name: "Check Nix flake"
on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]
  merge_group:

jobs:
  health-check:
    name: "Perform Nix flake checks"
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest]
    steps:
      - uses: DeterminateSystems/nix-installer-action@main

      - uses: actions/checkout@v4

      - name: Restore Nix store
        id: restore
        uses: nix-community/cache-nix-action@v6
        with:
          # save a new cache every time `ci.yaml` changes
          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
          # otherwise, restore a common cache if and only if it matches the current `ci.yaml`
          restore-prefixes-first-match: similar-cache-${{ matrix.os }}-common-

      - name: Setup Attic cache
        uses: ryanccn/attic-action@v0
        with:
          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
          cache: ${{ secrets.ATTIC_CACHE }}
          token: ${{ secrets.ATTIC_TOKEN }}
          skip-push: "true"

      - run: nix flake check --accept-flake-config

      - run: nix ./utils/attic-push.bash

  build-checks:
    name: "Build nix outputs"
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest]
    steps:
      - uses: DeterminateSystems/nix-installer-action@main

      - uses: actions/checkout@v4

      - name: Restore Nix store
        id: restore
        uses: nix-community/cache-nix-action@v6
        with:
          # save a new cache every time `ci.yaml` changes
          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
          # otherwise, restore a common cache if and only if it matches the current `ci.yaml`
          restore-prefixes-first-match: similar-cache-${{ matrix.os }}-common-

      - name: Setup Attic cache
        uses: ryanccn/attic-action@v0
        with:
          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
          cache: ${{ secrets.ATTIC_CACHE }}
          token: ${{ secrets.ATTIC_TOKEN }}
          skip-push: "true"

      - name: Build all outputs
        run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .

      - name: Push to Attic
        run: nix ./utils/attic-push.bash
        continue-on-error: true

      - name: Save Nix store
        if: steps.restore.outputs.hit == 'false'
        uses: nix-community/cache-nix-action@v6
        with:
          # save a new cache every time `ci.yaml` changes
          primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }}
          # do purge caches
          purge: true
          # purge all versions of the individual cache
          purge-prefixes: similar-cache-${{ matrix.os }}-individual-
          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
          purge-created: 0
          # except the version with the `primary-key`, if it exists
          purge-primary-key: never