name: "Build"
on:
  pull_request:
  push:
    branches: ["main"]
    paths:
      - .forgejo/workflows/build.yaml
jobs:
  nix-build:
    if: github.event.pull_request.draft == false
    strategy:
      fail-fast: false
      matrix:
        include:
          - name: fj-hetzner-aarch64-01
            system: aarch64-linux
            os: native-aarch64
          - name: fj-shadowfax-01
            system: x86_64-linux
            os: native-x86_64
    runs-on: ${{ matrix.os }}
    env:
      PATH: ${{ format('{0}:{1}', '/run/current-system/sw/bin', env.PATH) }}
    outputs:
      matrix: ${{ steps.build.outputs.drvout }}
    steps:
      - name: Checkout repository
        uses: https://github.com/actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: https://github.com/cachix/cachix-action@v15
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          name: hsndev
          # If you chose API tokens for write access OR if you have a private cache
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

      - name: Garbage collect build dependencies
        run: nix-collect-garbage

      - name: Build new ${{ matrix.system }} system and push to cachix
        id: "build"
        shell: bash
        run: |
          set -o pipefail
          echo "drvout=nix build .#deploy-json.${{ matrix.system }} --print-out-paths" >> "${GITHUB_ENV}"
      - name: Push cache for ${{ matrix.name }} to cachix
        id: "push-to-cachix"
        if: success()
        env:
          CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
        run: |
          echo ${{ env.drvout }} | cachix push hsndev
      - name: Deploy ${{ matrix.system }} runners
        id: "deploy"
        if: success()
        env:
          CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
        run: |
          cachix deploy activate ${{ env.drvout }}