# borrowed from https://gitlab.com/nix17/nixos-config/-/blob/main/.gitlab-ci.yml

stages:
  - flake
  - test
  - deploy

# Update the flake for any changes upstream
# Passed in from upstream
# $PACKAGE_NAME = name of the flake that needs to be updated
# $UPDATE_FLAKE = flag to update the flake
update:
  stage: flake
  tags:
    - nix
  # from https://forum.gitlab.com/t/git-push-from-inside-a-gitlab-runner/30554/5
  before_script:
    # set teh ssh key for the commit
    - eval $(ssh-agent -s)
    - echo "${CI_KEY}" | tr -d '\r' | ssh-add - > /dev/null
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - echo "$CI_KEY" >> ~/.ssh/id_rsa.pub
    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'

  script:
    - git config --global user.email "${CI_EMAIL}"
    - git config --global user.name "${CI_USERNAME}"
    # the part that updates the flake
    - nix --experimental-features 'nix-command flakes' flake lock --update-input $PACKAGE_NAME
    - git add flake.lock
    - git commit -m "[skip ci] Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit"
    # we have a custom domain
    - git remote rm origin && git remote add origin ssh://git@gitlab.skynet.ie:2222/compsoc1/skynet/nixos.git
    - git push origin HEAD:$CI_COMMIT_REF_NAME
  only:
    refs:
      - main
    variables:
      - $UPDATE_FLAKE == "yes"

build:
  stage: test
  tags:
    - nix
  before_script:
    - . "$HOME/.nix-profile/etc/profile.d/nix.sh"
    # use the new flake
    - git pull origin main
  script:
    - nix --experimental-features 'nix-command flakes' run nixpkgs#colmena -- build
  only:
    changes:
      - applications/**/*
      - machines/**/*
      - secrets/**/*
      - flake.*
      - .gitlab-ci.yml

# every commit on main will build and deploy
deploy:
  stage: deploy
  tags:
    - nix
  before_script:
    # setup ssh key
    - eval $(ssh-agent -s)
    - echo "$DEPLOY_KEY" | tr -d '\r' | ssh-add - > /dev/null
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    # load nix environment
    - . "$HOME/.nix-profile/etc/profile.d/nix.sh"
    - git pull origin main
  script:
      # dns is always deployed first
    - nix --experimental-features 'nix-command flakes' run nixpkgs#colmena -- apply --on @active-dns
    - nix --experimental-features 'nix-command flakes' run nixpkgs#colmena -- apply --on @active-core
    - nix --experimental-features 'nix-command flakes' run nixpkgs#colmena -- apply --on @active
  only:
    refs:
      - main
    changes:
      - applications/**/*
      - machines/**/*
      - secrets/**/*
      - flake.*
      - .gitlab-ci.yml

deploy_gitlab:
  stage: deploy
  tags:
    - nix
  before_script:
    # setup ssh key
    - eval $(ssh-agent -s)
    - echo "$DEPLOY_KEY" | tr -d '\r' | ssh-add - > /dev/null
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    # load nix environment
    - . "$HOME/.nix-profile/etc/profile.d/nix.sh"
    - git pull origin main
  script:
    - nix --experimental-features 'nix-command flakes' run nixpkgs#colmena -- apply --on @active-gitlab
  when: manual