name: CI

on:
  push:
    branches:
      - main
    paths-ignore:
      - "README.md"
  schedule:
    - cron: "0 12 15 * *"
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4

      - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # v22
        with:
          nix_path: nixpkgs=channel:nixos-unstable

      - run: |
          ./run ci:build

      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
        with:
          name: dist
          path: dist

  deploy:
    runs-on: ubuntu-latest
    needs:
      - build
    steps:
      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4

      - name: Add the deployment SSH key
        uses: shimataro/ssh-key-action@3c9b0fc6f2d223b8450b02a0445f526350fc73e0 # 2.3.1
        with:
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          name: id_rsa
          known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }}

      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
        with:
          name: dist
          path: dist

      - run: |
          ./run ci:deploy ${{ github.sha }}

# vim: sw=2 ts=2