diff --git a/.circleci/config.yml b/.circleci/config.yml index dfd4045f54de5fe744f9fef8621d9b092ed87b85..4cb017e96e66ed558b786ab5375e725c3bbe3f4e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -180,20 +180,24 @@ jobs: --arg collectCoverage true \ --attr doc - - run: - name: Early return if this build is from a forked PR - command: | - if [ -n "$CIRCLE_PR_NUMBER" ]; then - echo "Nothing to do for forked PRs, so marking this step successful" - circleci step halt - fi - - run: name: "Push to Cachix" when: "always" command: | - # https://docs.cachix.org/continuous-integration-setup/circleci.html - bash -c "comm -13 <(sort /tmp/store-path-pre-build | grep -v '\.drv$') <(nix path-info --all | grep -v '\.drv$' | sort) | cachix push $CACHIX_NAME" + # Cribbed from + # https://circleci.com/blog/managing-secrets-when-you-have-pull-requests-from-outside-contributors/ + if [ -n "$CIRCLE_PR_NUMBER" ]; then + # I'm sure you're thinking "CIRCLE_PR_NUMBER must just be the + # number of the PR being built". Sorry, dear reader, you have + # guessed poorly. It is also conditionally set based on whether + # this is a PR from a fork or not. + # + # https://circleci.com/docs/2.0/env-vars/#built-in-environment-variables + echo "Skipping Cachix push for forked PR." + else + # https://docs.cachix.org/continuous-integration-setup/circleci.html + bash -c "comm -13 <(sort /tmp/store-path-pre-build | grep -v '\.drv$') <(nix path-info --all | grep -v '\.drv$' | sort) | cachix push $CACHIX_NAME" + fi - run: name: "Report Coverage"