name: quality

on:
  pull_request:
    branches: [main]
  push:
    branches: [main]

permissions:
  contents: read

jobs:
  changes:
    runs-on: [self-hosted, netty]
    outputs:
      quality: ${{ steps.filter.outputs.quality }}
    steps:
      - uses: actions/checkout@v4
      - uses: dorny/paths-filter@v3
        id: filter
        with:
          filters: |
            quality:
              - "**/*.nix"
              - "flake.lock"
              - "flake.nix"
              - "justfile"
              - "ci/**"
              - "config/**"
              - "scripts/**"
              - ".github/workflows/**"

  flake-check:
    name: Flake Check
    runs-on: [self-hosted, netty]
    needs: changes
    if: ${{ needs.changes.outputs.quality == 'true' }}
    steps:
      - uses: actions/checkout@v4
      - name: Prepare local flake input shims
        run: |
          set -euo pipefail
          sudo mkdir -p /Users/rathi/Documents/GitHub/companion/agentcomputer/apps
          sudo ln -sfn "$GITHUB_WORKSPACE/ci/agentcomputer-cli-stub" /Users/rathi/Documents/GitHub/companion/agentcomputer/apps/cli
      - run: nix flake check

  nix-format:
    name: Nix Format Check
    runs-on: [self-hosted, netty]
    needs: changes
    if: ${{ needs.changes.outputs.quality == 'true' }}
    steps:
      - uses: actions/checkout@v4
      - name: Prepare local flake input shims
        run: |
          set -euo pipefail
          sudo mkdir -p /Users/rathi/Documents/GitHub/companion/agentcomputer/apps
          sudo ln -sfn "$GITHUB_WORKSPACE/ci/agentcomputer-cli-stub" /Users/rathi/Documents/GitHub/companion/agentcomputer/apps/cli
      - run: nix fmt -- --ci

  deploy-netty:
    name: Deploy netty
    runs-on: ubuntu-latest
    needs: [changes, flake-check, nix-format]
    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.quality == 'true' }}
    concurrency:
      group: deploy-netty
    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - name: Configure SSH
        shell: bash
        env:
          NETTY_SSH_PRIVATE_KEY: ${{ secrets.NETTY_SSH_PRIVATE_KEY }}
          NETTY_SSH_KNOWN_HOSTS: ${{ secrets.NETTY_SSH_KNOWN_HOSTS }}
        run: |
          set -euo pipefail
          test -n "$NETTY_SSH_PRIVATE_KEY"
          test -n "$NETTY_SSH_KNOWN_HOSTS"
          install -d -m 700 "$HOME/.ssh"
          printf '%s\n' "$NETTY_SSH_PRIVATE_KEY" > "$HOME/.ssh/netty"
          chmod 600 "$HOME/.ssh/netty"
          printf '%s\n' "$NETTY_SSH_KNOWN_HOSTS" > "$HOME/.ssh/known_hosts"
          chmod 600 "$HOME/.ssh/known_hosts"
          cat > "$HOME/.ssh/config" <<'EOF'
          Host netty
            HostName 152.53.195.59
            User root
            IdentityFile ~/.ssh/netty
            IdentitiesOnly yes
          EOF
          chmod 600 "$HOME/.ssh/config"
      - name: Deploy netty
        shell: bash
        run: |
          set -euo pipefail
          nix shell nixpkgs#just --command just switch-netty