refactor(gh-actions): Use the our own install-nix action

PetarKirov · PetarKirov · commit 23efeda5e99c · 2024-08-04T21:59:53.000+03:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,6 +10,12 @@ on:
         default: false
         required: false
     secrets:
+      CACHIX_AUTH_TOKEN:
+        description: 'Cachix auth token'
+        required: true
+      CACHIX_ACTIVATE_TOKEN:
+        description: 'Cachix activate token'
+        required: false
       NIX_GITHUB_TOKEN:
         description: GitHub token to add as access-token in nix.conf
         required: false
@@ -181,22 +187,13 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install Nix
-        uses: cachix/install-nix-action@V27
-
-      - name: Configure Nix
-        shell: bash
-        run: |
-          mkdir -p $HOME/.config/nix
-          {
-            echo "${{ inputs.nix-github-token != '' && format('access-tokens = github.com={0}', inputs.nix-github-token) || '' }}
-            accept-flake-config = true"
-          } > $HOME/.config/nix/nix.conf
-
-      - uses: cachix/cachix-action@v15
+        uses: metacraft-labs/nixos-modules/.github/install-nix@main
         with:
-          name: ${{ vars.CACHIX_CACHE }}
-          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
-          extraPullNames: ${{ vars.EXTRA_CACHIX_CACHES }}
+          cachix-cache: ${{ vars.CACHIX_CACHE }}
+          cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
+          substituters: ${{ vars.SUBSTITUTERS }}
+          nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }}
 
       - name: Build ${{ matrix.name }}
         run: |
@@ -231,12 +228,6 @@ jobs:
             && contains(needs.*.result, 'failure')
             || contains(needs.*.result, 'cancelled')
 
-      - uses: cachix/cachix-action@v15
-        if: inputs.do_deploy
-        with:
-          name: ${{ vars.CACHIX_CACHE }}
-          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
-
       - name: Deploy
         if: inputs.do_deploy
         env:
diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml
@@ -7,6 +7,9 @@ on:
       NIX_GITHUB_TOKEN:
         description: GitHub token to add as access-token in nix.conf
         required: false
+      CACHIX_AUTH_TOKEN:
+        description: 'Cachix auth token'
+        required: true
       CREATE_PR_APP_ID:
         description: ID of the GitHub App used for opening pull requests.
         required: true
@@ -29,17 +32,13 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install Nix
-        uses: cachix/install-nix-action@v27
-        if: ${{ runner.environment == 'github-hosted' }}
-
-      - name: Configure Nix
-        shell: bash
-        run: |
-          mkdir -p $HOME/.config/nix
-          cat << EOF > "$HOME/.config/nix/nix.conf"
-            ${{ secrets.NIX_GITHUB_TOKEN != '' && format('access-tokens = github.com={0}', secrets.NIX_GITHUB_TOKEN) || '' }}
-            allow-import-from-derivation = true
-          EOF
+        uses: metacraft-labs/nixos-modules/.github/install-nix@main
+        with:
+          nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }}
+          cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          cachix-cache: ${{ vars.CACHIX_CACHE }}
+          trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
+          substituters: ${{ vars.SUBSTITUTERS }}
 
       - name: Run `nix flake update`
         id: update-lockfile
diff --git a/.github/workflows/update-flake-packages.yml b/.github/workflows/update-flake-packages.yml
@@ -7,6 +7,9 @@ on:
       NIX_GITHUB_TOKEN:
         description: GitHub token to add as access-token in nix.conf
         required: false
+      CACHIX_AUTH_TOKEN:
+        description: 'Cachix auth token'
+        required: true
       CREATE_PR_APP_ID:
         description: ID of the GitHub App used for opening pull requests.
         required: true
@@ -29,17 +32,13 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Nix
-        uses: cachix/install-nix-action@v27
-        if: ${{ runner.environment == 'github-hosted' }}
-
-      - name: Configure Nix
-        shell: bash
-        run: |
-          mkdir -p $HOME/.config/nix
-          cat << EOF > "$HOME/.config/nix/nix.conf"
-            ${{ secrets.NIX_GITHUB_TOKEN != '' && format('access-tokens = github.com={0}', secrets.NIX_GITHUB_TOKEN) || '' }}
-            allow-import-from-derivation = true
-          EOF
+        uses: metacraft-labs/nixos-modules/.github/install-nix@main
+        with:
+          nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }}
+          cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          cachix-cache: ${{ vars.CACHIX_CACHE }}
+          trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
+          substituters: ${{ vars.SUBSTITUTERS }}
 
       - uses: tibdex/github-app-token@v2.1.0
         id: generate-token
