feat(action): Add extra-nix-config input for custom nix.conf settings #75
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Issue See jetify-com#74: When running actions on self-hosted GitHub Enterprise (GHES) installations, the `github.token` provided is specific to the private GHES instance. This token cannot be used to access resources on `github.com`. While the existing configuration option `disable-nix-access-token` allows users to disable the usage of `github.token` as a Nix access token, this workaround fails once the unauthenticated rate limit for `api.github.com` is exceeded. Currently, there is no mechanism to configure a custom, working Nix access token for such scenarios. This limitation creates challenges for GHES users who need to: - Authenticate against `api.github.com` without exceeding rate limits. - Configure Nix access tokens for other APIs, such as private hosts, when using Nix packages from private repositories. # Fix Add a new configuration option `extra-nix-config` that gets appended to `nix.conf` if passed. This can be used to configure access tokens, and I added this use case as an example to the README.md.
silvestre
changed the title
silvestre
commented
Mar 6, 2025
| - name: Configure nix access-tokens | ||
| if: inputs.disable-nix-access-token == 'false' | ||
| if: inputs.disable-nix-access-token == 'false' && github.server_url == 'https://github.com' |
There was a problem hiding this comment.
This is more of a nice to have: If you are running this action on a GitHub Enterprise Server, configuring the github.token as nix access token to github.com makes no sense, so we can skip it, and at least make the unauthenticated access work, without requiring the user to set disable-nix-access-token.
tested using a low-risk config option
Co-authored-by: Lucille Hua <[email protected]> Signed-off-by: Silvestre Zabala <[email protected]>
Signed-off-by: Lucille Hua <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue
Fixes: #74
When running actions on self-hosted GitHub Enterprise (GHES) installations, the
github.tokenprovided is specific to the private GHES instance. This token cannot be used to access resources ongithub.com. While the existing configuration optiondisable-nix-access-tokenallows users to disable the usage ofgithub.tokenas a Nix access token, this workaround fails once the unauthenticated rate limit forapi.github.comis exceeded.Currently, there is no mechanism to configure a custom, working Nix access token for such scenarios. This limitation creates challenges for GHES users who need to:
api.github.comwithout exceeding rate limits.Fix
Add a new configuration option
extra-nix-configthat gets appended tonix.confif passed.This can be used to configure access tokens, and I added this use case as an example to the README.md.