image: nixos/latest
sources:
  - https://git.tazj.in/
secrets:
  # cachix/tazjin
  - f7f02546-4d95-44f7-a98e-d61fdded8b5b
tasks:
  - setup: |
      # sourcehut does not censor secrets in builds, hence this hack:
      echo -n 'export CACHIX_SIGNING_KEY=' > cachix-preamble
      cat cachix-preamble ~/.cachix-tazjin >> ~/.buildenv
      nix-env -iA third_party.cachix -f git.tazj.in
      cachix use tazjin
  - build: |
      cd git.tazj.in
      nix-build ci-builds.nix > built-paths
  - cache: |
      cd git.tazj.in
      cat built-paths | cachix push tazjin
triggers:
  - action: email
    condition: failure
    to: mail@tazj.in