ci: use crane flake to build with nix

This enables to add cargo `fmt`, `clippy` and `deny` to nix, using cached results. Move the `teepot` crate to the `crates` subdir to make the life easier for the `crane` flake. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 15:13:56 +02:00 · 2024-03-09 00:19:32 +01:00 · 2024-03-09 00:19:32 +01:00 · 0654bacdb5
commit 0654bacdb5
parent 1249048c93
41 changed files with 323 additions and 150 deletions
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -16,18 +16,38 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-      - name: Setup Rust toolchain
-        run: rustup show
-      - run: cargo fmt --all -- --check
+      - uses: cachix/install-nix-action@v26
+        with:
+          extra_nix_config: |
+            access-tokens = github.com=${{ github.token }}
+      - uses: cachix/cachix-action@v14
+        with:
+          name: nixsgx
+          extraPullNames: vault-auth-tee
+      - name: Enable magic Nix cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: cargo fmt
+        run: nix build -L .#cargoFmt

  deny:
    name: cargo deny
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-      - uses: EmbarkStudios/cargo-deny-action@v1
+      - uses: cachix/install-nix-action@v26
        with:
-          arguments: --workspace
+          extra_nix_config: |
+            access-tokens = github.com=${{ github.token }}
+      - uses: cachix/cachix-action@v14
+        with:
+          name: nixsgx
+          extraPullNames: vault-auth-tee
+      - name: Enable magic Nix cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: cargo deny
+        run: nix build -L .#cargoDeny

  check-spdx-headers:
    runs-on: ubuntu-latest