2025-12-11 17:50:08 +01:00 · 2025-12-02 15:12:28 +01:00 · 2025-12-02 15:10:35 +01:00 · 2025-12-02 15:09:27 +01:00 · 2025-12-02 14:31:27 +01:00 · 2025-12-02 14:30:54 +01:00
7 changed files with 66 additions and 12 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -55,3 +55,5 @@ stages:
 - build-images
 - build
 - trigger
+variables:
+  NIX_CI_IMAGE: $CI_REGISTRY_IMAGE/nix-ci:$CI_COMMIT_SHORT_SHA
--- a/docs/index.md
+++ b/docs/index.md
@ -9,3 +9,14 @@ This project provides a Nix flake module that allows you to generate your `.gitl
 - **Modularity:** Define and manage your CI configurations in a structured and modular way using Nix modules, making it easier to share and reuse CI logic across multiple projects.

 This documentation will guide you through setting up and using Nix GitLab CI for your projects.
+
+## Warnings
+
+To save you from frantically searching these docs if something doesn't work as expected, here are the most important warnings ;)
+
+!!! warning
+
+    Do not put Nix store paths into global/pipeline variables. They will simply be passed through,
+    resulting in bad portability (if two runners have different archs for example, one cannot find the path).
+    If you need any Nix store path in env variables, always do it on the job level, there
+    it will automatically be computed at runtime, thus will always work no matter which runner it runs on.
--- a/lib/VERSION
+++ b/lib/VERSION
@ -1 +1 @@
-3.0.1
+3.1.0
--- a/lib/impl/helpers.nix
+++ b/lib/impl/helpers.nix
@ -50,7 +50,7 @@ in rec {
  filterJobVariables = shouldContain: job:
    concatMapAttrs (
      name: value:
-        optionalAttrs ((hasInfix "/nix/store/" value) == shouldContain) {
+        optionalAttrs ((hasInfix builtins.storeDir value) == shouldContain) {
          ${name} = value;
        }
    )
--- a/lib/impl/jobPatched.nix
+++ b/lib/impl/jobPatched.nix
@ -11,13 +11,13 @@ in
    pipelineName,
    nixConfig,
  }:
-    (builtins.removeAttrs job ["variables" "cache"])
-    // (optionalAttrs nixConfig.enable (
-      (prependToBeforeScript ["source setup_nix_ci \"gitlab-ci:pipeline:${pipelineName}:job-deps:${key}\""] job)
+    if ! nixConfig.enable
+    then job
+    else
+      (builtins.removeAttrs job ["variables" "cache"])
+      // (prependToBeforeScript ["source setup_nix_ci \"gitlab-ci:pipeline:${pipelineName}:job-deps:${key}\""] job)
      // (appendToAfterScript ["finalize_nix_ci"] job)
-    ))
-    // optionalAttrs nixConfig.enable (
-      (let
+      // (let
        variables =
          (filterJobVariables false job)
          // optionalAttrs nixConfig.enableRunnerCache {
@ -40,4 +40,3 @@ in
        optionalAttrs (cache != []) {
          inherit cache;
        })
-    )
--- a/nix/repo/ci.nix
+++ b/nix/repo/ci.nix
@ -10,6 +10,7 @@ in
      # the child pipeline can then use the built images to test them
      extraData = {
        stages = ["build-images" "build" "trigger"];
+        variables.NIX_CI_IMAGE = "$CI_REGISTRY_IMAGE/nix-ci:$CI_COMMIT_SHORT_SHA";
        "build:image" = {
          stage = "build-images";
          parallel.matrix = [
--- a/tests/cilib_test.nix
+++ b/tests/cilib_test.nix
@ -64,6 +64,22 @@
          nixConfig.enable = false;
        };
      }
+      {
+        name = "jobPatched nix disabled with variables and cache";
+        expected = {
+          variables."HELLO" = "world";
+          cache = [{key = "example";}];
+        };
+        actual = mkJobPatched {
+          key = "test";
+          pipelineName = "test";
+          job = {
+            variables."HELLO" = "world";
+            cache = [{key = "example";}];
+          };
+          nixConfig.enable = false;
+        };
+      }
      {
        name = "jobPatched without runner cache";
        expected = {
@ -129,7 +145,7 @@
          # sh
          ''
            set -euo pipefail
-            ${ntlib.helpers.path [pkgs.jq pkgs.gnugrep pkgs.coreutils]}
+            ${ntlib.helpers.path (with pkgs; [jq gnugrep coreutils])}
            echo "two keys, one json one pretty"
            jq 'keys | length == 2' "${pipeline}" | grep -q true
            echo "key[0] is exactly 'gitlab-ci:pipeline:test'"
@ -145,10 +161,13 @@
          '';
      }
      {
-        name = "handle store paths in variables";
+        name = "ignore store paths in variables with nix disabled";
        expected = {
          stages = ["test"];
-          test.stage = "test";
+          test = {
+            stage = "test";
+            variables."TEST" = "${pkgs.hello}";
+          };
        };
        actual =
          (mkPipeline {
@ -163,6 +182,28 @@
            };
          }).finalConfig;
      }
+      {
+        # it doesn't make much sense to have any nix store path in variables, but we ignore it for global variables
+        name = "ignore store paths in global variables";
+        expected = {
+          variables = {
+            HELLO = "world";
+            CURL = toString pkgs.curl;
+          };
+        };
+        actual =
+          (mkPipeline {
+            name = "test";
+            nixConfig.enable = true;
+            pipeline = {
+              variables = {
+                HELLO = "world";
+                CURL = toString pkgs.curl;
+              };
+              jobs = {};
+            };
+          }).finalConfig;
+      }
    ];
  };
 }
Author	SHA1	Message	Date
technofab	59f8bd169a	chore: bump version	2025-12-02 15:12:28 +01:00
technofab	97fb4fafc3	fix(jobPatched): handle non-nix jobs correctly fix mkJobPatched removing `cache` and `variables` from non-nix jobs See !15 for more	2025-12-02 15:10:35 +01:00
technofab	1c9e7c77c5	chore: add test and docs for handling nix store paths in global variables	2025-12-02 15:09:27 +01:00
Skryta Istota	96e6fe59bf	ci: fix oci image used for dog fooding & forks	2025-12-02 14:31:27 +01:00
Skryta Istota	d0662e3185	fix(helpers): use builtin nix store location indicator	2025-12-02 14:30:54 +01:00
 @ -1 +1 @@
 .0.1
 .1.0