name: "Colmena apply"

on:
  push:
    tags:
      - "v*" # triggers on v1.0.0, v1.2.3, etc.
  workflow_dispatch:

jobs:
  apply:
    name: Apply flake configurations to colmena hive
    # Ensure 'nixos-latest' runner has Docker, SSH client, and basic Nix tools installed.
    # It seems it already does.
    runs-on: nixos-latest
    env:
      NIXOS_BUILER_HOST: nixos-builder.lab
      NIXOS_BUILER_USER: runner

    steps:
      # Use nix-env for setup (as you prefer and it works well for ephemeral environments)
      - name: Install dependencies via nix-env
        run: |
          nix-env -iA nixpkgs.nodejs
          nix-env -iA nixpkgs.openssh
          nix-env -iA cachix -f https://cachix.org/api/v1/install
          cachix use plasmagoat
          cachix authtoken ${{ secrets.CACHIX_AUTH_TOKEN }}

          cachix use colmena
          nix-env -if https://github.com/zhaofengli/colmena/tarball/main

      - name: Checkout repo
        uses: actions/checkout@v4

      - name: Enable experimental features
        run: |
          mkdir -p ~/.config/nix
          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf

      - name: Prepare SSH keys and known_hosts for builder and Proxmox
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.RUNNER_SSH_KEY }}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan -H "$NIXOS_BUILER_HOST" >> ~/.ssh/known_hosts
          chmod 600 ~/.ssh/known_hosts

      - name: Test SSH connection to NixOS Builder
        run: |
          echo "Testing SSH connection to $NIXOS_BUILER_HOST..."
          ssh -o StrictHostKeyChecking=yes "$NIXOS_BUILER_USER"@"$NIXOS_BUILER_HOST" "echo 'SSH success. Hostname:' && hostname"

      - name: Apply Colmena
        id: apply
        run: colmena apply