nixos-config/.github/workflows/ci.yml

name: "CI"
on:
  workflow_dispatch:
  push:
    branches: [main]
jobs:
  parse-flake:
    runs-on: ubuntu-latest
    outputs:
      checks: ${{ steps.checks.outputs.checks }}
      hosts: ${{ steps.hosts.outputs.hosts }}
    steps:
      - uses: actions/checkout@v5
      - uses: cachix/install-nix-action@v31
        with:
          extra_nix_config: experimental-features = nix-command flakes pipe-operators
      - id: checks
        run: |
          checks=$(nix flake show --json | jq -c '.checks."x86_64-linux" | keys')
          printf "checks=%s" "$checks" >> "$GITHUB_OUTPUT"
      - id: hosts
        run: |
          hosts=$(nix eval .#nixosConfigurations --apply 'configs:
            configs
            |> builtins.attrNames
            |> builtins.filter (name: configs.${name}.config.custom.services.comin.enable)
          ' --json)
          printf "hosts=%s" "$hosts" >> "$GITHUB_OUTPUT"
  build-check:
    needs: parse-flake
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        check: ${{ fromJson(needs.parse-flake.outputs.checks) }}
    steps:
      - uses: actions/checkout@v5
      - uses: cachix/install-nix-action@v31
        with:
          extra_nix_config: experimental-features = nix-command flakes pipe-operators
      - uses: cachix/cachix-action@v15
        with:
          name: sebastian-stork
          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
          useDaemon: false
      - run: nix build .#checks.x86_64-linux.${{ matrix.check }} --print-build-logs
  build-host:
    needs: parse-flake
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        host: ${{ fromJson(needs.parse-flake.outputs.hosts) }}
    steps:
      - uses: actions/checkout@v5
      - uses: cachix/install-nix-action@v31
        with:
          extra_nix_config: experimental-features = nix-command flakes pipe-operators
      - uses: cachix/cachix-action@v15
        with:
          name: sebastian-stork
          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
          useDaemon: false
      - run: nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel --print-build-logs
  flake-check:
    needs: build-check
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
      - uses: cachix/install-nix-action@v31
        with:
          extra_nix_config: experimental-features = nix-command flakes pipe-operators
      - uses: cachix/cachix-action@v15
        with:
          name: sebastian-stork
          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
      - run: nix flake check --keep-going --print-build-logs
  deploy:
    needs: [build-host, flake-check]
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v5
      - run: git push origin HEAD:deploy --force