name: Release

on:
  push:
    tags:
      - "*"

permissions:
  contents: write
  packages: write

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: ./.actions/init
        with:
          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"

      - run: nix flake check

  release:
    runs-on: ubuntu-latest
    needs: check
    steps:
      - uses: actions/checkout@v4
      - uses: ./.actions/init
        with:
          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"

      - run: >
          nix build
          .#trevstack-linux-amd64
          .#trevstack-linux-arm64
          .#trevstack-linux-arm
          .#trevstack-windows-amd64
          .#trevstack-darwin-amd64
          .#trevstack-darwin-arm64

      - uses: softprops/action-gh-release@v2
        with:
          generate_release_notes: true
          files: |-
            result*/bin/*

  package:
    runs-on: ubuntu-latest
    needs: release
    steps:
      - uses: actions/checkout@v4
      - uses: ./.actions/init
        with:
          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"

      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build & load images
        run: |
          nix build .#trevstack-linux-amd64-image && ./result | docker load
          nix build .#trevstack-linux-arm64-image && ./result | docker load
          nix build .#trevstack-linux-arm-image && ./result | docker load

      - name: Push images
        uses: ./.actions/push
        with:
          server_url: ghcr.io
          repository: ${{ github.repository }}
          tag: ${{ github.ref_name }}