fix(ops/sync-gcsr): Avoid echoing the Cachix secret

sourcehut does not censor secret strings in build logs, but this workaround should avoid the issue.
2020-01-18 16:34:54 +00:00 · 2020-01-18 16:34:54 +00:00 · 48d31b7770
commit 48d31b7770
parent bd7e59766e
1 changed files with 3 additions and 2 deletions
--- a/ops/sync-gcsr/manifest.yaml
+++ b/ops/sync-gcsr/manifest.yaml
@ -6,8 +6,9 @@ secrets:
  - 3cea9995-9a90-4bb5-9b50-5d00c3694757
 tasks:
  - setup: |
-      echo "export CACHIX_SIGNING_KEY=$(cat ~/.cachix-tazjin)" >> ~/.buildenv
-      nix-env -iA third_party.cachix -f git.tazj.in
+      # sourcehut does not censor secrets in builds, hence this hack:
+      echo -n 'export CACHIX_SIGNING_KEY=' > cachix-preamble
+      cat cachix-preamble ~/.cachix-tazjin >> ~/.buildenv
      cachix use tazjin
  - build: |
      cd git.tazj.in