name: Weekly Dependency Updates
on:
  workflow_dispatch:
  schedule:
    #  8 PM UTC every Friday
    - cron: '0 20 * * 5'
jobs:
  update-dependencies:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: "Install Nix"
        uses: cachix/install-nix-action@v31.8.2

      - name: Set up Git
        run: |
          git config user.name "GitHub Actions Bot"
          git config user.email "actions@github.com"

      - name: Create branch for updates
        run: |
          DATE=$(date +%Y-%m-%d)
          BRANCH_NAME="update/dependencies-$DATE"
          git checkout -b $BRANCH_NAME
          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV

      - name: Update npins
        run: nix run nixpkgs#npins update

      # Only update Nixpkgs. mnw might break on update, better to track it manually to avoid
      # unexpected breakage.
      - name: Update nixpkgs
        run: nix flake update nixpkgs

      - name: Check for changes
        id: check_changes
        run: |
          if git diff --quiet; then
            echo "No changes detected"
            echo "changes_detected=false" >> "$GITHUB_OUTPUT"
            exit 0
          else
            echo "Changes detected"
            echo "changes_detected=true" >> "$GITHUB_OUTPUT"
          fi

      # FIXME: Worth adding additional checks for, e.g., fragile plugins
      # or modules
      # nix build .#checks.<system>.<check-name>
      # We'll probably want to handle this with machine tests
      - name: Verify changes
        if: steps.check_changes.outputs.changes_detected == 'true'
        run: |
          # Run verification tests to ensure updates don't break anything
          nix flake check


      - name: Set date variable
        run: echo "DATE=$(date +%Y-%m-%d)" >> "$GITHUB_ENV"

      - name: Commit and push changes
        if: steps.check_changes.outputs.changes_detected == 'true'
        run: |
          git add .
          git commit -m "pins: bump all plugins (${{ env.DATE }})"
          git push -u origin $BRANCH_NAME

      - name: Create Pull Request
        if: steps.check_changes.outputs.changes_detected == 'true'
        uses: peter-evans/create-pull-request@v7
        with:
          branch: ${{ env.BRANCH_NAME }}
          base: main
          labels: dependencies,automated pr
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: "npins: bump all plugins (${{ env.DATE }})"
          title: "Weekly Dependency Updates: ${{ env.DATE }}"
          body: |
            > [!NOTE]
            > This PR was automatically generated by the Weekly Dependency Updates workflow. Please wait
            > for all CI steps to complete, and test any major changes personally.

            Updates Performed:

            - Updated dependencies using `npins update`
            - Updated nixpkgs using `nix flake update nixpkgs`

            If the verification steps have passed, updates should be safe to merge. For failing CI steps
            submit a Pull Request targetting ${{ env.BRANCH_NAME }}