Skip to content

Ad-Astra-Computing/vega-cache-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 

Repository files navigation

vega-cache-example

A minimal example of publishing reproducible Nix builds to the Vega binary cache.

On every push, GitHub Actions builds the flake's outputs and attests each one to Vega over OIDC, with no stored secret. Reproducible outputs that distinct owners independently agree on are promoted to Vega's globally trusted shared tier and recorded in its public, append-only transparency log.

This repository targets the Vega staging control plane and also serves as a reproduction fixture for Vega's reproduction worker.

Outputs

  • figlet, hello: packages re-exported from a pinned nixpkgs.
  • probe: a small, deterministic output.
  • flaky: intentionally non-reproducible (its bytes change on every build), used to exercise divergence detection.

Using Vega in your own repository

Add the action to a workflow that requests an OIDC token:

permissions:
  id-token: write
  contents: read

jobs:
  attest:
    runs-on: ubuntu-latest
    steps:
      - uses: Ad-Astra-Computing/vega-agent/agent@v0.4.3
        with:
          installable: "github:<owner>/<repo>#<attr>"
          control-plane: https://vega-cache.dev

See the Vega documentation for consuming the cache and verifying builds.

About

Example: publishing reproducible Nix builds to the Vega binary cache

docs.vega-cache.dev

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages