name: Publish Docker Image

on:
  push:
    tags:
      - '**[0-9]+.[0-9]+.[0-9]+*'

jobs:
  build:
    runs-on: ubuntu-24.04

    permissions:
      contents: read
      id-token: write

    env:
      ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}

    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/magic-nix-cache-action@main

      - name: Deploy Docker Image
        run: nix run .#deploy