From af9cabdf1af5f51c16f0f5ad0a1ebc96928bc3a3 Mon Sep 17 00:00:00 2001
From: Daylin Morgan <me@dayl.in>
Date: Wed, 12 Feb 2025 13:29:34 -0600
Subject: [PATCH] use secrets in workflow not action

---
 .github/actions/nix/action.yml | 7 -------
 .github/workflows/update.yml   | 8 ++++++++
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/actions/nix/action.yml b/.github/actions/nix/action.yml
index 8742fce..f42fb6c 100644
--- a/.github/actions/nix/action.yml
+++ b/.github/actions/nix/action.yml
@@ -27,13 +27,6 @@ runs:
         BTRFS: ${{ inputs.btrfs }}
       run: exec ${{ github.action_path }}/prepare.sh
 
-    # need ssh access for `oizys cache --service harmonica`
-    - name: Setup SSH
-      uses: MrSquaare/ssh-setup-action@v3
-      with:
-        host: nix-cache.dayl.in
-        private-key: ${{ secrets.SSH_PRIVATE_KEY }}
-
     - name: Install Lix
       uses: daylinmorgan/lix-gha-installer-action@latest
       with:
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index 97d7ed9..14efc1c 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -45,6 +45,14 @@ jobs:
         with:
           attic_token: ${{ secrets.ATTIC_TOKEN }}
 
+      # need ssh access for `oizys cache --service harmonica`
+      # TODO: use this in actions/nix?
+      - name: Setup SSH
+        uses: MrSquaare/ssh-setup-action@v3
+        with:
+          host: nix-cache.dayl.in
+          private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
       - run: git checkout -B flake-lock
 
       - name: Update nix flake