name: Build NixOS ISOs

on:
  push:
    branches: [main]
    paths:
      - "iso/**"
      - "hosts/global/**"
      - "home/global/**"
      - "modules/**"
      - "flake.nix"
      - "flake.lock"
  workflow_dispatch:

jobs:
  build-iso:
    strategy:
      matrix:
        include:
          - iso-type: server
            arch: x86
          - iso-type: server
            arch: arm
          - iso-type: desktop
            arch: x86
          - iso-type: desktop
            arch: arm

    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@v9

      - name: Setup QEMU for ARM emulation
        if: ${{ matrix.arch == 'arm' }}
        uses: docker/setup-qemu-action@v3
        with:
          platforms: arm64

      - name: Setup Nix cache
        uses: DeterminateSystems/magic-nix-cache-action@v2

      - name: Enable ARM emulation
        if: ${{ matrix.arch == 'arm' }}
        run: |
          echo "extra-platforms = aarch64-linux" >> $HOME/.config/nix/nix.conf
          echo "extra-sandbox-paths = /run/binfmt" >> $HOME/.config/nix/nix.conf
          sudo systemctl restart nix-daemon.service

      - name: Build ISO (with retry)
        uses: nick-fields/retry@v3
        with:
          timeout_minutes: 60
          max_attempts: 3
          retry_wait_seconds: 30
          command: |
            cd iso
            if [ "${{ matrix.arch }}" = "arm" ]; then
              nix build .#${{ matrix.iso-type }}-iso-arm \
                --system x86_64-linux \
                --extra-platforms aarch64-linux \
                --print-build-logs \
                --accept-flake-config
            else
              nix build .#${{ matrix.iso-type }}-iso-x86 \
                --print-build-logs \
                --accept-flake-config
            fi

      - name: Get ISO filename
        id: iso-info
        run: |
          cd iso
          if [ "${{ matrix.arch }}" = "arm" ]; then
            ISO_PATH=$(nix build .#${{ matrix.iso-type }}-iso-arm --print-out-paths --no-link)
          else
            ISO_PATH=$(nix build .#${{ matrix.iso-type }}-iso-x86 --print-out-paths --no-link)
          fi
          ISO_FILE=$(find $ISO_PATH -name "*.iso" -o -name "*.iso.zst" | head -1)
          ISO_NAME=$(basename "$ISO_FILE")
          echo "iso-path=$ISO_FILE" >> $GITHUB_OUTPUT
          echo "iso-name=$ISO_NAME" >> $GITHUB_OUTPUT

      - name: Upload ISO as artifact
        uses: actions/upload-artifact@v4
        with:
          name: nixos-${{ matrix.iso-type }}-${{ matrix.arch }}-iso
          path: ${{ steps.iso-info.outputs.iso-path }}
          retention-days: 30

  create-release:
    needs: build-iso
    runs-on: ubuntu-latest
    if: startsWith(github.ref, 'refs/tags/')

    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@v4
        with:
          path: ./isos

      - name: Create Release
        uses: softprops/action-gh-release@v1
        with:
          files: ./isos/**/*.iso*
          tag_name: ${{ github.ref_name }}
          name: NixOS ISOs ${{ github.ref_name }}
          body: |
            ## NixOS ISOs for ${{ github.ref_name }}

            This release contains automatically built NixOS ISOs based on my configuration.

            ### Available ISOs:
            - **Server ISOs**: Minimal server environment with SSH access
            - **Desktop ISOs**: GNOME desktop environment for installation
            - **x86**: Intel/AMD 64-bit systems
            - **ARM**: ARM64 systems (cross-compiled)

            ### Usage:
            1. Download the appropriate ISO for your system
            2. Flash to USB or boot in VM
            3. Default credentials: user `nixos`, password `nixos`
            4. SSH is enabled for remote installation

            Built automatically from commit: ${{ github.sha }}
          draft: false
          prerelease: false