name: Integration tests

on:
  pull_request:
  push:
    branches: [main]

jobs:
  checks:
    runs-on: ubuntu-22.04
    permissions:
      contents: read
      id-token: write
    env:
      FLAKEHUB_API_ENDPOINT: api.flakehub.com
      FLAKEHUB_WEB_ENDPOINT: https://flakehub.com
      NIX_CONF: /etc/nix/nix.conf
      FLAKEHUB_CACHE: "https://cache.flakehub.com"
    steps:
      - uses: actions/checkout@v3

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main

      - name: Setup
        id: setup
        run: |
          TMP=$(mktemp -d)
          NETRC="${TMP}/netrc"

          sudo chmod a+rw "${{ env.NIX_CONF }}"

          REQUEST_TOKEN="${ACTIONS_ID_TOKEN_REQUEST_TOKEN}"
          ROOT_URL="${ACTIONS_ID_TOKEN_REQUEST_URL}"
          JWT_ID_TOKEN=$(curl \
            --header "authorization: bearer ${REQUEST_TOKEN}" \
            --header "accept: application/json;api-version=2.0" \
            --header "content-type: application/json" \
            --header "user-agent: magic-nix-cache" \
            "${ROOT_URL}&audience=${{ env.FLAKEHUB_API_ENDPOINT }}")

          echo "::set-output name=token::${JWT_ID_TOKEN}"
          echo "::set-output name=netrc::${NETRC}"

      - name: Set up netrc file
        env:
          NETRC: ${{ steps.setup.outputs.netrc }}
          TOKEN: ${{ steps.setup.outputs.token }}
        run: |
          echo "machine ${{ env.FLAKEHUB_WEB_ENDPOINT }} login flakehub password ${{ env.TOKEN }}" > "${{ env.NETRC }}"
          echo "machine ${{ env.FLAKEHUB_API_ENDPOINT }} login flakehub password ${{ env.TOKEN }}" >> "${{ env.NETRC }}"
          echo "extra-substituters = ${{ env.FLAKEHUB_CACHE }}/?trusted=1" >> "${{ env.NIX_CONF }}"
          echo "netrc-file = ${{ env.NETRC }}" >> "${{ env.NIX_CONF }}"

          echo "netrc file:"
          cat "${{ env.NETRC }}"

          echo "Nix config:"
          cat "${{ env.NIX_CONF }}"