name: Nix Flake Check

on:
  push:
    branches: [main, nix]
    tags:
      - 'v*'
  pull_request:
    branches: [main]

permissions:
  contents: read

jobs:
  check:
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}

    steps:
      - uses: actions/checkout@v4

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main

      - name: Setup Nix Cache
        uses: DeterminateSystems/magic-nix-cache-action@main

      - name: Check flake
        run: nix flake check

      - name: Show flake info
        run: nix flake show

      - name: Evaluate package
        run: |
          # Evaluate the derivation without building (validates the Nix expression)
          nix eval .#packages.$(nix eval --impure --expr 'builtins.currentSystem').default.name
          echo "Flake evaluation successful"

      # Note: Full build requires network access for bun install.
      # Nix sandboxed builds block network access.
      # To build locally: nix build --option sandbox false
      # Or use: nix develop && bun install && bun run build