name: CI

on:
  push:
    branches: [main]
  pull_request:
  workflow_dispatch:

jobs:
  eval:
    runs-on: ubuntu-latest

    outputs:
      matrix: ${{ steps.generate.outputs.matrix }}

    steps:
      - uses: actions/checkout@v4

      - name: install nix
        uses: DeterminateSystems/nix-installer-action@v6

      - name: setup cachix
        uses: cachix/cachix-action@master
        with:
          name: getchoo
          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
          skipAddingSubstituter: 'true'

      - name: generate matrix
        id: generate
        run: |
          set -Eeu
          echo "matrix=$(nix eval --accept-flake-config --show-trace --json .#githubWorkflow.matrix)" >> "$GITHUB_OUTPUT"

  build:
    needs: eval

    strategy:
      fail-fast: false
      matrix: ${{ fromJSON(needs.eval.outputs.matrix) }}

    runs-on: ${{ matrix.os }}

    name: build (${{matrix.attr}})

    steps:
      - uses: actions/checkout@v4

      - name: setup qemu
        if: matrix.arch == 'aarch64'
        run: |
          sudo apt update -y
          sudo apt install -y qemu-user-static

      - name: install nix
        if: matrix.arch != 'aarch64'
        uses: DeterminateSystems/nix-installer-action@v6

      - name: install nix (with aarch64)
        if: matrix.arch == 'aarch64'
        uses: DeterminateSystems/nix-installer-action@v6
        with:
          extra-conf: "extra-platforms = aarch64-linux arm-linux"

      - name: setup cachix
        uses: cachix/cachix-action@master
        with:
          name: getchoo
          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
          skipAddingSubstituter: 'true'

      - name: build ${{ matrix.attr }}
        run: nix build -L --accept-flake-config --fallback .#${{ matrix.attr }}

  check:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: install nix
        uses: DeterminateSystems/nix-installer-action@v6

      - name: setup cachix
        uses: cachix/cachix-action@master
        with:
          name: getchoo
          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
          skipAddingSubstituter: 'true'

      - name: setup cachix
        uses: cachix/cachix-action@v12
        with:
          name: getchoo
          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
          skipAddingSubstituter: 'true'

      - name: run check
        run: nix flake check --accept-flake-config --show-trace

  # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794
  gate:
    needs: [build, check]
    runs-on: ubuntu-latest

    if: always()

    steps:
      - name: exit with result
        run: |
          buildResult="${{ needs.build.result }}"
          checkResult="${{ needs.check.result }}"

          results=("$buildResult" "$checkResult")

          for result in "${results[@]}"; do [ "$result" != "success" ] && exit 1; done

          exit 0