name: update dependencies
on:
  workflow_dispatch: # allows manual triggering
  schedule:
    - cron: '0 4 * * *' # at 04:00 every day

jobs:
  update:
    name: Update dependencies
    runs-on: self-hosted
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - run: nix shell -L nixpkgs#cargo --command cargo update
      - run: nix shell -L nixpkgs#git --command git add Cargo.lock
      - name: Check flake
        uses: DeterminateSystems/flake-checker-action@main
      - run: nix build -L
      - name: Update Nix Flake Lock
        uses: DeterminateSystems/update-flake-lock@main
        with:
          pr-title: "flake: update flake.lock"
          pr-labels: |
            dependencies
            automated
          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}