refactor(gh-actions): Use bash commands instead of extra_nix_config

MartinNikov · PetarKirov · commit 79b2672429dc · 2024-08-04T19:30:11.000+03:00
This commit is squashed version of these: * bbcd2cc * https://github.com/metacraft-labs/nixos-modules/pull/128/commits
diff --git a/.github/install-nix/action.yml b/.github/install-nix/action.yml
@@ -27,20 +27,19 @@ runs:
     - name: Install Nix
       uses: cachix/install-nix-action@v27
       if: ${{ runner.environment == 'github-hosted' }}
-      with:
-        extra_nix_config: |
-          ${{ inputs.nix-github-token != '' && format('access-tokens = github.com={0}', inputs.nix-github-token) || '' }}
-          accept-flake-config = true
-          allow-import-from-derivation = true
-          substituters = https://cache.nixos.org ${{inputs.substituters}}
-          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{inputs.trusted-public-keys}}
-          netrc-file = $HOME/.config/nix/netrc
 
     - name: Configure Nix
-      if: ${{ runner.environment == 'github-hosted' }}
       shell: bash
       run: |
         mkdir -p $HOME/.config/nix
         {
           echo "machine ${{inputs.cachix-cache}}.cachix.org password ${{inputs.cachix-auth-token}}"
         } >> $HOME/.config/nix/netrc
+        {
+          echo "${{ inputs.nix-github-token != '' && format('access-tokens = github.com={0}', inputs.nix-github-token) || '' }}
+          accept-flake-config = true
+          allow-import-from-derivation = true
+          substituters = https://cache.nixos.org ${{inputs.substituters}}
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{inputs.trusted-public-keys}}
+          netrc-file = $HOME/.config/nix/netrc"
+        } > $HOME/.config/nix/nix.conf
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -182,8 +182,15 @@ jobs:
 
       - name: Install Nix
         uses: cachix/install-nix-action@V27
-        with:
-          extra_nix_config: accept-flake-config = true
+
+      - name: Configure Nix
+        shell: bash
+        run: |
+          mkdir -p $HOME/.config/nix
+          {
+            echo "${{ inputs.nix-github-token != '' && format('access-tokens = github.com={0}', inputs.nix-github-token) || '' }}
+            accept-flake-config = true"
+          } > $HOME/.config/nix/nix.conf
 
       - uses: cachix/cachix-action@v15
         with:
diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml
@@ -3,6 +3,10 @@ name: "Update Nix Flake lockfile"
 on:
   # Allow this workflow to be reused by other workflows:
   workflow_call:
+    secrets:
+      nix-github-token:
+        description: GitHub token to add as access-token in nix.conf
+        required: false
 
   # Allow this workflow to be triggered manually:
   workflow_dispatch:
@@ -21,8 +25,16 @@ jobs:
       - name: Install Nix
         uses: cachix/install-nix-action@v27
         if: ${{ runner.environment == 'github-hosted' }}
-        with:
-          extra_nix_config: accept-flake-config = true
+
+      - name: Configure Nix
+        shell: bash
+        run: |
+          mkdir -p $HOME/.config/nix
+          {
+            echo "${{ secrets.nix-github-token != '' && format('access-tokens = github.com={0}', secrets.nix-github-token) || '' }}
+            accept-flake-config = true"
+          } > $HOME/.config/nix/nix.conf
+
 
       - name: Run `nix flake update`
         id: update-lockfile
diff --git a/.github/workflows/update-flake-packages.yml b/.github/workflows/update-flake-packages.yml
@@ -3,6 +3,10 @@ name: "Update Flake Packages ❄️"
 on:
   # Allow this workflow to be reused by other workflows:
   workflow_call:
+    secrets:
+      nix-github-token:
+        description: GitHub token to add as access-token in nix.conf
+        required: false
 
   # Allow this workflow to be triggered manually:
   workflow_dispatch:
@@ -21,10 +25,16 @@ jobs:
       - name: Install Nix
         uses: cachix/install-nix-action@v27
         if: ${{ runner.environment == 'github-hosted' }}
-        with:
-          extra_nix_config: |
+
+      - name: Configure Nix
+        shell: bash
+        run: |
+          mkdir -p $HOME/.config/nix
+          {
+            echo "${{ secrets.nix-github-token != '' && format('access-tokens = github.com={0}', secrets.nix-github-token) || '' }}
             accept-flake-config = true
-            allow-import-from-derivation = true
+            allow-import-from-derivation = true"
+          } > $HOME/.config/nix/nix.conf
 
       - uses: tibdex/github-app-token@v2.1.0
         id: generate-token
