go-copilot-proxy/flake.nix

{
  outputs = {
    flake-parts,
    systems,
    ...
  } @ inputs:
    flake-parts.lib.mkFlake {inherit inputs;} {
      imports = [
        inputs.devenv.flakeModule
        inputs.treefmt-nix.flakeModule
        inputs.nix-gitlab-ci.flakeModule
      ];
      systems = import systems;
      flake = {};
      perSystem = {
        pkgs,
        config,
        ...
      }: {
        treefmt = {
          projectRootFile = "flake.nix";
          programs = {
            alejandra.enable = true;
            mdformat.enable = true;
            gofmt.enable = true;
          };
        };
        devenv.shells.default = {
          containers = pkgs.lib.mkForce {};
          packages = [];

          languages.go = {
            enable = true;
            enableHardeningWorkaround = true;
          };

          git-hooks.hooks = {
            treefmt = {
              enable = true;
              packageOverrides.treefmt = config.treefmt.build.wrapper;
            };
            convco.enable = true;
          };
        };

        ci = let
          SYSTEMS = ["x86_64-linux"];
        in {
          stages = ["build" "upload"];
          jobs = {
            "build" = {
              stage = "build";
              script = [
                # sh
                ''
                  nix build .#default
                ''
              ];
            };
            "build:image" = {
              stage = "build";
              parallel.matrix = [
                {SYSTEM = SYSTEMS;}
              ];
              script = [
                "nix build .#oci-image --system $SYSTEM"
              ];
              after_script = [
                "install -D result dist/image_\${SYSTEM}.tar.gz"
              ];
              artifacts.paths = ["dist/"];
            };
            "upload" = {
              stage = "upload";
              nix.deps = [pkgs.buildah];
              needs = ["build:image"];
              before_script = [
                # sh
                ''
                  export REGISTRY_AUTH_FILE=''${HOME}/auth.json
                  echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
                  mkdir -p /etc/containers &&
                  echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
                  mkdir -p /var/tmp
                ''
              ];
              script =
                [
                  # sh
                  ''buildah manifest create localhost/go-copilot-proxy''
                ]
                ++ (
                  builtins.map (sys:
                    # sh
                    ''
                      buildah manifest add localhost/go-copilot-proxy docker-archive:dist/image_${sys}.tar.gz
                    '')
                  SYSTEMS
                )
                ++ [
                  # sh
                  ''
                    buildah manifest push --all localhost/go-copilot-proxy \
                      docker://''${CI_REGISTRY_IMAGE}/go-copilot-proxy:$CI_COMMIT_SHORT_SHA
                  ''
                ];
            };
          };
        };

        packages = rec {
          default = pkgs.callPackage ./package.nix {};
          oci-image = pkgs.dockerTools.buildImage {
            name = "go-copilot-proxy";
            tag = "latest";
            copyToRoot = [default pkgs.cacert.out];
            config = {
              Cmd = ["/bin/go-copilot-proxy"];
              Env = ["XDG_STATE_HOME=/tmp"];
            };
          };
        };
      };
    };

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";

    # flake & devenv related
    flake-parts.url = "github:hercules-ci/flake-parts";
    systems.url = "github:nix-systems/default-linux";
    devenv.url = "github:cachix/devenv";
    treefmt-nix.url = "github:numtide/treefmt-nix";
    nix-gitlab-ci.url = "gitlab:technofab/nix-gitlab-ci/2.1.0?dir=lib";
  };

  nixConfig = {
    extra-substituters = [
      "https://cache.nixos.org/"
      "https://nix-community.cachix.org"
      "https://devenv.cachix.org"
    ];

    extra-trusted-public-keys = [
      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
    ];
  };
}