From 5ec1354ebea9091d9a9f6b9ebd4bb972fdef6f37 Mon Sep 17 00:00:00 2001
From: Josef Hofer <me@jhofer.de>
Date: Thu, 14 May 2026 10:09:36 +0200
Subject: [PATCH] ops(flake-review): only run when needed and allow manual
 trigger

---
 .github/workflows/flake-review-build.yml   | 37 ++++++++++++++++++++++
 .github/workflows/flake-review-comment.yml | 21 ++++++++++++
 .github/workflows/flake-review.yml         | 23 --------------
 renovate.json                              |  5 +--
 4 files changed, 61 insertions(+), 25 deletions(-)
 create mode 100644 .github/workflows/flake-review-build.yml
 create mode 100644 .github/workflows/flake-review-comment.yml
 delete mode 100644 .github/workflows/flake-review.yml

diff --git a/.github/workflows/flake-review-build.yml b/.github/workflows/flake-review-build.yml
new file mode 100644
index 00000000..914e735e
--- /dev/null
+++ b/.github/workflows/flake-review-build.yml
@@ -0,0 +1,37 @@
+name: Flake Review Build
+
+on:
+ pull_request:
+  branches: [master, dev]
+  paths:
+   - ".github/workflows/flake-review-build.yml"
+   - ".github/workflows/flake-review-comment.yml"
+   - "flake.lock"
+   - "flake.nix"
+   - "nix/**"
+   - "**/package.json"
+   - "pnpm-lock.yaml"
+   - "pnpm-workspace.yaml"
+ workflow_dispatch:
+  inputs:
+   pr-url:
+    description: "PR URL to review"
+    type: string
+    required: true
+
+concurrency:
+ group: ${{ github.workflow }}-${{ github.event.pull_request.number || inputs.pr-url || github.ref }}
+ cancel-in-progress: true
+
+permissions:
+ contents: read
+
+jobs:
+ build:
+  # https://github.com/ojsef39/flake-review/blob/main/.github/workflows/flake-review-build-reusable.yml
+  uses: ojsef39/flake-review/.github/workflows/flake-review-build-reusable.yml@0.3.0
+  with:
+   flake-review-ref: "0.3.0"
+   packages: "default"
+   matrix: '[{"runner":"macos-latest","systems":"aarch64-darwin","name":"darwin"},{"runner":"ubuntu-latest","systems":"x86_64-linux","name":"linux"}]'
+   pr-url: ${{ inputs.pr-url || github.event.pull_request.html_url }}
diff --git a/.github/workflows/flake-review-comment.yml b/.github/workflows/flake-review-comment.yml
new file mode 100644
index 00000000..55e6db6a
--- /dev/null
+++ b/.github/workflows/flake-review-comment.yml
@@ -0,0 +1,21 @@
+name: Flake Review Comment
+
+# Triggered when "Flake Review Build" finishes. Runs from master with a writable
+# token so it can post comments even on fork PRs.
+
+on:
+ workflow_run:
+  workflows: ["Flake Review Build"]
+  types: [completed]
+
+permissions:
+ contents: read
+ pull-requests: write
+ actions: read
+
+jobs:
+ comment:
+  # https://github.com/ojsef39/flake-review/blob/main/.github/workflows/flake-review-comment-reusable.yml
+  uses: ojsef39/flake-review/.github/workflows/flake-review-comment-reusable.yml@0.3.0
+  with:
+   flake-review-ref: "0.3.0"
diff --git a/.github/workflows/flake-review.yml b/.github/workflows/flake-review.yml
deleted file mode 100644
index 2dd8671e..00000000
--- a/.github/workflows/flake-review.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-name: Flake Review
-
-on:
- pull_request:
-  branches: [master, dev]
-
-concurrency:
- group: ${{ inputs.concurrency-group || format('{0}-{1}', github.workflow, github.ref) }}
- cancel-in-progress: true
-
-permissions:
- contents: read
- pull-requests: write
-
-jobs:
- review:
-  uses: ojsef39/flake-review/.github/workflows/flake-review-reusable.yml@0.1.2
-  with:
-   # https://github.com/ojsef39/flake-review/blob/main/.github/workflows/flake-review-reusable.yml
-   concurrency-group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-   flake-review-ref: "0.1.2"
-   packages: "default"
-   matrix: '[{"runner":"macos-latest","systems":"aarch64-darwin","name":"darwin"},{"runner":"ubuntu-latest","systems":"x86_64-linux","name":"linux"}]'
diff --git a/renovate.json b/renovate.json
index cc32a963..58b41dad 100644
--- a/renovate.json
+++ b/renovate.json
@@ -4,10 +4,11 @@
     {
       "customType": "regex",
       "managerFilePatterns": [
-        "/^\\.github/workflows/flake-review\\.yml$/"
+        "/^\\.github/workflows/flake-review-.*\\.yml$/"
       ],
       "matchStrings": [
-        "flake-review-ref: \"(?<currentValue>[^\"]+)\""
+        "flake-review-ref: \"(?<currentValue>[^\"]+)\"",
+        "ojsef39/flake-review/[^@\\s]+@(?<currentValue>[^\\s]+)"
       ],
       "depNameTemplate": "ojsef39/flake-review",
       "datasourceTemplate": "github-tags"