name: deploy systems

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  ci:
    uses: ./.github/workflows/ci.yaml
    secrets: inherit

  deploy:
    needs: ci
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: install nix
        uses: nixbuild/nix-quick-install-action@v26

      - name: setup cachix
        uses: cachix/cachix-action@v12
        with:
          name: getchoo
          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}

      - name: connect to tailscale
        uses: tailscale/github-action@v2
        with:
            oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
            oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
            tags: tag:gha

      - name: disable host key verification for ssh
        run: |
          set -eux

          [ ! -d ~/.ssh ] && mkdir -p ~/.ssh
          cat >> ~/.ssh/config << EOF
          Host *
              StrictHostKeyChecking no
              UserKnownHostsFile=/dev/null
          EOF

      - name: deploy all systems
        run: nix run nixpkgs#just deploy-all