name: Fix pnpm dependency hash

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

jobs:
  fix-nix-hash:
    runs-on: ubuntu-latest
    permissions: write-all
    steps:
      - name: "Checkout Repository"
        uses: actions/checkout@v5
        with:
          fetch-depth: 2

      - name: "Get changed files"
        id: changed-files
        uses: dorny/paths-filter@v3
        with:
          filters: |
            files:
              - 'flake.nix'
              - 'package.json'
              - 'pnpm-lock.yaml'

      # Exit early if no relevant files are updated
      - name: Install Nix
        uses: cachix/install-nix-action@v31.9.0
        if: steps.changed-files.outputs.files == 'true'
        with:
          nix_path: nixpkgs=channel:nixos-unstable
          extra_nix_config: |
            substituters = https://cache.nixos.org/ https://feel-co.cachix.org
            trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= feel-co.cachix.org-1:nwEFNnwZvtl4KKSH5LDg+/+K7bV0vcs6faMHAJ6xx0w=

      - name: Update Dependency Hash
        if: steps.changed-files.outputs.files == 'true'
        run: |
          if nix build --print-build-logs .# 2> /tmp/log; then
            exit 0
          fi

          hash="$(grep 'got:' /tmp/log | awk '{print $2}')"

          if [ -n "$hash" ]; then
             echo "hash=$hash"
             echo "Updating hash in package.nix"
             sed -e "s#hash =.*\$#hash = \"$hash\";#g" -i nix/package.nix
           else
             echo "No hash found, exiting"
             exit 0 # exit with success, this is not error worthy
           fi

          git diff

      - name: Update dependencies
        uses: stefanzweifel/git-auto-commit-action@v7
        with:
          commit_message: "meta: auto-update dependencies"