ci: action to setup nix/cachix

Signed-off-by: Paul Meyer <[email protected]>
edgelesssys · Feb 28, 2024 · 5176ade · 5176ade
1 parent 686e38b
commit 5176ade
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 48 deletions.
diff --git a/.github/actions/setup_nix/action.yml b/.github/actions/setup_nix/action.yml
@@ -0,0 +1,21 @@
+name: setup nix
+description: Setup nix and cachix
+
+inputs:
+  githubToken:
+    description: "Token to authenticate with GitHub"
+    required: true
+  cachixToken:
+    description: "Token to authenticate with cachix"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
+      with:
+        github_access_token: ${{ inputs.githubToken }}
+    - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
+      with:
+        name: edgelesssys
+        authToken: ${{ inputs.cachixToken }}
diff --git a/.github/workflows/cluster_recreate.yml b/.github/workflows/cluster_recreate.yml
@@ -11,13 +11,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
+      - uses: ./.github/actions/setup_nix
         with:
-          github_access_token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
-        with:
-          name: edgelesssys
-          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
+          cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
       - name: Login to Azure
         uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
         with:

diff --git a/.github/workflows/e2e_openssl.yml b/.github/workflows/e2e_openssl.yml
@@ -21,13 +21,10 @@ jobs:
       packages: write
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
+      - uses: ./.github/actions/setup_nix
         with:
-          github_access_token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
-        with:
-          name: edgelesssys
-          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
+          cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
       - name: Log in to ghcr.io Container registry
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:

diff --git a/.github/workflows/e2e_simple.yml b/.github/workflows/e2e_simple.yml
@@ -21,13 +21,10 @@ jobs:
       packages: write
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
+      - uses: ./.github/actions/setup_nix
         with:
-          github_access_token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
-        with:
-          name: edgelesssys
-          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
+          cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
       - name: Log in to ghcr.io Container registry
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -148,13 +148,10 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           ref: ${{ needs.process-inputs.outputs.WORKING_BRANCH }}
-      - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
+      - uses: ./.github/actions/setup_nix
         with:
-          github_access_token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
-        with:
-          name: edgelesssys
-          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
+          cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
       - name: Log in to ghcr.io Container registry
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:

diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml
@@ -12,13 +12,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
+      - uses: ./.github/actions/setup_nix
         with:
-          github_access_token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
-        with:
-          name: edgelesssys
-          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
+          cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
       - name: nix flake check
         run: |
           nix -L flake check
@@ -30,13 +27,10 @@ jobs:
         with:
           ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
           token: ${{ !github.event.pull_request.head.repo.fork && secrets.NUNKI_CI_COMMIT_PUSH_PR || '' }}
-      - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
-        with:
-          github_access_token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
+      - uses: ./.github/actions/setup_nix
         with:
-          name: edgelesssys
-          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
+          cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
       - name: Run code generations & tidying
         run: |
           nix run .#scripts.generate
@@ -51,13 +45,10 @@ jobs:
       runs-on: ubuntu-22.04
       steps:
         - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
+        - uses: ./.github/actions/setup_nix
           with:
-            github_access_token: ${{ secrets.GITHUB_TOKEN }}
-        - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
-          with:
-            name: edgelesssys
-            authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+            githubToken: ${{ secrets.GITHUB_TOKEN }}
+            cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
         - name: Run govulncheck
           run: |
             nix run .#scripts.govulncheck -- ./...
@@ -66,13 +57,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
-        with:
-          github_access_token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
+      - uses: ./.github/actions/setup_nix
         with:
-          name: edgelesssys
-          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
+          cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
       - name: Run golangci-lint
         run: |
           nix run .#scripts.golangci-lint -- run