include:
  - component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/nix-gitlab-ci@$CI_COMMIT_SHA
    inputs:
      version: $CI_COMMIT_SHORT_SHA
stages:
  - build-images
  - build
  - trigger
build:image:
  stage: build-images
  parallel:
    matrix:
      - ARCH: ["x86_64-linux", "aarch64-linux"]
  image: nixpkgs/nix-flakes:latest
  script:
    - nix build .#image --system $ARCH
  after_script:
    - install -D result dist/nix-ci-$ARCH.tar.gz
  artifacts:
    paths:
      - dist
deploy:image:
  stage: build-images
  image: nixpkgs/nix-flakes:latest
  needs:
    - build:image
  before_script:
    - nix profile install nixpkgs#buildah
    - export PATH="$PATH:$HOME/.nix-profile/bin"
    - export REGISTRY_AUTH_FILE=''${HOME}/auth.json
    - echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
    - mkdir -p /etc/containers && echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
    - mkdir -p /var/tmp
  script:
    - export NORMALIZED_BRANCH=${CI_COMMIT_BRANCH/\//-}
    - buildah manifest create localhost/nix-ci
    - buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-x86_64-linux.tar.gz
    - buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-aarch64-linux.tar.gz
    - buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:${CI_COMMIT_SHORT_SHA}
    # branches
    - |
      if [ -z "$CI_COMMIT_TAG" ]; then
        buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:${NORMALIZED_BRANCH/main/latest}
      fi
    # tags
    - |
      if [ -n "$CI_COMMIT_TAG" ]; then
        buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:${CI_COMMIT_TAG}
      fi