From 48d31b777029ac46430a14610f39be31e76e06dc Mon Sep 17 00:00:00 2001
From: Vincent Ambo <Vincent Ambo>
Date: Sat, 18 Jan 2020 16:34:54 +0000
Subject: fix(ops/sync-gcsr): Avoid echoing the Cachix secret

sourcehut does not censor secret strings in build logs, but this
workaround should avoid the issue.
---
 ops/sync-gcsr/manifest.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'ops')

diff --git a/ops/sync-gcsr/manifest.yaml b/ops/sync-gcsr/manifest.yaml
index d5674695a8..0d81872b51 100644
--- a/ops/sync-gcsr/manifest.yaml
+++ b/ops/sync-gcsr/manifest.yaml
@@ -6,8 +6,9 @@ secrets:
   - 3cea9995-9a90-4bb5-9b50-5d00c3694757
 tasks:
   - setup: |
-      echo "export CACHIX_SIGNING_KEY=$(cat ~/.cachix-tazjin)" >> ~/.buildenv
-      nix-env -iA third_party.cachix -f git.tazj.in
+      # sourcehut does not censor secrets in builds, hence this hack:
+      echo -n 'export CACHIX_SIGNING_KEY=' > cachix-preamble
+      cat cachix-preamble ~/.cachix-tazjin >> ~/.buildenv
       cachix use tazjin
   - build: |
       cd git.tazj.in
-- 
cgit 1.4.1