stages:
  - prepare
  - build
  - commit

workflow:
  name: "Update dependencies"

update-flake-lock:
  stage: prepare
  script: nix flake update
  artifacts:
    paths:
      - flake.lock
    expire_in: 1 day

build-nixos-configurations:
  stage: build
  parallel:
    matrix:
      - HOST_TO_BUILD:
          - kharbranth
          - kholinar
          - lasting-integrity
          - urithiru
  needs:
    - job: update-flake-lock
      artifacts:  true
  script:
    - git diff --quiet && exit 0 || true
    - nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install
    - cachix --version
    - cachix authtoken $CACHIX_AUTH_TOKEN
    - nix build -j 2 --cores 2 -L --no-link .#nixosConfigurations.${HOST_TO_BUILD}.config.system.build.toplevel
    - nix eval --json .#nixosConfigurations.${HOST_TO_BUILD}.config.system.build.toplevel | sed 's/"\(.*\)"/\1/' | cachix push chvp

commit-and-push:
  stage: commit
  needs:
    - job: update-flake-lock
      artifacts: true
    - job: build-nixos-configurations
  script:
    - git diff --quiet && exit 0 || true
    - git add flake.lock
    - git config user.email "$UPDATE_COMMIT_EMAIL"
    - git config user.name "$UPDATE_COMMIT_NAME"
    - git commit -m "Update dependencies"
    - git push https://gitlab-ci-token:${CI_PUSH_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git HEAD:$CI_COMMIT_BRANCH