name: Push

on:
  push:
    branches:
      - master
      - staging
      - release-*
      - staging-*
      - haskell-updates
  workflow_call:
    inputs:
      mergedSha:
        required: true
        type: string
    secrets:
      CACHIX_AUTH_TOKEN:
        required: true

permissions: {}

jobs:
  prepare:
    runs-on: ubuntu-24.04-arm
    outputs:
      systems: ${{ steps.systems.outputs.systems }}
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          sparse-checkout: |
            ci/supportedSystems.json

      - name: Load supported systems
        id: systems
        run: |
          echo "systems=$(jq -c <ci/supportedSystems.json)" >> "$GITHUB_OUTPUT"

  eval:
    name: Eval
    needs: [prepare]
    uses: ./.github/workflows/eval.yml
    # Those are not actually used on push, but will throw an error if not set.
    permissions:
      # compare
      statuses: write
    secrets:
      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
    with:
      mergedSha: ${{ inputs.mergedSha || github.sha }}
      systems: ${{ needs.prepare.outputs.systems }}