name: deploy-infra

on:
  workflow_dispatch: # allows manual triggering
  push:
    branches:
      # - main

jobs:
  deploy:
    runs-on: native
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up SSH key to access age secrets
        run: |
          env
          mkdir -p ~/.ssh
          echo "${{ secrets.CD_SSH_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519

      - name: Deploy
        run: nix-shell --run 'nixops4 deploy'