Skip to content
This repository has been archived by the owner on Apr 29, 2024. It is now read-only.

Upgrade wrappers to resolve time security issue (#27) #38

Upgrade wrappers to resolve time security issue (#27)

Upgrade wrappers to resolve time security issue (#27) #38

Workflow file for this run

name: Cache upload
on:
push:
branches:
- main
permissions:
contents: write
packages: write
id-token: write
jobs:
build:
strategy:
fail-fast: false
runs-on: ubuntu-latest
name: nix-build
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
with:
fetch-depth: 0
- uses: DeterminateSystems/nix-installer-action@65d7c888b2778e8cf30a07a88422ccb23499bfb8
- uses: DeterminateSystems/magic-nix-cache-action@749fc5bbc9fa49d60c2b93f6c4bc867b82e1d295
- name: configure aws credentials for s3
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.DEV_AWS_ROLE }}
aws-region: "us-east-1"
- name: write secret key
# use python so we don't interpolate the secret into the workflow logs, in case of bugs
run: |
python -c "import os; file = open('nix-secret-key', 'w'); file.write(os.environ['NIX_SIGN_SECRET_KEY']); file.close()"
env:
NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
- name: build and copy to S3
run: |
for x in 14 15; do
nix build .#psql_$x/bin -o result-$x
done
nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./result*