@@ -37,21 +37,27 @@ jobs:
3737 aws-region : " us-east-1"
3838 output-credentials : true
3939 role-duration-seconds : 7200
40+ - name : Setup AWS credentials for Nix
41+ if : ${{ github.secret_source == 'Actions' }}
42+ run : |
43+ sudo -H aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
44+ sudo -H aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
45+ sudo -H aws configure set aws_session_token $AWS_SESSION_TOKEN
4046name : write secret key
4147 # use python so we don't interpolate the secret into the workflow logs, in case of bugs
4248 run : |
43- python -c "import os; file = open('nix-secret-key', 'w'); file.write(os.environ['NIX_SIGN_SECRET_KEY']); file.close()"
49+ sudo mkdir -p /etc/nix
50+ sudo -E python -c "import os; file = open('/etc/nix/nix-secret-key', 'w'); file.write(os.environ['NIX_SIGN_SECRET_KEY']); file.close()"
4451env :
4552 NIX_SIGN_SECRET_KEY : ${{ secrets.NIX_SIGN_SECRET_KEY }}
4653 - name : Setup cache script
4754 if : ${{ github.secret_source == 'Actions' }}
4855 run : |
49- sudo mkdir -p /etc/nix
5056 cat << 'EOF' | sudo tee /etc/nix/upload-to-cache.sh > /dev/null
5157 #!/usr/bin/env bash
5258 set -eouf
5359 export IFS=' '
54- /nix/var/nix/profiles/default/bin/nix copy --to 's3://nix-postgres-artifacts?secret-key=nix-secret-key' $OUT_PATHS
60+ /nix/var/nix/profiles/default/bin/nix copy --to 's3://nix-postgres-artifacts?secret-key=/etc/ nix/nix -secret-key' $OUT_PATHS >> /tmp/nix-upload.log 2>&1
5561 EOF
5662 sudo chmod +x /etc/nix/upload-to-cache.sh
5763name : Install nix
7884 AWS_ACCESS_KEY_ID : ${{ env.AWS_ACCESS_KEY_ID }}
7985 AWS_SECRET_ACCESS_KEY : ${{ env.AWS_SECRET_ACCESS_KEY }}
8086 AWS_SESSION_TOKEN : ${{ env.AWS_SESSION_TOKEN }}
87+ - name : Results
88+ if : ${{ always() }}
89+ run : |
90+ echo "Nix upload result:"
91+ cat /tmp/nix-upload.log
0 commit comments