build.yml

name: build system configurations with nix
on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main
jobs:
  changed-files:
    runs-on: ubuntu-latest
    name: Check modified files
    outputs:
      nixos-changed: ${{ steps.changed-files.outputs.nixos_any_changed == 'true' }}
      darwin-changed: ${{ steps.changed-files.outputs.darwin_any_changed == 'true' }}
      aqua-changed: ${{ steps.changed-files.outputs.aqua_any_changed == 'true' }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Get all changed files
        id: changed-files
        uses: tj-actions/changed-files@v45
        with:
          files_yaml: |
            nixos:
              - flake.lock
              - flake.nix
              - '.github/workflows/build.yml'
              - 'Makefile'
            darwin:
              - flake.lock
              - flake.nix
              - home-manager/**
              - '!home-manager/linux/**'
              - '!home-manager/hyprland/**'
              - '!home-manager/fcitx5/**'
              - '!home-manager/profiles/rika/**'
              - '!home-manager/profiles/xanadu/**'
              - '!home-manager/profiles/yuki/**'
              - nix-darwin/**
              - profiles/asu/**
              - secrets/**
              - '.github/workflows/build.yml'
              - 'Makefile'
            aqua:
              - aqua/**
              - '.github/workflows/build.yml'
            
  nixos-build:
    runs-on: [self-hosted, X64, Linux, nix]
    name: Build NixOS configuration
    needs: changed-files
    if: needs.changed-files.outputs.nixos-changed == 'true'
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Adding Nix PATH
        run: |
          echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH"
          echo "$HOME/.nix-profile/bin" >> "$GITHUB_PATH"
      - name: Check nix installation
        run: |
          make RUNS_ENV=ci test
      - name: build
        run: |
          make RUNS_ENV=ci ci-build
          df -h

  darwin-build:
    runs-on: macos-14
    name: Build darwin configuration
    needs: changed-files
    if: needs.changed-files.outputs.darwin-changed == 'true'
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install nix
        uses: cachix/install-nix-action@v30
      - name: Setup cachix
        uses: cachix/cachix-action@v15
        with:
          name: nanamiiiii
          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
      - name: Create /run for darwin
        run: |
          printf "run\tprivate/var/run\n" | sudo tee -a /etc/synthetic.conf
          /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t || true
      - name: GitHub cache setup
        uses: DeterminateSystems/magic-nix-cache-action@main
      - name: Build
        run: |
          make RUNS_ENV=ci ci-build
          df -h

  cachix-deploy:
    runs-on: macos-14
    name: Deploy darwin configuration
    needs: darwin-build
    if: github.ref == 'refs/heads/main'
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install nix
        uses: cachix/install-nix-action@v30
      - name: Setup cachix
        uses: cachix/cachix-action@v15
        with:
          name: nanamiiiii
          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
      - name: GitHub cache setup
        uses: DeterminateSystems/magic-nix-cache-action@main
      - name: Deploy
        env:
          CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
        run: |
          spec=$(nix build ".#cachix-deploy" --accept-flake-config --print-out-paths)
          cachix push nanamiiiii "$spec"
          cachix deploy activate "$spec" --async

  aqua-checksum-update:
    needs: changed-files
    if: needs.changed-files.outputs.aqua-changed == 'true'
    uses: aquaproj/update-checksum-workflow/.github/workflows/update-checksum.yaml@a563422baaaa611fee5a4cdec99a34476cc4b7ed
    permissions:
      contents: read
    with:
      aqua_version: v2.40.0
      working_directory: aqua
      prune: true
    secrets:
      gh_token: ${{secrets.GH_TOKEN}}