a62862be44
An assortment of GitHub Workflow changes, potentially including: - Enable DeterminateSystems/magic-nix-cache-action@main - Reference all DeterminateSystems actions via @main - Make update.yaml consistent across repos - Remove unnecessary github-token: from nix-installer-action - Update actions/checkout@v2 to actions/checkout@v3
35 lines
1.2 KiB
YAML
35 lines
1.2 KiB
YAML
name: Generate Credentials
|
|
on:
|
|
- workflow_dispatch
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Install Nix
|
|
uses: DeterminateSystems/nix-installer-action@main
|
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
- name: Expose GitHub Runtime
|
|
uses: crazy-max/ghaction-github-runtime@v2
|
|
- name: Dump credentials
|
|
run: |
|
|
if [[ -z "$AGE_PUBLIC_KEY" ]]; then
|
|
>&2 echo 'The AGE_PUBLIC_KEY secret must be present.'
|
|
>&2 echo 'You can generate one with `age-keygen -o key.txt`.'
|
|
exit 1
|
|
fi
|
|
|
|
cat >creds.json <<EOF
|
|
{
|
|
"ACTIONS_CACHE_URL": "${ACTIONS_CACHE_URL}",
|
|
"ACTIONS_RUNTIME_URL": "${ACTIONS_RUNTIME_URL}",
|
|
"ACTIONS_RUNTIME_TOKEN": "${ACTIONS_RUNTIME_TOKEN}"
|
|
}
|
|
EOF
|
|
encrypted=$(cat creds.json | nix develop .#keygen --command -- age -r "$AGE_PUBLIC_KEY" | base64 -w0)
|
|
|
|
echo 'Use the following command to decrypt:'
|
|
echo "echo '$encrypted' | base64 -d | age --decrypt -i key.txt >creds.json"
|
|
env:
|
|
AGE_PUBLIC_KEY: ${{ secrets.AGE_PUBLIC_KEY }}
|