name: Publish stable release

on:
  push:
    tags:
      - 'v[0-9]+.[0-9]+.[0-9]+'

jobs:
  build:
    runs-on: nix-flakes

    steps:
      - name: Set up packages
        run: |
          echo "extra-substituters = https://builder.naxdy.org/attic" >> /etc/nix/nix.conf
          echo "extra-trusted-public-keys = attic:05LdE8Nav5Qd1E+KOJqSwdr+WE1z8AUmSb3oKL7s8dk=" >> /etc/nix/nix.conf
          nix profile install nixpkgs#nodejs "github:zhaofengli/attic?ref=6eabc3f02fae3683bffab483e614bebfcd476b21"
          echo "PATH=/nix/var/nix/profiles/per-user/root/profile/bin:$PATH" >> "$GITHUB_ENV"
      - name: Set up attic binary cache
        run: |
          attic login "${{ vars.PUBLIC_BINARY_CACHE_NAME }}" "${{ vars.BINARY_CACHE_URL }}" "${{ secrets.PUBLIC_BINARY_CACHE_AUTH_KEY }}"
          attic use "${{ vars.PUBLIC_BINARY_CACHE_NAME }}"
      - uses: actions/checkout@v4
      - name: Build firmware image
        run: |
          nix build .# -o dist --print-build-logs
      - name: Push derivations to binary cache
        run: |
          cd /nix/store
          attic push "${{ vars.PUBLIC_BINARY_CACHE_NAME }}" $(ls /nix/store --ignore='*.drv' --ignore='*fake_nixpkgs*')
      - name: Publish stable release
        uses: https://gitea.com/actions/gitea-release-action@v1.3.0
        with:
          token: "${{ github.token }}"
          tag_name: "${{ env.GITHUB_REF_NAME }}"
          name: "NaxGCC ${{ env.GITHUB_REF_NAME }}"
          body_path: .changelogs/${{ env.GITHUB_REF_NAME }}.md
          files: |
            dist/bin/*