nix/.forgejo/workflows/auto-update-pr.yaml

name: Weekly Flake Update PR

on:
  schedule:
    # Every Friday at 22:00 UTC
    - cron: '0 22 * * 5'
  workflow_dispatch: {}

jobs:
  create-pr:
    runs-on: nix
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure Git
        run: |
          git config user.name "Flake Update Bot"
          git config user.email "git@noreply.local"

      - name: Update flake inputs
        run: nix flake update

      - name: Check for changes
        id: changes
        run: |
          if git diff --quiet flake.lock; then
            echo "changed=false" >> $FORGEJO_OUTPUT
            echo "No changes to flake.lock"
          else
            echo "changed=true" >> $FORGEJO_OUTPUT
            echo "flake.lock has been updated"
          fi

      - name: Create branch and commit
        id: commit
        if: steps.changes.outputs.changed == 'true'
        run: |
          BRANCH_NAME="auto-update/$(date +%Y-%m-%d)"
          git checkout -b "$BRANCH_NAME"
          git add flake.lock
          git commit -m "chore: update flake inputs $(date +%Y-%m-%d)"
          git push origin "$BRANCH_NAME"
          echo "branch_name=$BRANCH_NAME" >> $FORGEJO_OUTPUT
          echo "Created and pushed branch: $BRANCH_NAME"

      - name: Create Pull Request
        if: steps.changes.outputs.changed == 'true'
        env:
          FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }}
          BRANCH_NAME: ${{ steps.commit.outputs.branch_name }}
          API_URL: ${{ forgejo.api_url }}
          REPO: ${{ forgejo.repository }}
        run: |
          DATE=$(date +%Y-%m-%d)
          TIMESTAMP=$(date -Iseconds)
          
          cat > /tmp/pr-payload.json << EOF
          {
            "title": "chore: weekly flake update ${DATE}",
            "body": "Automated flake update from CI.\n\nThis PR updates all flake inputs.\n\n**Note:** Build verification will run automatically on this PR.\n\nGenerated on: ${TIMESTAMP}",
            "head": "${BRANCH_NAME}",
            "base": "master"
          }
          EOF
          
          echo "Creating PR with payload:"
          cat /tmp/pr-payload.json
          
          curl -X POST \
            -H "Authorization: token $FORGEJO_TOKEN" \
            -H "Content-Type: application/json" \
            -d @/tmp/pr-payload.json \
            "${API_URL}/repos/${REPO}/pulls"