name: nix

on:
  push:
    branches:
      - master

jobs:
  check:
    runs-on: nix-runner
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: true
          token: "${{ secrets.REPO_PAT }}"
      - run: |
          NIXPKGS_ALLOW_BROKEN=1 NIXPKGS_ALLOW_UNFREE=1 nix flake check --allow-import-from-derivation --keep-going --impure