Skip to content

Commit a2e39ec

Browse files
timbastintimbastin
committed
adds nix version input
1 parent 82f08b5 commit a2e39ec

2 files changed

Lines changed: 16 additions & 0 deletions

File tree

.github/workflows/build-nix-image.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,11 @@ on:
5050
required: false
5151
type: string
5252
default: 'garage'
53+
nix-version:
54+
description: 'Pinned Nix version used for deterministic builds (must match other CI systems)'
55+
required: false
56+
type: string
57+
default: '2.34.4'
5358
arch:
5459
description: 'Target architecture suffix appended to the generated image tag (e.g. amd64, arm64). Leave empty for single-arch builds.'
5560
required: false
@@ -95,11 +100,15 @@ jobs:
95100

96101
- uses: cachix/install-nix-action@v31
97102
with:
103+
install_url: ${{ format('https://releases.nixos.org/nix/nix-{0}/install', inputs.nix-version) }}
98104
extra_nix_config: |
99105
experimental-features = nix-command flakes
100106
${{ inputs.nix-cache-substituter != '' && format('substituters = https://cache.nixos.org {0}', inputs.nix-cache-substituter) || '' }}
101107
${{ inputs.nix-cache-public-key != '' && format('trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= {0}', inputs.nix-cache-public-key) || '' }}
102108
109+
- name: Show Nix version
110+
run: nix --version
111+
103112
- name: Install crane and devguard-scanner
104113
run: nix profile install nixpkgs#crane .#devguardScanner
105114

.github/workflows/full-nix.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,11 @@ on:
8484
required: false
8585
type: string
8686
default: 'garage'
87+
nix-version:
88+
description: 'Pinned Nix version used by reusable build jobs'
89+
required: false
90+
type: string
91+
default: '2.34.4'
8792
secrets:
8893
devguard-token:
8994
required: true
@@ -120,6 +125,7 @@ jobs:
120125
nix-cache-s3-endpoint: ${{ inputs.nix-cache-s3-endpoint }}
121126
nix-cache-s3-bucket: ${{ inputs.nix-cache-s3-bucket }}
122127
nix-cache-region: ${{ inputs.nix-cache-region }}
128+
nix-version: ${{ inputs.nix-version }}
123129
secrets:
124130
devguard-token: ${{ secrets.devguard-token }}
125131
nix-cache-secret-key: ${{ secrets.nix-cache-secret-key }}
@@ -143,6 +149,7 @@ jobs:
143149
nix-cache-s3-endpoint: ${{ inputs.nix-cache-s3-endpoint }}
144150
nix-cache-s3-bucket: ${{ inputs.nix-cache-s3-bucket }}
145151
nix-cache-region: ${{ inputs.nix-cache-region }}
152+
nix-version: ${{ inputs.nix-version }}
146153
secrets:
147154
devguard-token: ${{ secrets.devguard-token }}
148155
nix-cache-secret-key: ${{ secrets.nix-cache-secret-key }}

0 commit comments

Comments
 (0)