name: NixOS Module Tests

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

jobs:
  nix-module-check:
    runs-on: ubuntu-latest
    permissions:
      contents: read

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 2

      - name: Get changed files
        id: changed-files
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            nix:
              - 'nix/**'
              - 'flake.nix'
              - 'flake.lock'
            go:
              - 'go.*'
              - '**/*.go'
              - 'cmd/**'
              - 'hscontrol/**'

      - uses: nixbuild/nix-quick-install-action@889f3180bb5f064ee9e3201428d04ae9e41d54ad # v31
        if: steps.changed-files.outputs.nix == 'true' || steps.changed-files.outputs.go == 'true'

      - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a # v6.1.3
        if: steps.changed-files.outputs.nix == 'true' || steps.changed-files.outputs.go == 'true'
        with:
          primary-key:
            nix-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.nix',
            '**/flake.lock') }}
          restore-prefixes-first-match: nix-${{ runner.os }}-${{ runner.arch }}

      - name: Run NixOS module tests
        if: steps.changed-files.outputs.nix == 'true' || steps.changed-files.outputs.go == 'true'
        run: |
          echo "Running NixOS module integration test..."
          nix build .#checks.x86_64-linux.headscale -L