Using post-build hooks to get automatic caching of untrusted builds
2019-10-25, 15:00–15:30, Open Space

This talk describes how to use post-build hooks, a recently added Nix feature, to automatically sign and upload artifacts to a binary cache, so they can be re-used for subsequent builds.

It compares that approach with existing ones, and explains why using post-build hooks are superior in terms of what's cached, and when it comes to building untrusted code, for example Pull Requests from external contributors.

Finally, it shows an example on how this can be set up in a cloud provider setting, and discusses further improvements.