on:
  push:
    branches:
      - master

jobs:
  deploy:
    permissions:
      contents: read
      id-token: write
    name: build hive configuration
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - name: setup
        env:
          CACHE_PRIVKEY: ${{secrets.CACHE_PRIVKEY}}
        shell: bash
        run: |
          mkdir -p /var/secrets/
          echo "$CACHE_PRIVKEY" >> /var/secrets/cache_privkey
          mkdir -p /etc/nix
          cp ./scripts/upload-to-cache.sh /etc/nix/
          chmod +x /etc/nix/upload-to-cache.sh
      - uses: cachix/install-nix-action@v31
        with:
          extra_nix_config: |
            extra-trusted-public-keys = localhost:TiRpr2LzamX/MCKBUmFlZ8inWz94QWGL88fMEHg9Kgc=
            extra-substituters = http://localhost:5000
            extra-trusted-substituters = http://localhost:5000
            secret-key-files = /var/secrets/cache_privkey
            post-build-hook = /etc/nix/upload-to-cache.sh
      - name: Install SSH key
        uses: shimataro/ssh-key-action@v2
        with:
          key: ${{ secrets.SSH_KEY }}
          known_hosts: ${{ secrets.KNOWN_HOSTS }}
      - uses: http://github.com/cachix/cachix-action@v16
        with:
          name: colmena
      - run: nix run .#colmena apply