ci(gh-actions/workflows/ci): Allow passing custom GITHUB_TOKEN to use as Nix access-token

PetarKirov · PetarKirov · commit c2c59d4e83ff · 2024-08-04T00:33:33.000+03:00
diff --git a/.github/install-nix/action.yml b/.github/install-nix/action.yml
@@ -16,6 +16,10 @@ inputs:
     description: Substituters
     required: false
     default: ''
+  nix-github-token:
+    description: GitHub token to add as access-token in nix.conf
+    default: ''
+    required: false
 
 runs:
   using: "composite"
@@ -25,6 +29,7 @@ runs:
       if: ${{ runner.environment == 'github-hosted' }}
       with:
         extra_nix_config: |
+          ${{ inputs.nix-github-token != '' && format('access-tokens = github.com={0}', inputs.nix-github-token) || '' }}
           accept-flake-config = true
           allow-import-from-derivation = true
           substituters = https://cache.nixos.org ${{inputs.substituters}}
diff --git a/.github/print-matrix/action.yml b/.github/print-matrix/action.yml
@@ -24,6 +24,10 @@ inputs:
   pr-comment-github-token:
     description: GitHub token used to post the PR comment
     required: true
+  nix-github-token:
+    description: GitHub token to add as access-token in nix.conf
+    default: ''
+    required: false
 
 outputs:
   matrix:
@@ -43,6 +47,7 @@ runs:
         cachix-auth-token: ${{ inputs.CACHIX_AUTH_TOKEN }}
         trusted-public-keys: ${{ inputs.TRUSTED_PUBLIC_KEYS }}
         substituters: ${{ inputs.SUBSTITUTERS }}
+        nix-github-token: ${{ inputs.nix-github-token }}
 
     - name: Print CI Matrix
       id: print-matrix
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,6 +9,10 @@ on:
         type: 'boolean'
         default: false
         required: false
+    secrets:
+      nix-github-token:
+        description: GitHub token to add as access-token in nix.conf
+        required: false
 
   # Allow this workflow to be triggered manually:
   workflow_dispatch:
@@ -57,6 +61,7 @@ jobs:
           cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
           trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
           substituters: ${{ vars.SUBSTITUTERS }}
+          nix-github-token: ${{ secrets.nix-github-token }}
 
       - uses: actions/checkout@v4
 
@@ -85,6 +90,7 @@ jobs:
           cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
           trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
           substituters: ${{ vars.SUBSTITUTERS }}
+          nix-github-token: ${{ secrets.nix-github-token }}
 
       - uses: actions/checkout@v4
 
@@ -162,6 +168,7 @@ jobs:
           substituters: ${{ vars.SUBSTITUTERS }}
           precalc_matrix: ${{ steps.matrix.outputs.fullMatrix }}
           pr-comment-github-token: ${{ secrets.GITHUB_TOKEN }}
+          nix-github-token: ${{ secrets.nix-github-token }}
 
   build:
     needs: slurp-matrix
@@ -214,6 +221,7 @@ jobs:
           substituters: ${{ vars.SUBSTITUTERS }}
           precalc_matrix: ${{ needs.slurp-matrix.outputs.fullMatrix }}
           pr-comment-github-token: ${{ secrets.GITHUB_TOKEN }}
+          nix-github-token: ${{ secrets.nix-github-token }}
 
       - run: exit 1
         if: >-
