From 7e560fb6e90590919f57afe8fdf16aa97083ab84 Mon Sep 17 00:00:00 2001
From: Gautier DI FOLCO <gautier.difolco@gmail.com>
Date: Sat, 16 Mar 2024 22:44:44 +0100
Subject: [PATCH] fix: hsec-tools retrieval cache key computations mismatch in
 GitHub Actions

---
 .github/workflows/call-nix.yml         | 11 +++++------
 .github/workflows/check-advisories.yml |  7 ++++++-
 .github/workflows/nix.yml              |  2 ++
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/call-nix.yml b/.github/workflows/call-nix.yml
index 7a5e5bdf..b09e5c2a 100644
--- a/.github/workflows/call-nix.yml
+++ b/.github/workflows/call-nix.yml
@@ -1,6 +1,10 @@
 name: nix build
 on:
   workflow_call:
+    inputs:
+      cache-key:
+        required: true
+        type: string
 jobs:
   check_nix:
     name: Check nix build
@@ -21,14 +25,9 @@ jobs:
         run: nix build -L '.#packages.x86_64-linux.hsec-tools-image'
       - run: mkdir -p ~/.local/dockerImages
       - run: cp result ~/.local/dockerImages/hsec-tools
-      - id: code-hash
-        name: Compute code directory hash
-        run: |
-          code_hash=$(git rev-parse HEAD:code)
-          echo "code-hash=$code_hash" >> "$GITHUB_OUTPUT"
       - uses: actions/cache/save@v3
         with:
-          key: hsec-tools-${{ steps.code-hash.outputs.code-hash}}
+          key: ${{ inputs.cache-key }}
           path: ~/.local/dockerImages
       - name: upload executable
         uses: actions/upload-artifact@v3
diff --git a/.github/workflows/check-advisories.yml b/.github/workflows/check-advisories.yml
index 1d4b1dcd..25ea428e 100644
--- a/.github/workflows/check-advisories.yml
+++ b/.github/workflows/check-advisories.yml
@@ -50,9 +50,14 @@ jobs:
         run: |
           code_hash=$(git rev-parse HEAD:code)
           echo "code-hash=$code_hash" >> "$GITHUB_OUTPUT"
+  populate_cache:
+    name: Populate cache
+    uses: ./.github/workflows/call-nix.yml
+    with:
+      cache-key: hsec-tools-${{ needs.code_hash.outputs.code_hash }}
   check_advisories:
     name: Invoke check-advisories workflow
-    needs: [tools_changed, advisories_changed, code_hash]
+    needs: [tools_changed, advisories_changed, code_hash, populate_cache]
     if: ${{ needs.tools_changed.outputs.should_skip == 'true' && needs.advisories_changed.outputs.should_skip != 'true' }}
     uses: ./.github/workflows/call-check-advisories.yml
     with:
diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
index 51e75160..b316da03 100644
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -21,6 +21,8 @@ jobs:
     needs: tools-changed
     if: ${{ needs.tools_changed.outputs.should_skip != 'true' }}
     uses: ./.github/workflows/call-nix.yml
+    with:
+      cache-key: hsec-tools-${{ github.sha }}
   check-advisories:
     name: Invoke check-advisories workflow
     if: ${{ needs.tools_changed.outputs.should_skip != 'true' }}