From 9239a8a0a66d1dc802f9cd56696a9126f62c1f94 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sat, 25 Feb 2023 23:47:36 +0000 Subject: [PATCH] nix/gitlab-ci: stop using sa.json for uploading to binary cache, use tokend --- nix/gitlab-ci/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/gitlab-ci/default.nix b/nix/gitlab-ci/default.nix index 830a938382..a7c14d81ef 100644 --- a/nix/gitlab-ci/default.nix +++ b/nix/gitlab-ci/default.nix @@ -22,7 +22,7 @@ let script = [ "nix run -f ./ third_party.nixpkgs.bash -c ./hack/populate_secrets.sh" "nix build -v -f ./ci-root.nix --system ${system} --argstr system ${system} --substituters \"https://cache.nixos.org/ s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\"" - "GOOGLE_APPLICATION_CREDENTIALS=$HOME/sa.json nix run -f ./ go.nix.bcacheup -c bcacheup --cache_url gs://lukegb-nix-cache ./result" + "nix run -f ./ go.nix.bcacheup -c bcacheup --cache_url vaultgs://lukegb-nix-cache --vault_addr unix:///run/tokend/sock --vault_token_source gcp/roleset/binary-cache-deployer/token ./result" "cat ./result/other-systemPathJSON > systems.json" ]; artifacts = {