Update Nix Flake lockfile

.github/workflows/ci.yml

@@ -17,7 +17,7 @@ on:
 
 jobs:
   ci:
-    uses: metacraft-labs/nixos-modules/.github/workflows/flake-checks-ci-matrix.yml@main
+    uses: ./.github/workflows/reusable-flake-checks-ci-matrix.yml
     secrets: inherit
     with:
       runner: '["self-hosted", "Linux", "x86-64-v2"]'

.github/workflows/reusable-update-flake-lock.yml

@@ -0,0 +1,74 @@
+name: "Update Nix Flake lockfile"
+
+on:
+  # Allow this workflow to be reused by other workflows:
+  workflow_call:
+    inputs:
+      runner:
+        description: 'JSON-encoded list of runner labels'
+        default: '["self-hosted"]'
+        required: false
+        type: string
+
+    secrets:
+      NIX_GITHUB_TOKEN:
+        description: GitHub token to add as access-token in nix.conf
+        required: false
+      CACHIX_AUTH_TOKEN:
+        description: 'Cachix auth token'
+        required: true
+      CREATE_PR_APP_ID:
+        description: ID of the GitHub App used for opening pull requests.
+        required: true
+      CREATE_PR_APP_PRIVATE_KEY:
+        description: Private key of the GitHub App used for opening pull requests.
+        required: true
+
+  # Allow this workflow to be triggered manually:
+  workflow_dispatch:
+
+  # Run every Sunday at 00:00:
+  schedule:
+    - cron: 0 0 * * 0 # https://crontab.guru/#0_0_*_*_0
+
+jobs:
+  main:
+    runs-on: ${{ fromJSON(inputs.runner) }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: metacraft-labs/nixos-modules/.github/install-nix@main
+        with:
+          nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }}
+          cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          cachix-cache: ${{ vars.CACHIX_CACHE }}
+          trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
+          substituters: ${{ vars.SUBSTITUTERS }}
+
+      - name: Run `nix flake update`
+        id: update-lockfile
+        run: |
+          curl -fsSL --proto '=https' --tlsv1.2 \
+            https://raw.githubusercontent.com/metacraft-labs/nixos-modules/main/scripts/commit_flake_update.bash \
+            -o commit_flake_update.bash
+          bash commit_flake_update.bash
+
+      - uses: tibdex/[email protected]
+        id: generate-token
+        with:
+          app_id: ${{ secrets.CREATE_PR_APP_ID }}
+          private_key: ${{ secrets.CREATE_PR_APP_PRIVATE_KEY }}
+
+      - name: Create Pull Request
+        if: ${{ hashFiles('commit_msg_body.txt') != '' }}
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          title: 'Update Nix Flake lockfile'
+          body-path: commit_msg_body.txt
+          branch: 'create-pull-request/update-flake-lockfile'
+          delete-branch: true
+          branch-suffix: timestamp
+          add-paths: flake.lock

.github/workflows/update-flake-packages.yml → .github/workflows/reusable-update-flake-packages.yml

@@ -7,7 +7,7 @@ on:
       runner:
         description: 'JSON-encoded list of runner labels'
         default: '["self-hosted"]'
-        required: true
+        required: false
         type: string
 
     secrets:

.github/workflows/update-flake-lock.yml

@@ -1,74 +1,16 @@
-name: "Update Nix Flake lockfile"
+name: Update Nix Flake lockfile
 
 on:
-  # Allow this workflow to be reused by other workflows:
-  workflow_call:
-    inputs:
-      runner:
-        description: 'JSON-encoded list of runner labels'
-        default: '["self-hosted"]'
-        required: true
-        type: string
-
-    secrets:
-      NIX_GITHUB_TOKEN:
-        description: GitHub token to add as access-token in nix.conf
-        required: false
-      CACHIX_AUTH_TOKEN:
-        description: 'Cachix auth token'
-        required: true
-      CREATE_PR_APP_ID:
-        description: ID of the GitHub App used for opening pull requests.
-        required: true
-      CREATE_PR_APP_PRIVATE_KEY:
-        description: Private key of the GitHub App used for opening pull requests.
-        required: true
-
-  # Allow this workflow to be triggered manually:
+  # Enable option to manually run the action:
   workflow_dispatch:
 
   # Run every Sunday at 00:00:
   schedule:
-    - cron: 0 0 * * 0 # https://crontab.guru/#0_0_*_*_0
+    - cron: 0 0 * * 0
 
 jobs:
-  main:
-    runs-on: ${{ fromJSON(inputs.runner) }}
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install Nix
-        uses: metacraft-labs/nixos-modules/.github/install-nix@main
-        with:
-          nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }}
-          cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
-          cachix-cache: ${{ vars.CACHIX_CACHE }}
-          trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
-          substituters: ${{ vars.SUBSTITUTERS }}
-
-      - name: Run `nix flake update`
-        id: update-lockfile
-        run: |
-          curl -fsSL --proto '=https' --tlsv1.2 \
-            https://raw.githubusercontent.com/metacraft-labs/nixos-modules/main/scripts/commit_flake_update.bash \
-            -o commit_flake_update.bash
-          bash commit_flake_update.bash
-
-      - uses: tibdex/[email protected]
-        id: generate-token
-        with:
-          app_id: ${{ secrets.CREATE_PR_APP_ID }}
-          private_key: ${{ secrets.CREATE_PR_APP_PRIVATE_KEY }}
-
-      - name: Create Pull Request
-        if: ${{ hashFiles('commit_msg_body.txt') != '' }}
-        uses: peter-evans/create-pull-request@v7
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          title: 'Update Nix Flake lockfile'
-          body-path: commit_msg_body.txt
-          branch: 'create-pull-request/update-flake-lockfile'
-          delete-branch: true
-          branch-suffix: timestamp
-          add-paths: flake.lock
+  update-flake-lock:
+    uses: ./.github/workflows/reusable-update-flake-lock.yml
+    secrets: inherit
+    with:
+      runner: '["self-hosted", "Linux", "x86-64-v2"]'