Merge pull request #2 from cachix/private-caches

Private caches

.github/workflows/test.yml

@@ -15,9 +15,16 @@ jobs:
     - run: yarn build
     - run: yarn test
     - uses: cachix/install-nix-action@v2
-    - name: Install & Build
+    - name: Test public cache
       uses: ./
       with:
-        cachixPush: cachix-action
+        push: cachix-action
         file: test.nix
         signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+    - name: Test private cache
+      uses: ./
+      with:
+        push: cachix-action-private
+        file: test.nix
+        signingKey: '${{ secrets.CACHIX_SIGNING_KEY_PRIVATE }}'
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

README.md

@@ -28,8 +28,10 @@ jobs:
     - uses: cachix/install-nix-action@v1
     - uses: cachix/cachix-action@v1
       with:
-        cachixPush: cachix-action
+        push: cachix-action
         signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+        // Only needed for private caches
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
 ```
 
 ---

action.yml

@@ -3,12 +3,14 @@ description: 'nix-build with the help of caching to Cachix'
 author: 'Domen Kožar'
 inputs:
   file:
-    description: 'What Nix file to build. Defaults to (in order): nix/ci.nix or ci.nix or release.nix or default.nix'
+    description: 'Nix file to build. Defaults to default.nix'
   attributes:
-    description: 'Attributes to build. By default, all attributes are built.'
-  cachixPush:
+    description: 'Nix attributes to nix-build. By default, all attributes are built.'
+  push:
     description: 'Names of cachix caches to push (and pull/substitute)'
     required: true
+  authToken:
+    description: 'Authentication token for Cachix, needed only for private cache access'
   signingKey:
     description: 'Signing key secret retrieved after creating binary cache on https://cachix.org'
     required: true

lib/main.js

@@ -18,26 +18,30 @@ var __importStar = (this && this.__importStar) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const exec = __importStar(require("@actions/exec"));
-const tc = __importStar(require("@actions/tool-cache"));
-const os_1 = require("os");
 const utils_1 = require("./utils");
 function run() {
     return __awaiter(this, void 0, void 0, function* () {
         try {
+            // inputs
             const file = core.getInput('file');
             const attributes = core.getInput('attributes');
-            const cachixPush = core.getInput('cachixPush', { required: true });
-            console.log(`Installing Nix ...`);
-            const nixInstall = yield tc.downloadTool('https://nixos.org/nix/install');
-            yield exec.exec(nixInstall);
-            // required for macos
-            core.exportVariable('NIX_SSL_CERT_FILE', '/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt');
-            console.log(`Installing Cachix ...`);
-            yield exec.exec(os_1.homedir() + '/.nix-profile/bin/nix-env', ['-iA', 'cachix', '-f', 'https://cachix.org/api/v1/install']);
+            const push = core.getInput('push', { required: true });
+            const signingKey = core.getInput('signingKey', { required: true });
+            const authToken = core.getInput('authToken');
+            core.startGroup('Installing Cachix');
+            // TODO: use cachix official installation link
+            yield exec.exec('nix-env', ['-iA', 'cachix', '-f', 'https://github.com/NixOS/nixpkgs/tarball/ab5863afada3c1b50fc43bf774b75ea71b287cde']);
+            core.endGroup();
+            // for private caches
+            if (authToken !== "") {
+                yield exec.exec('cachix', ['authtoken', authToken]);
+            }
+            core.startGroup(`Cachix: using ` + push);
+            yield exec.exec('cachix', ['use', push]);
+            core.endGroup();
+            core.exportVariable('CACHIX_SIGNING_KEY', signingKey);
             // TODO: cachix use --watch-store
-            console.log(`Setting up cache ` + cachixPush + `...`);
-            yield exec.exec(os_1.homedir() + '/.nix-profile/bin/cachix', ['use', cachixPush]);
-            console.log(`Invoking nix-build...`);
+            core.startGroup(`Invoking nix-build`);
             let paths = '';
             const options = {
                 listeners: {
@@ -46,10 +50,12 @@ function run() {
                     },
                 }
             };
-            const args = ['-f', file || "default.nix"].concat(utils_1.extrasperse('-A', attributes.split(/\s/)));
-            yield exec.exec(os_1.homedir() + '/.nix-profile/bin/nix-build', args, options);
-            console.log(`Pushing to cache ` + cachixPush + `...`);
-            yield exec.exec(os_1.homedir() + '/.nix-profile/bin/cachix', ['push', cachixPush].concat(paths.split(/\s/).join(' ')));
+            const args = utils_1.extrasperse('-A', utils_1.saneSplit(attributes, /\s/)).concat([file || "default.nix"]);
+            yield exec.exec('nix-build', args, options);
+            core.endGroup();
+            core.startGroup(`Cachix: pushing to ` + push);
+            yield exec.exec('cachix', ['push', push].concat(utils_1.saneSplit(paths, /\s/).join(' ')));
+            core.endGroup();
         }
         catch (error) {
             core.setFailed(`Action failed with error: ${error}`);

lib/utils.js

@@ -6,3 +6,7 @@ function extrasperse(elem, array) {
 }
 exports.extrasperse = extrasperse;
 ;
+function saneSplit(str, separator) {
+    return str.split(separator).filter(word => word != "");
+}
+exports.saneSplit = saneSplit;

src/main.ts

@@ -7,16 +7,22 @@ async function run() {
     // inputs
     const file = core.getInput('file');
     const attributes = core.getInput('attributes');
-    const cachixPush = core.getInput('cachixPush', { required: true });
+    const push = core.getInput('push', { required: true });
     const signingKey = core.getInput('signingKey', { required: true });
+    const authToken = core.getInput('authToken')
 
     core.startGroup('Installing Cachix')
     // TODO: use cachix official installation link
-    await exec.exec('nix-env', ['-iA', 'cachix', '-f', 'https://github.com/NixOS/nixpkgs/tarball/660db64a261bc583c909e82a0c553c4b1e07b655']);
+    await exec.exec('nix-env', ['-iA', 'cachix', '-f', 'https://github.com/NixOS/nixpkgs/tarball/ab5863afada3c1b50fc43bf774b75ea71b287cde']);
     core.endGroup()
 
-    core.startGroup(`Cachix: using ` + cachixPush);
-    await exec.exec('cachix', ['use', cachixPush]);
+    // for private caches
+    if (authToken !== "") {
+      await exec.exec('cachix', ['authtoken', authToken]);
+    }
+
+    core.startGroup(`Cachix: using ` + push);
+    await exec.exec('cachix', ['use', push]);
     core.endGroup()
 
     core.exportVariable('CACHIX_SIGNING_KEY', signingKey)
@@ -35,8 +41,8 @@ async function run() {
     await exec.exec('nix-build', args, options);
     core.endGroup()
 
-    core.startGroup(`Cachix: pushing to ` + cachixPush);
-    await exec.exec('cachix', ['push', cachixPush].concat(saneSplit(paths, /\s/).join(' ')));
+    core.startGroup(`Cachix: pushing to ` + push);
+    await exec.exec('cachix', ['push', push].concat(saneSplit(paths, /\s/).join(' ')));
     core.endGroup()
   } catch (error) {
     core.setFailed(`Action failed with error: ${error}`);