From 02bf31fa25ce7d393bebb4ee5c70730d02b61d39 Mon Sep 17 00:00:00 2001 From: Jo Date: Sat, 31 May 2025 18:47:04 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=91=B7=20Update=20CI=20actions=20to=20use?= =?UTF-8?q?=20Lix=20and=20fix=20trufflehog=20version?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build.yml | 34 ------------------------------- .github/workflows/check-leaks.yml | 2 +- .github/workflows/deadnix.yml | 12 +++++++++-- .github/workflows/validate.yml | 7 ++----- 4 files changed, 13 insertions(+), 42 deletions(-) delete mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 6ee53fd..0000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: "Nix: build and cache outputs" - -on: - workflow_dispatch: - push: - paths: - - "**.nix" - - "**.lock" - - ".github/workflows/build.yml" - -jobs: - build-flake: - name: Build (x86_64-linux) - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: ${{ github.ref_name }} - persist-credentials: false - - - name: Install Lix - uses: ./.github/actions/install-lix - - - name: Setup Attic cache - uses: ryanccn/attic-action@v0.3.2 - with: - endpoint: https://cache.thevoid.cafe - cache: puzzlevision - token: ${{ secrets.ATTIC_TOKEN }} - - - name: Build flake - run: nix build .#nixosConfigurations.puzzlevision.config.system.build.toplevel --accept-flake-config diff --git a/.github/workflows/check-leaks.yml b/.github/workflows/check-leaks.yml index 1d466df..1eb00c0 100644 --- a/.github/workflows/check-leaks.yml +++ b/.github/workflows/check-leaks.yml @@ -19,4 +19,4 @@ jobs: persist-credentials: false - name: TruffleHog scan - uses: trufflesecurity/trufflehog@v3.88 + uses: trufflesecurity/trufflehog@v3.88.35 diff --git a/.github/workflows/deadnix.yml b/.github/workflows/deadnix.yml index d80f744..23f0b46 100644 --- a/.github/workflows/deadnix.yml +++ b/.github/workflows/deadnix.yml @@ -12,9 +12,17 @@ jobs: name: Run deadnix runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v25 + - name: Checkout + uses: actions/checkout@v4 + with: + ref: ${{ github.ref_name }} + persist-credentials: false + + - name: Install lix + uses: ./.github/actions/install-lix + - uses: cachix/cachix-action@v14 with: name: deadnix + - uses: phucleeuwu/deadnix-action@v1 diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 9fdb6e6..4f3e1b3 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -6,7 +6,7 @@ on: paths: - "**.nix" - "**.lock" - - ".github/workflows/**.yml" + - ".github/workflows/validate.yml" jobs: check-flake: @@ -21,10 +21,7 @@ jobs: persist-credentials: false - name: Install Nix - uses: DeterminateSystems/nix-installer-action@main - with: - extra-conf: | - experimental-features = flakes nix-command recursive-nix pipe-operator + uses: ./.github/actions/install-lix - name: Validate Flake run: nix flake check