From 579862fdb11688ef2eabdd266d575a1e70eff1d2 Mon Sep 17 00:00:00 2001
From: Randy Ang <randy.ang@crypto.com>
Date: Wed, 15 Oct 2025 12:54:37 +0800
Subject: [PATCH] add gomod2nix update when dependabot updates

---
 .github/workflows/dependabot-gomod2nix.yml | 64 ++++++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100644 .github/workflows/dependabot-gomod2nix.yml

diff --git a/.github/workflows/dependabot-gomod2nix.yml b/.github/workflows/dependabot-gomod2nix.yml
new file mode 100644
index 0000000000..2374b93420
--- /dev/null
+++ b/.github/workflows/dependabot-gomod2nix.yml
@@ -0,0 +1,64 @@
+name: Update gomod2nix on Dependabot PRs
+
+on:
+  pull_request:
+    paths:
+      - 'go.mod'
+      - 'go.sum'
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-gomod2nix:
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout PR
+        uses: actions/checkout@v5
+        with:
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          ref: ${{ github.event.pull_request.head.ref }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Install Nix
+        uses: cachix/install-nix-action@v31
+        with:
+          nix_path: nixpkgs=channel:nixos-22.11
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Run gomod2nix
+        run: nix develop -c gomod2nix
+      
+      - name: Check for changes
+        id: changes
+        run: |
+          if git diff --quiet gomod2nix.toml; then
+            echo "changed=false" >> $GITHUB_OUTPUT
+          else
+            echo "changed=true" >> $GITHUB_OUTPUT
+          fi
+      
+      - name: Commit and push gomod2nix.toml
+        if: steps.changes.outputs.changed == 'true'
+        uses: EndBug/add-and-commit@v9
+        with:
+          default_author: user_info
+          message: "chore: update gomod2nix.toml"
+          add: 'gomod2nix.toml'
+      
+      - name: Comment on PR
+        if: steps.changes.outputs.changed == 'true'
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: '✅ Updated `gomod2nix.toml` automatically via `nix develop -c gomod2nix`'
+            })