name: Nix

on:
  push:
  workflow_dispatch:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  build:
    strategy:
      fail-fast: false
      matrix:
        system:
          - x86_64-linux
          - aarch64-linux
          - x86_64-darwin
    runs-on: ${{ matrix.system == 'x86_64-linux' && 'ubuntu-24.04'
      || matrix.system == 'aarch64-linux' && 'ubuntu-24.04-arm'
      || matrix.system == 'x86_64-darwin' && 'macos-latest' }}
    steps:
      - uses: actions/checkout@v4

      - name: setup nix
        uses: ./.github/actions/setup-nix
        with:
          system: ${{ matrix.system }}

      - name: Install and start Tailscale
        run: |
          # Start tailscaled daemon in background using nix shell
          sudo -E nix shell nixpkgs#tailscale --command tailscaled --state=mem: &
          
          # Wait for daemon to be ready
          sleep 10
          
          # Connect using OAuth
          HOSTNAME="${{ matrix.system == 'x86_64-linux' && 'github-actions-x86-64-linux'
            || matrix.system == 'aarch64-linux' && 'github-actions-aarch64-linux'
            || matrix.system == 'x86_64-darwin' && 'github-actions-x86-64-darwin' }}"
          
          nix shell nixpkgs#tailscale --command tailscale up \
            --authkey="${{ secrets.TS_OAUTH_SECRET }}?preauthorized=true&ephemeral=true" \
            --hostname="$HOSTNAME" \
            --advertise-tags="tag:ci" \
            --accept-routes

      - name: Tailscale status
        run: nix shell nixpkgs#tailscale --command tailscale status || true

      - name: Check if Attic endpoint is reachable
        id: check_attic
        run: |
          if curl --connect-timeout 20 --silent --head http://wallfacer.curl-boga.ts.net:7080 | grep "200 OK"; then
            echo "Attic endpoint is reachable"
            echo "reachable=true" >> $GITHUB_OUTPUT
          else
            echo "Attic endpoint is not reachable"
            echo "reachable=false" >> $GITHUB_OUTPUT
          fi

      - name: Curl the cache
        run: |
          curl --connect-timeout 20 --silent http://wallfacer.curl-boga.ts.net:7080/main/nix-cache-info || echo "Cache endpoint not reachable"

      - name: Setup Attic cache
        if: steps.check_attic.outputs.reachable == 'true'
        uses: ryanccn/attic-action@v0.3.1
        with:
          endpoint: http://wallfacer.curl-boga.ts.net:7080
          cache: main
          token: ${{ secrets.ATTIC_TOKEN }}

      - name: Check the flake
        run: nix flake check --accept-flake-config


      - name: Pre-build the system configuration
        run: nix build --accept-flake-config .

      - name: Print out the size of /nix/store
        run: du -sh /nix/store

      - name: Get the init.lua path
        if: matrix.system == 'x86_64-linux'
        run: |
          init_path=$(grep "init=" result/bin/nixvim-print-init | awk -F'=' '{print $2}')
          cp $init_path init.lua

      - name: Upload the artifact
        uses: actions/upload-artifact@v4
        if: matrix.system == 'x86_64-linux'
        with:
          name: neovim-configuration
          path: init.lua

      - name: Publish the init.lua to an orphan github branch
        if: matrix.system == 'x86_64-linux'
        run: |
          git config --global user.name github-actions
          git config --global user.email github-actions@github.com
          git checkout --orphan init-lua
          git rm -rf .
          git add init.lua
          git commit -m "Publish init.lua"
          git push --force origin init-lua
          git checkout main # switch back to main branch for graceful job ending

  check-formatting:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout the repository
        uses: actions/checkout@v2

      - name: Install nix
        uses: cachix/install-nix-action@v16

      - name: Check formatting (dont update)
        run: nix shell nixpkgs#alejandra -c alejandra -c .