.github/workflows/periodic-bump.yml

name: Periodic version bump

on:
  schedule:
    - cron: "00 13 * * 2" # Every Tuesday at 6:00am PST - patch Tuesday :D
  workflow_dispatch:

env:
  pr_branch: auto/version-bump-${{ github.run_number }}
  action_url: https://github.com/ifd3f/infra/actions/runs/${{ github.run_id }}

jobs:
  version-bump:
    name: Submit PR with version bumps
    runs-on: ubuntu-latest
    outputs:
      sha: ${{ steps.create-pr.pull-request-head-sha }}
      check_id: ${{ steps.create-check.outputs.check_id }}

    steps:
      - uses: actions/checkout@v3

      - uses: cachix/install-nix-action@v18
        with:
          nix_path: nixpkgs=channel:nixpkgs-unstable
          extra_nix_config: |
            experimental-features = nix-command flakes
            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}

      - name: Bump flake versions
        run: GC_DONT_GC=1 nix flake update

      - name: Create pull request
        uses: peter-evans/create-pull-request@v4
        id: create-pr
        with:
          title: Bump versions (run ${{ github.run_number }})
          branch: ${{ env.pr_branch }}
          commit-message: |
            auto: Bump versions (run ${{ github.run_number }})
            
            For more details, see ${{ env.action_url }}
          body: |
            Automatic flake bump created by [an automated action run](${{ env.action_url }}).
            
            Please **do not** merge until the "Full check suite" check has completed.
          delete-branch: true
          draft: false

      - name: Annotate SHA with check
        id: create-check
        uses: LouisBrunner/checks-action@v1.5.0
        if: always()
        with:
          name: Full check suite
          token: ${{ secrets.GITHUB_TOKEN }}
          sha: ${{ steps.create-pr.outputs.pull-request-head-sha }}
          details_url: ${{ env.action_url }}
          status: in_progress

  run-checks:
    name: Checks
    needs: version-bump
    uses: ./.github/workflows/check-targets.yml
    secrets: inherit
    with:
      sha: ${{ needs.version-bump.outputs.sha }}

  set-check-result:
    name: Set check result
    needs: 
      - version-bump
      - run-checks
    if: ${{ always() }}
    runs-on: ubuntu-latest
    steps:
      - name: Update check status
        uses: LouisBrunner/checks-action@v1.5.0
        with:
          check_id: ${{ needs.version-bump.outputs.check_id }}
          token: ${{ secrets.GITHUB_TOKEN }}
          details_url: ${{ env.action_url }}
          conclusion: ${{ needs.run-checks.result }}