name: CI

on:
  push:
    branches: [main]
  pull_request:
  workflow_dispatch:

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: cachix/install-nix-action@V27

      - name: Setup Nix cache
        uses: DeterminateSystems/magic-nix-cache-action@v8

      - run: |
          nix build .#container-x86_64
          readlink -f result | xargs -I {} cp {} workerd.tar.gz

      - name: Upload container image
        uses: actions/upload-artifact@v4
        with:
          name: container
          path: workerd.tar.gz

  push:
    name: Push to registry

    runs-on: ubuntu-latest

    needs: build
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'

    permissions:
       packages: write

    env:
      REGISTRY: ghcr.io

    steps:
      - name: Download container image
        uses: actions/download-artifact@v4
        with:
          name: container

      - name: Login to ${{ env.REGISTRY }}
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: "getchoo"
          password: ${{ github.token }}

      - name: Upload to ${{ env.REGISTRY }}
        run: |
          docker load < workerd.tar.gz
          docker tag workerd:latest "$REGISTRY"/getchoo/workerd:latest
          docker push "$REGISTRY"/getchoo/workerd:latest