From daef8958152620c423b4db0fe76a595dbc9996f3 Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Wed, 10 Apr 2024 17:30:24 +0200 Subject: [PATCH] Change to GCS cache --- .github/workflows/nix.yml | 18 +++++++++++++----- flake.nix | 4 ++-- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 64c54fc..26b578b 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -5,15 +5,23 @@ on: [push] jobs: build: runs-on: ubuntu-latest-8-cores + permissions: + contents: 'read' + id-token: 'write' steps: - uses: actions/checkout@v4 - uses: DeterminateSystems/nix-installer-action@v10 - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 + - name: Authenticate to Google Cloud Platform + uses: google-github-actions/auth@v2 with: - endpoint: ${{ secrets.ATTIC_ENDPOINT }} - cache: replicate - token: ${{ secrets.ATTIC_TOKEN }} + project_id: yorick-dev-416917 + workload_identity_provider: projects/752785843927/locations/global/workloadIdentityPools/github/providers/github-actions-workload-prvdr + - name: Set up cache + uses: zombiezen/setup-nix-cache-action@v0.3.2 + with: + substituters: gs://replicate-nix-cache-dev + secret_keys: ${{ secrets.NIX_PRIVATE_KEY }} + use_nixcached: true - name: Get ssh key from secret env: GIT_SSH_KEY: ${{ secrets.GIT_SSH_KEY }} diff --git a/flake.nix b/flake.nix index 16e0e17..042b21e 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { nixConfig = { - extra-trusted-public-keys = "replicate:+uoDlJCmq7Z6lxxacj4tSgsNa24qHqTZTiyRX2CDhsA="; - extra-substituters = "https://cache.yori.cc/replicate"; + extra-trusted-public-keys = "replicate-1:rbU0MI8kgUmqLINtKfXoDkrl9NxXQMw6//+LHHDYflk="; + extra-substituters = "https://storage.googleapis.com/replicate-nix-cache-dev/nix-cache-info"; }; inputs = { cognix.url = "github:datakami/cognix";