name: CI

on:
  push:
    branches: ["main"]
  pull_request:

jobs:
  check:
    runs-on: nix
    steps:
      - uses: actions/checkout@v4

      - name: Setup age key
        run: |
          mkdir -p ~/.config/sops/age
          echo "${{ secrets.AGE_KEY }}" > ~/.config/sops/age/keys.txt
          chmod 600 ~/.config/sops/age/keys.txt

      - name: Nix flake check
        run: nix flake check --no-build

      - name: Format check
        run: nix fmt -- --check .

      - name: Build NixOS configs (dry-run)
        run: |
          nix build .#nixosConfigurations.cyper-desktop.config.system.build.toplevel --dry-run
          nix build .#nixosConfigurations.cyper-controller.config.system.build.toplevel --dry-run
          nix build .#nixosConfigurations.cyper-proxy.config.system.build.toplevel --dry-run
          nix build .#nixosConfigurations.cyper-node-1.config.system.build.toplevel --dry-run
          nix build .#nixosConfigurations.cyper-node-2.config.system.build.toplevel --dry-run

      - name: Eval darwin config (Linux-safe)
        run: nix eval .#darwinConfigurations.cyper-mac.system