Christopher Mühl
b094952455
Some checks failed
Build and Push static-server Image / build (push) Failing after 1m45s
Extracts sign+push logic into a reusable push-nix-cache action. Both the site deploy and the image build now use it. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
32 lines
994 B
YAML
32 lines
994 B
YAML
name: Push Nix Cache
|
|
description: Sign a Nix store path and push it to the S3 binary cache
|
|
|
|
# Required env vars: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, NIX_SIGNING_KEY
|
|
|
|
inputs:
|
|
store-path:
|
|
description: 'Path to the Nix store symlink or derivation to push (e.g. ./result)'
|
|
required: true
|
|
|
|
s3-endpoint:
|
|
description: 'S3 endpoint URL'
|
|
required: false
|
|
default: 'https://s3.toph.so'
|
|
|
|
s3-bucket:
|
|
description: 'S3 bucket used as the Nix binary cache'
|
|
required: false
|
|
default: 'nix-cache'
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Sign and push Nix closure
|
|
shell: bash
|
|
run: |
|
|
echo "${NIX_SIGNING_KEY}" > /tmp/nix-key
|
|
nix store sign -k /tmp/nix-key --recursive "${{ inputs.store-path }}"
|
|
nix copy \
|
|
--to "s3://${{ inputs.s3-bucket }}?endpoint=${{ inputs.s3-endpoint }}&access-key-id=${AWS_ACCESS_KEY_ID}&secret-access-key=${AWS_SECRET_ACCESS_KEY}" \
|
|
"${{ inputs.store-path }}"
|
|
rm /tmp/nix-key
|