name: Test Nix Flakes project

on:
  workflow_call:
    inputs:
      extra-targets:
        type: string
        required: false
        default: ""
      extra-nix-flags:
        type: string
        required: false
        default: ""
    secrets:
      cachix-token:
        required: true
      github-token:
        required: true

jobs:
  check:
    name: Build and check
    runs-on: ubuntu-22.04
    steps:
    - name: Checkout repository
      uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
      with:
        submodules: 'recursive'

    - name: Install Nix
      uses: DeterminateSystems/nix-installer-action@8cdf194da984e4f12b2f8c36d1fa107c1dd67f5c # v11

    - name: Set up Magic Nix Cache
      uses: DeterminateSystems/magic-nix-cache-action@87e8236f46702ab0ce5a058b605a173ec88d618e # v6

    - name: Set up Cachix (msfjarvis)
      uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
      with:
        name: msfjarvis
        authToken: ${{ secrets.cachix-token }}
        cachixArgs: -c9 --omit-deriver

    - name: Run default check
      shell: bash
      env:
        NIX_FLAGS: ${{ inputs.extra-nix-flags }}
      run: |
        read -ra FLAGS <<<"$NIX_FLAGS"
        nix flake check '.?submodules=1#' --print-build-logs "${FLAGS[@]}"

    - name: Run additional checks
      shell: bash
      if: ${{ inputs.extra-targets != '' }}
      env:
        TARGET_STRING: ${{ inputs.extra-targets }}
        NIX_FLAGS: ${{ inputs.extra-nix-flags }}
      run: |
        read -ra TARGETS <<<"$TARGET_STRING"
        read -ra FLAGS <<<"$NIX_FLAGS"
        for TARGET in "${TARGETS[@]}"; do
          nix build --print-build-logs "${FLAGS[@]}" "${TARGET}"
        done