Merge pull request #32 from DeterminateSystems/determinate-nix-action

ci: migrate to determinate-nix-action
2025-05-21 01:59:00 +02:00 · 2025-05-15 13:38:38 -04:00 · 2025-05-15 13:38:38 -04:00 · e257db1012
commit e257db1012
parent 4d811a5478 6571ed8951
2 changed files with 14 additions and 22 deletions
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@ -1,6 +1,6 @@
 on:
  push:
-    branches: main
+    branches: [main]
  pull_request:
  workflow_dispatch:

@ -13,9 +13,7 @@ jobs:
    steps:
      - name: git checkout
        uses: actions/checkout@v4
-      - uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - uses: DeterminateSystems/determinate-nix-action@v3
      - uses: DeterminateSystems/flakehub-cache-action@main
      - run: nix develop -c action-validator -v ./.github/workflows/workflow.yml
      - run: nix develop -c prettier --check .
@ -23,7 +21,7 @@ jobs:
  DeterminateCI:
    uses: ./.github/workflows/workflow.yml
    permissions:
-      id-token: "write"
-      contents: "read"
+      id-token: write
+      contents: read
    with:
      directory: ./tests/smoke
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@ -88,16 +88,14 @@ jobs:
      systems: ${{ steps.inventory.outputs.systems }}

    permissions:
-      id-token: "write"
-      contents: "read"
+      id-token: write
+      contents: read

    steps:
      - uses: actions/checkout@v4
      # disabled pending strategy discussion on exposing tunables
      # - uses: Determinatesystems/flake-checker-action@main
-      - uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - uses: DeterminateSystems/determinate-nix-action@v3
      - uses: DeterminateSystems/flakehub-cache-action@main
      - uses: webfactory/ssh-agent@v0.9.0
        if: ${{ inputs.enable-ssh-agent }}
@ -120,14 +118,12 @@ jobs:
        systems: ${{ fromJSON(needs.inventory.outputs.systems) }}

    permissions:
-      id-token: "write"
-      contents: "read"
+      id-token: write
+      contents: read

    steps:
      - uses: actions/checkout@v4
-      - uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - uses: DeterminateSystems/determinate-nix-action@v3
      - uses: DeterminateSystems/flakehub-cache-action@main
      - uses: webfactory/ssh-agent@v0.9.0
        if: ${{ inputs.enable-ssh-agent }}
@ -145,8 +141,8 @@ jobs:
    needs: build
    if: ${{ always() }}
    permissions:
-      id-token: "write"
-      contents: "read"
+      id-token: write
+      contents: read

    outputs:
      flake_name: ${{ steps.publish.outputs.flake_name }}
@ -163,13 +159,11 @@ jobs:
          contains(needs.*.result, 'cancelled')
      - uses: actions/checkout@main
        if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
-      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/determinate-nix-action@v3
        if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
-        with:
-          determinate: true
      - uses: DeterminateSystems/flakehub-cache-action@main
        if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
-      - uses: "DeterminateSystems/flakehub-push@main"
+      - uses: DeterminateSystems/flakehub-push@main
        if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
        id: publish
        with: