Integrating FlakeHub with GitHub Enterprise Server (GHES)

FlakeHub fully supports self-hosted GitHub Enterprise Server (GHES). To use GHES with FlakeHub, you need to gather some information and share it with Determinate Systems support at support@determinate.systems:

Your FlakeHub organization name
The GitHub Enterprise Server URL (like https://github.example.com)
The organization ID from the database for each GHES-hosted organization

The easiest way to get this GitHub Enterprise Server information is to run the GitHub Actions workflow below in each organization, which prints out the JSON Web Token (JWT) issuer and the repository owner ID.

The workflow below assumes that curl, jq, base64, and awk are installed.

.github/workflows/display-flakehub-info.yaml


on:
  push:
  workflow_dispatch:
 
jobs:
  flakehub-info:
    runs-on: "self-hosted"
    permissions:
      id-token: "write"
    steps:
      - run: |
          curl -fsSL "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=give-me-a-token" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" | \
            jq -r .value | awk -F. '{print $2}' | base64 -d 2>/dev/null | jq -r '.iss, .repository_owner_id'

Note for integrating with FlakeHub

Additional configuration is required when using some of our actions in GHES-hosted organizations that have an organization name different from your FlakeHub organization name.

If you’re using DeterminateSystems/flakehub-cache-action:

.github/workflows/nix.yaml


- uses: DeterminateSystems/flakehub-cache-action@v3
  with:
    flakehub-flake-name: YourFlakeHubOrganizationName/my-project-name

If you’re using DeterminateSystems/flakehub-push:

.github/workflows/nix.yaml


- uses: DeterminateSystems/flakehub-push@v3
  with:
    name: YourFlakeHubOrganizationName/my-project-name