name: Build and Push static-server Image

on:
  push:
    branches: [main]
    paths:
      - 'deploy-static-site/images/flake.nix'
      - 'deploy-static-site/images/flake.lock'
      - '.forgejo/workflows/build-static-server.yaml'
  workflow_dispatch:

jobs:
  build:
    runs-on: nix
    steps:
      - uses: actions/checkout@v4

      # Smoke check disabled pending KVM on runner, see https://git.toph.so/toph/ci-actions/issues/1

      - name: Build static-server image
        run: nix build ./deploy-static-site/images#staticServer --out-link result-static-server

      - name: Push Nix closure to S3 cache
        if: env.NIX_SIGNING_KEY != ''
        uses: https://git.toph.so/toph/ci-actions/push-nix-cache@main
        with:
          store-path: ./result-static-server
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_KEY }}
          NIX_SIGNING_KEY: ${{ secrets.NIX_SIGNING_KEY }}

      - name: Push to registry
        run: |
          nix shell nixpkgs#skopeo -c skopeo copy \
            docker-archive:./result-static-server \
            docker://registry.toph.so/static-server:latest