From b940df6af713233c1ec22ea5bd20fc1150eb29a2 Mon Sep 17 00:00:00 2001 From: ooks-io Date: Sun, 19 Jan 2025 21:58:06 +1100 Subject: [PATCH] ci: use github app --- .github/workflows/check.yaml | 17 +++++++++++++++-- flake.lock | 4 ++-- flake.nix | 3 +-- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml index 1144aa3..c7d50b3 100644 --- a/.github/workflows/check.yaml +++ b/.github/workflows/check.yaml @@ -16,11 +16,24 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + + - name: Generate GitHub App Token + id: generate-token + uses: actions/create-github-app-token@v1 + with: + app_id: ${{ vars.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + repositories: + + - name: Setup Git Config + run: | + git config --global url."https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/".insteadOf "git+ssh://git@github.com/" + - name: Setup Nix uses: DeterminateSystems/nix-installer-action@main - with: - github-token: ${{ secrets.KUNZEN_TOKEN }} + - name: Magic Nix Cache uses: DeterminateSystems/magic-nix-cache-action@main + - name: Nix Flake run: nix flake check diff --git a/flake.lock b/flake.lock index 154622e..ae36e2d 100644 --- a/flake.lock +++ b/flake.lock @@ -3093,11 +3093,11 @@ "rev": "dbbf390c798a14bb316681e62fe56355d9ea88f6", "revCount": 4, "type": "git", - "url": "https://git@github.com/ooks-io/kunzen" + "url": "ssh://git@github.com/ooks-io/kunzen" }, "original": { "type": "git", - "url": "https://git@github.com/ooks-io/kunzen" + "url": "ssh://git@github.com/ooks-io/kunzen" } }, "systems": { diff --git a/flake.nix b/flake.nix index e41b9f8..0034cd4 100644 --- a/flake.nix +++ b/flake.nix @@ -51,8 +51,7 @@ }; secrets = { - url = "git+https://git@github.com/ooks-io/kunzen"; - allRefs = true; + url = "git+ssh://git@github.com/ooks-io/kunzen"; inputs = { nixpkgs.follows = "nixpkgs"; flake-parts.follows = "flake-parts";