name: Guix Build

on:
  pull_request:
    types: [ labeled ]
  workflow_dispatch:

jobs:
  build:
    runs-on: [ "self-hosted", "linux", "x64", "ubuntu-core" ]
    if: contains(github.event.pull_request.labels.*.name, 'guix-build')
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Commit variables
        id: dockerfile
        run: |
          echo "hash=$(sha256sum ./contrib/containers/guix/Dockerfile | cut -d ' ' -f1)" >> $GITHUB_OUTPUT
          echo "host_user_id=$(id -u)" >> $GITHUB_OUTPUT
          echo "host_group_id=$(id -g)" >> $GITHUB_OUTPUT

      - name: Build Docker image
        uses: docker/build-push-action@v5
        with:
          context: ${{ github.workspace }}
          build-args: |
            USER_ID=${{ steps.dockerfile.outputs.host_user_id }}
            GROUP_ID=${{ steps.dockerfile.outputs.host_group_id }}
          build-contexts: |
            docker_root=${{ github.workspace }}/contrib/containers/guix
          file: ./contrib/containers/guix/Dockerfile
          load: true
          tags: guix_ubuntu:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Run Guix build
        run: |
          docker run --privileged -d --rm -t \
            --name guix-daemon \
            -e ADDITIONAL_GUIX_COMMON_FLAGS="--max-jobs=$(nproc --all)" \
            -v ${{ github.workspace }}:/src/dash \
            -w /src/dash \
            guix_ubuntu:latest && \
          docker exec guix-daemon bash -c '/usr/local/bin/guix-start'

      - name: Ensure build passes
        run: |
          if [[ $? != 0 ]]; then
            echo "Guix build failed!"
            exit 1
          fi

      - name: Compute SHA256 checksums
        run: |
          ./contrib/containers/guix/scripts/guix-check ${{ github.workspace }}