name: Nix

on:
  push:
    branches: [main]
  pull_request:
    paths:
      - 'flake.nix'
      - 'flake.lock'
      - 'nix/**'
      - 'pyproject.toml'
      - 'uv.lock'
      - 'hermes_cli/**'
      - 'run_agent.py'
      - 'acp_adapter/**'

permissions:
  contents: read

concurrency:
  group: nix-${{ github.ref }}
  cancel-in-progress: true

jobs:
  nix:
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}
    timeout-minutes: 30
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
      - uses: DeterminateSystems/nix-installer-action@ef8a148080ab6020fd15196c2084a2eea5ff2d25  # v22
      - uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39  # v13
      - name: Check flake
        if: runner.os == 'Linux'
        run: nix flake check --print-build-logs
      - name: Build package
        if: runner.os == 'Linux'
        run: nix build --print-build-logs
      - name: Evaluate flake (macOS)
        if: runner.os == 'macOS'
        run: nix flake show --json > /dev/null