From 487f81c7edcb4ae60eec5f29c6214722881b6d20 Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Wed, 28 Feb 2024 15:58:03 +0100 Subject: [PATCH] ci: action to setup nix/cachix Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- .github/actions/setup_nix/action.yml | 21 +++++++++++++++ .github/workflows/cluster_recreate.yml | 9 +++---- .github/workflows/e2e_openssl.yml | 9 +++---- .github/workflows/e2e_simple.yml | 9 +++---- .github/workflows/release.yml | 9 +++---- .github/workflows/static.yml | 36 +++++++++----------------- 6 files changed, 45 insertions(+), 48 deletions(-) create mode 100644 .github/actions/setup_nix/action.yml diff --git a/.github/actions/setup_nix/action.yml b/.github/actions/setup_nix/action.yml new file mode 100644 index 000000000..82afb8270 --- /dev/null +++ b/.github/actions/setup_nix/action.yml @@ -0,0 +1,21 @@ +name: setup nix +description: Setup nix and cachix + +inputs: + githubToken: + description: "Token to authenticate with GitHub" + required: true + cachixToken: + description: "Token to authenticate with cachix" + required: true + +runs: + using: "composite" + steps: + - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + with: + github_access_token: ${{ inputs.githubToken }} + - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 + with: + name: edgelesssys + authToken: ${{ inputs.cachixToken }} diff --git a/.github/workflows/cluster_recreate.yml b/.github/workflows/cluster_recreate.yml index 9af46f998..9c40e6e59 100644 --- a/.github/workflows/cluster_recreate.yml +++ b/.github/workflows/cluster_recreate.yml @@ -11,13 +11,10 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + - uses: ./.github/actions/setup_nix with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 - with: - name: edgelesssys - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + githubToken: ${{ secrets.GITHUB_TOKEN }} + cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Login to Azure uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1 with: diff --git a/.github/workflows/e2e_openssl.yml b/.github/workflows/e2e_openssl.yml index 5b6ee77d4..ef7d88813 100644 --- a/.github/workflows/e2e_openssl.yml +++ b/.github/workflows/e2e_openssl.yml @@ -21,13 +21,10 @@ jobs: packages: write steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + - uses: ./.github/actions/setup_nix with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 - with: - name: edgelesssys - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + githubToken: ${{ secrets.GITHUB_TOKEN }} + cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Log in to ghcr.io Container registry uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: diff --git a/.github/workflows/e2e_simple.yml b/.github/workflows/e2e_simple.yml index 60a560eee..b43575766 100644 --- a/.github/workflows/e2e_simple.yml +++ b/.github/workflows/e2e_simple.yml @@ -21,13 +21,10 @@ jobs: packages: write steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + - uses: ./.github/actions/setup_nix with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 - with: - name: edgelesssys - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + githubToken: ${{ secrets.GITHUB_TOKEN }} + cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Log in to ghcr.io Container registry uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e07fd6a35..6f241c6bf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -148,13 +148,10 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} - - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + - uses: ./.github/actions/setup_nix with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 - with: - name: edgelesssys - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + githubToken: ${{ secrets.GITHUB_TOKEN }} + cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Log in to ghcr.io Container registry uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index 2b3998d58..2bac67023 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -12,13 +12,10 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + - uses: ./.github/actions/setup_nix with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 - with: - name: edgelesssys - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + githubToken: ${{ secrets.GITHUB_TOKEN }} + cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: nix flake check run: | nix -L flake check @@ -30,13 +27,10 @@ jobs: with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} token: ${{ !github.event.pull_request.head.repo.fork && secrets.NUNKI_CI_COMMIT_PUSH_PR || '' }} - - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 - with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 + - uses: ./.github/actions/setup_nix with: - name: edgelesssys - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + githubToken: ${{ secrets.GITHUB_TOKEN }} + cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Run code generations & tidying run: | nix run .#scripts.generate @@ -51,13 +45,10 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 + - uses: ./.github/actions/setup_nix with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 - with: - name: edgelesssys - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + githubToken: ${{ secrets.GITHUB_TOKEN }} + cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Run govulncheck run: | nix run .#scripts.govulncheck -- ./... @@ -66,13 +57,10 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 - with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 + - uses: ./.github/actions/setup_nix with: - name: edgelesssys - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + githubToken: ${{ secrets.GITHUB_TOKEN }} + cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Run golangci-lint run: | nix run .#scripts.golangci-lint -- run