Skip to content

Commit 5e3e2ff

Browse files
DefeloDefelo
committed
feat: push new packages to cachix
1 parent 22a7af6 commit 5e3e2ff

File tree

1 file changed

+31
-15
lines changed

1 file changed

+31
-15
lines changed

.github/workflows/review.yml

+31-15
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,8 @@ on:
3838
required: true
3939
type: boolean
4040
default: false
41-
attic:
42-
description: "Push to attic"
41+
push-to-cache:
42+
description: "Push to cache"
4343
required: true
4444
type: boolean
4545
default: true
@@ -95,8 +95,10 @@ jobs:
9595
- name: install packages
9696
run: |
9797
pkgs=(coreutils nixpkgs-review)
98-
if [[ ${{ inputs.attic && vars.ATTIC_SERVER != '' && vars.ATTIC_CACHE != '' }} = true ]]; then
98+
if [[ ${{ inputs.push-to-cache && vars.ATTIC_SERVER != '' && vars.ATTIC_CACHE != '' }} = true ]]; then
9999
pkgs+=(attic-client)
100+
elif [[ ${{ inputs.push-to-cache && vars.CACHIX_CACHE != '' }} = true ]]; then
101+
pkgs+=(cachix)
100102
fi
101103
args=()
102104
for pkg in ${pkgs[@]}; do args+=("github:nixos/nixpkgs/nixos-unstable#$pkg"); done
@@ -136,35 +138,49 @@ jobs:
136138
env:
137139
GITHUB_TOKEN: ${{ github.token }}
138140

139-
- name: push results to attic
140-
if: ${{ inputs.attic && vars.ATTIC_SERVER != '' && vars.ATTIC_CACHE != '' }}
141+
- name: push results to cache
142+
if: ${{ inputs.push-to-cache && ((vars.ATTIC_SERVER != '' && vars.ATTIC_CACHE != '') || vars.CACHIX_CACHE != '') }}
141143
run: |
142144
set -ex
143-
attic login default "$ATTIC_SERVER" "$ATTIC_TOKEN"
144-
attic cache info "$ATTIC_CACHE"
145+
145146
(realpath -qe ~/.cache/nixpkgs-review/pr-${{ inputs.pr }}/results/* || true) > paths
146-
attic push --stdin "$ATTIC_CACHE" < paths
147-
info=$(curl -f -H "Authorization: Bearer ${ATTIC_TOKEN}" "${ATTIC_SERVER}_api/v1/cache-config/${ATTIC_CACHE}")
148-
substituter_endpoint=$(jq -r .substituter_endpoint <<< "$info")
149-
public_key=$(jq -r .public_key <<< "$info")
150-
is_public=$(jq -r .is_public <<< "$info")
147+
[[ -s paths ]] || exit
148+
149+
if [[ ${{ vars.ATTIC_SERVER != '' && vars.ATTIC_CACHE != '' }} = true ]]; then
150+
attic login default "$ATTIC_SERVER" "$ATTIC_TOKEN"
151+
attic cache info "$ATTIC_CACHE"
152+
attic push --stdin "$ATTIC_CACHE" < paths
153+
info=$(curl -f -H "Authorization: Bearer ${ATTIC_TOKEN}" "${ATTIC_SERVER}_api/v1/cache-config/${ATTIC_CACHE}")
154+
substituter_endpoint=$(jq -r .substituter_endpoint <<< "$info")
155+
public_key=$(jq -r .public_key <<< "$info")
156+
is_public=$(jq -r .is_public <<< "$info")
157+
elif [[ ${{ vars.CACHIX_CACHE != '' }} = true ]]; then
158+
cachix push "$CACHIX_CACHE" < paths
159+
info=$(curl -f -H "Authorization: Bearer ${ATTIC_TOKEN}" "https://app.cachix.org/api/v1/cache/${ATTIC_CACHE}")
160+
substituter_endpoint=$(jq -r .uri <<< "$info")
161+
public_key=$(jq -r '.publicSigningKeys[]' <<< "$info")
162+
is_public=$(jq -r .isPublic <<< "$info")
163+
fi
164+
165+
[[ "$is_public" = true ]] || exit
166+
151167
echo "nix-store -r --add-root nixpkgs-pr-${{ inputs.pr }}-${{ matrix.system }} \\" >> fetch_cmd
152168
echo " --option binary-caches 'https://cache.nixos.org/ $substituter_endpoint' \\" >> fetch_cmd
153169
echo " --option trusted-public-keys '" >> fetch_cmd
154170
echo " cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> fetch_cmd
155171
echo " $public_key" >> fetch_cmd
156172
echo -n " '" >> fetch_cmd
157-
ok=0
158173
for p in $(cat paths); do
159174
echo -e " \\" >> fetch_cmd
160175
echo -n " $p" >> fetch_cmd
161-
ok=1
162176
done
163-
[[ "$is_public" = "true" ]] && [[ $ok = 1 ]] || rm fetch_cmd
164177
env:
165178
ATTIC_SERVER: ${{ vars.ATTIC_SERVER }}
166179
ATTIC_CACHE: ${{ vars.ATTIC_CACHE }}
167180
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
181+
CACHIX_CACHE: ${{ vars.CACHIX_CACHE }}
182+
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
183+
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
168184

169185
- name: start upterm session
170186
if: ${{ inputs.upterm }}

0 commit comments

Comments
 (0)