name: Publish on Flakehub

on:
  push:
    branches: [main]
    tags:
      - "v*.*.*"

jobs:
  publish:
    name: Publish
    runs-on: ubuntu-latest

    permissions:
      contents: read
      id-token: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@7993355175c2765e5733dae74f3e0786fe0e5c4f # v12

      - name: Push to Flakehub
        uses: DeterminateSystems/flakehub-push@150c971996b1d14eaba6790102041234f606379f # v4
        with:
          visibility: "public"
          rolling: ${{ !startsWith(github.ref, 'refs/tags/v' )}}