From 6eba14af9e0cd52cc386d3d36d6dca455ee5ba8a Mon Sep 17 00:00:00 2001 From: Jonathan Lorimer <32466011+JonathanLorimer@users.noreply.github.com> Date: Tue, 12 Dec 2023 11:53:37 -0500 Subject: [PATCH] Setup S3 Cache (#189) * initial test * reduce build time for testing * testing * testing * testing * testing * testing * working --- .github/workflows/ci.yml | 33 +++++++++++++++++++++++++-------- .github/workflows/deploy.yaml | 34 ++++++++++++++++++++++++---------- README.md | 7 +++++++ 3 files changed, 56 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 37b6e8f9..6b181ba8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,20 +6,37 @@ on: jobs: check-pr: runs-on: ubuntu-22.04 + permissions: + id-token: write + contents: read steps: - - uses: actions/checkout@v2.3.1 + - uses: actions/checkout@v4 - uses: DeterminateSystems/nix-installer-action@main - - - name: Link Cachix πŸ”Œ - uses: cachix/cachix-action@v12 - with: - name: cosmos - authToken: '${{ secrets.COSMOS_CACHE_KEY }}' + with: + extra-conf: | + substituters = https://cache.nixos.org https://cosmosnix-store.s3.us-east-2.amazonaws.com + trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cosmosnix.store-1:O28HneR1MPtgY3WYruWFuXCimRPwY7em5s0iynkQxdk= - name: Check πŸ”Ž run: | - nix flake check --print-build-logs + nix flake check - name: Run Shell 🐚 run: | nix develop + + - name: Authenticate πŸ”’ + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-2 + retry-max-attempts: 3 + role-to-assume: arn:aws:iam::762411426253:role/push-cosmosnix-store + role-session-name: InformalSystemsGithubAction + + - name: Push Cache πŸ«ΈπŸ“¦πŸ’¨ + env: + SIGNING_KEY: ${{ secrets.SECRET_STORE_SIGNING_KEY }} + run: | + echo "$SIGNING_KEY" >> key + nix store sign -k key --all + nix copy --to "s3://cosmosnix-store?region=us-east-2" --all diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index bbbf3276..bd343c5b 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -3,32 +3,46 @@ name: Deploy Main on: push: branches: - - master + - main jobs: deploy-main: runs-on: ubuntu-22.04 permissions: id-token: write - contents: write + contents: read steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: DeterminateSystems/nix-installer-action@main - - - name: Link Cachix πŸ”Œ - uses: cachix/cachix-action@v12 - with: - name: cosmos - authToken: '${{ secrets.COSMOS_CACHE_KEY }}' + with: + extra-conf: | + substituters = https://cache.nixos.org https://cosmosnix-store.s3.us-east-2.amazonaws.com + trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cosmosnix.store-1:O28HneR1MPtgY3WYruWFuXCimRPwY7em5s0iynkQxdk= - name: Check πŸ”Ž run: | - nix flake check --print-build-logs + nix flake check - name: Run Shell 🐚 run: | nix develop + - name: Authenticate πŸ”’ + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-2 + retry-max-attempts: 3 + role-to-assume: arn:aws:iam::762411426253:role/push-cosmosnix-store + role-session-name: InformalSystemsGithubAction + + - name: Push Cache πŸ«ΈπŸ“¦πŸ’¨ + env: + SIGNING_KEY: ${{ secrets.SECRET_STORE_SIGNING_KEY }} + run: | + echo "$SIGNING_KEY" >> key + nix store sign -k key --all + nix copy --to "s3://cosmosnix-store?region=us-east-2" --all + - name: Push to FlakeHub ❄️ uses: determinatesystems/flakehub-push@main with: diff --git a/README.md b/README.md index d26df252..80496bc0 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,13 @@ echo 'experimental-features = nix-command flakes' >> ~/.config/nix/nix.conf 4. [Setup Caches](https://nixos.org/manual/nix/unstable/package-management/sharing-packages.html): +add this to your /etc/nix/nix.conf file (or wherever you keep your substituters) + +``` +substituters = https://cosmosnix-store.s3.us-east-2.amazonaws.com +trusted-public-keys = cosmosnix.store-1:O28HneR1MPtgY3WYruWFuXCimRPwY7em5s0iynkQxdk= +``` + ## Shell If you are just here for a remote nix shell (a development environment where