diff --git a/linting/rust/deny.toml b/linting/rust/deny.toml index d107a45..bcf0343 100644 --- a/linting/rust/deny.toml +++ b/linting/rust/deny.toml @@ -20,6 +20,7 @@ allow = [ "Zlib", ] unused-allowed-license = "allow" +unused-license-exception = "allow" confidence-threshold = 0.95 [licenses.private] @@ -62,3 +63,7 @@ allow = ["AGPL-3.0-only", "AGPL-3.0-or-later"] [[licenses.exceptions]] name = "zitadel-token" allow = ["AGPL-3.0-only", "AGPL-3.0-or-later"] + +[[licenses.exceptions]] +name = "famedly-operator" +allow = ["AGPL-3.0-only", "AGPL-3.0-or-later"] diff --git a/nix/modules/workflows/lib.nix b/nix/modules/workflows/lib.nix index 860f993..24078e8 100644 --- a/nix/modules/workflows/lib.nix +++ b/nix/modules/workflows/lib.nix @@ -95,6 +95,8 @@ rec { # Configure git HTTPS credentials so the Nix daemon can fetch private flake inputs. # Uses a PAT via git credential helper — works for any user (root, nixbld, runner). + # Also configures Nix access-tokens so the daemon can fetch private GitHub + # flake inputs (which are downloaded as tarballs via the API, not via git). mkNixGitAuthStep = { token }: { @@ -105,6 +107,8 @@ rec { set -euo pipefail if [[ -n "''${GH_TOKEN:-}" ]]; then sudo git config --system url."https://x-access-token:''${GH_TOKEN}@github.com/".insteadOf "https://github.com/" + echo "access-tokens = github.com=''${GH_TOKEN}" | sudo tee -a /etc/nix/nix.conf > /dev/null + sudo systemctl restart nix-daemon.service 2>/dev/null || true fi ''; };