name: Build NixOS (Nightly)

on:
  workflow_dispatch:
  schedule:
    - cron: 0 0 * * *

# concurrency:
#   group: ${{ github.workflow }}-${{ github.ref }}-${{ inputs.host }}
#   cancel-in-progress: true
permissions:
  contents: write

jobs:
  build-minimal:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - run: git checkout -B flake-lock

      - name: Setup Git Bot
        run: |
          git --version
          git config user.name 'github-actions[bot]'
          git config user.email 'github-actions[bot]@users.noreply.github.com'

      - uses: DeterminateSystems/nix-installer-action@v12
        with:
          extra-conf: |
            accept-flake-config = true

      - uses: DeterminateSystems/magic-nix-cache-action@v7

      - uses: cachix/cachix-action@v15
        with:
          name: daylin
          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"

      - name: Update nix flake
        run: |
          printf '# Flake Lock\n\n```txt\n' >> $GITHUB_STEP_SUMMARY
          nix flake update --commit-lock-file 2>> $GITHUB_STEP_SUMMARY
          printf '```\n' >> $GITHUB_STEP_SUMMARY

      - name: Build
        run: |
          nix run . \
            -- \
            build --minimal \
              --host "othalan" \
              --flake . \
              --verbose \
              --debug \
              -- \
              --print-build-logs

      - name: Commit Updates
        run: git push --set-upstream --force origin flake-lock

  build-full:
    needs: build-minimal
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: DeterminateSystems/nix-installer-action@v12
        with:
          extra-conf: |
            accept-flake-config = true

      - uses: DeterminateSystems/magic-nix-cache-action@v7

      - uses: ./.github/actions/clean-disk
        with:
          purge-packages: 'true'

      - name: Build
        run: |
          system_attr=$(nix run . -- output --host "othalan" --flake .)
          nix run . \
            -- \
            build $system_attr \
              --flake . \
              --verbose \
              --debug \
              -- \
              --print-build-logs \
              --out-link current

      - run: git checkout flake-lock

      - name: Build Updated
        run: |
          system_attr=$(nix run . -- output --host "othalan" --flake .)
          nix run . \
            -- \
            build $system_attr \
              --flake . \
              --verbose \
              --debug \
              -- \
              --print-build-logs \
              --out-link updated

      - run: nix run "nixpkgs#nvd" diff ./current ./updated
      - run: df -h

      # is this necessary?
      - run: cat $GITHUB_STEP_SUMMARY > summary.md
      - uses: actions/upload-artifact@v4
        with:
          name: summary
          path: summary.md