From 8fbab9d869496097811ca29db20d4fe751a3359e Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Wed, 7 Aug 2024 20:09:36 -0500
Subject: [PATCH] PR --> Build --> Merge --> Deploy

---
 .forgejo/workflows/build.yaml  | 13 +++-------
 .forgejo/workflows/deploy.yaml | 47 ++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 10 deletions(-)
 create mode 100644 .forgejo/workflows/deploy.yaml

diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml
index faf0b24..2843873 100644
--- a/.forgejo/workflows/build.yaml
+++ b/.forgejo/workflows/build.yaml
@@ -1,6 +1,8 @@
-name: "Build"
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: "Build on PR"
 on:
   pull_request:
+    types: [opened, synchronize]
   push:
     branches: ["main"]
     paths:
@@ -30,11 +32,9 @@ jobs:
         if: ${{ !github.event.pull_request.head.repo.fork }}
         with:
           name: hsndev
-          # If you chose API tokens for write access OR if you have a private cache
           authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
       - name: Garbage collect build dependencies
         run: nix-collect-garbage
-
       - name: Build new ${{ matrix.system }} system and push to cachix
         id: "build"
         shell: bash
@@ -49,10 +49,3 @@ jobs:
           CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
         run: |
           echo $DRVOUT | cachix push hsndev
-      - name: Deploy ${{ matrix.system }} runners
-        id: "deploy"
-        if: success()
-        env:
-          CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
-        run: |
-          cachix deploy activate $DRVOUT
\ No newline at end of file
diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml
new file mode 100644
index 0000000..f2fde20
--- /dev/null
+++ b/.forgejo/workflows/deploy.yaml
@@ -0,0 +1,47 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: "Deploy on PR Merge"
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  if_merged:
+    if: github.event.pull_request.merged == true
+    strategy:
+      matrix:
+        include:
+          - name: fj-hetzner-aarch64-01
+            system: aarch64-linux
+            os: native-aarch64
+          - name: fj-shadowfax-01
+            system: x86_64-linux
+            os: native-x86_64
+    runs-on: ${{ matrix.os }}
+    env:
+      PATH: ${{ format('{0}:{1}', '/run/current-system/sw/bin', env.PATH) }}
+    steps:
+      - name: Checkout repository
+        uses: https://github.com/actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: https://github.com/cachix/cachix-action@v15
+        if: ${{ !github.event.pull_request.head.repo.fork }}
+        with:
+          name: hsndev
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+      - name: Garbage collect build dependencies
+        run: nix-collect-garbage
+      - name: Build new ${{ matrix.system }} system and push to cachix
+        id: "build"
+        shell: bash
+        run: |
+          set -o pipefail
+          DRVOUT=$(nix build .#deploy-json.${{ matrix.system }} --print-out-paths)
+          echo "DRVOUT=$DRVOUT" >> $GITHUB_ENV
+      - name: Deploy ${{ matrix.system }} runners
+        id: "deploy"
+        if: success()
+        env:
+          CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
+        run: |
+          cachix deploy activate $DRVOUT