---
kind: pipeline
type: exec
name: Check
node:
  hosttype: baremetal

steps:
  - name: "Check"
    when:
      event:
        - pull_request
    environment:
      NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
    commands:
      - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
      - nix $$NIX_FLAGS develop --command nix flake show
      - nix $$NIX_FLAGS develop --command treefmt --fail-on-change
      - nix $$NIX_FLAGS develop --command editorconfig-checker
      - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"

---
kind: pipeline
type: exec
name: Tests
node:
  hosttype: baremetal

steps:
  - name: "Tests"
    environment:
      NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
    commands:
      - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
      - nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest"
      - nix-store --read-log result
      - nix $$NIX_FLAGS flake check
      - nix $$NIX_FLAGS develop --command echo OK

  - name: "Upload artifacts"
    environment:
      TRITON_DONT_SOURCE_PROFILE: 1
      PRIVATE_SSH_KEY:
        from_secret: private_ssh_key
      MANTA_USER: pub_solar
      MANTA_URL: https://eu-central.manta.greenbaum.cloud
      MANTA_KEY_ID: "5d:5f:3d:22:8d:37:1f:e6:d6:ab:06:18:d9:a2:04:67"
    commands:
      - export TARGET_DIR="ci/$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}"
      - echo env var TARGET_DIR is set to $$TARGET_DIR
      - "mkdir ~/.ssh && chmod 700 ~/.ssh"
      - echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
      - nix flake new --template "git+https://git.greenbaum.cloud/dev/tritonshell?ref=main" ./tritonshell
      - git add tritonshell
      - cd tritonshell
      - nix develop --command mput -p -f ../result/foot_wayland_info.png ~~/public/$${TARGET_DIR}/foot_wayland_info.png
      - nix develop --command mput -p -f ../result/test-wayland.out ~~/public/$${TARGET_DIR}/test-wayland.out

trigger:
  ref:
    - refs/tags/v*
    - refs/tags/t*

---
kind: pipeline
type: docker
name: Notification

steps:
  - name: "Notify matrix"
    image: plugins/matrix
    settings:
      homeserver: https://matrix.pub.solar
      roomid: dfQBqwkhIzrFjMSsxy:pub.solar
      username:
        from_secret: matrix_username
      password:
        from_secret: matrix_password
      template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png"

depends_on:
  - Tests

trigger:
  ref:
    - refs/tags/v*
    - refs/tags/t*

---
kind: pipeline
type: docker
name: Publish ISO

steps:
  - name: "Build ISO"
    image: docker.nix-community.org/nixpkgs/nix-flakes:latest
    environment:
      NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
    volumes:
      - name: file-exchange
        path: /var/nix/iso-cache
    commands:
      - |
        nix $$NIX_FLAGS build \
          '.#nixosConfigurations.bootstrap.config.system.build.isoImage'
      - cp $(readlink -f result)/iso/PubSolarOS*.iso /var/nix/iso-cache/
      - nix shell nixpkgs#findutils
      - cd /var/nix/iso-cache/
      - export ISO_NAME=$(find . -name '*.iso' -printf "%f\n")
      - sha256sum $ISO_NAME > $ISO_NAME.sha256
      - ln -s $ISO_NAME PubSolarOS-latest.iso
      - cp $ISO_NAME.sha256 PubSolarOS-latest.iso.sha256
      - nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256

  - name: "Publish ISO"
    # https://github.com/appleboy/drone-scp/pull/141 got merged, yay
    image: appleboy/drone-scp:1.6.5-linux-amd64
    volumes:
      - name: file-exchange
        path: /var/nix/iso-cache
    settings:
      host:
        from_secret: iso_web_ssh_host
      user:
        from_secret: iso_web_ssh_user
      port:
        from_secret: iso_web_ssh_port
      key:
        from_secret: iso_web_ssh_key
      target: /data/srv/www/os/download
      source:
        - /var/nix/iso-cache/*.iso
        - /var/nix/iso-cache/*.iso.sha256
      unlink_first: true
      strip_components: 3

depends_on:
  - Check

trigger:
  branch:
    - main
  event:
    - push

volumes:
  - name: file-exchange
    temp: {}

---
kind: signature
hmac: a116f78a0b22188052893bdb46aa40f8de66438826c10ced362ea183d7644d67

...