From 317b0bbb73a3aa2a8eb2ffff6201eb2e7464fbcc Mon Sep 17 00:00:00 2001
From: Christoph Hollizeck <christoph.hollizeck@hey.com>
Date: Mon, 23 Mar 2026 16:45:00 +0100
Subject: [PATCH 1/2] forgejo-actions: use token to checkout for pushing to
 protected branch

---
 .forgejo/workflows/nightly-update.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/nightly-update.yaml b/.forgejo/workflows/nightly-update.yaml
index fb3c4cf..89af731 100644
--- a/.forgejo/workflows/nightly-update.yaml
+++ b/.forgejo/workflows/nightly-update.yaml
@@ -11,6 +11,9 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: develop
+          # PUSH_TOKEN must be a PAT with write access to the repo.
+          # It bypasses branch protection rules that block the default GITHUB_TOKEN.
+          token: ${{ secrets.PUSH_TOKEN }}
       - name: Update flake
         if: ${{ github.event_name == 'schedule' }}
         run: |
@@ -19,8 +22,8 @@ jobs:
       - name: Commit new Flake.lock
         if: ${{ github.event_name == 'schedule' }}
         run: |
-          git config --local user.email "christoph.hollizeck@hey.com"
-          git config --local user.name "forgjo-actions[bot]"
+          git config --local user.email "forgejo-actions[bot]@christophhollizeck.dev"
+          git config --local user.name "forgejo-actions[bot]"
           git commit -a -m "chore: update flake"
       - name: Push changes
         if: ${{ github.event_name == 'schedule' }}
-- 
2.53.0


From 5b7adc4e460ec14b9d12e44f43b66cc58593368a Mon Sep 17 00:00:00 2001
From: Christoph Hollizeck <christoph.hollizeck@hey.com>
Date: Mon, 23 Mar 2026 16:47:45 +0100
Subject: [PATCH 2/2] forgjo-actions: add manual trigger to pipeline

---
 .forgejo/workflows/nightly-update.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.forgejo/workflows/nightly-update.yaml b/.forgejo/workflows/nightly-update.yaml
index 89af731..ab7e952 100644
--- a/.forgejo/workflows/nightly-update.yaml
+++ b/.forgejo/workflows/nightly-update.yaml
@@ -3,6 +3,7 @@ on:
   #   branches: [main]
   schedule:
     - cron: 0 */6 * * *
+  workflow_dispatch:
 jobs:
   update:
     runs-on: native
@@ -15,18 +16,18 @@ jobs:
           # It bypasses branch protection rules that block the default GITHUB_TOKEN.
           token: ${{ secrets.PUSH_TOKEN }}
       - name: Update flake
-        if: ${{ github.event_name == 'schedule' }}
+        if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }}
         run: |
           cd ${{ env.FORGEJO_WORKSPACE }}
           nix flake update
       - name: Commit new Flake.lock
-        if: ${{ github.event_name == 'schedule' }}
+        if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }}
         run: |
           git config --local user.email "forgejo-actions[bot]@christophhollizeck.dev"
           git config --local user.name "forgejo-actions[bot]"
           git commit -a -m "chore: update flake"
       - name: Push changes
-        if: ${{ github.event_name == 'schedule' }}
+        if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }}
         run: git push
 
       # - name: Build Loptland
-- 
2.53.0