name: Deploy Website
on: [push]

jobs:
  build-and-deploy:
    runs-on: native
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4

      - name: Build article code
        run: |
          export NIX_PATH=nixpkgs=flake:nixpkgs:/nix/var/nix/profiles/per-user/root/channels/nixos
          /run/current-system/sw/bin/nix-build -A articles

      - name: Deploy article HTML
        run: |
          cat - <<EOD > ssh-key
          ${{ secrets.DEPLOY_SSH_KEY }}
          EOD
          chmod 400 ssh-key
          export NIX_PATH=nixpkgs=flake:nixpkgs:/nix/var/nix/profiles/per-user/root/channels/nixos
          /run/current-system/sw/bin/nix-shell -p rsync openssh --run \
            'rsync -avz -e "ssh -oStrictHostKeyChecking=accept-new -i ssh-key" result/* deploy@andrew.riouxs.co:/srv/site'

      - name: Remove SSH key
        if: always()
        run: |
          test -f ssh-key && shred ssh-key