include:
  - gitlab-ci.yml

stages:
  - build
  - deploy
  - trigger

build:image:
  stage: build
  parallel:
    matrix:
      - VARIANT: [ "", "-cachix", "-attic" ]
        SYSTEM: [ "aarch64-linux", "x86_64-linux" ]
  image: nixpkgs/nix-flakes:latest
  script:
    - nix build .#image${VARIANT} --system $SYSTEM
    - mkdir -p build
    - install result build/image-${VARIANT}-${SYSTEM}
  artifacts:
    paths:
      - build/image-${VARIANT}-${SYSTEM}

deploy:image:
  stage: deploy
  image: nixpkgs/nix-flakes:latest
  parallel:
    matrix:
      - VARIANT: [ "", "-cachix", "-attic" ]
  before_script:
    - nix profile install nixpkgs#buildah
    - export PATH="$PATH:$HOME/.nix-profile/bin"
    - export REGISTRY_AUTH_FILE=${HOME}/auth.json
    - echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
    - mkdir -p /etc/containers && echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
  script:
    - buildah manifest create localhost/image${VARIANT} \
        docker-archive:build/image${VARIANT}-aarch64-linux \
        docker-archive:build/image${VARIANT}-x86_64-linux
    - buildah manifest push --all localhost/image${VARIANT} \
        docker://${CI_REGISTRY_IMAGE}/nix-ci:${CI_COMMIT_SHORT_SHA}${VARIANT}
    - buildah manifest push --all localhost/image${VARIANT} \
        docker://${CI_REGISTRY_IMAGE}/nix-ci:${CI_COMMIT_BRANCH/main/latest}${VARIANT}