name: "Build Nixpkgs manual v2"

permissions:
  contents: read

on:
  pull_request_target:
    branches:
      - master
    paths:
      - 'doc/**'
      - 'lib/**'
      - 'pkgs/tools/nix/nixdoc/**'

jobs:
  nixpkgs:
    name: nixpkgs-manual-build
    runs-on: ubuntu-latest
    if: github.repository_owner == 'NixOS'
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          # pull_request_target checks out the base branch by default
          ref: refs/pull/${{ github.event.pull_request.number }}/merge
      - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
        with:
          # explicitly enable sandbox
          extra_nix_config: sandbox = true
      - uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
        with:
          # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
          name: nixpkgs-ci
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
      - name: Building Nixpkgs manual
        run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual -A manual.tests