name: CI

on:
  push:
    branches: [master]

jobs:
  check:
    name: Check, build and cache nixfiles
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v27
        with:
          # Gitea will supply a token in GITHUB_TOKEN, which this action will
          # try to pass to Nix when downloading from GitHub
          github_access_token: ${{ secrets.GH_PULL_TOKEN }}
          extra_nix_config: |
            # Make sure we're using sandbox
            sandbox-fallback = false
            # Big C++ projects fill up memory...
            cores = 6

            extra-substituters = https://nix-cache.nul.ie
            extra-trusted-public-keys = nix-cache.nul.ie-1:BzH5yMfF4HbzY1C977XzOxoPhEc9Zbu39ftPkUbH+m4=

      - name: Check flake
        run: nix flake check --no-build

      - name: Build (and cache) the world
        id: build
        env:
          HARMONIA_SSH_KEY: ${{ secrets.HARMONIA_SSH_KEY }}
        run: |
          nix eval --json --apply "builtins.attrNames" .#ci.x86_64-linux | jq -cr '.[]' | while read job; do
            echo "::group::Build $job"
            nix build --no-link .#ci.x86_64-linux."$job"
            echo "::endgroup::"

            echo "::group::Cache $job"
            ci/push-to-cache.sh "$(nix eval --raw .#ci.x86_64-linux."$job")"
            echo "::endgroup::"
          done

          echo "Building and caching CI derivation"
          nix build --no-link .#ciDrv.x86_64-linux
          UPDATE_PROFILE=1 ci/push-to-cache.sh "$(nix eval --raw .#ciDrv.x86_64-linux)"