name: Build and Deploy
on:
  push:
    branches: [master]
  # pull_request:
  #  branches: [master]
  tags:
    - '*.*.*'
jobs:
  build-deploy-ubuntu:
    # Is it a risk to Ouroboros this?
    # Really want this to be able to run on ubuntu but it is a slow run.
    runs-on: ubuntu-latest
    # runs-on: nix-runner
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Fetch all history for tags
      - name: Install Nix
        uses: cachix/install-nix-action@v31
      - name: Setup Attic Cache
        uses: ryanccn/attic-action@3354ae812cb672e1381be4c7914204c44db53866
        with:
          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
          cache: ${{ secrets.ATTIC_CACHE }}
          token: ${{ secrets.ATTIC_TOKEN }}
      - name: Build container
        run: nix build .#act-runner-image
      - name: Check Nix flake
        run: nix flake check
        id: flake-check
      - name: Build Docker image if flake check fails
        if: steps.flake-check.outcome == 'failure'
        run: |
          just build
          echo "::warning::Nix flake check failed, but Docker image build succeeded as fallback"
      - name: Set deployment variables
        id: vars
        run: |
          # Check if this is a tag build
          if [[ ${{ github.ref_type }} == 'tag' ]]; then
            echo "TAG=${{ github.ref_name }}" >> $GITHUB_OUTPUT
            echo "BRANCH=master" >> $GITHUB_OUTPUT
          else
            echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_OUTPUT
          fi
      - name: Deploy Docker image
        env:
          REGISTRY: gitea.deepak.science
          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
          REPOSITORY: ${{ github.repository }}
          TAG: ${{ steps.vars.outputs.TAG }}
          BRANCH: ${{ steps.vars.outputs.BRANCH }}
        run: |
          nix develop -c bash scripts/deploy.sh
  nix-check:
    runs-on: nix-runner
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Fetch all history for tags
      - name: "Cache Nix store"
        uses: actions/cache@v4
        id: nix-cache
        with:
          path: /tmp/nixcache
          key: nix-${{ runner.os }}-nix-builder-image-${{ hashFiles('**/package.json', 'package-lock.json', '**/*.nix', '**/flake.lock', '.npmrc', '.eleventy.js') }}
          restore-keys: |
            nix-${{ runner.os }}-nix-builder-image
      - name: Setup Attic Cache
        uses: ryanccn/attic-action@3354ae812cb672e1381be4c7914204c44db53866
        with:
          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
          cache: ${{ secrets.ATTIC_CACHE }}
          token: ${{ secrets.ATTIC_TOKEN }}
      - name: "Import Nix store cache"
        continue-on-error: true
        # if: "steps.nix-cache.outputs.cache-hit == 'true'"
        run: bash scripts/restore_cache.sh
      - name: Build container
        run: nix build .#act-runner-image
      - name: Check Nix flake
        run: nix flake check
        id: flake-check
      - name: "Export Nix store cache"
        if: always()
        # if: "steps.nix-cache.outputs.cache-hit != 'true'"
        run: bash scripts/populate_cache.sh