on:
  push:
    branches:
      - master

jobs:
  deploy:
    permissions:
      contents: read
      id-token: write
    name: build hive configuration
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
      - uses: nixbuild/nix-quick-install-action@v30
        with:
          nix_conf: |
            keep-env-derivations = true
            keep-outputs = true
      - name: Restore and save Nix store
        uses: http://github.com/nix-community/cache-nix-action@v6
        with:
          # restore and save a cache using this key
          primary-key: nix-${{ runner.os }}
          gc-max-store-size-linux: 1G
      - name: Install SSH key
        uses: shimataro/ssh-key-action@v2
        with:
          key: ${{ secrets.SSH_KEY }}
          known_hosts: ${{ secrets.KNOWN_HOSTS }}
      - uses: http://github.com/cachix/cachix-action@v16
        with:
          name: colmena
      - run: nix run .#colmena apply