---
kind: pipeline
type: docker
name: Build containers

steps:
  - name: buildImage
    image: nixos/nix
    commands:
      - echo "substituters = https://cache.nixos.org/ https://f000.backblazeb2.com/file/cache-chir-rs/" >> /etc/nix/nix.conf
      - echo "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" >> /etc/nix/nix.conf
      - echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
      - mkdir /etc/containers
      - |
        echo '{"default": [{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
      - nix-env -iA nixpkgs.skopeo
      - nix build '.#buildImage'
      - ./result | gzip --fast | skopeo copy --dest-creds=darkkirb:$GITEA_KEY docker-archive:/dev/stdin docker://git.chir.rs/darkkirb/nix-containers:buildImage --dest-compress-format zstd --dest-compress-level 12
    environment:
      GITEA_KEY:
        from_secret: DOCKER_KEY