name: CI

on:
  push:
  pull_request:

# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
  group: "pages"
  cancel-in-progress: false

jobs:
  build:
    runs-on: ubuntu-22.04
    container: nixpkgs/nix-flakes:nixos-24.05
    steps:
      - name: Setup NIX CI Environment
        run: |
          nix profile install nixpkgs#git-lfs nixpkgs#gnused
          echo "substituters = https://nixpkgs-cache.qo.is?priority=39" >> /etc/nix/nix.conf
          echo "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf
          mkdir -p ~/.config/nix && cp /etc/nix/nix.conf ~/.config/nix/
      - name: Checkout Repository
        shell: "nix shell nixpkgs#git-lfs nixpkgs#gnused --command {0}"
        run: |
          git config --global credential.helper store
          git config --global advice.detachedHead false
          git lfs install
          AUTH_URL=`echo -n "$GITHUB_SERVER_URL" | sed "s%https://%https://oauth2:$GITHUB_TOKEN@%"`
          # Disable clone protection to pull LFS as well
          GIT_CLONE_PROTECTION_ACTIVE=false git clone --branch $GITHUB_REF_NAME --recurse-submodules $AUTH_URL/$GITHUB_REPOSITORY .
      - name: Run Nix Build
        shell: "nix shell nixpkgs#git-lfs --command {0}"
        run: nix build .
      - name: Run Nix Checks
        shell: "nix shell nixpkgs#git-lfs --command {0}"
        run: nix flake check
      - name: Deploy page
        if: success() && github.ref == 'refs/heads/main'
        shell: "nix shell nixpkgs#git-lfs --command {0}"
        run: |
          mkdir ~/.ssh/
          (umask 0077 && printf "%s" "${{ secrets.SSH_DEPLOY_KEY }}" > ~/.ssh/id_ed25519 && echo >> ~/.ssh/id_ed25519)
          echo -e "Host lindberg-webapps.backplane.net.qo.is\n    StrictHostKeyChecking no" >> ~/.ssh/config
          nix run .#deploy
#      - uses: actions/upload-pages-artifact@v3
#        with:
#          path: result/

#  deploy:
#    environment:
#      name: github-pages
#      url: ${{ steps.deployment.outputs.page_url }}
#    runs-on: ubuntu-latest
#    needs: build
#    permissions:
#      pages: write      # to deploy to Pages
#      id-token: write   # to verify the deployment originates from an appropriate source
#    steps:
#      - name: Deploy to GitHub Pages
#        id: deployment
#        uses: actions/deploy-pages@v4
#        with:
#          preview: true