on:
  push:
    branches:
      - master

jobs:
  deploy:
    permissions:
      contents: read
      id-token: write
    name: build hive configuration
    runs-on: ubuntu-22.04
    steps:
      - uses: cachix/install-nix-action@v31
      - name: Restore and save Nix store
        uses: http://github.com/nix-community/cache-nix-action@v6
        with:
          # restore and save a cache using this key
          primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }}
          # if there's no cache hit, restore a cache by this prefix
          restore-prefixes-first-match: nix-${{ runner.os }}-
          # collect garbage until the Nix store size (in bytes) is at most this number
          # before trying to save a new cache
          # 1G = 1073741824
          gc-max-store-size-linux: 1G
          # do purge caches
          purge: true
          # purge all versions of the cache
          purge-prefixes: nix-${{ runner.os }}-
          # created more than this number of seconds ago
          purge-created: 0
          # or, last accessed more than this number of seconds ago
          # relative to the start of the `Post Restore and save Nix store` phase
          purge-last-accessed: 0
          # except any version with the key that is the same as the `primary-key`
          purge-primary-key: never
      - uses: actions/checkout@v4
      - name: Install SSH key
        uses: shimataro/ssh-key-action@v2
        with:
          key: ${{ secrets.SSH_KEY }}
          known_hosts: ${{ secrets.KNOWN_HOSTS }}
      - uses: http://github.com/cachix/cachix-action@v16
        with:
          name: colmena
      - run: nix run .#colmena apply