Documentation

menu
Nix FlakesGarnyaml configWhat Garnix CI doesDeploymentsUsing Private InputsCachingGitHub Actions IntegrationBadges
Nix FlakesGarnyaml configWhat Garnix CI doesDeploymentsUsing Private InputsCachingGitHub Actions IntegrationBadges

Using Private Inputs/Repositories.share

Sometimes you want to depend on a private repository. Nix has two mechanisms for this: using SSH keys (git+https dependencies), or using personal tokens (e.g. github: dependencies).

garnix supports the latter of these two. In order for this two work, several conditions must be met:

  1. enableGithubOrgAccessTokens must be True in garnix.yaml;
  2. garnix must be enabled on all the dependencies;
  3. the dependency must belong to the same user/org and the depending repo;
  4. every collaborator on the depending repo must be a collaborator on every dependency; and
  5. (as a special case of 4) the depending repo must not be public.

4 and 5 are to ensure you don't accidentally give read-access to someone via this mechanism.

An example of such a private dependency is:

{
  inputs.privateDep.url = "github:garnix-io/private";
  ...
}

Note that in order to use private inputs like this work locally, you will need to create an access token with GitHub, and set access-tokens in your user's nix.conf.