name: Auto Update Flake
on:
  schedule:
    - cron: '0 6 * * *'
  workflow_dispatch: {}

env:
  DEBIAN_FRONTEND: noninteractive
  PATH: /run/current-system/sw/bin/
  XDG_CONFIG_HOME: ${{ runner.temp }}/.config
  ATTIC_ENDPOINT: ${{ vars.ATTIC_ENDPOINT }}
  ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}

jobs:
  auto-update:
    runs-on: nixos
    steps:
      - name: Checkout the repository
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
          ref: master
          token: ${{ secrets.PUSH_TOKEN }}

      - name: Configure git identity
        run: |
          git config user.name "gitea-runner"
          git config user.email "gitea-runner@neet.dev"

      - name: Update flake inputs
        id: update
        run: |
          nix flake update
          if git diff --quiet flake.lock; then
            echo "No changes to flake.lock, nothing to do"
            echo "changed=false" >> "$GITHUB_OUTPUT"
          else
            git add flake.lock
            git commit -m "flake.lock: update inputs"
            echo "changed=true" >> "$GITHUB_OUTPUT"
          fi

      - name: Build and cache
        if: steps.update.outputs.changed == 'true'
        run: bash .gitea/scripts/build-and-cache.sh

      - name: Push updated lockfile
        if: steps.update.outputs.changed == 'true'
        run: git push

      - name: Notify on failure
        if: failure() && steps.update.outputs.changed == 'true'
        run: |
          curl -s \
            -H "Authorization: Bearer ${{ secrets.NTFY_TOKEN }}" \
            -H "Title: Flake auto-update failed" \
            -H "Priority: high" \
            -H "Tags: warning" \
            -d "Auto-update workflow failed. Check: ${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_number }}" \
            https://ntfy.neet.dev/nix-flake-updates