infra/.gitea/workflows/build-nixos.yml

name: NixOS Build & Test
run-name: Build ${{ gitea.event_name == 'push' && gitea.ref_name || format('PR #{0}', gitea.event.pull_request.number) }}

on:
  push:
    branches:
      - master
    paths:
      - '**.nix'
      - 'flake.lock'
      - 'secrets/**'
      - 'hosts/**'
      - 'modules/**'
  pull_request:
    branches:
      - master
    paths:
      - '**.nix'
      - 'flake.lock'
      - 'secrets/**'
      - 'hosts/**'
      - 'modules/**'

jobs:
  build:
    runs-on: nixos-builder
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Nix environment
        run: |
          echo "extra-experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
          cat ~/.config/nix/nix.conf

      - name: Install nh (nix helper)
        run: |
          nix --extra-experimental-features "nix-command flakes" \
            profile add nixpkgs#nh
          nh --version

      - name: Build NixOS configuration (lazyworkhorse)
        run: |
          nh os build .#lazyworkhorse
        env:
          NIX_CONFIG: "extra-experimental-features = nix-command flakes"

      - name: Build NixOS configuration (cyt-pi)
        run: |
          nh os build .#cyt-pi
        env:
          NIX_CONFIG: "extra-experimental-features = nix-command flakes"

      - name: Integration tests (placeholder)
        run: |
          echo "TODO: Add integration tests here"
          echo ""
          echo "Suggested future checks:"
          echo "  - nix flake check  (evaluate all NixOS configs)"
          echo "  - Validate agenix secrets are decryptable"
          echo "  - Check services are defined correctly"
          echo "  - Run VM test if nixos-test infrastructure exists"