name: nix-build-publish

on:
  push:
    branches:
      - master

jobs:
  check:
    runs-on: nix-runner 
    steps:
      - uses: actions/checkout@v4 
      - run: |
          NIXPKGS_ALLOW_BROKEN=1 nix flake check --allow-import-from-derivation --keep-going --impure
  build:
    runs-on: nix-runner
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/cachix-action@v14
        with:
          name: bonfire
          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
      - run: nix build -L