GhA: Configure scan action to use Ghaf caches

Signed-off-by: Henri Rosten <[email protected]>
tiiuae · Apr 7, 2024 · caf6186 · caf6186
1 parent 7ae7bbc
commit caf6186
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
@@ -19,6 +19,11 @@ jobs:
     - uses: cachix/install-nix-action@v26
       with:
         nix_path: nixpkgs=channel:nixpkgs-unstable
+        extra_nix_config: |
+          trusted-public-keys = ghaf-dev.cachix.org-1:S3M8x3no8LFQPBfHw1jl6nmP8A7cVWKntoMKN3IsEQY= cache.vedenemo.dev:8NhplARANhClUSWJyLVk4WMyy1Wb4rhmWW2u8AejH9E= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+          substituters = https://ghaf-dev.cachix.org?priority=20 https://cache.vedenemo.dev https://cache.nixos.org
+          connect-timeout = 5
+          system-features = nixos-test benchmark big-parallel kvm
     - name: Ghaf Vulnerability Scan (main)
       run: nix run .#ghafscan -- --verbose=2 --whitelist=manual_analysis.csv --outdir=reports/main --flakeref=github:tiiuae/ghaf?ref=main --target=packages.x86_64-linux.lenovo-x1-carbon-gen11-release --target=packages.riscv64-linux.microchip-icicle-kit-release --target=packages.aarch64-linux.nvidia-jetson-orin-nx-release
     - name: Ghaf Vulnerability Scan (ghaf-24.03)