fix(CI): copyToPodman

hardenedlinux · Feb 24, 2024 · cb06e9a · cb06e9a
1 parent 1899433
commit cb06e9a
Show file tree

Hide file tree

Showing 5 changed files with 356 additions and 13 deletions.
diff --git a/.github/actions/common-setup/action.yml b/.github/actions/common-setup/action.yml
@@ -26,7 +26,6 @@ runs:
       with:
         extra-conf: |
           accept-flake-config = true
-
         github_token: ${{ inputs.SECRET_GITHUB_TOKEN }}
 
     - uses: DeterminateSystems/magic-nix-cache-action@main

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -4,6 +4,11 @@ on:
   push:
     branches:
       - main
+env:
+  REGISTRY_USER: ${{ github.actor }}
+  REGISTRY_PASSWORD: ${{ github.token }}
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+
 jobs:
   Jupyenv:
     runs-on: ubuntu-latest
@@ -58,16 +63,17 @@ jobs:
         with:
           SECRET_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: docker/login-action@master
+      - name: Log in to ghcr.io
+        uses: redhat-actions/podman-login@v1
         with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+          registry: ${{ env.IMAGE_REGISTRY }}
 
       - name: build oci-image
         run: |
           nix build ./nix/std#x86_64-linux.repo.containers.dev.out
       - name: copy oci-image to the register
         run: |
-          # nix run ./nix/std#x86_64-linux.repo.containers.dev.out.copyToRegistry
-          nix run ./nix/std\#x86_64-linux.repo.containers.dev.out.copyTo -- docker://ghcr.io/hardenedlinux/aisecurity-research-template:latest
+          nix run ./nix/std#x86_64-linux.repo.containers.dev.out.copyToRegistry
+          # nix run ./nix/std\#x86_64-linux.repo.containers.dev.out.copyTo -- docker://ghcr.io/hardenedlinux/aisecurity-research-template:latest
diff --git a/nix/std/cells/repo/containers.nix b/nix/std/cells/repo/containers.nix
@@ -1,6 +1,6 @@
 { inputs, cell }:
 let
-  inherit (inputs) std;
+  inherit (inputs) std stdN2c;
   l = inputs.nixpkgs.lib // builtins;
   inputsPaths = inputs.omnibus.lib.omnibus.inputsToPaths [
     # because it is not in the input closure of the derivation
@@ -9,9 +9,11 @@ let
   ];
 in
 {
-  dev = std.lib.ops.mkDevOCI {
+  dev = stdN2c.lib.ops.mkDevOCI {
     name = "ghcr.io/hardenedlinux/aisecurity-research-template";
     tag = "latest";
+    # avoid missing hash in github action
+    reproducible = false;
     devshell = inputs.cells.repo.shells.default;
     pkgs = [ ];
     preLoadStorePaths = [ ] ++ inputsPaths;