chore: Migrate from cachix to Attic in nix and github workflows

- Updated nix config to use Attic substituter and trusted public key - Modified github workflows to use Attic cache instead of Cachix - Removed the now unnecessary cachix config settings and Cachix workflow actions - Update `flake.lock` - Run on our own CI runners Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 23:43:56 +02:00 · 2024-07-01 13:39:47 +02:00 · 2024-07-01 13:39:47 +02:00 · 971e63784c
commit 971e63784c
parent 3a272950fa
4 changed files with 39 additions and 24 deletions
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@ -12,34 +12,44 @@ concurrency:

 jobs:
  fmt:
-    runs-on: ubuntu-latest
+    runs-on: [ matterlabs-ci-runner ]
    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
      - uses: cachix/install-nix-action@v27
        with:
          extra_nix_config: |
            access-tokens = github.com=${{ github.token }}
-      - uses: cachix/cachix-action@v15
+            trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=
+            substituters = https://cache.nixos.org/ https://attic.teepot.org/tee-pot
+            sandbox = true
+      - name: Setup Attic cache
+        uses: ryanccn/attic-action@v0
        with:
-          name: nixsgx
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+          endpoint: https://attic.teepot.org/
+          cache: tee-pot
+          token: ${{ secrets.ATTIC_TOKEN }}
      - name: Enable magic Nix cache
        uses: DeterminateSystems/magic-nix-cache-action@main

      - run: nix fmt . -- --check

  check:
-    runs-on: ubuntu-latest
+    runs-on: [ matterlabs-ci-runner ]
    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
      - uses: cachix/install-nix-action@v27
        with:
          extra_nix_config: |
            access-tokens = github.com=${{ github.token }}
-      - uses: cachix/cachix-action@v15
+            trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=
+            substituters = https://cache.nixos.org/ https://attic.teepot.org/tee-pot
+            sandbox = true
+      - name: Setup Attic cache
+        uses: ryanccn/attic-action@v0
        with:
-          name: nixsgx
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+          endpoint: https://attic.teepot.org/
+          cache: tee-pot
+          token: ${{ secrets.ATTIC_TOKEN }}
      - name: Enable magic Nix cache
        uses: DeterminateSystems/magic-nix-cache-action@main

@ -47,17 +57,22 @@ jobs:

  build:
    needs: check
-    runs-on: ubuntu-latest
+    runs-on: [ matterlabs-ci-runner ]
    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
      - uses: cachix/install-nix-action@v27
        with:
          extra_nix_config: |
            access-tokens = github.com=${{ github.token }}
-      - uses: cachix/cachix-action@v15
+            trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=
+            substituters = https://cache.nixos.org/ https://attic.teepot.org/tee-pot
+            sandbox = true
+      - name: Setup Attic cache
+        uses: ryanccn/attic-action@v0
        with:
-          name: nixsgx
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+          endpoint: https://attic.teepot.org/
+          cache: tee-pot
+          token: ${{ secrets.ATTIC_TOKEN }}
      - name: Enable magic Nix cache
        uses: DeterminateSystems/magic-nix-cache-action@main