name: "Test"
on:
  pull_request:
  schedule:
    - cron:  '51 2 * * *'
jobs:
  tests:
    strategy:
      matrix:
        nixPath:
          - nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-20.09.tar.gz
          - nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixpkgs-unstable.tar.gz
        os: [ ubuntu-latest, macos-latest ]
    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@v2
    - uses: cachix/install-nix-action@v12
      with:
        nix_path: "${{ matrix.nixPath }}"
        extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm"
    - name: Setup cachix
      uses: cachix/cachix-action@v6
      with:
        name: mic92
        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
    - name: Show nixpkgs version
      run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
    - name: Run golangci-lint
      run: nix-shell --pure --run "golangci-lint run"
      if: matrix.nixPath == 'nixpkgs=channel:nixpkgs-unstable'
    - name: Build nix packages
      run: nix-build release.nix
    - name: Run sops-pgp-hook tests
      run: nix-shell --pure --run "NIX_PATH=nixpkgs=$(nix-instantiate --find-file nixpkgs) go test ./pkgs/sops-pgp-hook"
    - name: Add keys group (needed for go tests)
      run: sudo groupadd keys
      if: matrix.os == 'ubuntu-latest'
    - name: Run sops-install-secrets tests
      run: nix-shell --pure --run "$(command -v sudo) unshare --mount --fork go test ./pkgs/sops-install-secrets"
      if: matrix.os == 'ubuntu-latest'
    - name: Run NixOS test
      run: nix-build -A sops-install-secrets.tests
      if: matrix.os == 'ubuntu-latest'