name: update-flake-lock
on:
  workflow_dispatch: # allows manual triggering
  schedule:
    # Runs weekly at 00:00 UTC on Sunday
    - cron: "0 0 * * 0"
jobs:
  lockfile:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
      - name: Update flake.lock
        uses: DeterminateSystems/update-flake-lock@main
        with:
          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
          pr-title: "build(lock): update"
          pr-labels: |
            lock
          pr-assignees: youwen5
          nix-options:
            --option access-tokens "github.com=${{GH_TOKEN_FOR_UPDATES}}"