name: Deploy Book

on:
  push:

permissions:
  contents: read
  pages: write
  id-token: write

jobs:
  deploy-unstable:
    name: Deploy

    runs-on: ubuntu-latest
    if: github.repository == 'zhaofengli/attic'

    steps:
      - uses: actions/checkout@v4.1.1

      - uses: DeterminateSystems/nix-installer-action@v9
        continue-on-error: true # Self-hosted runners already have Nix installed

      - name: Install Attic
        run: ./.github/install-attic-ci.sh

      - name: Configure Attic
        run: |
          export PATH=$HOME/.nix-profile/bin:$PATH # FIXME
          attic login staging https://staging.attic.rs/ "$ATTIC_TOKEN"
          attic use attic-ci
        env:
          ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}

      - name: Build book
        run: nix build .#book -L

      - name: Copy book artifact
        run: |
          cp --recursive --dereference --no-preserve=mode,ownership result public

      - name: Upload book artifact
        uses: actions/upload-pages-artifact@v2.0.0
        with:
          path: public

      - name: Deploy book
        uses: actions/deploy-pages@v3.0.1

      # TODO: Just take a diff of the list of store paths, also abstract all of this out
      - name: Push build artifacts
        run: |
          export PATH=$HOME/.nix-profile/bin:$PATH # FIXME
          if [ -n "$ATTIC_TOKEN" ]; then
            nix build .#book --no-link --print-out-paths -L | \
              xargs attic push attic-ci
          fi
        env:
          ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}