daemon: check for credentials early

cachix · Jan 9, 2024 · 8426524 · 8426524
1 parent 64b052b
commit 8426524
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/dist/main/index.js b/dist/main/index.js
@@ -7816,14 +7816,18 @@ async function setup() {
             core.exportVariable('CACHIX_SIGNING_KEY', signingKey);
         }
         let supportsDaemonInterface = (cachixVersion) ? semver_1.default.gte(cachixVersion, '1.7.0') : false;
-        let supportsPostBuildHook = isTrustedUser();
+        let supportsPostBuildHook = await isTrustedUser();
+        let hasPushCredentials = signingKey !== "" || authToken !== "";
         if (useDaemon && !supportsDaemonInterface) {
             core.warning(`Cachix Daemon is not supported by this version of Cachix (${cachixVersion}). Ignoring the 'useDaemon' option.`);
         }
         if (useDaemon && !supportsPostBuildHook) {
             core.warning("This user is not allowed to set the post-build-hook. Ignoring the 'useDaemon' option.");
         }
-        let supportsDaemon = supportsDaemonInterface && supportsPostBuildHook;
+        if (useDaemon && !hasPushCredentials) {
+            core.warning("No push credentials found. Ignoring the 'useDaemon' option.");
+        }
+        let supportsDaemon = supportsDaemonInterface && supportsPostBuildHook && hasPushCredentials;
         core.saveState('supportsDaemon', supportsDaemon);
         if (useDaemon && supportsDaemon) {
             const tmpdir = process.env['RUNNER_TEMP'] ?? os.tmpdir();
@@ -7902,7 +7906,7 @@ async function upload() {
             }
         }
         else {
-            core.info('Pushing is disabled as signingKey nor authToken are set (or are empty?) in your YAML file.');
+            core.info('Pushing is disabled because neither signingKey nor authToken are set (or are empty?) in your YAML file.');
         }
     }
     catch (error) {

diff --git a/src/main.ts b/src/main.ts
@@ -102,15 +102,19 @@ async function setup() {
     }
 
     let supportsDaemonInterface = (cachixVersion) ? semver.gte(cachixVersion, '1.7.0') : false;
-    let supportsPostBuildHook = isTrustedUser();
+    let supportsPostBuildHook = await isTrustedUser();
+    let hasPushCredentials = signingKey !== "" || authToken !== "";
     if (useDaemon && !supportsDaemonInterface) {
       core.warning(`Cachix Daemon is not supported by this version of Cachix (${cachixVersion}). Ignoring the 'useDaemon' option.`)
     }
     if (useDaemon && !supportsPostBuildHook) {
       core.warning("This user is not allowed to set the post-build-hook. Ignoring the 'useDaemon' option.");
     }
+    if (useDaemon && !hasPushCredentials) {
+      core.warning("No push credentials found. Ignoring the 'useDaemon' option.");
+    }
 
-    let supportsDaemon = supportsDaemonInterface && supportsPostBuildHook;
+    let supportsDaemon = supportsDaemonInterface && supportsPostBuildHook && hasPushCredentials;
     core.saveState('supportsDaemon', supportsDaemon);
 
     if (useDaemon && supportsDaemon) {
@@ -202,7 +206,7 @@ async function upload() {
         await exec.exec(`${__dirname}/push-paths.sh`, [cachixBin, cachixArgs, name, pathsToPush, pushFilter]);
       }
     } else {
-      core.info('Pushing is disabled as signingKey nor authToken are set (or are empty?) in your YAML file.');
+      core.info('Pushing is disabled because neither signingKey nor authToken are set (or are empty?) in your YAML file.');
     }
   } catch (error) {
     core.setFailed(`Action failed with error: ${error}`);