nix.yml

name: Nix

on:
  push:
    branches:
      - main
    paths:
      - '.github/workflows/nix.yml'
      - 'nix/**'
      - 'flake.*'
  pull_request:
    paths:
      - '.github/workflows/nix.yml'
      - 'nix/**'
      - 'flake.*'

env:
  # This define the targeted systems we want to check (and later deploy) the nixosConfiguration
  MATRIX: |
    matrix={"include":[
      {"target":"webforge","hostname":"webforge","domain":"tahoe-lafs.org"}
    ]}

jobs:
  check:
    name: Check
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4

      - name: Install Nix
        id: install_nix
        uses: nixbuild/nix-quick-install-action@v28

      - name: Check Nix Flake
        id: check
        run: |
          nix flake show
          nix flake check

  build:
    name: Build
    runs-on: ubuntu-24.04
    if: github.event_name == 'pull_request'
    needs: check
    strategy:
      fail-fast: false
      matrix: ${{ env.MATRIX }}
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4

      - name: Install Nix
        id: install_nix
        uses: nixbuild/nix-quick-install-action@v28

      - name: Restore and cache Nix store ${{ matrix.target }}
        uses: nix-community/cache-nix-action@v5
        with:
          # restore and save a cache using this key
          primary-key: ${{ runner.os }}-Nix-${{ matrix.target }}-${{ hashFiles('flake.*', 'nix/common/*.nix', 'nix/modules/**.nix', format('nix/hosts/{0}/*.nix', matrix.target)) }}
          # if there's no cache hit, restore a cache by this prefix
          restore-prefixes-first-match: ${{ runner.os }}-Nix-${{ matrix.target }}-
          # collect garbage until Nix store size (in bytes) is at most this number
          # before trying to save a new cache
          gc-max-store-size-linux: 1073741824
          # do purge caches
          purge: true
          # purge all versions of the cache
          purge-prefixes: ${{ runner.os }}-Nix-${{ matrix.target }}-
          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
          purge-created: 0
          # except the version with the `primary-key`, if it exists
          purge-primary-key: never

      - name: Build nixosConfiguration for ${{ matrix.target }}
        id: check_target
        run: |
          nix build .#nixosConfigurations.${{ matrix.target }}.config.system.build.toplevel