github: update flake.lock weekly with pull request

github: use DeterminateSystems nix installer

github: run cicid on prs

github/flake-update-inputs: use PAT to trigger subsequent workflows

github: simplify workflow runs

github: setup git after checkout

github/flake-update-inputs: don't self assign reviews

github/git-sync-mirrors: only run on master

github: don't sync to codeberg

github: only run nix checks on .nix updates

github: only run nix checks on .nix and .lock updates

github: ignore .github and _img paths

.github/workflows/flake-checks.yml

@@ -1,5 +1,10 @@
 name: "nix"
-on: [push]
+on:
+  push:
+    paths-ignore:
+      - '.github/**'
+      - '_img/**'
+  workflow_dispatch:
 jobs:
   check-format:
     runs-on: ubuntu-latest
@@ -7,7 +12,8 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 1
-      - uses: cachix/install-nix-action@v27
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
       - name: check if flake complies with default style
         run: nix fmt -- -c .
   check-eval:
@@ -16,6 +22,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 1
-      - uses: cachix/install-nix-action@v27
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
       - name: check if flake evaluates
         run: nix flake check

.github/workflows/flake-update-inputs.yml

@@ -1,7 +1,7 @@
-name: "flake: update inputs"
+name: "update-flake-inputs"
 on:
   schedule:
-    - cron: "0 6 * * *"
+    - cron: "0 0 * * 0"
   workflow_dispatch:
 jobs:
   update-inputs:
@@ -11,17 +11,18 @@ jobs:
         with:
           ref: ${{ github.head_ref }}
           fetch-depth: 1
-      - name: "git: setup"
+      - name: Setup Git
         run: |
-          git config --local user.email "github-actions[bot]@users.noreply.github.com"
+          git config --local user.name  "github-actions[bot]"
-          git config --local user.name "github-actions[bot]"
+          git config --local user.email  "github-actions[bot]@users.noreply.github.com"
-      - uses: cachix/install-nix-action@v27
+      - name: Install Nix
-      - name: "flake: update inputs"
+        uses: DeterminateSystems/nix-installer-action@main
-        run: nix flake update --commit-lock-file
+      - name: Update flake.lock
-      - name: "flake: check eval"
+        uses: DeterminateSystems/update-flake-lock@main
-        run: nix flake check
-      - name: "git: push changes"
-        uses: ad-m/github-push-action@master
         with:
-          branch: ${{ github.head_ref }}
+          token: ${{ secrets.FLAKE_UPDATE_PAT }}
-
+          pr-title: "flake: update inputs"
+          pr-assignees: alyraffauf
+          pr-labels: |
+            dependencies
+            automated

.github/workflows/git-sync-mirrors.yml

@@ -1,25 +1,10 @@
 name: "git"
 on: 
   push:
-  workflow_run:
+    branches:
-    workflows: ["flake: update inputs"]
+      - master
-    types:
-      - completed
   workflow_dispatch:
 jobs:
-  sync-codeberg:
-    runs-on: ubuntu-latest
-    steps:
-      - name: check out repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: "sync codeberg mirror"
-        uses: yesolutions/mirror-action@v0.7.0
-        with:
-          REMOTE: 'https://codeberg.org/alyraffauf/nixcfg.git'
-          GIT_USERNAME: alyraffauf
-          GIT_PASSWORD: ${{ secrets.CODEBERG_PASSWORD }}
   sync-gitlab:
     runs-on: ubuntu-latest
     steps: