From 0c3549113bee761508b921036dbee8d474268dce Mon Sep 17 00:00:00 2001
From: Wolfgang Walther <walther@technowledgy.de>
Date: Wed, 20 Aug 2025 13:37:48 +0200
Subject: [PATCH] workflows/eval: add cachix

At this stage, this only allows faster iteration when working on CI in
forks.

(cherry picked from commit 795dd01e31791c3d2f1d78d3c2273243b240803f)
---
 .github/workflows/eval.yml | 10 ++++++++++
 .github/workflows/pr.yml   |  1 +
 .github/workflows/push.yml |  2 ++
 3 files changed, 13 insertions(+)

diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml
index a89f2e4d5f9b..a1aaaafe6fbb 100644
--- a/.github/workflows/eval.yml
+++ b/.github/workflows/eval.yml
@@ -16,6 +16,8 @@ on:
         default: false
         type: boolean
     secrets:
+      CACHIX_AUTH_TOKEN:
+        required: true
       OWNER_APP_PRIVATE_KEY:
         required: false
 
@@ -97,6 +99,14 @@ jobs:
       - name: Install Nix
         uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31
 
+      - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
+        with:
+          # The nixpkgs-ci cache should not be trusted or used outside of Nixpkgs and its forks' CI.
+          name: ${{ vars.CACHIX_NAME || 'nixpkgs-ci' }}
+          extraPullNames: nixpkgs-ci
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          pushFilter: '(-source|-single-chunk)$'
+
       - name: Evaluate the ${{ matrix.system }} output paths for all derivation attributes
         env:
           MATRIX_SYSTEM: ${{ matrix.system }}
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index e7535378b734..b6c4fabafa12 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -114,6 +114,7 @@ jobs:
       # compare
       statuses: write
     secrets:
+      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
       OWNER_APP_PRIVATE_KEY: ${{ secrets.OWNER_APP_PRIVATE_KEY }}
     with:
       mergedSha: ${{ needs.prepare.outputs.mergedSha }}
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index ae829ed0ff2b..265f0fba8927 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -43,6 +43,8 @@ jobs:
       issues: write
       pull-requests: write
       statuses: write
+    secrets:
+      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
     with:
       mergedSha: ${{ github.sha }}
       systems: ${{ needs.prepare.outputs.systems }}