about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <Vincent Ambo>2020-01-18T16·34+0000
committerVincent Ambo <Vincent Ambo>2020-01-18T16·34+0000
commit48d31b777029ac46430a14610f39be31e76e06dc (patch)
treec8eb3136df412143d415e28c076fe9d98b51a491
parentbd7e59766e3cd3f2be1da71d8f9822be07e6daf1 (diff)
fix(ops/sync-gcsr): Avoid echoing the Cachix secret r/411
sourcehut does not censor secret strings in build logs, but this
workaround should avoid the issue.
-rw-r--r--ops/sync-gcsr/manifest.yaml5
1 files changed, 3 insertions, 2 deletions
diff --git a/ops/sync-gcsr/manifest.yaml b/ops/sync-gcsr/manifest.yaml
index d5674695a816..0d81872b51d2 100644
--- a/ops/sync-gcsr/manifest.yaml
+++ b/ops/sync-gcsr/manifest.yaml
@@ -6,8 +6,9 @@ secrets:
   - 3cea9995-9a90-4bb5-9b50-5d00c3694757
 tasks:
   - setup: |
-      echo "export CACHIX_SIGNING_KEY=$(cat ~/.cachix-tazjin)" >> ~/.buildenv
-      nix-env -iA third_party.cachix -f git.tazj.in
+      # sourcehut does not censor secrets in builds, hence this hack:
+      echo -n 'export CACHIX_SIGNING_KEY=' > cachix-preamble
+      cat cachix-preamble ~/.cachix-tazjin >> ~/.buildenv
       cachix use tazjin
   - build: |
       cd git.tazj.in