diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9542bde..24b9507 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,7 @@ include: - component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/nix-gitlab-ci@$CI_COMMIT_SHA -variables: - NIX_CI_VERSION: $CI_COMMIT_SHORT_SHA + inputs: + version: $CI_COMMIT_SHORT_SHA stages: - build-images - build diff --git a/templates/nix-gitlab-ci.yml b/templates/nix-gitlab-ci.yml index 51b9670..6ac8a82 100644 --- a/templates/nix-gitlab-ci.yml +++ b/templates/nix-gitlab-ci.yml @@ -10,84 +10,82 @@ spec: type: array description: | Files to use as the cache key for the generated pipeline yaml. - If you use "ci.nix" to define CI, add that here for example + If you use "ci.nix" to define CI, add that here for example. + Note that max 2 items are allowed in cache:key:files, so use something like + ["flake.*", "ci.nix"] f. ex. to match flake.lock, flake.nix and ci.nix. default: ["flake.nix", "flake.lock"] + version: + type: string + description: | + Which version of the Nix CI image to use. Using a tag/version is recommended. --- stages: - build - trigger variables: - # which version of the image should be used - _NIX_CI_VERSION: ${NIX_CI_VERSION} - _NIX_CI_IMAGE: registry.gitlab.com/technofab/nix-gitlab-ci/nix-ci:${_NIX_CI_VERSION} - # force build the pipeline yaml - _NIX_CI_FORCE_BUILD: ${NIX_CI_FORCE_BUILD} - # disable caching on the child pipeline jobs - _NIX_CI_DISABLE_CACHE: ${NIX_CI_DISABLE_CACHE} - # type of cache strategy to use (none, runner, attic, cachix) - _NIX_CI_CACHE_STRATEGY: $[[ inputs.cache_strategy ]] - # for multiple pipelines - _NIX_CI_PIPELINE_NAME: ${CI_PIPELINE_SOURCE} - # set NIX_CI_DEFAULT_SOURCES to something like "/^web/" or "/^web|push/", - # then this will default to the "default" pipeline for these sources. - # By default we map everything to "default" (man that's quite a bunch of defaults) - _NIX_CI_DEFAULT_SOURCES: "/.*/" -.env_overrides: &env_overrides - rules: - - if: $NIX_CI_IMAGE != null - variables: - _NIX_CI_IMAGE: $NIX_CI_IMAGE - - if: $NIX_CI_CACHE_STRATEGY != null - variables: - _NIX_CI_CACHE_STRATEGY: $NIX_CI_CACHE_STRATEGY - - if: $NIX_CI_DEFAULT_SOURCES != null - variables: - _NIX_CI_DEFAULT_SOURCES: $NIX_CI_DEFAULT_SOURCES - - if: '$CI_PIPELINE_SOURCE =~ $_NIX_CI_DEFAULT_SOURCES' - variables: - _NIX_CI_PIPELINE_NAME: default - - if: $NIX_CI_PIPELINE_NAME != null - variables: - _NIX_CI_PIPELINE_NAME: $NIX_CI_PIPELINE_NAME - - when: on_success + # These can be overriden, see https://docs.gitlab.com/ci/variables/#cicd-variable-precedence + # which image should be used by default. + NIX_CI_IMAGE: registry.gitlab.com/technofab/nix-gitlab-ci/nix-ci:$[[ inputs.version ]] + # default cache stategy + NIX_CI_CACHE_STRATEGY: $[[ inputs.cache_strategy ]] nix-ci:build: - <<: *env_overrides stage: build - image: $_NIX_CI_IMAGE + image: $NIX_CI_IMAGE cache: - key: files: $[[ inputs.cache_files ]] - prefix: $_NIX_CI_PIPELINE_NAME paths: - - generated-gitlab-ci.yml + - .nix-ci-pipelines/ - key: nix paths: - .nix-cache/ before_script: - # generated-gitlab-ci.yml exists in the cache - - '[ -f "generated-gitlab-ci.yml" ] && export CACHED=true && echo "A cached pipeline file exists (skip cache with NIX_CI_FORCE_BUILD)" || true' - # allow the user to manually skip the cache (when the key files are not correctly configured etc.) - - '[ -n "$_NIX_CI_FORCE_BUILD" ] && unset CACHED && echo "Caching skipped for this job (through NIX_CI_FORCE_BUILD)" || true' - # only setup when we need to generate the pipeline yaml - - 'if [ -z "$CACHED" ]; then source setup_nix_ci; fi' + - | + # if no explicit pipeline is requested + if [[ -z "${NIX_CI_PIPELINE_NAME:-}" ]]; then + # if regex matches, use pipeline "default", otherwise $CI_PIPELINE_SOURCE + [[ "${CI_PIPELINE_SOURCE}" =~ ${NIX_CI_DEFAULT_SOURCES:-.*} ]] \ + && NIX_CI_PIPELINE_NAME="default" \ + || NIX_CI_PIPELINE_NAME="$CI_PIPELINE_SOURCE"; + fi + echo "NIX_CI_GENERATED_PIPELINE_NAME=$NIX_CI_PIPELINE_NAME" >> trigger.env + + mkdir -p .nix-ci-pipelines/ + # generated-gitlab-ci.yml exists in the cache + [[ -f ".nix-ci-pipelines/${NIX_CI_PIPELINE_NAME}.yml" ]] && export CACHED=true && echo "A cached pipeline file exists (skip cache with NIX_CI_FORCE_BUILD)" || true + # allow the user to manually skip the cache (when the key files are not correctly configured etc.) + [[ -n "$NIX_CI_FORCE_BUILD" ]] && unset CACHED && echo "Caching skipped for this job (through NIX_CI_FORCE_BUILD)" || true + + # only setup when we need to generate the pipeline yaml + if [[ -z "$CACHED" ]]; then + source setup_nix_ci; + fi script: - # build the generated-gitlab-ci.yml if it does not exist in the cache - - 'if [ -z "$CACHED" ]; then nix build .#gitlab-ci:pipeline:${_NIX_CI_PIPELINE_NAME} && install result generated-gitlab-ci.yml; fi' + # build the pipeline if it does not exist in the cache + - > + if [[ -z "$CACHED" ]]; then + nix build .#gitlab-ci:pipeline:${NIX_CI_PIPELINE_NAME} && install result .nix-ci-pipelines/${NIX_CI_PIPELINE_NAME}.yml; + fi after_script: # save to binary cache or Gitlab CI cache only if we actually built something # check if /tmp/nix-store-before exists as $CACHED never exists here and the file only exists if "setup_nix_ci" is called - - 'if [ -f "/tmp/nix-store-before" ]; then finalize_nix_ci; fi' + - | + if [[ -f "/tmp/nix-store-before" ]]; then + finalize_nix_ci; + fi artifacts: paths: - - generated-gitlab-ci.yml + - .nix-ci-pipelines/ + reports: + dotenv: trigger.env + nix-ci:trigger: - <<: *env_overrides stage: trigger needs: - nix-ci:build trigger: include: - - artifact: generated-gitlab-ci.yml + - artifact: .nix-ci-pipelines/${NIX_CI_GENERATED_PIPELINE_NAME}.yml job: nix-ci:build strategy: depend forward: