name: Publish on Flakehub

on:
  push:
    branches: [main]
    tags:
      - "v*.*.*"

jobs:
  publish:
    name: Publish
    runs-on: ubuntu-latest

    permissions:
      contents: read
      id-token: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@ab6bcb2d5af0e904d04aea750e2089e9dc4cbfdd # v13

      - name: Push to Flakehub
        uses: DeterminateSystems/flakehub-push@8da9e38b7e77f2b0a8aa08a22e57cc5c6316ea72 # v5
        with:
          visibility: "public"
          rolling: ${{ !startsWith(github.ref, 'refs/tags/v' )}}