Skip to content

Commit

Permalink
hotfix: sign uploaded packages
Browse files Browse the repository at this point in the history
  • Loading branch information
@dbarrosop
dbarrosop committed Sep 1, 2024
1 parent b2958aa commit ed8402f
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion .github/workflows/push_build_devShells.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:
id: verify-build
run: |
export drvPath=$(make build-dry-run)
nix store verify --no-trust --store s3://nhost-nix-cache\?region=eu-central-1 $drvPath \
nix store verify --store s3://nhost-nix-cache\?region=eu-central-1 $drvPath \
&& export BUILD_NEEDED=no \
|| export BUILD_NEEDED=yes
echo BUILD_NEEDED=$BUILD_NEEDED >> $GITHUB_OUTPUT
Expand All @@ -55,5 +55,11 @@ jobs:
- name: "Cache build"
run: |
echo ${{ secrets.NIX_CACHE_PRIV_KEY }} > cache-priv-key.pem
nix store sign --key-file cache-priv-key.pem --all
DEPENDENCIES=($(nix-store --query --requisites --include-outputs ${{ steps.verify-build.outputs.DERIVATION_PATH }}))
nix copy --to s3://nhost-nix-cache\?region=eu-central-1 "${DEPENDENCIES[@]}"
if: always()

- run: rm cache-priv-key.pem
if: always()

0 comments on commit ed8402f

Please sign in to comment.