diff options
author | Vincent Ambo <Vincent Ambo> | 2020-01-18T16·34+0000 |
---|---|---|
committer | Vincent Ambo <Vincent Ambo> | 2020-01-18T16·34+0000 |
commit | 48d31b777029ac46430a14610f39be31e76e06dc (patch) | |
tree | c8eb3136df412143d415e28c076fe9d98b51a491 | |
parent | bd7e59766e3cd3f2be1da71d8f9822be07e6daf1 (diff) |
fix(ops/sync-gcsr): Avoid echoing the Cachix secret r/411
sourcehut does not censor secret strings in build logs, but this workaround should avoid the issue.
-rw-r--r-- | ops/sync-gcsr/manifest.yaml | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ops/sync-gcsr/manifest.yaml b/ops/sync-gcsr/manifest.yaml index d5674695a816..0d81872b51d2 100644 --- a/ops/sync-gcsr/manifest.yaml +++ b/ops/sync-gcsr/manifest.yaml @@ -6,8 +6,9 @@ secrets: - 3cea9995-9a90-4bb5-9b50-5d00c3694757 tasks: - setup: | - echo "export CACHIX_SIGNING_KEY=$(cat ~/.cachix-tazjin)" >> ~/.buildenv - nix-env -iA third_party.cachix -f git.tazj.in + # sourcehut does not censor secrets in builds, hence this hack: + echo -n 'export CACHIX_SIGNING_KEY=' > cachix-preamble + cat cachix-preamble ~/.cachix-tazjin >> ~/.buildenv cachix use tazjin - build: | cd git.tazj.in |