name: "Check shell"

on:
  pull_request_target:
    paths:
      - 'shell.nix'
      - 'ci/**'

permissions: {}

jobs:
  shell-check:
    strategy:
      fail-fast: false
      matrix:
        include:
          - runner: ubuntu-24.04
            system: x86_64-linux
          - runner: macos-14
            system: aarch64-darwin

    name: shell-check-${{ matrix.system }}
    runs-on: ${{ matrix.runner }}

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: refs/pull/${{ github.event.pull_request.number }}/merge

      - uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31

      - name: Build shell
        run: nix-build shell.nix