name: Build and Deploy Desktop
on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: nix
    steps:
      - uses: https://github.com/actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Unlock git-crypt
        run: |
          git-crypt unlock /run/agenix/git-crypt-key-dotfiles

      - name: Build NixOS configuration (yarn)
        run: |
          nix build .#nixosConfigurations.yarn.config.system.build.toplevel -L

      - name: Deploy to desktop
        run: |
          eval $(ssh-agent -s)
          ssh-add /run/agenix/ci-deploy-key
          if ssh -i /run/agenix/ci-deploy-key -o StrictHostKeyChecking=no -o ConnectTimeout=10 root@desktop "echo reachable" 2>/dev/null; then
            nix run github:serokell/deploy-rs -- .#yarn --ssh-opts="-o StrictHostKeyChecking=no"
            echo "Deploy to desktop succeeded"
          else
            echo "Desktop unreachable - skipping deploy. Build succeeded."
          fi

      - name: Notify success
        if: success()
        run: |
          curl -sf -X POST \
            "https://ntfy.sigkill.computer/deployments" \
            -H "Title: [yarn] Build succeeded" \
            -H "Priority: default" \
            -H "Tags: white_check_mark" \
            -d "dotfiles built from commit ${GITHUB_SHA::8}"

      - name: Notify failure
        if: failure()
        run: |
          curl -sf -X POST \
            "https://ntfy.sigkill.computer/deployments" \
            -H "Title: [yarn] Build FAILED" \
            -H "Priority: urgent" \
            -H "Tags: rotating_light" \
            -d "dotfiles build failed at commit ${GITHUB_SHA::8}"