.github/workflows/scheduled-jobs.yml

name: scheduled-jobs
on:
  schedule:
    - cron: "30 01 * * *"
  workflow_dispatch:
defaults:
  run:
    shell: bash --noprofile --norc -exo pipefail {0}
jobs:
  update-submodules:
    if: github.repository_owner == 'aarnphm'
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Import bot's GPG key for signing commits
        id: import-gpg
        uses: crazy-max/ghaction-import-gpg@v5
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          git_config_global: true
          git_user_signingkey: true
          git_commit_gpgsign: true
      - name: Running update submodules
        env:
          GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
          GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
          GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
          GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
        run: |
          git config --global user.name "${{ steps.import-gpg.outputs.name }}"
          git config --global user.email "${{ steps.import-gpg.outputs.email }}"
          git submodule update --init --recursive
          git pull --recurse-submodules
          git submodule update --remote
          git add extern && git commit -S -m "cron: update submodules to latest commits [generated]" || true
          git push
  run-formatter:
    if: github.repository_owner == 'aarnphm'
    runs-on: ubuntu-latest
    permissions:
      contents: write
    needs: [update-submodules]
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Import bot's GPG key for signing commits
        id: import-gpg
        uses: crazy-max/ghaction-import-gpg@v5
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          git_config_global: true
          git_user_signingkey: true
          git_commit_gpgsign: true
      - uses: cachix/install-nix-action@v22
        name: Setup nix setup
        with:
          nix_path: nixpkgs=channel:nixos-unstable
      - name: Pushing changed files
        env:
          GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
          GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
          GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
          GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
        run: |
          git pull --autostash --no-edit --gpg-sign --ff
          git config --global user.name "${{ steps.import-gpg.outputs.name }}"
          git config --global user.email "${{ steps.import-gpg.outputs.email }}"
          nix-shell --command treefmt
          git add . && git commit -S -m "cron: Running formatting jobs [generated]" || true
          git push