when:
  - event: pull_request
  - event: push
    branch:
      - ${CI_REPO_DEFAULT_BRANCH}

steps:
  check:
    image: docker.io/nixpkgs/nix-flakes:nixos-25.05
    commands:
      - nix flake check

  sign:
    image: docker.io/nixpkgs/nix-flakes:nixos-25.05
    env:
        DB_KEY: ${{ secrets.DBKEY }}
        DB_CRT: ${{ secrets.DBCRT }}
    commands:
      - ./scripts/sign-release.sh