nix-direnv/.github/workflows/update-flake-lock.yml

name: update-flake-lock
on:
  workflow_dispatch: # allows manual triggering
  schedule:
    - cron: "0 0 * * 1,4" # Run twice a week
permissions:
  pull-requests: write
  contents: write
jobs:
  lockfile:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Nix
        uses: cachix/install-nix-action@v31
        with:
          github_access_token: ${{ secrets.GITHUB_TOKEN }}
      - uses: actions/create-github-app-token@v2
        id: app-token
        with:
          app-id: ${{ vars.CI_APP_ID }}
          private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
      - name: Update flake.lock
        uses: DeterminateSystems/update-flake-lock@v25
        with:
          token: ${{ steps.app-token.outputs.token }}
          pr-body: |
            Automated changes by the update-flake-lock
            ```
            {{ env.GIT_COMMIT_MESSAGE }}
            ```
          pr-labels: | # Labels to be set on the PR
            auto-merge