{ outputs = { flake-parts, systems, ... } @ inputs: flake-parts.lib.mkFlake {inherit inputs;} { imports = [ inputs.devenv.flakeModule inputs.treefmt-nix.flakeModule inputs.nix-gitlab-ci.flakeModule ]; systems = import systems; flake = {}; perSystem = { pkgs, config, ... }: { treefmt = { projectRootFile = "flake.nix"; programs = { alejandra.enable = true; mdformat.enable = true; gofmt.enable = true; }; }; devenv.shells.default = { containers = pkgs.lib.mkForce {}; packages = []; languages.go = { enable = true; enableHardeningWorkaround = true; }; git-hooks.hooks = { treefmt = { enable = true; packageOverrides.treefmt = config.treefmt.build.wrapper; }; convco.enable = true; }; }; ci = let SYSTEMS = ["x86_64-linux"]; in { stages = ["build" "upload"]; jobs = { "build" = { stage = "build"; script = [ # sh '' nix build .#default '' ]; }; "build:image" = { stage = "build"; parallel.matrix = [ {SYSTEM = SYSTEMS;} ]; script = [ "nix build .#oci-image --system $SYSTEM" ]; after_script = [ "install -D result dist/image_\${SYSTEM}.tar.gz" ]; artifacts.paths = ["dist/"]; }; "upload" = { stage = "upload"; nix.deps = [pkgs.buildah]; needs = ["build:image"]; before_script = [ # sh '' export REGISTRY_AUTH_FILE=''${HOME}/auth.json echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY mkdir -p /etc/containers && echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json mkdir -p /var/tmp '' ]; script = [ # sh ''buildah manifest create localhost/go-copilot-proxy'' ] ++ ( builtins.map (sys: # sh '' buildah manifest add localhost/go-copilot-proxy docker-archive:dist/image_${sys}.tar.gz '') SYSTEMS ) ++ [ # sh '' buildah manifest push --all localhost/go-copilot-proxy \ docker://''${CI_REGISTRY_IMAGE}/go-copilot-proxy:$CI_COMMIT_SHORT_SHA '' ]; }; }; }; packages = rec { default = pkgs.callPackage ./package.nix {}; oci-image = pkgs.dockerTools.buildImage { name = "go-copilot-proxy"; tag = "latest"; copyToRoot = [default pkgs.cacert.out]; config = { Cmd = ["/bin/go-copilot-proxy"]; Env = ["XDG_STATE_HOME=/tmp"]; }; }; }; }; }; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; # flake & devenv related flake-parts.url = "github:hercules-ci/flake-parts"; systems.url = "github:nix-systems/default-linux"; devenv.url = "github:cachix/devenv"; treefmt-nix.url = "github:numtide/treefmt-nix"; nix-gitlab-ci.url = "gitlab:technofab/nix-gitlab-ci/2.1.0?dir=lib"; }; nixConfig = { extra-substituters = [ "https://cache.nixos.org/" "https://nix-community.cachix.org" "https://devenv.cachix.org" ]; extra-trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" ]; }; }