nix/gitlab-ci: stop using sa.json for uploading to binary cache, use tokend

This commit is contained in:
Luke Granger-Brown 2023-02-25 23:47:36 +00:00
parent 60ae56053f
commit 9239a8a0a6

View file

@ -22,7 +22,7 @@ let
script = [
"nix run -f ./ third_party.nixpkgs.bash -c ./hack/populate_secrets.sh"
"nix build -v -f ./ci-root.nix --system ${system} --argstr system ${system} --substituters \"https://cache.nixos.org/ s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\""
"GOOGLE_APPLICATION_CREDENTIALS=$HOME/sa.json nix run -f ./ go.nix.bcacheup -c bcacheup --cache_url gs://lukegb-nix-cache ./result"
"nix run -f ./ go.nix.bcacheup -c bcacheup --cache_url vaultgs://lukegb-nix-cache --vault_addr unix:///run/tokend/sock --vault_token_source gcp/roleset/binary-cache-deployer/token ./result"
"cat ./result/other-systemPathJSON > systems.json"
];
artifacts = {