fix(ci): dynamic flake input discovery and updateScript support

- Replace hardcoded opencode update step with dynamic discovery of all
  version-pinned flake inputs via nix flake metadata --json
- Add --use-update-script flag to nix-update command so packages with
  custom passthru.updateScript (like n8n) use their custom scripts
- Update output variables from update-opencode to update-flake-inputs
- Update Summary step to reflect new generic flake input handling

.gitea/workflows/nix-update.yml

@@ -52,72 +52,91 @@ jobs:
             "https://m3tam3re@code.m3ta.dev/m3tam3re/nixpkgs.git" \
             "$REPO_DIR"
 
-      - name: Update opencode Flake Input
+      - name: Update All Flake Inputs
-        id: update-opencode
+        id: update-flake-inputs
         run: |
           cd "$REPO_DIR"
 
-          echo "::group::Checking for opencode updates"
+          echo "::group::Discovering version-pinned flake inputs"
 
-          # Get latest release from GitHub API (strip v prefix for comparison)
+          # Get GitHub inputs with version refs (e.g., v1.2.9)
-          LATEST_RELEASE=$(curl -s "https://api.github.com/repos/anomalyco/opencode/releases/latest" | jq -r '.tag_name' | sed 's/^v//')
+          VERSIONED_INPUTS=$(nix flake metadata --json | jq -r '
+            .locks.nodes | to_entries[] |
+            select(.value.original.type == "github") |
+            select(.value.original.ref != null) |
+            select(.value.original.ref | test("^v?[0-9]+\\.[0-9]+")) |
+            "\(.key) \(.value.original.owner) \(.value.original.repo) \(.value.original.ref)"
+          ')
 
-          # Extract current version from flake.nix
+          echo "Discovered version-pinned inputs:"
-          CURRENT_VERSION=$(grep 'anomalyco/opencode' flake.nix | grep -oP 'v\K[0-9.]+')
+          echo "$VERSIONED_INPUTS"
+          echo "::endgroup::"
 
-          echo "Current opencode version: $CURRENT_VERSION"
+          UPDATED_INPUTS=""
-          echo "Latest opencode version: $LATEST_RELEASE"
+          FAILED_INPUTS=""
 
-          # Check if update is needed
+          # Update each version-pinned input
-          if [ "$LATEST_RELEASE" != "$CURRENT_VERSION" ]; then
+          while read -r INPUT_NAME OWNER REPO CURRENT_REF; do
-            echo "🔄 Updating opencode from $CURRENT_VERSION to $LATEST_RELEASE"
+            [ -z "$INPUT_NAME" ] && continue
 
-            # Update flake.nix with new version
+            echo "::group::Checking $INPUT_NAME ($OWNER/$REPO)"
-            sed -i 's|url = "github:anomalyco/opencode/v.*"|url = "github:anomalyco/opencode/v'"$LATEST_RELEASE"'"|' flake.nix
 
-            # Update flake lock to fetch new revision
+            # Get latest stable release (exclude prereleases)
-            nix flake update opencode
+            LATEST=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+              "https://api.github.com/repos/$OWNER/$REPO/releases/latest" | \
+              jq -r 'select(.prerelease == false) | .tag_name // empty')
 
-            # Format with alejandra
+            if [ -z "$LATEST" ]; then
+              echo "⚠️ No stable release found for $INPUT_NAME"
+              FAILED_INPUTS="$FAILED_INPUTS $INPUT_NAME(no-release)"
+              echo "::endgroup::"
+              continue
+            fi
+
+            echo "Current: $CURRENT_REF | Latest: $LATEST"
+
+            if [ "$LATEST" != "$CURRENT_REF" ]; then
+              echo "Updating $INPUT_NAME from $CURRENT_REF to $LATEST"
+
+              # Update flake.nix
+              sed -i "s|github:$OWNER/$REPO/[^\"']*|github:$OWNER/$REPO/$LATEST|g" flake.nix
+
+              # Update flake.lock for this input
+              if nix flake update "$INPUT_NAME" 2>&1 | tee /tmp/input-update.log; then
+                UPDATED_INPUTS="$UPDATED_INPUTS $INPUT_NAME($LATEST)"
+                echo "✅ Updated $INPUT_NAME to $LATEST"
+              else
+                echo "❌ Failed to update $INPUT_NAME"
+                FAILED_INPUTS="$FAILED_INPUTS $INPUT_NAME(update-failed)"
+                git checkout flake.nix flake.lock 2>/dev/null || true
+              fi
+            else
+              echo "✓ $INPUT_NAME is already up to date"
+            fi
+            echo "::endgroup::"
+          done <<< "$VERSIONED_INPUTS"
+
+          echo "::group::Updating non-version-pinned inputs"
+          # Update all non-version-pinned inputs (branches, no-ref)
+          nix flake update
+          echo "::endgroup::"
+
+          # Check if we have any changes
+          if [ -n "$(git status --porcelain flake.nix flake.lock)" ]; then
+            echo "::group::Committing flake input updates"
             nix fmt flake.nix
-
-            # Verify the update
-            echo "::endgroup::"
-            echo "::group::Verifying opencode update"
-
-            # Run flake check
-            if ! nix flake check; then
-              echo "❌ Flake check failed after opencode update"
-              git checkout flake.nix flake.lock
-              exit 1
-            fi
-
-            # Build opencode package
-            if ! nix build .#opencode 2>&1 | tee /tmp/opencode-build.log; then
-              echo "❌ Build failed for opencode"
-              git checkout flake.nix flake.lock
-              exit 1
-            fi
-
-            echo "✅ Flake check passed"
-            echo "✅ Build successful for opencode"
-            echo "::endgroup::"
-
-            # Commit the change
-            echo "::group::Committing opencode update"
             git add flake.nix flake.lock
-            git commit -m "chore: update opencode flake input to $LATEST_RELEASE"
 
-            echo "opencode_update=true" >> $GITHUB_OUTPUT
+            COMMIT_MSG="chore: update flake inputs"
-            echo "opencode_version=${LATEST_RELEASE}" >> $GITHUB_OUTPUT
+            [ -n "$UPDATED_INPUTS" ] && COMMIT_MSG="$COMMIT_MSG - $(echo $UPDATED_INPUTS | tr ' ' ', ')"
+
+            git commit -m "$COMMIT_MSG"
+            echo "flake_inputs_updated=true" >> $GITHUB_OUTPUT
+            echo "updated_inputs=${UPDATED_INPUTS# }" >> $GITHUB_OUTPUT
+            [ -n "$FAILED_INPUTS" ] && echo "failed_inputs=${FAILED_INPUTS# }" >> $GITHUB_OUTPUT
             echo "::endgroup::"
-
-            echo "✅ Updated opencode to $LATEST_RELEASE"
           else
-            echo "✓ opencode is already up to date"
+            echo "flake_inputs_updated=false" >> $GITHUB_OUTPUT
-            echo "opencode_update=false" >> $GITHUB_OUTPUT
-            echo "opencode_version=${CURRENT_VERSION}" >> $GITHUB_OUTPUT
-            echo "::endgroup::"
           fi
 
       - name: Check Prerequisites
@@ -162,9 +181,9 @@ jobs:
 
               echo "::group::Updating $pkg"
 
-              local args=("--flake" "--commit" "--use-github-releases")
+               local args=("--flake" "--commit" "--use-github-releases" "--use-update-script")
 
-              args+=("$pkg")
+               args+=("$pkg")
 
              if nix-update "${args[@]}" 2>&1 | tee /tmp/update-${pkg}.log; then
                 if [ "$(check_commit "$before_hash")" = "true" ]; then
@@ -251,7 +270,7 @@ jobs:
           fi
 
       - name: Verify Builds
-        if: steps.update.outputs.has_updates == 'true' || steps.update-opencode.outputs.opencode_update == 'true'
+        if: steps.update.outputs.has_updates == 'true' || steps.update-flake-inputs.outputs.flake_inputs_updated == 'true'
         run: |
           cd "$REPO_DIR"
 
@@ -303,16 +322,17 @@ jobs:
           echo "✅ All packages built successfully: ${SUCCESSFUL_PACKAGES[*]}"
 
       - name: Push Changes
-        if: steps.update.outputs.has_updates == 'true' || steps.update-opencode.outputs.opencode_update == 'true'
+        if: steps.update.outputs.has_updates == 'true' || steps.update-flake-inputs.outputs.flake_inputs_updated == 'true'
         run: |
           cd "$REPO_DIR"
           PACKAGES="${{ steps.update.outputs.updated_packages }}"
 
-          if [ "${{ steps.update-opencode.outputs.opencode_update }}" = "true" ]; then
+          if [ "${{ steps.update-flake-inputs.outputs.flake_inputs_updated }}" = "true" ]; then
+            UPDATED_INPUTS="${{ steps.update-flake-inputs.outputs.updated_inputs }}"
             if [ -n "$PACKAGES" ]; then
-              PACKAGES="$PACKAGES, opencode"
+              PACKAGES="$PACKAGES, flake inputs ($UPDATED_INPUTS)"
             else
-              PACKAGES="opencode"
+              PACKAGES="flake inputs ($UPDATED_INPUTS)"
             fi
           fi
 
@@ -370,12 +390,22 @@ jobs:
             echo "\`${{ steps.update.outputs.updated_packages }}\`" >> $GITHUB_STEP_SUMMARY
           fi
 
-          if [ "${{ steps.update-opencode.outputs.opencode_update }}" = "true" ]; then
+          if [ "${{ steps.update-flake-inputs.outputs.flake_inputs_updated }}" = "true" ]; then
             HAS_UPDATES="true"
             echo "" >> $GITHUB_STEP_SUMMARY
-            echo "## Updated Flake Input" >> $GITHUB_STEP_SUMMARY
+            echo "## Updated Flake Inputs" >> $GITHUB_STEP_SUMMARY
             echo "" >> $GITHUB_STEP_SUMMARY
-            echo "- **opencode**: \`v${{ steps.update-opencode.outputs.opencode_version }}\`" >> $GITHUB_STEP_SUMMARY
+            for input in ${{ steps.update-flake-inputs.outputs.updated_inputs }}; do
+              echo "- **$input**" >> $GITHUB_STEP_SUMMARY
+            done
+            if [ -n "${{ steps.update-flake-inputs.outputs.failed_inputs }}" ]; then
+              echo "" >> $GITHUB_STEP_SUMMARY
+              echo "### Failed Inputs" >> $GITHUB_STEP_SUMMARY
+              echo "" >> $GITHUB_STEP_SUMMARY
+              for input in ${{ steps.update-flake-inputs.outputs.failed_inputs }}; do
+                echo "- $input" >> $GITHUB_STEP_SUMMARY
+              done
+            fi
           fi
 
           if [ "$HAS_UPDATES" = "true" ]; then