name: "Update flake.lock"
on:
  push:
  schedule:
    - cron: '0 6 * * 0'
  workflow_dispatch:

jobs:
  build:
    runs-on: debian-latest
    permissions:
      contents: write
    steps:
    - name: Checkout
      uses: actions/checkout@v4
      with:
        ref: ${{ gitea.head_ref }}
        # token: ${{ secrets.PAT }}

    # - name: Import GPG key
    #   uses: crazy-max/ghaction-import-gpg@v6
    #   with:
    #     gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
    #     passphrase: ${{ secrets.GPG_PASSPHRASE }}
    #     trust_level: 5
    #     git_user_signingkey: true
    #     git_commit_gpgsign: true

    - name: Install nix
      uses: nixbuild/nix-quick-install-action@v26
      with:
        load_nixConfig: false

    - name: Update flake
      run: nix flake update

    # - name: Evaluate hosts configurations
    #   run: nix develop .#ci --command ./ci.sh --flake .#nixosHostsCI

    # - name: Commit updated flake.lock
    #   uses: stefanzweifel/git-auto-commit-action@v5
    #   with:
    #     commit_message: "[workflow] Update flake.lock"
    #     commit_options: '-S'
    #     file_pattern: './flake.lock'