---
kind: pipeline
type: exec
name: Check and deploy
node:
  hosttype: baremetal

steps:
  - name: "Check"
    when:
      event:
        - pull_request
    environment:
      NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
    commands:
      - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
      - nix $$NIX_FLAGS develop --command nix flake show
      - nix $$NIX_FLAGS develop --command treefmt --fail-on-change
      - nix $$NIX_FLAGS develop --command editorconfig-checker
      - nix $$NIX_FLAGS build ".#nixosConfigurations.pioneer-momo-koeln.config.system.build.toplevel"

  - name: "Deploy"
    when:
      event:
        - push
      branch:
        - main
    environment:
      NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
      PRIVATE_SSH_KEY:
        from_secret: ci_private_ssh_key
      SSH_HOST_KEY: "80.244.242.4 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFAMFmC8BNq08QLKQLyT139qzh7jIF5yOY32fCHiCMg5"
    commands:
      - mkdir $$HOME/.ssh && chmod 700 $$HOME/.ssh
      - echo "$$PRIVATE_SSH_KEY" > $$HOME/.ssh/id_ed25519 && chmod 600 $$HOME/.ssh/id_ed25519
      - echo "$$SSH_HOST_KEY" > $$HOME/.ssh/known_hosts
      # SSH uses HOME from /etc/passwd, not from the environment, so override it
      - export SSHOPTS="-o UserKnownHostsFile=$$HOME/.ssh/known_hosts -i $$HOME/.ssh/id_ed25519"
      - "echo DEBUG: Using NIX_FLAGS: $$NIX_FLAGS"
      - nix $$NIX_FLAGS develop --command deploy --magic-rollback false --skip-checks --targets '.#pioneer-momo-koeln' --ssh-opts="$$SSHOPTS"

---
kind: signature
hmac: 0a9bea82f36e5a63794b831c72182305a72901d0985f0a070f876ae7c48421be

...