name: Update flake.lock

on:
  workflow_call:
    inputs:
      inputs:
        description: Space separated list of flake inputs to be updated (defaults to all)
        type: string
        default: ""
        required: false
    secrets:
      github-token:
        required: true

jobs:
  update-flake-lock:
    name: Update flake.lock
    runs-on: ubuntu-22.04
    steps:
    - name: Checkout repository
      uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
      with:
        token: ${{ secrets.github-token }}

    - name: Install Nix
      uses: DeterminateSystems/nix-installer-action@de22e16c4711fca50c816cc9081563429d1cf563 # v10

    - name: Update flake.lock and push
      shell: bash
      env:
        INPUTS: ${{ inputs.inputs }}
      run: |
        git config --global user.name "GitHub Actions"
        git config --global user.email "noreply@github.com"
        nix flake update ${INPUTS} --commit-lock-file
        git push