name: Renovate

on:
  push:
  workflow_dispatch: # allows manual triggering
  schedule:
    - cron: '0 0 * * 5' # runs weekly on Friday at 00:00

jobs:
  renovate:
    runs-on: kaylee
    permissions:
      id-token: "write"
      contents: "read"

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Install Nix
        uses: https://github.com/DeterminateSystems/nix-installer-action@main

      - name: Magic Nix Cache
        uses: https://github.com/DeterminateSystems/magic-nix-cache-action@main
        with:
          use-flakehub: false
          use-gha-cache: true
        env:
          ACTIONS_CACHE_URL: ${{ env.ACTIONS_CACHE_URL }}
          ACTIONS_RESULTS_URL: ${{ env.ACTIONS_RESULTS_URL }}
          ACTIONS_RUNTIME_TOKEN: ${{ github.token }}
          ACTIONS_CACHE_SERVICE_V2: ${{ env.ACTIONS_CACHE_SERVICE_V2 }}

      - name: Run Renovate
        env:
          # Platform configuration
          RENOVATE_PLATFORM: forgejo
          RENOVATE_ENDPOINT: https://codeberg.org/api/v1
          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
          RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_TOKEN }}

          # Repository configuration
          RENOVATE_REPOSITORIES: ${{ github.repository }}

          # Git configuration
          RENOVATE_GIT_AUTHOR: 'Renovate Bot <bot@renovateapp.com>'
          RENOVATE_USERNAME: 'renovate-bot'

          # Renovate settings
          RENOVATE_ONBOARDING: 'false'
          RENOVATE_REQUIRE_CONFIG: 'required'
          RENOVATE_CONFIG_FILE: '${{ github.workspace }}/renovate.json'

          # Logging
          LOG_LEVEL: 'info'

          # Reduce external API calls
          RENOVATE_AUTODISCOVER: 'false'
        run: |
          nix run nixpkgs#renovate