name: deploy-infra

on:
  workflow_dispatch: # allows manual triggering
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: native
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up SSH key for age secrets and SSH
        run: |
          env
          mkdir -p ~/.ssh
          echo "${{ secrets.CD_SSH_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519

      - name: Deploy
        run: nix-shell --run 'eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_ed25519 && SHELL=$(which bash) nixops4 apply -v default'