About one year ago, we introduced an HTTP API for nixbuild.net. This API can be used to retrieve information about the builds you’ve run on the service. One place where the API is used is in the GitHub Action nixbuild-action to create detailed build summaries at the end of workflow runs.
When the API was launched, it was using Biscuit auth tokens to handle authentication and authorization. In the initial implementation, we didn’t really take much advantage of Biscuit, and basically used them as plain API keys. This week, however, we’ve finally expanded our Biscuit usage to properly take advantage of the flexibility offered.
Read on to find out how this allows us to now support advanced access policies, token-based SSH auth and signed web links that gives easy access to build logs and fancy build reports.Read article →