diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index c46cc6b..9e0ca93 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -15,50 +15,59 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 + - uses: cachix/install-nix-action@v27 with: extra_nix_config: | access-tokens = github.com=${{ github.token }} + trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg= + substituters = https://cache.nixos.org/ https://attic.teepot.org/tee-pot + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: https://attic.teepot.org/ + cache: tee-pot + token: ${{ secrets.ATTIC_TOKEN }} + - name: Enable magic Nix cache + uses: DeterminateSystems/magic-nix-cache-action@main - run: nix flake check -L --show-trace --keep-going fmt: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 + - uses: cachix/install-nix-action@v27 with: extra_nix_config: | access-tokens = github.com=${{ github.token }} + trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg= + substituters = https://cache.nixos.org/ https://attic.teepot.org/tee-pot + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: https://attic.teepot.org/ + cache: tee-pot + token: ${{ secrets.ATTIC_TOKEN }} + - name: Enable magic Nix cache + uses: DeterminateSystems/magic-nix-cache-action@main - run: nix fmt build: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 + - uses: cachix/install-nix-action@v27 with: extra_nix_config: | access-tokens = github.com=${{ github.token }} - - uses: cachix/cachix-action@v15 - continue-on-error: true + trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg= + substituters = https://cache.nixos.org/ https://attic.teepot.org/tee-pot + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 with: - name: vault-auth-tee - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - extraPullNames: nixsgx + endpoint: https://attic.teepot.org/ + cache: tee-pot + token: ${{ secrets.ATTIC_TOKEN }} + - name: Enable magic Nix cache + uses: DeterminateSystems/magic-nix-cache-action@main - name: nix build run: nix run github:nixos/nixpkgs/nixos-23.11#nixci - - name: nix docker image - run: | - nix build .#container-vault-auth-tee - docker load -i result - - name: Log in to Docker Hub - if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Build and Push Container - uses: docker/build-push-action@v6 - with: - tags: matterlabsrobot/vault-auth-tee:latest - push: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} diff --git a/flake.lock b/flake.lock index e98c43d..d22507c 100644 --- a/flake.lock +++ b/flake.lock @@ -93,11 +93,11 @@ "snowfall-lib": "snowfall-lib" }, "locked": { - "lastModified": 1717758565, - "narHash": "sha256-yscuZ3ixjwTkqS6ew5cB3Uvy9e807szRlMoPSyQuRJM=", + "lastModified": 1719403531, + "narHash": "sha256-JYqPdAB393YZIndGs5om7EsLUha3fpLckb9RKjKN7Fg=", "owner": "matter-labs", "repo": "nixsgx", - "rev": "49a1ae79d92ccb6ed7cabfe5c5042b1399e3cd3e", + "rev": "3a272950fa21601f31e8ca8b4e4897975069a00a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 0a1cc2e..cdd2995 100644 --- a/flake.nix +++ b/flake.nix @@ -20,14 +20,12 @@ config.allowUnfree = true; }; vault-auth-tee = pkgs.callPackage ./packages/vault-auth-tee.nix { }; - container-vault-auth-tee = pkgs.callPackage ./packages/container-vault-auth-tee.nix { }; in { formatter = pkgs.nixpkgs-fmt; packages = { inherit vault-auth-tee; - inherit container-vault-auth-tee; default = vault-auth-tee; }; diff --git a/packages/container-vault-auth-tee.nix b/packages/container-vault-auth-tee.nix deleted file mode 100644 index 20a910b..0000000 --- a/packages/container-vault-auth-tee.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs -, vat -, vault -, ... -}: -pkgs.dockerTools.buildLayeredImage { - name = "vault-auth-tee"; - tag = "test"; - - config.Entrypoint = [ "/bin/sh" ]; - - contents = pkgs.buildEnv { - name = "image-root"; - - paths = with pkgs.dockerTools; [ - vat.vault-auth-tee - vat.vault-auth-tee.sha - vault - usrBinEnv - binSh - caCertificates - fakeNss - ]; - pathsToLink = [ "/bin" "/etc" "/share" ]; - }; -}