rosenpass/.github/workflows/nix.yaml

name: Nix Related Actions
permissions:
  contents: write
on:
  pull_request:
  push:
    branches: [main]

jobs:
  build:
    name: Build ${{ matrix.derivation }} on ${{ matrix.nix-system }}
    runs-on:
      - nix
      - ${{ matrix.nix-system }}
    strategy:
      fail-fast: false
      matrix:
        nix-system:
          - x86_64-linux
          # - aarch64-linux
        derivation:
          - rosenpass
          - rosenpass-static
          - rosenpass-oci-image
          - rosenpass-static-oci-image
          - proof-proverif
          - whitepaper

    steps:
      - uses: actions/checkout@v3
      - name: Generate gitHeadInfo.gin for the whitepaper
        if: ${{ matrix.derivation == 'whitepaper' }}
        run: ( cd papers && ./tex/gitinfo2.sh && git add gitHeadInfo.gin )
      - name: Build ${{ matrix.derivation }}
        run: |
          # build the package
          nix build .#packages.${{ matrix.nix-system }}.${{ matrix.derivation }} --print-build-logs

          # copy over the results
          if [[ -f $(readlink --canonicalize result ) ]]; then
            mkdir -- ${{ matrix.derivation }}
          fi
          cp --recursive -- $(readlink --canonicalize -- result) ${{ matrix.derivation }}
          chmod --recursive -- ug+rw ${{ matrix.derivation }}

          # add version information
          git rev-parse --abbrev-ref HEAD > ${{ matrix.derivation }}/git-version
          git rev-parse HEAD > ${{ matrix.derivation }}/git-sha

          # override the `rp` script to keep compatible with non-nix systems
          if [[ -f ${{ matrix.derivation }}/bin/rp ]]
          then
            cp --force rp ${{ matrix.derivation }}/bin/
          fi
      - name: Upload build results
        uses: actions/upload-artifact@v3
        with:
          name: ${{ matrix.derivation }}@${{ matrix.nix-system }}
          path: ${{ matrix.derivation }}
      - name: Deploy PDF artifacts
        if: ${{ matrix.derivation == 'whitepaper' && github.ref == 'refs/heads/main' }}
        uses: peaceiris/actions-gh-pages@v3
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          publish_dir: whitepaper
          publish_branch: papers-pdf
          force_orphan: true
  checks:
    name: Run Nix checks
    runs-on: nixos
    needs: build
    steps:
      - uses: actions/checkout@v3
      - name: Run Checks
        run: nix flake check . --print-build-logs