# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: "Deploy on PR Merge"
on:
  pull_request:
    types: [closed]

jobs:
  if_merged:
    if: github.event.pull_request.merged == true
    strategy:
      matrix:
        include:
          - name: fj-hetzner-aarch64-01
            system: aarch64-linux
            os: native-aarch64
          - name: fj-shadowfax-01
            system: x86_64-linux
            os: native-x86_64
    runs-on: ${{ matrix.os }}
    env:
      PATH: ${{ format('{0}:{1}', '/run/current-system/sw/bin', env.PATH) }}
    steps:
      - name: Checkout repository
        uses: https://github.com/actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: https://github.com/cachix/cachix-action@v15
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          name: hsndev
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
      - name: Garbage collect build dependencies
        run: nix-collect-garbage
      - name: Build new ${{ matrix.system }} system and push to cachix
        id: "build"
        shell: bash
        run: |
          set -o pipefail
          DRVOUT=$(nix build .#deploy-json.${{ matrix.system }} --print-out-paths)
          echo "DRVOUT=$DRVOUT" >> $GITHUB_ENV
      - name: Deploy ${{ matrix.system }} runners
        id: "deploy"
        if: success()
        env:
          CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
        run: |
          cachix deploy activate $DRVOUT