 3 * * *"
  workflow_dispatch:

jobs:
  update:
    permissions:
      contents: write
    name: Sync flake lock with main nix-configuration project
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v6
      - name: Checkout nix-configuration repository
        uses: actions/checkout@v6
        with:
          repository: xaked/nix-config
          path: nix-config
          ref: master
          token: ${{ secrets.NIX_CONFIGURATION_GITEA_CLONE_TOKEN }}
      - name: Setup sudo and jq (required for the next step)
        run: apt-get update && apt-get install -y sudo jq
      - name: Setup nix
        uses: cachix/install-nix-action@v31
        with:
          extra_nix_config: |
            experimental-features = nix-command flakes
          github_access_token: ${{ secrets.GH_ACCESS_TOKEN }}
          nix_path: nixpkgs=channel:nixos-25.11
      - name: Check for update and perform update
        run: |
          git config user.name gitea-bot
          git config user.email bot@git.palkoi.net
          git config --global user.email bot@git.palkoi.net
          git config --global user.name gitea-bot

          tmpfile="$(mktemp)"
          jq -srM '.[1].nodes.nixpkgs = .[0].nodes.nixpkgs_2|.[1].nodes.nixpkgs_2 = .[0].nodes.nixpkgs_2 | .[1]' ./nix-config/flake.lock flake.lock > "$tmpfile"
          git add flake.lock
      - name: Build nix flake
        run: |
          nix build .
      - name: Check nix flake
        run: nix flake check --all-systems
      - name: Commit updates
        run: |
          git commit --no-gpg-sign -m 'chore(flake): update flake.lock'
          git push