From 2499d3c6e37b8785c936b80ba446beaae4ad7b5b Mon Sep 17 00:00:00 2001
From: Mshehu5 <musheu@gmail.com>
Date: Thu, 11 Dec 2025 14:43:40 +0100
Subject: [PATCH] Add full flake check in CI and monthly flake.lock maintence
 job

Add flake check in CI workflow and weekly flake.lock update and check after lock updates

Co-authored-by: Ben Allen <benalleng@users.noreply.github.com>
---
 .github/workflows/flake-check.yml       | 31 +++++++++++++++
 .github/workflows/flake-maintenance.yml | 52 +++++++++++++++++++++++++
 flake.nix                               | 10 +++++
 3 files changed, 93 insertions(+)
 create mode 100644 .github/workflows/flake-check.yml
 create mode 100644 .github/workflows/flake-maintenance.yml

diff --git a/.github/workflows/flake-check.yml b/.github/workflows/flake-check.yml
new file mode 100644
index 000000000..2d8a4cc25
--- /dev/null
+++ b/.github/workflows/flake-check.yml
@@ -0,0 +1,31 @@
+name: Flake Check
+
+on:
+  push:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths-ignore:
+      - "flake.lock"
+
+jobs:
+  flake-check:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        checks:
+          - msrv
+          - stable
+          - nightly
+          - maintenance
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Enable magic Nix cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: Run full flake check
+        run: nix build .#checks.x86_64-linux.${{ matrix.checks }}
diff --git a/.github/workflows/flake-maintenance.yml b/.github/workflows/flake-maintenance.yml
new file mode 100644
index 000000000..cc0be8420
--- /dev/null
+++ b/.github/workflows/flake-maintenance.yml
@@ -0,0 +1,52 @@
+name: Flake maintenance
+
+on:
+  schedule:
+    - cron: "0 11 * * 1" # weekly at 14:00 UTC
+  workflow_dispatch:
+
+jobs:
+  validate-lock-file:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        checks:
+          - msrv
+          - stable
+          - nightly
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Enable magic Nix cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: Validate recreated lockfile
+        run: nix build .#checks.x86_64-linux.${{ matrix.checks }} -L --recreate-lock-file --no-write-lock-file
+
+  update-lock-file:
+    needs: validate-lock-file
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Enable magic Nix cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: Update flake.lock
+        uses: DeterminateSystems/update-flake-lock@main
+        with:
+          pr-title: "chore: update flake.lock"
+          commit-msg: "chore: update flake.lock"
+          token: ${{ secrets.GITHUB_TOKEN }}
+          nix-options: --offline
diff --git a/flake.nix b/flake.nix
index e5a9d1e72..e5a57ab0a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -309,6 +309,16 @@
               ]
               ++ pkgs.lib.attrValues packages
             );
+
+            maintenance = checkSuite "maintenance" (
+              with self.outputs.checks.${system};
+              [
+                payjoin-workspace-machete
+                payjoin-workspace-clippy
+                payjoin-workspace-doc
+                formatting
+              ]
+            );
           };
       }
     );