name: CI

on:
  push:
    branches: [master]

jobs:
  check:
    name: Check Nix flake
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - name: Install jq
        run: apt-get update -y && apt-get install -y jq
      - uses: cachix/install-nix-action@v23
        with:
          # Gitea will supply a token in GITHUB_TOKEN, which this action will
          # try to pass to Nix when downloading from GitHub
          github_access_token: ${{ secrets.GH_PULL_TOKEN }}
          extra_nix_config: |
            # Make sure we're using sandbox
            sandbox-fallback = false
      - name: Set up attic
        run: |
          nix run .#nixpkgs.mine.x86_64-linux.attic-client -- \
            login --set-default colony https://nix-cache.nul.ie "${{ secrets.NIX_CACHE_TOKEN }}"
          nix run .#nixpkgs.mine.x86_64-linux.attic-client -- use main

      - name: Write agenix secrets key to file
        env:
          KEY: ${{ secrets.AGENIX_SECRETS_KEY }}
        run: printf "$KEY" > .keys/ci.key
      # - name: Check flake
      #   run: nix flake check
      - name: Push to cache
        run: |
          path=$(nix build --no-link .#nixosConfigurations.middleman.config.system.build.toplevel --json | jq -r .[0].outputs.out)
          attic push main $path