name: Weekly Dependency Updates

on:
  workflow_dispatch:
  schedule:
    #  8 PM UTC every Friday
    - cron: '0 20 * * 5'

jobs:
  update-dependencies:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main

      - name: Set up Git
        run: |
          git config user.name "GitHub Actions Bot"
          git config user.email "actions@github.com"

      - name: Create branch for updates
        run: |
          DATE=$(date +%Y-%m-%d)
          BRANCH_NAME="update/dependencies-$DATE"
          git checkout -b $BRANCH_NAME
          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV

      - name: Update npins
        run: npins update

      # Only update npins. mnw might break on update, better to track it manually to avoid
      # unexpected breakage.
      - name: Update nixpkgs
        run: nix flake update nixpkgs

      - name: Check for changes
        id: check_changes
        run: |
          if git diff --quiet; then
            echo "No changes detected"
            echo "changes_detected=false" >> "$GITHUB_OUTPUT"
            exit 0
          else
            echo "Changes detected"
            echo "changes_detected=true" >> "$GITHUB_OUTPUT"
          fi

      - name: Verify changes
        if: steps.check_changes.outputs.changes_detected == 'true'
        run: |
          # Run verification tests to ensure updates don't break anything
          nix flake check

          # Worth adding additional checks for, e.g., fragile plugins
          # or modules
          # nix build .#checks.<system>.check-name

      - name: Set date variable
        run: echo "DATE=$(date +%Y-%m-%d)" >> "$GITHUB_ENV"

      - name: Commit and push changes
        if: steps.check_changes.outputs.changes_detected == 'true'
        run: |
          git add .
          git commit -m "pins: bump all plugins (${{ env.DATE }})"
          git push -u origin $BRANCH_NAME

      - name: Create Pull Request
        if: steps.check_changes.outputs.changes_detected == 'true'
        uses: peter-evans/create-pull-request@v7
        with:
          branch: ${{ env.BRANCH_NAME }}
          base: main
          labels: dependencies,automated pr
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: "npins: bump all plugins (${{ env.DATE }})"
          title: "Weekly Dependency Updates: ${{ env.DATE }}"
          body: |
            This PR was automatically generated by the **Weekly Dependency Updates** workflow. Please wait
            for all checks to pass before merging.

            Updates:
            - Updated dependencies using `npins update`
            - Updated nixpkgs using `nix flake update nixpkgs`

            The verification steps have passed, updates should be safe to merge.