name: CI

on:
  push:
    branches: [main]
  pull_request:
  workflow_dispatch:

jobs:
  build:
    name: Build outputs (${{ matrix.system }})

    strategy:
      fail-fast: false
      matrix:
        include:
          - system: x86_64-linux
            os: ubuntu-latest

          - system: aarch64-linux
            os: ubuntu-22.04-arm

    runs-on: ${{ matrix.os }}

    steps:
        # https://github.com/actions/runner-images/issues/2840#issuecomment-790492173
      - name: Clear disk space
        run: |
          sudo rm -rf /usr/share/dotnet
          sudo rm -rf /opt/ghc
          sudo rm -rf "/usr/local/share/boost"
          sudo rm -rf "$AGENT_TOOLSDIRECTORY"

        # Only required for building Lix
        # TODO: Remove after https://git.lix.systems/lix-project/lix/issues/545 is fixed
      - name: Loosen AppArmor Restrictions
        run: |
          sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
          sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: cachix/install-nix-action@v31

      - name: Setup Cachix
        uses: cachix/cachix-action@v16
        with:
          name: getchoo
          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}

      - name: Run checks
        run: |
          nix flake check \
            --fallback \
            --no-allow-import-from-derivation \
            --no-update-lock-file \
            --print-build-logs \
            --show-trace

  build-gate:
    name: Build gate

    if: ${{ always() }}
    needs: [ build ]

    runs-on: ubuntu-latest

    steps:
      - name: Exit with error
        if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
        run: |
          exit 1