.github/workflows/main.yml

name: check

on:
  push:
  pull_request:
  workflow_dispatch:

jobs:
  bootstrap:
    name: Bootstrap nix.conf options
    runs-on: ubuntu-latest
    outputs:
      substituters: ${{ steps.getconf.outputs.substituters }}
      trustedPublicKeys: ${{ steps.getconf.outputs.trustedPublicKeys }}
    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@main
      - id: getconf
        name: Get nix.conf configuration options
        run: |
          nix eval '.#extra.substituters' --apply 'builtins.toString' | tr -d '"' | awk '{print "substituters="$0}' | tee -a "$GITHUB_OUTPUT"
          nix eval '.#extra.trusted-public-keys' --apply 'builtins.toString' | tr -d '"' | awk '{print "trustedPublicKeys="$0}' | tee -a "$GITHUB_OUTPUT"
  attic:
    name: Build attic-client
    runs-on: ubuntu-latest
    needs: bootstrap
    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@main
        with:
          extra-conf: |
            extra-substituters = ${{ needs.bootstrap.outputs.substituters }}
            extra-trusted-public-keys = ${{ needs.bootstrap.outputs.trustedPublicKeys }}

      - uses: DeterminateSystems/magic-nix-cache-action@main

      - name: Build attic-client
        timeout-minutes: 60
        run: |
          nix build '.#attic-client'
          ./result/bin/attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN"
          echo ATTIC_CACHE="$ATTIC_CACHE" | tee -a "$GITHUB_ENV"
        env:
          ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }}
          ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }}
          ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}

      - name: Push attic-client to attic
        run: |
          nix-store --query --requisites --include-outputs ./result | xargs ./result/bin/attic push "ci:$ATTIC_CACHE"

  prebuildpkgs:
    name: Get package outputs of the flake to populate build matrix
    needs: attic
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.getpkgs.outputs.matrix }}
    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@main
      - name: Get packages
        id: getpkgs
        run: >
          nix flake show --json | jq -c '.packages."x86_64-linux" | keys | {package: .}' | awk '{print "matrix="$0}' | tee -a "$GITHUB_OUTPUT"
  buildpkgs:
    name: build nix packages
    runs-on: ubuntu-latest
    needs: 
      - prebuildpkgs
      - bootstrap
    strategy:
      matrix: ${{ fromJson(needs.prebuildpkgs.outputs.matrix) }}
      fail-fast: false
    steps:
      - uses: actions/checkout@v4

      - uses: DeterminateSystems/nix-installer-action@main
        with:
          extra-conf: |
            extra-substituters = ${{ needs.bootstrap.outputs.substituters }}
            extra-trusted-public-keys = ${{ needs.bootstrap.outputs.trustedPublicKeys }}

      - uses: DeterminateSystems/magic-nix-cache-action@main

      - name: Install and configure attic
        timeout-minutes: 20
        run: ./.github/install-attic.bash
        env:
          ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }}
          ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }}
          ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}

      - name: Build package ${{ matrix.package }}
        timeout-minutes: 120
        run: nix build '.#${{ matrix.package }}'

      - name: Push package ${{ matrix.package }} to attic
        run: nix-store --query --requisites --include-outputs ./result | xargs attic push "ci:$ATTIC_CACHE"
  prebuild:
    name: Get nixosConfiguration outputs of the flake to populate build matrix
    needs: attic
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.getconfigs.outputs.matrix }}
    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@main
      - name: Get configurations
        id: getconfigs
        run: >
          nix flake show --json | jq -c '.nixosConfigurations | keys | {configuration: .}' | awk '{print "matrix="$0}' | tee -a "$GITHUB_OUTPUT"
  build:
    needs: 
      - prebuild
      - bootstrap
      - buildpkgs
    strategy:
      matrix: ${{ fromJson(needs.prebuild.outputs.matrix) }}
      fail-fast: false
    uses: ./.github/workflows/build-configuration.yml
    with:
      substituters: ${{ needs.bootstrap.outputs.substituters }}
      trustedPublicKeys: ${{ needs.bootstrap.outputs.trustedPublicKeys }}
      configuration: ${{ matrix.configuration }}
    secrets: inherit

  check:
    name: check nix flake
    needs: 
      - attic
      - bootstrap
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Free up runner disk space
        run: ./.github/clean-space.bash

      - uses: DeterminateSystems/nix-installer-action@main
        with:
          extra-conf: |
            extra-substituters = ${{ needs.bootstrap.outputs.substituters }}
            extra-trusted-public-keys = ${{ needs.bootstrap.outputs.trustedPublicKeys }}

      - uses: DeterminateSystems/magic-nix-cache-action@main

      - name: Install and configure attic
        timeout-minutes: 20
        continue-on-error: true
        run: ./.github/install-attic.bash
        env:
          ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }}
          ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }}
          ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}

      - name: Run flake checks
        run: |
          attic watch-store "ci:$ATTIC_CACHE" &
          ATTIC_PID=$!
          trap 'kill $ATTIC_PID' EXIT
          nix flake check