on:
  push:
    paths:
      - 'pkgs/images/**'
      - '.forgejo/workflows/**'
      - 'flake.lock'
jobs:
  check:
    runs-on: nix-upstream-latest
    steps:
      - run: echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
      - run: nix-env -i curl nodejs skopeo # bootstrap
      - uses: actions/checkout@v4
      - run: |-
          echo <<EOF > tags.txt
            nix-with-node:nix
          EOF
          echo <<EOF > /etc/containers/policy.json
            {
              "default": [{"type": "insecureAcceptAnything"}],
              "transports": {"docker-daemon": {"": [{"type":"insecureAcceptAnything"}]}}
            }
          EOF
      - run: |-
          for line in $(cat tags.txt); do
            IFS=: read -r pkg tag <<< $line
            skopeo copy --dest-creds="${{ secrets.FJ_USER }}:${{ secrets.FJ_PASS }}" docker-image://$(nix build .#$pkg --print-out-paths) docker://git.10110110.xyz/ci/$tag:latest
          done