fix(ops/sync-gcsr): Avoid echoing the Cachix secret
sourcehut does not censor secret strings in build logs, but this workaround should avoid the issue.
This commit is contained in:
Vincent Ambo
parent
bd7e59766e
commit
48d31b7770
1 changed files with 3 additions and 2 deletions
|
|
@ -6,8 +6,9 @@ secrets:
|
||||||
- 3cea9995-9a90-4bb5-9b50-5d00c3694757
|
- 3cea9995-9a90-4bb5-9b50-5d00c3694757
|
||||||
tasks:
|
tasks:
|
||||||
- setup: |
|
- setup: |
|
||||||
echo "export CACHIX_SIGNING_KEY=$(cat ~/.cachix-tazjin)" >> ~/.buildenv
|
# sourcehut does not censor secrets in builds, hence this hack:
|
||||||
nix-env -iA third_party.cachix -f git.tazj.in
|
echo -n 'export CACHIX_SIGNING_KEY=' > cachix-preamble
|
||||||
|
cat cachix-preamble ~/.cachix-tazjin >> ~/.buildenv
|
||||||
cachix use tazjin
|
cachix use tazjin
|
||||||
- build: |
|
- build: |
|
||||||
cd git.tazj.in
|
cd git.tazj.in
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue