.github/workflows/deploy.yml

---
name: Deploy 🚀

'on':
  push:
    branches:
      - main

    paths:
      - '**.nix'
      - '**.age'
      - 'flake.lock'

concurrency:
  group: ci-${{ github.ref }}-deploy
  cancel-in-progress: true

jobs:
  check:
    name: Check ✔️
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@v16
      - uses: DeterminateSystems/magic-nix-cache-action@v8
      - uses: cachix/cachix-action@v15
        with:
          name: etu
          extraPullNames: 'nix-community'
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

      - name: Check the flake
        run: 'nix flake check'

  deploy:
    name: Deploy 🚀
    runs-on: ubuntu-22.04
    needs: check
    # Don't cancel jobs if one job fails
    continue-on-error: true
    strategy:
      matrix:
        hostname:
          - server-main-elis
          - server-sparv
          - vps06

    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@v16
      - uses: DeterminateSystems/magic-nix-cache-action@v8
      - uses: cachix/cachix-action@v15
        with:
          name: etu
          extraPullNames: 'nix-community'
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

      # Build systems.
      - name: Build system derivation
        run: 'nix build .#nixosConfigurations.${{ matrix.hostname }}.config.system.build.toplevel'

      # Configure SSH key
      - uses: shimataro/ssh-key-action@v2
        with:
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          name: id_ed25519
          known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }}

      # Deploy systems
      - name: Deploy system
        run: 'nix develop -c deploy --skip-checks --targets .#${{ matrix.hostname }}'