name: Publish nightly release

on:
  push:
    branches: ["main"]

concurrency:
  group: main
  cancel-in-progress: true

jobs:
  build:
    runs-on: nix-flakes

    steps:
      - name: Set up packages
        run: |
          echo "extra-substituters = https://builder.naxdy.org/attic" >> /etc/nix/nix.conf
          echo "extra-trusted-public-keys = attic:05LdE8Nav5Qd1E+KOJqSwdr+WE1z8AUmSb3oKL7s8dk=" >> /etc/nix/nix.conf
          nix profile install nixpkgs#nodejs "github:zhaofengli/attic?ref=6eabc3f02fae3683bffab483e614bebfcd476b21"
          echo "PATH=/nix/var/nix/profiles/per-user/root/profile/bin:$PATH" >> "$GITHUB_ENV"
      - name: Set up attic binary cache
        run: |
          attic login "${{ vars.BINARY_CACHE_NAME }}" "${{ vars.BINARY_CACHE_URL }}" "${{ secrets.BINARY_CACHE_AUTH_KEY }}"
          attic use "${{ vars.BINARY_CACHE_NAME }}"
      - name: Prepare SSH key
        run: |
          mkdir -p dist && mkdir -p ~/.ssh
          ssh-keyscan git.naxdy.org >> ~/.ssh/known_hosts
      - uses: actions/checkout@v4
      - name: Build firmware image
        run: |
          nix build .# -o dist --print-build-logs
      - name: Push derivations to binary cache
        run: |
          cd /nix/store
          attic push "${{ vars.BINARY_CACHE_NAME }}" $(ls /nix/store --ignore='*.drv' --ignore='*fake_nixpkgs*')
      - name: (Re-)generate tag
        run: |
          git config --global user.email "noreply@naxdy.org"
          git config --global user.name "Naxbot"
          git fetch --tags
          git tag -d nightly || true
          git tag nightly -m "Nightly Release"
          git checkout nightly
          git push --set-upstream origin nightly --force
      - name: Publish nightly release
        uses: https://gitea.com/actions/gitea-release-action@v1.3.0
        with:
          token: "${{ github.token }}"
          tag_name: nightly
          prerelease: true
          name: "Nightly Release"
          files: |
            dist/bin/*