name: "Deploy to nki-personal"
on:
  push:
    branches:
    - master
  pull_request:
    branches:
    - master
    types:
    - opened
    - synchronize
    - reopened
    - labeled
jobs:
  test:
    runs-on: ubuntu-latest
    name: Formatting Check
    steps:
    - uses: actions/checkout@v2.3.4
    - uses: cachix/install-nix-action@v17
      with:
        extra_nix_config: |
          # save space on disk and in cache
          auto-optimise-store = true
          # keep all store paths necessary to build the outputs
          keep-outputs = true
          keep-derivations = true
          # Enable flakes
          experimental-features = nix-command flakes
    - name: Run format check
      run: |
        nix fmt
        if [ -z "$(git status --untracked-files=no --porcelain)" ]; then 
          echo "Formatted, clean"
        else
          echo "The following files are unformatted:"
          git status
          false
        fi
  deploy:
    if: "github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'Deploy')"
    runs-on: ubuntu-latest
    name: Deploy
    steps:
    - uses: actions/checkout@v2.3.4
    - name: Add SSH key
      env:
        SSH_AUTH_SOCK: /tmp/ssh_agent.sock
      run: |
        mkdir -p /home/runner/.ssh
        echo "${{ secrets.SSH_KEY }}" > /home/runner/.ssh/github_actions
        echo "${{ secrets.NIX_DEPLOY_SSH_KEY }}" > /home/runner/.ssh/nix_deploy_key
        chmod 600 /home/runner/.ssh/*
        ssh-agent -a $SSH_AUTH_SOCK > /dev/null   
        ssh-add /home/runner/.ssh/*
        ssh-keyscan ${{ secrets.INSTANCE_IP }} >> /home/runner/.ssh/known_hosts
    - uses: cachix/install-nix-action@v17
      with:
        extra_nix_config: |
          # save space on disk and in cache
          auto-optimise-store = true
          # keep all store paths necessary to build the outputs
          keep-outputs = true
          keep-derivations = true
          # Enable flakes
          experimental-features = nix-command flakes
          # Deploy tokens
          access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
    - uses: actions/cache@v2
      with:
        key: nki-nix-${{ github.sha }}
        restore-keys: |
          nki-nix-
        path: |
          nix_store_dir
          nix_store_db.sqlite
    - name: restore cached nix store
      run: |
        if [ -e nix_store_db.sqlite ]; then
          sudo systemctl stop nix-daemon
          # put cached store paths back in their proper locations
          sudo rm -rf /nix/store /nix/var/nix/db/db.sqlite
          sudo mv nix_store_dir /nix/store
          sudo cp nix_store_db.sqlite /nix/var/nix/db/db.sqlite
          # fix store permissions
          sudo chmod 1775 /nix/store
          sudo chown root:nixbld /nix/store
          sudo chmod 0644 /nix/var/nix/db/db.sqlite
          sudo chown -R root:root /nix/store /nix/var/nix/db/db.sqlite
          sudo systemctl start nix-daemon
        fi
    - name: Deploy with deploy-rs
      env:
        SSH_AUTH_SOCK: /tmp/ssh_agent.sock
      run: |
        nix run -L github:Serokell/deploy-rs . -- --hostname ${{ secrets.INSTANCE_IP }} -- -L
    - name: prepare nix store for caching
      run: |
        # delete old stuff not relevant to this build
        nix store gc
        sudo systemctl stop nix-daemon
        # move store to a place where the cache action can read it
        sudo mv /nix/store nix_store_dir
        sudo mv /nix/var/nix/db/db.sqlite nix_store_db.sqlite