nixpkgs/.github/workflows/pr.yml

name: PR

on:
  pull_request:
    paths:
      - .github/workflows/build.yml
      - .github/workflows/check.yml
      - .github/workflows/eval.yml
      - .github/workflows/lint.yml
      - .github/workflows/pr.yml
      - .github/workflows/reviewers.yml # needs eval results from the same event type
  pull_request_target:

concurrency:
  group: pr-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true

permissions: {}

jobs:
  prepare:
    runs-on: ubuntu-24.04-arm
    outputs:
      mergedSha: ${{ steps.get-merge-commit.outputs.mergedSha }}
      targetSha: ${{ steps.get-merge-commit.outputs.targetSha }}
      systems: ${{ steps.systems.outputs.systems }}
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          sparse-checkout: |
            .github/actions
            ci/supportedSystems.json
      - name: Check if the PR can be merged and get the test merge commit
        uses: ./.github/actions/get-merge-commit
        id: get-merge-commit

      - name: Load supported systems
        id: systems
        run: |
          echo "systems=$(jq -c <ci/supportedSystems.json)" >> "$GITHUB_OUTPUT"

  check:
    name: Check
    uses: ./.github/workflows/check.yml
    permissions:
      # cherry-picks
      pull-requests: write

  lint:
    name: Lint
    uses: ./.github/workflows/lint.yml

  eval:
    name: Eval
    needs: [prepare]
    uses: ./.github/workflows/eval.yml
    permissions:
      # compare
      issues: write
      pull-requests: write
      statuses: write
    secrets:
      OWNER_APP_PRIVATE_KEY: ${{ secrets.OWNER_APP_PRIVATE_KEY }}
    with:
      mergedSha: ${{ needs.prepare.outputs.mergedSha }}
      targetSha: ${{ needs.prepare.outputs.targetSha }}
      systems: ${{ needs.prepare.outputs.systems }}

  build:
    name: Build
    uses: ./.github/workflows/build.yml
    secrets:
      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}