name: CI

on:
  push:
    branches: [master]

jobs:
  check:
    name: Check Nix flake
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v23
        env:
          # Gitea will supply a token in GITHUB_TOKEN, which this action will
          # try to pass to Nix when downloading from GitHub
          GITHUB_TOKEN: ''
      - uses: DeterminateSystems/magic-nix-cache-action@main
        env:
          # Arch is amd64 in Gitea actions, this forms the download path for the cache
          RUNNER_ARCH: X64

      - name: Write agenix secrets key to file
        env:
          KEY: ${{ secrets.AGENIX_SECRETS_KEY }}
        run: printf "$KEY" > .keys/ci.key
      - name: Check flake
        run: nix flake check