diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ccc3641..6a14587 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: BuildPublish: runs-on: ubuntu-latest outputs: - flakeref: ${{ steps.flakehubpush.outputs.flakeref }} + flakeref_exact: ${{ steps.flakehubpush.outputs.flakeref_exact }} permissions: id-token: "write" contents: "read" @@ -37,6 +37,7 @@ jobs: rolling: true visibility: "private" include-output-paths: true + source-pr: 169 Deploy: if: github.ref == 'refs/heads/main' @@ -57,7 +58,7 @@ jobs: --region us-east-2 \ --targets Key=tag:Name,Values=FlakeHubDemo \ --document-name "FlakeHub-ApplyNixOS" \ - --parameters flakeref="${{ needs.BuildPublish.outputs.flakeref }}#nixosConfigurations.ethercalc-demo" + --parameters flakeref="${{ needs.BuildPublish.outputs.flakeref_exact }}#nixosConfigurations.ethercalc-demo" - name: Breakpoint if tests failed if: failure() uses: namespacelabs/breakpoint-action@v0 diff --git a/setup/deploy-from-github/deploy-automation.tf b/setup/deploy-from-github/deploy-automation.tf index 20b7ac8..56a806b 100644 --- a/setup/deploy-from-github/deploy-automation.tf +++ b/setup/deploy-from-github/deploy-automation.tf @@ -13,7 +13,17 @@ resource "aws_ssm_document" "deploy" { flakeref = { type = "String" description = "The FlakeHub flake reference. Example: DeterminateSystems/demo/0.1#nixosConfigurations.ethercalc-demo" - allowedPattern = "^[a-zA-Z0-9\\-_]+\\/[a-zA-Z0-9\\-_]+\\/[a-zA-Z0-9\\-_.]+#([a-zA-Z0-9\\-_]+\\.?)+$" + allowedPattern = join("", [ + # Owner/Flake/ + "^[a-zA-Z0-9\\-_]+\\/[a-zA-Z0-9\\-_]+", + # / + "\\/", + # Version specifier + "[a-zA-Z0-9\\-_.+=~*]+", + # literal # + "#", + # attribute path + "([a-zA-Z0-9\\-_]+\\.?)+$"]) } } mainSteps = [