image: nixpkgs/nix-flakes

stages:
  - check
  - build
  - deploy

check:
  stage: check
  script:
    - nix flake check . --print-build-logs

build:
  stage: build
  needs:
    - check
  before_script:
    - . <(nix print-dev-env .#ci)
    - mkdir -p "/etc/containers/"
    - echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
    - just docker-image-fly
  script:
    - export DOCKER_TAG="$(date --utc +%Y%m%d%H%M%S)-${CI_COMMIT_SHA}"
    - just nix-build builder
    - just docker-image-fly
    - just docker-inspect result --tmpdir=$TMPDIR
    - just print-docker-tag
    - |
      if fly auth whoami > /dev/null 2>&1
      then
        fly auth docker
        just push-to-registry --tmpdir=$TMPDIR --dest-precompute-digests
        just print-docker-tag >> build.env
      fi
  artifacts:
    reports:
      dotenv: build.env

deploy:
  stage: deploy
  needs:
    - build
  script:
    - fly auth docker
    - fly deploy --image $FLY_REGISTRY_IMAGE_TAG
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH