From 79b2672429dce15d686f311e5ecad7b67623eece Mon Sep 17 00:00:00 2001
From: Martin Nikov <mnikov12@gmail.com>
Date: Sat, 3 Aug 2024 21:03:07 +0300
Subject: [PATCH] refactor(gh-actions): Use bash commands instead of
 `extra_nix_config`

This commit is squashed version of these:
* https://github.com/metacraft-labs/nixos-modules/pull/126/commits/bbcd2cca4aa1cb1c37f4f6d57f4b189ae81367aa
* https://github.com/metacraft-labs/nixos-modules/pull/128/commits
---
 .github/install-nix/action.yml              | 17 ++++++++---------
 .github/workflows/ci.yml                    | 11 +++++++++--
 .github/workflows/update-flake-lock.yml     | 16 ++++++++++++++--
 .github/workflows/update-flake-packages.yml | 16 +++++++++++++---
 4 files changed, 44 insertions(+), 16 deletions(-)

diff --git a/.github/install-nix/action.yml b/.github/install-nix/action.yml
index 673bd478..855485bb 100644
--- a/.github/install-nix/action.yml
+++ b/.github/install-nix/action.yml
@@ -27,20 +27,19 @@ runs:
     - name: Install Nix
       uses: cachix/install-nix-action@v27
       if: ${{ runner.environment == 'github-hosted' }}
-      with:
-        extra_nix_config: |
-          ${{ inputs.nix-github-token != '' && format('access-tokens = github.com={0}', inputs.nix-github-token) || '' }}
-          accept-flake-config = true
-          allow-import-from-derivation = true
-          substituters = https://cache.nixos.org ${{inputs.substituters}}
-          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{inputs.trusted-public-keys}}
-          netrc-file = $HOME/.config/nix/netrc
 
     - name: Configure Nix
-      if: ${{ runner.environment == 'github-hosted' }}
       shell: bash
       run: |
         mkdir -p $HOME/.config/nix
         {
           echo "machine ${{inputs.cachix-cache}}.cachix.org password ${{inputs.cachix-auth-token}}"
         } >> $HOME/.config/nix/netrc
+        {
+          echo "${{ inputs.nix-github-token != '' && format('access-tokens = github.com={0}', inputs.nix-github-token) || '' }}
+          accept-flake-config = true
+          allow-import-from-derivation = true
+          substituters = https://cache.nixos.org ${{inputs.substituters}}
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{inputs.trusted-public-keys}}
+          netrc-file = $HOME/.config/nix/netrc"
+        } > $HOME/.config/nix/nix.conf
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fc83ad91..3fbb58cc 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -182,8 +182,15 @@ jobs:
 
       - name: Install Nix
         uses: cachix/install-nix-action@V27
-        with:
-          extra_nix_config: accept-flake-config = true
+
+      - name: Configure Nix
+        shell: bash
+        run: |
+          mkdir -p $HOME/.config/nix
+          {
+            echo "${{ inputs.nix-github-token != '' && format('access-tokens = github.com={0}', inputs.nix-github-token) || '' }}
+            accept-flake-config = true"
+          } > $HOME/.config/nix/nix.conf
 
       - uses: cachix/cachix-action@v15
         with:
diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml
index 0106a93c..b7a83db5 100644
--- a/.github/workflows/update-flake-lock.yml
+++ b/.github/workflows/update-flake-lock.yml
@@ -3,6 +3,10 @@ name: "Update Nix Flake lockfile"
 on:
   # Allow this workflow to be reused by other workflows:
   workflow_call:
+    secrets:
+      nix-github-token:
+        description: GitHub token to add as access-token in nix.conf
+        required: false
 
   # Allow this workflow to be triggered manually:
   workflow_dispatch:
@@ -21,8 +25,16 @@ jobs:
       - name: Install Nix
         uses: cachix/install-nix-action@v27
         if: ${{ runner.environment == 'github-hosted' }}
-        with:
-          extra_nix_config: accept-flake-config = true
+
+      - name: Configure Nix
+        shell: bash
+        run: |
+          mkdir -p $HOME/.config/nix
+          {
+            echo "${{ secrets.nix-github-token != '' && format('access-tokens = github.com={0}', secrets.nix-github-token) || '' }}
+            accept-flake-config = true"
+          } > $HOME/.config/nix/nix.conf
+
 
       - name: Run `nix flake update`
         id: update-lockfile
diff --git a/.github/workflows/update-flake-packages.yml b/.github/workflows/update-flake-packages.yml
index acf1db24..1da4df63 100644
--- a/.github/workflows/update-flake-packages.yml
+++ b/.github/workflows/update-flake-packages.yml
@@ -3,6 +3,10 @@ name: "Update Flake Packages ❄️"
 on:
   # Allow this workflow to be reused by other workflows:
   workflow_call:
+    secrets:
+      nix-github-token:
+        description: GitHub token to add as access-token in nix.conf
+        required: false
 
   # Allow this workflow to be triggered manually:
   workflow_dispatch:
@@ -21,10 +25,16 @@ jobs:
       - name: Install Nix
         uses: cachix/install-nix-action@v27
         if: ${{ runner.environment == 'github-hosted' }}
-        with:
-          extra_nix_config: |
+
+      - name: Configure Nix
+        shell: bash
+        run: |
+          mkdir -p $HOME/.config/nix
+          {
+            echo "${{ secrets.nix-github-token != '' && format('access-tokens = github.com={0}', secrets.nix-github-token) || '' }}
             accept-flake-config = true
-            allow-import-from-derivation = true
+            allow-import-from-derivation = true"
+          } > $HOME/.config/nix/nix.conf
 
       - uses: tibdex/github-app-token@v2.1.0
         id: generate-token