harald/vault-auth-tee
1
0
Fork 0
mirror of https://github.com/matter-labs/vault-auth-tee.git synced 2025-07-21 07:43:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: Update nix workflow and flake.lock (#92)

Browse source 
- Add setup for Attic cache and enable magic Nix cache in the workflow
- Update `flake.lock`
- Remove container build and push
This commit is contained in:
Harald Hoyer 2024-07-01 13:08:17 +02:00 committed by GitHub
commit 8dfb89bad9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 35 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

55
.github/workflows/nix.yml vendored
View file

@ -15,50 +15,59 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 - uses: cachix/install-nix-action@v27
with: with:
extra_nix_config: | extra_nix_config: |
access-tokens = github.com=${{ github.token }} access-tokens = github.com=${{ github.token }}
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=
substituters = https://cache.nixos.org/ https://attic.teepot.org/tee-pot
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: https://attic.teepot.org/
cache: tee-pot
token: ${{ secrets.ATTIC_TOKEN }}
- name: Enable magic Nix cache
uses: DeterminateSystems/magic-nix-cache-action@main
- run: nix flake check -L --show-trace --keep-going - run: nix flake check -L --show-trace --keep-going
fmt: fmt:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 - uses: cachix/install-nix-action@v27
with: with:
extra_nix_config: | extra_nix_config: |
access-tokens = github.com=${{ github.token }} access-tokens = github.com=${{ github.token }}
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=
substituters = https://cache.nixos.org/ https://attic.teepot.org/tee-pot
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: https://attic.teepot.org/
cache: tee-pot
token: ${{ secrets.ATTIC_TOKEN }}
- name: Enable magic Nix cache
uses: DeterminateSystems/magic-nix-cache-action@main
- run: nix fmt - run: nix fmt
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 - uses: cachix/install-nix-action@v27
with: with:
extra_nix_config: | extra_nix_config: |
access-tokens = github.com=${{ github.token }} access-tokens = github.com=${{ github.token }}
- uses: cachix/cachix-action@v15 trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=
continue-on-error: true substituters = https://cache.nixos.org/ https://attic.teepot.org/tee-pot
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with: with:
name: vault-auth-tee endpoint: https://attic.teepot.org/
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' cache: tee-pot
extraPullNames: nixsgx token: ${{ secrets.ATTIC_TOKEN }}
- name: Enable magic Nix cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: nix build - name: nix build
run: nix run github:nixos/nixpkgs/nixos-23.11#nixci run: nix run github:nixos/nixpkgs/nixos-23.11#nixci
- name: nix docker image
run: |
nix build .#container-vault-auth-tee
docker load -i result
- name: Log in to Docker Hub
if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and Push Container
uses: docker/build-push-action@v6
with:
tags: matterlabsrobot/vault-auth-tee:latest
push: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}

6
flake.lock generated
View file

@ -93,11 +93,11 @@
"snowfall-lib": "snowfall-lib" "snowfall-lib": "snowfall-lib"
}, },
"locked": { "locked": {
"lastModified": 1717758565, "lastModified": 1719403531,
"narHash": "sha256-yscuZ3ixjwTkqS6ew5cB3Uvy9e807szRlMoPSyQuRJM=", "narHash": "sha256-JYqPdAB393YZIndGs5om7EsLUha3fpLckb9RKjKN7Fg=",
"owner": "matter-labs", "owner": "matter-labs",
"repo": "nixsgx", "repo": "nixsgx",
"rev": "49a1ae79d92ccb6ed7cabfe5c5042b1399e3cd3e", "rev": "3a272950fa21601f31e8ca8b4e4897975069a00a",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View file

@ -20,14 +20,12 @@
config.allowUnfree = true; config.allowUnfree = true;
}; };
vault-auth-tee = pkgs.callPackage ./packages/vault-auth-tee.nix { }; vault-auth-tee = pkgs.callPackage ./packages/vault-auth-tee.nix { };
container-vault-auth-tee = pkgs.callPackage ./packages/container-vault-auth-tee.nix { };
in in
{ {
formatter = pkgs.nixpkgs-fmt; formatter = pkgs.nixpkgs-fmt;
packages = { packages = {
inherit vault-auth-tee; inherit vault-auth-tee;
inherit container-vault-auth-tee;
default = vault-auth-tee; default = vault-auth-tee;
}; };

26
packages/container-vault-auth-tee.nix
View file

@ -1,26 +0,0 @@
{ pkgs
, vat
, vault
, ...
}:
pkgs.dockerTools.buildLayeredImage {
name = "vault-auth-tee";
tag = "test";
config.Entrypoint = [ "/bin/sh" ];
contents = pkgs.buildEnv {
name = "image-root";
paths = with pkgs.dockerTools; [
vat.vault-auth-tee
vat.vault-auth-tee.sha
vault
usrBinEnv
binSh
caCertificates
fakeNss
];
pathsToLink = [ "/bin" "/etc" "/share" ];
};
}