workflows: invalidate cachix cache (3bc31e04) · Commits · nix / nixpkgs

.github/workflows/build.yml

+5 −5

Original line number	Diff line number	Diff line
		@@ -18,7 +18,7 @@ on:
		secrets:
		# Should only be provided in the merge queue, not in pull requests,
		# where we're evaluating untrusted code.
		CACHIX_AUTH_TOKEN:
		CACHIX_AUTH_TOKEN_GHA:
		required: false

		permissions: {}
		@@ -69,10 +69,10 @@ jobs:

		- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
		with:
		# The nixpkgs-ci cache should not be trusted or used outside of Nixpkgs and its forks' CI.
		name: ${{ vars.CACHIX_NAME \|\| 'nixpkgs-ci' }}
		extraPullNames: nixpkgs-ci
		authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
		# The nixpkgs-gha cache should not be trusted or used outside of Nixpkgs and its forks' CI.
		name: ${{ vars.CACHIX_NAME \|\| 'nixpkgs-gha' }}
		extraPullNames: nixpkgs-gha
		authToken: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
		pushFilter: '(-source$\|-nixpkgs-tarball-)'

		- run: nix-env --install -f nixpkgs/trusted-pinned -A nix-build-uncached

+5 −5

Original line number	Diff line number	Diff line
		@@ -18,7 +18,7 @@ on:
		secrets:
		# Should only be provided in the merge queue, not in pull requests,
		# where we're evaluating untrusted code.
		CACHIX_AUTH_TOKEN:
		CACHIX_AUTH_TOKEN_GHA:
		required: false

		permissions: {}
		@@ -89,10 +89,10 @@ jobs:

		- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
		with:
		# The nixpkgs-ci cache should not be trusted or used outside of Nixpkgs and its forks' CI.
		name: ${{ vars.CACHIX_NAME \|\| 'nixpkgs-ci' }}
		extraPullNames: nixpkgs-ci
		authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
		# The nixpkgs-gha cache should not be trusted or used outside of Nixpkgs and its forks' CI.
		name: ${{ vars.CACHIX_NAME \|\| 'nixpkgs-gha' }}
		extraPullNames: nixpkgs-gha
		authToken: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
		pushFilter: -source$

		- name: Build codeowners validator

+5 −5

Original line number	Diff line number	Diff line
		@@ -21,7 +21,7 @@ on:
		secrets:
		# Should only be provided in the merge queue, not in pull requests,
		# where we're evaluating untrusted code.
		CACHIX_AUTH_TOKEN:
		CACHIX_AUTH_TOKEN_GHA:
		required: false

		permissions: {}
		@@ -104,10 +104,10 @@ jobs:

		- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
		with:
		# The nixpkgs-ci cache should not be trusted or used outside of Nixpkgs and its forks' CI.
		name: ${{ vars.CACHIX_NAME \|\| 'nixpkgs-ci' }}
		extraPullNames: nixpkgs-ci
		authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
		# The nixpkgs-gha cache should not be trusted or used outside of Nixpkgs and its forks' CI.
		name: ${{ vars.CACHIX_NAME \|\| 'nixpkgs-gha' }}
		extraPullNames: nixpkgs-gha
		authToken: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
		pushFilter: '(-source\|-single-chunk)$'

		- name: Evaluate the ${{ matrix.system }} output paths at the merge commit

+9 −9

Original line number	Diff line number	Diff line
		@@ -12,7 +12,7 @@ on:
		secrets:
		# Should only be provided in the merge queue, not in pull requests,
		# where we're evaluating untrusted code.
		CACHIX_AUTH_TOKEN:
		CACHIX_AUTH_TOKEN_GHA:
		required: false

		permissions: {}
		@@ -74,10 +74,10 @@ jobs:

		- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
		with:
		# The nixpkgs-ci cache should not be trusted or used outside of Nixpkgs and its forks' CI.
		name: ${{ vars.CACHIX_NAME \|\| 'nixpkgs-ci' }}
		extraPullNames: nixpkgs-ci
		authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
		# The nixpkgs-gha cache should not be trusted or used outside of Nixpkgs and its forks' CI.
		name: ${{ vars.CACHIX_NAME \|\| 'nixpkgs-gha' }}
		extraPullNames: nixpkgs-gha
		authToken: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
		pushFilter: -source$

		- name: Parse all nix files
		@@ -103,10 +103,10 @@ jobs:

		- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
		with:
		# The nixpkgs-ci cache should not be trusted or used outside of Nixpkgs and its forks' CI.
		name: ${{ vars.CACHIX_NAME \|\| 'nixpkgs-ci' }}
		extraPullNames: nixpkgs-ci
		authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
		# The nixpkgs-gha cache should not be trusted or used outside of Nixpkgs and its forks' CI.
		name: ${{ vars.CACHIX_NAME \|\| 'nixpkgs-gha' }}
		extraPullNames: nixpkgs-gha
		authToken: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
		pushFilter: -source$

		- name: Running nixpkgs-vet

+4 −4

Original line number	Diff line number	Diff line
		@@ -61,7 +61,7 @@ jobs:
		# cherry-picks; formality right now, but unused
		pull-requests: write
		secrets:
		CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
		CACHIX_AUTH_TOKEN_GHA: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
		with:
		mergedSha: ${{ needs.prepare.outputs.mergedSha }}
		targetSha: ${{ needs.prepare.outputs.targetSha }}
		@@ -71,7 +71,7 @@ jobs:
		needs: [prepare]
		uses: ./.github/workflows/lint.yml
		secrets:
		CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
		CACHIX_AUTH_TOKEN_GHA: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
		with:
		mergedSha: ${{ needs.prepare.outputs.mergedSha }}
		targetSha: ${{ needs.prepare.outputs.targetSha }}
		@@ -86,7 +86,7 @@ jobs:
		# compare
		statuses: write
		secrets:
		CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
		CACHIX_AUTH_TOKEN_GHA: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
		with:
		artifact-prefix: ${{ inputs.artifact-prefix }}
		mergedSha: ${{ needs.prepare.outputs.mergedSha }}
		@@ -98,7 +98,7 @@ jobs:
		needs: [prepare]
		uses: ./.github/workflows/build.yml
		secrets:
		CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
		CACHIX_AUTH_TOKEN_GHA: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
		with:
		artifact-prefix: ${{ inputs.artifact-prefix }}
		baseBranch: ${{ needs.prepare.outputs.baseBranch }}