name: "nix-devshell"
description:
  "Set up Nix, prebuild the devshell and run commands inside the devshell."
inputs:
  prebuild:
    description:
      "Whether to prebuild the devshell (nix develop --command true)."
    required: false
    default: "false"
  commands:
    description:
      "Commands to run inside the devshell (executed with bash -lc)."
    required: false
    default: ""
  cachix_cache:
    description: "Optional Cachix cache name to use (e.g. myorg). Requires `cachix_auth` for private caches."
    required: false
    default: ""
  cachix_auth:
    description: "Optional Cachix auth token used to access private caches (pass via secrets)."
    required: false
    default: ""

runs:
  using: "composite"
  steps:
    - name: Install Nix (idempotent)
      shell: bash
      run: |
        set -euo pipefail
        if ! command -v nix >/dev/null 2>&1; then
          curl -L https://nixos.org/nix/install | sh -s -- --no-daemon
        fi
        # source the nix profile if present
        if [ -f "$HOME/.nix-profile/etc/profile.d/nix.sh" ]; then
          . "$HOME/.nix-profile/etc/profile.d/nix.sh"
        fi
        nix --version

    - name: (Optional) Configure Cachix binary cache
      if: ${{ inputs.cachix_cache != '' }}
      shell: bash
      run: |
        set -euo pipefail
        # install cachix CLI if absent (via nix)
        if ! command -v cachix >/dev/null 2>&1; then
          if command -v nix >/dev/null 2>&1; then
            nix profile install nixpkgs#cachix || true
          else
            echo "nix not available - cannot install cachix"
            exit 1
          fi
        fi
        # authenticate if auth token provided (for private caches)
        if [ -n "${{ inputs.cachix_auth }}" ]; then
          echo "${{ inputs.cachix_auth }}" | cachix authtoken - || true
        fi
        # use the provided cachix cache
        cachix use "${{ inputs.cachix_cache }}" || true

    - name: Prebuild devshell
      if: ${{ inputs.prebuild == 'true' }}
      shell: bash
      run: |
        set -euo pipefail
        if [ -f "$HOME/.nix-profile/etc/profile.d/nix.sh" ]; then
          . "$HOME/.nix-profile/etc/profile.d/nix.sh"
        fi
        nix --extra-experimental-features 'nix-command flakes' develop --command true

    - name: Run commands in devshell
      if: ${{ inputs.commands != '' }}
      shell: bash
      run: |
        set -euo pipefail
        if [ -f "$HOME/.nix-profile/etc/profile.d/nix.sh" ]; then
          . "$HOME/.nix-profile/etc/profile.d/nix.sh"
        fi
        nix --extra-experimental-features 'nix-command flakes' develop --command bash -lc "${{ inputs.commands }}"