refactor(template): get rid of rules and work around limitations in a new way

.gitlab-ci.yml

@@ -1,7 +1,7 @@
 include:
   - component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/nix-gitlab-ci@$CI_COMMIT_SHA
-variables:
+    inputs:
-  NIX_CI_VERSION: $CI_COMMIT_SHORT_SHA
+      version: $CI_COMMIT_SHORT_SHA
 stages:
   - build-images
   - build

templates/nix-gitlab-ci.yml

@@ -10,84 +10,82 @@ spec:
       type: array
       description: |
         Files to use as the cache key for the generated pipeline yaml.
-        If you use "ci.nix" to define CI, add that here for example
+        If you use "ci.nix" to define CI, add that here for example.
+        Note that max 2 items are allowed in cache:key:files, so use something like
+        ["flake.*", "ci.nix"] f. ex. to match flake.lock, flake.nix and ci.nix.
       default: ["flake.nix", "flake.lock"]
+    version:
+      type: string
+      description: |
+        Which version of the Nix CI image to use. Using a tag/version is recommended.
 ---
 stages:
   - build
   - trigger
 variables:
-  # which version of the image should be used
+  # These can be overriden, see https://docs.gitlab.com/ci/variables/#cicd-variable-precedence
-  _NIX_CI_VERSION: ${NIX_CI_VERSION}
+  # which image should be used by default.
-  _NIX_CI_IMAGE: registry.gitlab.com/technofab/nix-gitlab-ci/nix-ci:${_NIX_CI_VERSION}
+  NIX_CI_IMAGE: registry.gitlab.com/technofab/nix-gitlab-ci/nix-ci:$[[ inputs.version ]]
-  # force build the pipeline yaml
+  # default cache stategy
-  _NIX_CI_FORCE_BUILD: ${NIX_CI_FORCE_BUILD}
+  NIX_CI_CACHE_STRATEGY: $[[ inputs.cache_strategy ]]
-  # disable caching on the child pipeline jobs
-  _NIX_CI_DISABLE_CACHE: ${NIX_CI_DISABLE_CACHE}
-  # type of cache strategy to use (none, runner, attic, cachix)
-  _NIX_CI_CACHE_STRATEGY: $[[ inputs.cache_strategy ]]
-  # for multiple pipelines
-  _NIX_CI_PIPELINE_NAME: ${CI_PIPELINE_SOURCE}
-  # set NIX_CI_DEFAULT_SOURCES to something like "/^web/" or "/^web|push/",
-  # then this will default to the "default" pipeline for these sources.
-  # By default we map everything to "default" (man that's quite a bunch of defaults)
-  _NIX_CI_DEFAULT_SOURCES: "/.*/"
-.env_overrides: &env_overrides
-  rules:
-    - if: $NIX_CI_IMAGE != null
-      variables:
-        _NIX_CI_IMAGE: $NIX_CI_IMAGE
-    - if: $NIX_CI_CACHE_STRATEGY != null
-      variables:
-        _NIX_CI_CACHE_STRATEGY: $NIX_CI_CACHE_STRATEGY
-    - if: $NIX_CI_DEFAULT_SOURCES != null
-      variables:
-        _NIX_CI_DEFAULT_SOURCES: $NIX_CI_DEFAULT_SOURCES
-    - if: '$CI_PIPELINE_SOURCE =~ $_NIX_CI_DEFAULT_SOURCES'
-      variables:
-        _NIX_CI_PIPELINE_NAME: default
-    - if: $NIX_CI_PIPELINE_NAME != null
-      variables:
-        _NIX_CI_PIPELINE_NAME: $NIX_CI_PIPELINE_NAME
-    - when: on_success
 nix-ci:build:
-  <<: *env_overrides
   stage: build
-  image: $_NIX_CI_IMAGE
+  image: $NIX_CI_IMAGE
   cache:
     - key:
         files: $[[ inputs.cache_files ]]
-        prefix: $_NIX_CI_PIPELINE_NAME
       paths:
-        - generated-gitlab-ci.yml
+        - .nix-ci-pipelines/
     - key: nix
       paths:
         - .nix-cache/
   before_script:
-    # generated-gitlab-ci.yml exists in the cache
+    - |
-    - '[ -f "generated-gitlab-ci.yml" ] && export CACHED=true && echo "A cached pipeline file exists (skip cache with NIX_CI_FORCE_BUILD)" || true'
+        # if no explicit pipeline is requested
-    # allow the user to manually skip the cache (when the key files are not correctly configured etc.)
+        if [[ -z "${NIX_CI_PIPELINE_NAME:-}" ]]; then
-    - '[ -n "$_NIX_CI_FORCE_BUILD" ] && unset CACHED && echo "Caching skipped for this job (through NIX_CI_FORCE_BUILD)" || true'
+          # if regex matches, use pipeline "default", otherwise $CI_PIPELINE_SOURCE
-    # only setup when we need to generate the pipeline yaml
+          [[ "${CI_PIPELINE_SOURCE}" =~ ${NIX_CI_DEFAULT_SOURCES:-.*} ]] \
-    - 'if [ -z "$CACHED" ]; then source setup_nix_ci; fi'
+            && NIX_CI_PIPELINE_NAME="default" \
+            || NIX_CI_PIPELINE_NAME="$CI_PIPELINE_SOURCE";
+        fi
+        echo "NIX_CI_GENERATED_PIPELINE_NAME=$NIX_CI_PIPELINE_NAME" >> trigger.env
+
+        mkdir -p .nix-ci-pipelines/
+        # generated-gitlab-ci.yml exists in the cache
+        [[ -f ".nix-ci-pipelines/${NIX_CI_PIPELINE_NAME}.yml" ]] && export CACHED=true && echo "A cached pipeline file exists (skip cache with NIX_CI_FORCE_BUILD)" || true
+        # allow the user to manually skip the cache (when the key files are not correctly configured etc.)
+        [[ -n "$NIX_CI_FORCE_BUILD" ]] && unset CACHED && echo "Caching skipped for this job (through NIX_CI_FORCE_BUILD)" || true
+
+        # only setup when we need to generate the pipeline yaml
+        if [[ -z "$CACHED" ]]; then
+          source setup_nix_ci; 
+        fi
   script:
-    # build the generated-gitlab-ci.yml if it does not exist in the cache
+    # build the pipeline if it does not exist in the cache
-    - 'if [ -z "$CACHED" ]; then nix build .#gitlab-ci:pipeline:${_NIX_CI_PIPELINE_NAME} && install result generated-gitlab-ci.yml; fi'
+    - >
+        if [[ -z "$CACHED" ]]; then 
+          nix build .#gitlab-ci:pipeline:${NIX_CI_PIPELINE_NAME} && install result .nix-ci-pipelines/${NIX_CI_PIPELINE_NAME}.yml; 
+        fi
   after_script:
     # save to binary cache or Gitlab CI cache only if we actually built something
     #  check if /tmp/nix-store-before exists as $CACHED never exists here and the file only exists if "setup_nix_ci" is called
-    - 'if [ -f "/tmp/nix-store-before" ]; then finalize_nix_ci; fi'
+    - |
+        if [[ -f "/tmp/nix-store-before" ]]; then 
+          finalize_nix_ci; 
+        fi
   artifacts:
     paths:
-      - generated-gitlab-ci.yml
+      - .nix-ci-pipelines/
+    reports:
+      dotenv: trigger.env
+
 nix-ci:trigger:
-  <<: *env_overrides
   stage: trigger
   needs:
     - nix-ci:build
   trigger:
     include:
-      - artifact: generated-gitlab-ci.yml
+      - artifact: .nix-ci-pipelines/${NIX_CI_GENERATED_PIPELINE_NAME}.yml
         job: nix-ci:build
     strategy: depend
     forward: