name: nix-non-x86

permissions:
  contents: read
  pull-requests: read

on:
  pull_request:
    branches: ["main"]
  push:
    branches: ["main"]
    tags: ["*"]

jobs:
  macos-latest:
    runs-on: macos-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
      - uses: cachix/install-nix-action@v31
        with:
          extra_nix_config: |
            access-tokens = github.com=${{ github.token }}
            trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=
            substituters = https://cache.nixos.org/ https://attic.teepot.org/tee-pot
            sandbox = true
      - name: Setup Attic cache
        uses: ryanccn/attic-action@v0
        with:
          endpoint: https://attic.teepot.org/
          cache: tee-pot
          token: ${{ secrets.ATTIC_TOKEN }}

      - name: nixci
        # FIXME: this prevents it from running on macos
        # https://github.com/NixOS/nix/pull/12570
        # run: nix run github:nixos/nixpkgs/nixos-24.11#nixci -- build
        run: nix build -L .#teepot --no-sandbox