infra/.forgejo/workflows/check.yml
teutat3s 4562bda0bf
fix(ci): avoid nix trying to use GH access-token
The GITHUB_TOKEN env var is set on each step by
https://code.forgejo.org/forgejo/runner, but only to communicate with
forgejo to access the repo (if it is private)

error: unable to download '4e422edf6b': HTTP error 401
2023-12-14 00:40:38 +01:00

51 lines
1.6 KiB
YAML

name: Flake checks
on: [pull_request]
env:
USER: ci
jobs:
Check:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: https://code.forgejo.org/actions/checkout@v4
- uses: https://github.com/nixbuild/nix-quick-install-action@v26
with:
load_nixConfig: false
nix_conf: |
substituters = https://cache.nixos.org/ https://nix-community.cachix.org
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
keep-outputs = true
- name: Calculate flake.lock hash
id: flake-lock-hash
run: |
echo "hash=$(md5sum flake.lock | awk '{print $1}')" >> $GITHUB_OUTPUT
- name: Restore and cache Nix store
uses: https://github.com/nix-community/cache-nix-action@v4
id: nix-store-cache
with:
key: cache-${{ runner.os }}-nix-store-${{ steps.flake-lock-hash.outputs.hash }}
restore-keys: |
cache-${{ runner.os }}-nix-store-
gc-linux: true
gc-max-store-size-linux: 10000000000
purge-caches: true
purge-keys: cache-${{ runner.os }}-nix-store-
purge-created: true
purge-created-max-age: 42
- name: Prepare cachix
uses: https://github.com/cachix/cachix-action@v12
with:
name: pub-solar
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Run flake checks
run: |
nix --print-build-logs --verbose --accept-flake-config --access-tokens '' flake check