From 48d31b777029ac46430a14610f39be31e76e06dc Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sat, 18 Jan 2020 16:34:54 +0000 Subject: fix(ops/sync-gcsr): Avoid echoing the Cachix secret sourcehut does not censor secret strings in build logs, but this workaround should avoid the issue. --- ops/sync-gcsr/manifest.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ops/sync-gcsr/manifest.yaml b/ops/sync-gcsr/manifest.yaml index d5674695a816..0d81872b51d2 100644 --- a/ops/sync-gcsr/manifest.yaml +++ b/ops/sync-gcsr/manifest.yaml @@ -6,8 +6,9 @@ secrets: - 3cea9995-9a90-4bb5-9b50-5d00c3694757 tasks: - setup: | - echo "export CACHIX_SIGNING_KEY=$(cat ~/.cachix-tazjin)" >> ~/.buildenv - nix-env -iA third_party.cachix -f git.tazj.in + # sourcehut does not censor secrets in builds, hence this hack: + echo -n 'export CACHIX_SIGNING_KEY=' > cachix-preamble + cat cachix-preamble ~/.cachix-tazjin >> ~/.buildenv cachix use tazjin - build: | cd git.tazj.in -- cgit 1.4.1