name: "nix-devshell"
description:
  "Set up Nix, optionally cache, prebuild the devshell and run commands inside
  the devshell."
inputs:
  prebuild:
    description:
      "Whether to prebuild the devshell (nix develop --command true)."
    required: false
    default: "false"
  commands:
    description:
      "Commands to run inside the devshell (executed with bash -lc)."
    required: false
    default: ""
  cache:
    description:
      "Enable caching for Nix artifacts (caches ~/.cache/nix and
      ~/.local/share/nix)."
    required: false
    default: "true"
  cache-key-files:
    description: "Files to hash for cache key (glob). Default is 'flake.lock'."
    required: false
    default: "flake.lock"
  cachix-name:
    description: "Optional Cachix cache name to use (requires cachix token)."
    required: false
    default: ""
  cachix-token:
    description: "Optional Cachix token (pass via secrets)."
    required: false
    default: ""

runs:
  using: "composite"
  steps:
    - name: Install Nix (idempotent)
      shell: bash
      run: |
        set -euo pipefail
        if ! command -v nix >/dev/null 2>&1; then
          curl -L https://nixos.org/nix/install | sh -s -- --no-daemon
        fi
        # source the nix profile if present
        if [ -f "$HOME/.nix-profile/etc/profile.d/nix.sh" ]; then
          . "$HOME/.nix-profile/etc/profile.d/nix.sh"
        fi
        nix --version

    - name: Setup Cachix (optional)
      if: ${{ inputs.cachix-name != '' && inputs.cachix-token != '' }}
      shell: bash
      run: |
        set -euo pipefail
        curl -L https://cachix.org/api/install | sh
        cachix use --token "${{ inputs.cachix-token }}" "${{ inputs.cachix-name }}"

    - name: Cache Nix directories
      if: ${{ inputs.cache == 'true' }}
      uses: actions/cache@v4
      with:
        path: |
          ~/.cache/nix
          ~/.local/share/nix
        key: ${{ runner.os }}-nix-${{ hashFiles(inputs.cache-key-files) }}
        restore-keys: ${{ runner.os }}-nix-

    - name: Prebuild devshell
      if: ${{ inputs.prebuild == 'true' }}
      shell: bash
      run: |
        set -euo pipefail
        if [ -f "$HOME/.nix-profile/etc/profile.d/nix.sh" ]; then
          . "$HOME/.nix-profile/etc/profile.d/nix.sh"
        fi
        nix --extra-experimental-features 'nix-command flakes' develop --command true

    - name: Run commands in devshell
      if: ${{ inputs.commands != '' }}
      shell: bash
      run: |
        set -euo pipefail
        if [ -f "$HOME/.nix-profile/etc/profile.d/nix.sh" ]; then
          . "$HOME/.nix-profile/etc/profile.d/nix.sh"
        fi
        nix --extra-experimental-features 'nix-command flakes' develop --command bash -lc "${{ inputs.commands }}"