chore: add monthly flake.lock inputs update workflow

[yvan-sraka]

Adds GitHub Action to automatically update flake.lock every Month. Uses Mic92/update-flake-inputs to create PRs with updated dependencies, preventing large, painful updates like the recent 2-year gap... #1714

Targets develop branch with automated and dependencies labels. Can also be triggered manually via workflow_dispatch.

The workflow is configured with GITHUB_TOKEN which works but won't trigger CI workflows on the created pull requests (GitHub prevents this to avoid infinite loops).

For CI workflows to run on the created PRs, you should set up a GitHub App:

1. Easy setup: Use the web interface to create a GitHub App with correct permissions
2. Configure secrets: Save the App ID as APP_ID and private key as APP_PRIVATE_KEY in repository secrets
3. Update workflow: Replace the github-token step to use the GitHub App token

See the full documentation for detailed instructions.

The current basic setup will work fine for creating PRs, the GitHub App is only needed if you want CI to automatically run on those PRs.

Summary by CodeRabbit

• Chores
  • Added automated workflow for regular dependency updates to maintain project stability and currency.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

A new GitHub Actions workflow is introduced to automatically update the Nix flake.lock file. The workflow runs monthly and on manual trigger, performs repository checkout, installs Nix, and updates dependencies using the Mic92/update-flake-inputs action with appropriate PR labels.

Changes

Cohort / File(s)	Summary
Nix Flake Lock Update Workflow \.github/workflows/update-flake-lock\.yml	New automated workflow that updates flake.lock on a monthly schedule (1st of each month at 00:00 UTC) and supports manual triggering via workflow_dispatch. Configures Nix environment, checks out repository, and invokes Mic92/update-flake-inputs@main with GitHub token and labels for dependency management automation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A flake lock update, once per moon,
Keeps dependencies fresh, in tune!
Nix tools dance, so precise and keen,
Automation blooms—a reviewer's dream. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description provides comprehensive context about the workflow, its purpose, current limitations with GITHUB_TOKEN, and instructions for setting up a GitHub App for CI integration. However, it does not follow the repository's description template structure.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The PR title 'chore: add monthly flake.lock inputs update workflow' clearly and specifically describes the main change: adding a GitHub Actions workflow for monthly flake.lock updates.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}