name: "Flake.lock: update Nix dependencies for development environment only"

on:
  workflow_dispatch: # allows manual triggering
  schedule:
    - cron: '00 00 01 1/2 *' # runs the last of day the month every 2 months at 7:00pm local time (midnight UTC)

jobs:
  nix-flake-update:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: "install nix"
        uses: cachix/install-nix-action@v31

      - uses: photostructure/git-ssh-signing-action@v1
        with:
          ssh-signing-key: ${{ secrets.SSH_SIGNING_KEY }}
          git-user-name: ${{ vars.GIT_USER_NAME }}
          git-user-email: ${{ vars.GIT_USER_EMAIL }}

      - name: "update flake.lock"
        run: |
          nix flake update --commit-lock-file

      - name: "check flake for errors"
        run: |
          nix flake check

      - name: "push update"
        run: |
          git push