diff options
| author | seth <[email protected]> | 2023-12-27 07:05:17 -0500 |
|---|---|---|
| committer | seth <[email protected]> | 2023-12-27 07:05:17 -0500 |
| commit | 66f3a899b81f0eeeee1b545b1f7056a49bfde85f (patch) | |
| tree | 3e54dc1708514f0239f69b76e24999ab49360f37 /.github | |
| parent | 8f9d7de04f4da4abc8a097c2021c8e4723c25dc7 (diff) | |
actions: better scope secrets for deployment
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/ci.yaml | 2 | ||||
| -rw-r--r-- | .github/workflows/deploy.yaml | 22 |
2 files changed, 9 insertions, 15 deletions
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 58d1966..4c03f04 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -49,9 +49,11 @@ jobs: - uses: actions/checkout@v4 - name: Install Nix + if: ${{ !matrix.isCached }} uses: DeterminateSystems/nix-installer-action@v9 - name: Setup Cachix + if: ${{ !matrix.isCached }} uses: cachix/cachix-action@v13 with: name: getchoo diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index fbb54b4..84a376e 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -17,6 +17,7 @@ jobs: name: Deploy NixOS systems runs-on: ubuntu-latest + environment: nixos concurrency: group: nixos cancel-in-progress: true @@ -27,9 +28,6 @@ jobs: - name: Install Nix uses: DeterminateSystems/nix-installer-action@v9 - - name: Setup local Nix cache - uses: DeterminateSystems/magic-nix-cache-action@v2 - - name: Connect to Tailscale uses: tailscale/github-action@v2 with: @@ -48,10 +46,10 @@ jobs: run: | nix run --inputs-from . nixpkgs#deploy-rs -- -s - opentofu: + terranix: needs: nixos - name: Apply OpenTofu plan + name: Apply Terranix plan runs-on: ubuntu-latest environment: terranix @@ -65,12 +63,6 @@ jobs: - name: Install Nix uses: DeterminateSystems/nix-installer-action@v9 - - name: Setup local Nix cache - uses: DeterminateSystems/magic-nix-cache-action@v2 - - - name: Setup OpenTofu cache - uses: terraform-cache/terraform-cache@v1 - - name: Authenticate with TF Cloud run: | dir="$HOME/.terraform.d" @@ -86,11 +78,11 @@ jobs: } EOF - - name: Apply configuration + - name: Apply plan env: - CLOUDFLARE_API_KEY: ${{ secrets.CLOUDFLARE_API_KEY }} - CLOUDFLARE_EMAIL: ${{ secrets.CLOUDFLARE_EMAIL }} - TAILSCALE_API_KEY: ${{ secrets.TAILSCALE_API_KEY }} + CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} + OAUTH_CLIENT_ID: ${{ secrets.OAUTH_CLIENT_ID }} + OAUTH_CLIENT_SECRET: ${{ secrets.OAUTH_CLIENT_SECRET }} run: | nix develop .#terranix \ --command bash -c \ |