refactor(ci): modularize github actions configuration

DivitMittal · DivitMittal · commit 7bacd60d69e1 · 2025-11-14T19:06:47.000+05:30
Splits the monolithic actions.nix into a directory structure for better organization and reusability.
Introduces a new workflow for automatic flake.lock updates.
diff --git a/flake/actions.nix b/flake/actions.nix
diff --git a/flake/actions/default.nix b/flake/actions/default.nix
@@ -0,0 +1,54 @@
+{
+  inputs,
+  customLib,
+  ...
+}: {
+  imports =
+    (customLib.scanPaths ./.)
+    ++ [
+      inputs.actions-nix.flakeModules.default
+    ];
+
+  _module.args = {
+    common-on = rec {
+      push = {
+        branches = ["main"];
+        paths = [
+          "flake.nix"
+          "flake.lock"
+          "flake/**"
+        ];
+      };
+      pull_request = push;
+      workflow_dispatch = {};
+    };
+    common-permissions = {
+      contents = "write";
+      id-token = "write";
+    };
+    common-actions = [
+      {
+        name = "Checkout repo";
+        uses = "actions/checkout@main";
+        "with" = {
+          fetch-depth = 1;
+        };
+      }
+      inputs.actions-nix.lib.steps.DeterminateSystemsNixInstallerAction
+      {
+        name = "Magic Nix Cache(Use GitHub Actions Cache)";
+        uses = "DeterminateSystems/magic-nix-cache-action@main";
+      }
+    ];
+  };
+
+  flake.actions-nix = {
+    pre-commit.enable = true;
+    defaultValues = {
+      jobs = {
+        runs-on = "ubuntu-latest";
+        timeout-minutes = 30;
+      };
+    };
+  };
+}
diff --git a/flake/actions/flake-check.nix b/flake/actions/flake-check.nix
@@ -0,0 +1,21 @@
+{
+  common-on,
+  common-permissions,
+  common-actions,
+  ...
+}: {
+  flake.actions-nix.workflows.".github/workflows/flake-check.yml" = {
+    on = common-on;
+    jobs.checking-flake = {
+      permissions = common-permissions;
+      steps =
+        common-actions
+        ++ [
+          {
+            name = "Run nix flake check";
+            run = "nix -vL flake check --impure --all-systems --no-build";
+          }
+        ];
+    };
+  };
+}
diff --git a/flake/actions/flake-lock-update.nix b/flake/actions/flake-lock-update.nix
@@ -0,0 +1,32 @@
+{
+  common-permissions,
+  common-actions,
+  ...
+}: {
+  flake.actions-nix.workflows.".github/workflows/flake-lock-update.yml" = {
+    on = {
+      workflow_dispatch = {};
+      schedule = [
+        {
+          cron = "0 0 * * 0"; # Every Sunday at midnight
+        }
+      ];
+    };
+    jobs.locking-flake = {
+      permissions =
+        common-permissions
+        // {
+          issues = "write";
+          pull-requests = "write";
+        };
+      steps =
+        common-actions
+        ++ [
+          {
+            name = "Update flake.lock";
+            uses = "DeterminateSystems/update-flake-lock@main";
+          }
+        ];
+    };
+  };
+}
