# Flake CI: full `nix flake check` (formatting + deadnix + statix + pre-commit)
# plus an explicit per-host evaluation pass for granular output.
name: CI

on:
  push:
    branches: [main]
    paths:
      - "**.nix"
      - "flake.lock"
      - ".gitea/workflows/ci.yaml"
  pull_request:
    paths:
      - "**.nix"
      - "flake.lock"
      - ".gitea/workflows/ci.yaml"

jobs:
  flake:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6

      - name: Install Nix
        uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31
        with:
          extra_nix_config: |
            experimental-features = nix-command flakes
            accept-flake-config = true
            substituters = https://cache.nixos.org https://nix-community.cachix.org
            trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=

      # Runs every flake check: treefmt formatting, deadnix, statix, and the
      # pre-commit hooks (so a --no-verify commit can't ship unlinted).
      - name: Flake check
        run: nix flake check --print-build-logs

      # Evaluate (not build) each host's toplevel so eval errors fail CI cheaply.
      # aarch64 / darwin hosts evaluate fine on an x86_64 runner; only building
      # would need emulation, which we deliberately avoid here.
      #
      # Host lists are discovered from the flake (attrNames of
      # nixos/darwinConfigurations) rather than hard-coded, so adding or removing
      # a host needs no change to this workflow.
      - name: Evaluate NixOS host configurations
        run: |
          set -euo pipefail
          hosts=$(nix eval --raw '.#nixosConfigurations' \
            --apply 'cfgs: builtins.concatStringsSep "\n" (builtins.attrNames cfgs)')
          for host in $hosts; do
            echo "::group::eval $host"
            nix eval --raw ".#nixosConfigurations.$host.config.system.build.toplevel.drvPath"
            echo
            echo "::endgroup::"
          done

      - name: Evaluate Darwin host configurations
        run: |
          set -euo pipefail
          hosts=$(nix eval --raw '.#darwinConfigurations' \
            --apply 'cfgs: builtins.concatStringsSep "\n" (builtins.attrNames cfgs)')
          for host in $hosts; do
            echo "::group::eval $host"
            nix eval --raw ".#darwinConfigurations.$host.config.system.build.toplevel.drvPath"
            echo
            echo "::endgroup::"
          done