infrastructure/.github/workflows/ci.yml

name: ci
on:
  push:
    branches:
      - master

jobs:

  test:
    runs-on: ubuntu-latest
    container:
      volumes:
        - /mnt/cache/nix_store:/nix
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: cachix/install-nix-action@v23
        with:
          nix_path: nixpkgs=channel:nixos-unstable

      - name: Flake check
        run: nix flake check

  deploy:
    runs-on: ubuntu-latest
    container:
      volumes:
        - /mnt/cache/nix_store:/nix
    needs: test
    if: github.ref == 'refs/heads/master'
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: cachix/install-nix-action@v23
        with:
          nix_path: nixpkgs=channel:nixos-unstable

      - name: Load ssh key
        uses: webfactory/ssh-agent@v0.8.0
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

      - name: Deploy
        run: nix develop --command deploy