2026-05-04 18:29:30 +02:00
13 changed files with 37 additions and 112 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -55,5 +55,3 @@ stages:
 - build-images
 - build
 - trigger
 variables:
  NIX_CI_IMAGE: $CI_REGISTRY_IMAGE/nix-ci:$CI_COMMIT_SHORT_SHA
--- a/README.md
+++ b/README.md
@ -108,4 +108,4 @@ There is also `.#gitlab-ci:pipeline:<pipeline name>:job-deps:<name>` which gener
 Some parts of this implementation are adapted/inspired from https://gitlab.com/Cynerd/gitlab-ci-nix
-[docs-soonix]: https://nix-gitlab-ci.projects.tf/soonix "Soonix Integration"
+[docs-soonix]: https://nix-gitlab-ci.projects,tf/soonix "Soonix Integration"
--- a/docs/index.md
+++ b/docs/index.md
@ -9,14 +9,3 @@ This project provides a Nix flake module that allows you to generate your `.gitl
 - **Modularity:** Define and manage your CI configurations in a structured and modular way using Nix modules, making it easier to share and reuse CI logic across multiple projects.
 This documentation will guide you through setting up and using Nix GitLab CI for your projects.
 ## Warnings
 To save you from frantically searching these docs if something doesn't work as expected, here are the most important warnings ;)
 !!! warning
    Do not put Nix store paths into global/pipeline variables. They will simply be passed through,
    resulting in bad portability (if two runners have different archs for example, one cannot find the path).
    If you need any Nix store path in env variables, always do it on the job level, there
    it will automatically be computed at runtime, thus will always work no matter which runner it runs on.
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1764667669,
+        "lastModified": 1756542300,
-        "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
+        "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "418468ac9527e799809c900eda37cbff999199b6",
+        "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
        "type": "github"
      },
      "original": {
@ -37,11 +37,11 @@
      },
      "locked": {
        "dir": "lib",
-        "lastModified": 1758738378,
+        "lastModified": 1756370106,
-        "narHash": "sha256-NjzqdvQCDDdObEBH8x/vdhbdhrIB+N9E570uCdksGHY=",
+        "narHash": "sha256-l84ojcHuQWBwn4BRxQsMMfQpcq/Az/sHh/hSqFgVtyg=",
        "owner": "rensa-nix",
        "repo": "core",
-        "rev": "abe19f9f13aff41de2b63304545c87d193d19ef4",
+        "rev": "9c1a29fa9ba7cbbb78b9e47eb8afbcd29303a3b4",
        "type": "gitlab"
      },
      "original": {
--- a/lib/VERSION
+++ b/lib/VERSION
@ -1 +1 @@
-3.1.2
+3.0.1
--- a/lib/impl/helpers.nix
+++ b/lib/impl/helpers.nix
@ -50,7 +50,7 @@ in rec {
  filterJobVariables = shouldContain: job:
    concatMapAttrs (
      name: value:
-        optionalAttrs ((hasInfix builtins.storeDir value) == shouldContain) {
+        optionalAttrs ((hasInfix "/nix/store/" value) == shouldContain) {
          ${name} = value;
        }
    )
--- a/lib/impl/jobPatched.nix
+++ b/lib/impl/jobPatched.nix
@ -11,13 +11,13 @@ in
    pipelineName,
    nixConfig,
  }:
-    if ! nixConfig.enable
+    (builtins.removeAttrs job ["variables" "cache"])
-    then job
+    // (optionalAttrs nixConfig.enable (
-    else
+      (prependToBeforeScript ["source setup_nix_ci \"gitlab-ci:pipeline:${pipelineName}:job-deps:${key}\""] job)
      (builtins.removeAttrs job ["variables" "cache"])
      // (prependToBeforeScript ["source setup_nix_ci \"gitlab-ci:pipeline:${pipelineName}:job-deps:${key}\""] job)
      // (appendToAfterScript ["finalize_nix_ci"] job)
-      // (let
+    ))
    // optionalAttrs nixConfig.enable (
      (let
        variables =
          (filterJobVariables false job)
          // optionalAttrs nixConfig.enableRunnerCache {
@ -40,3 +40,4 @@ in
        optionalAttrs (cache != []) {
          inherit cache;
        })
    )
--- a/lib/impl/modules/job.nix
+++ b/lib/impl/modules/job.nix
@ -646,8 +646,8 @@ in rec {
      };
      depsDrv = cilib.mkJobDeps {
        key = name;
        job = config.finalConfig;
        nixConfig = config.nix;
        inherit job;
      };
      runnerDrv = cilib.mkJobRun {
        key = name;
--- a/lib/impl/modules/root.nix
+++ b/lib/impl/modules/root.nix
@ -4,7 +4,7 @@
  pipelineSubmodule,
  ...
 }: let
-  inherit (lib) mkOption types foldr;
+  inherit (lib) mkOption types;
 in rec {
  configSubmodule = {
    options = {
@ -65,7 +65,7 @@ in rec {
      };
    };
    config = {
-      packages = foldr (pipeline: acc: acc // pipeline) {} (
+      packages = lib.fold (pipeline: acc: acc // pipeline) {} (
        map (pipeline: pipeline.packages) (builtins.attrValues config.pipelines)
      );
      soonix = config.config.soonix.finalConfig;
--- a/nix/repo/ci.nix
+++ b/nix/repo/ci.nix
@ -10,7 +10,6 @@ in
      # the child pipeline can then use the built images to test them
      extraData = {
        stages = ["build-images" "build" "trigger"];
        variables.NIX_CI_IMAGE = "$CI_REGISTRY_IMAGE/nix-ci:$CI_COMMIT_SHORT_SHA";
        "build:image" = {
          stage = "build-images";
          parallel.matrix = [
--- a/nix/repo/flake.lock
+++ b/nix/repo/flake.lock
@ -3,11 +3,11 @@
    "devshell-lib": {
      "locked": {
        "dir": "lib",
-        "lastModified": 1758204313,
+        "lastModified": 1755673398,
-        "narHash": "sha256-ainbY0Oajb1HMdvy+A8QxF/P5qwcbEzJGEY5pzKdDdc=",
+        "narHash": "sha256-51MmR+Eo1+bKDd/Ss77wwTqi4yAR2xgmyCSEbKWSpj0=",
        "owner": "rensa-nix",
        "repo": "devshell",
-        "rev": "7d0c4bc78d9f017a739b0c7eb2f4e563118353e6",
+        "rev": "e76bef387e8a4574f9b6d37b1a424e706491af08",
        "type": "gitlab"
      },
      "original": {
@ -20,11 +20,11 @@
    "nixmkdocs-lib": {
      "locked": {
        "dir": "lib",
-        "lastModified": 1763481845,
+        "lastModified": 1757055638,
-        "narHash": "sha256-Bp0+9rDmlPWMcnKqGx+BG4+o5KO8FuDAOvXRnXrm3Fo=",
+        "narHash": "sha256-KHYSkEreFe4meXzSdEbknC/HwaQSNClQkc8vzHlAsMM=",
        "owner": "TECHNOFAB",
        "repo": "nixmkdocs",
-        "rev": "73d59093df94a894d25bc4bf71880b6f00faa62f",
+        "rev": "7840a5febdbeaf2da90babf6c94b3d0929d2bf74",
        "type": "gitlab"
      },
      "original": {
@ -37,11 +37,11 @@
    "nixtest-lib": {
      "locked": {
        "dir": "lib",
-        "lastModified": 1759340550,
+        "lastModified": 1756812148,
-        "narHash": "sha256-EH9heYb/nHHzCpUGQGqVQnuyVGQ7D6MVMgJmzNvvmJ8=",
+        "narHash": "sha256-0g8KNk4zoLApA51PBHOWqPLRYpprjrQuSzNCjfBQgu8=",
        "owner": "TECHNOFAB",
        "repo": "nixtest",
-        "rev": "5a7053afcbb211b9cf8fe87f7892bb9f6b76b678",
+        "rev": "5741109cc9ec2b6d41b56abd3f5bc51ed7a9a228",
        "type": "gitlab"
      },
      "original": {
@ -63,11 +63,11 @@
    "soonix-lib": {
      "locked": {
        "dir": "lib",
-        "lastModified": 1763323017,
+        "lastModified": 1756797658,
-        "narHash": "sha256-MJyg37d+VMfRoFiVUj16FW+zkEwQXbgK9LoFF/SHoxA=",
+        "narHash": "sha256-4rkyP4oaoqG/FFVL7W8U+8hGer4tOBPff/2SeN5tJYQ=",
        "owner": "TECHNOFAB",
        "repo": "soonix",
-        "rev": "078034b01e4eaf1f9436d46721f7cbe0d96eb8b4",
+        "rev": "3baef660cf8b87391d475a0455dd66fae0e60008",
        "type": "gitlab"
      },
      "original": {
@ -80,11 +80,11 @@
    "treefmt-nix": {
      "flake": false,
      "locked": {
-        "lastModified": 1762938485,
+        "lastModified": 1756662192,
-        "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=",
+        "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4",
+        "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4",
        "type": "github"
      },
      "original": {
--- a/tests/cilib_test.nix
+++ b/tests/cilib_test.nix
@ -64,22 +64,6 @@
          nixConfig.enable = false;
        };
      }
      {
        name = "jobPatched nix disabled with variables and cache";
        expected = {
          variables."HELLO" = "world";
          cache = [{key = "example";}];
        };
        actual = mkJobPatched {
          key = "test";
          pipelineName = "test";
          job = {
            variables."HELLO" = "world";
            cache = [{key = "example";}];
          };
          nixConfig.enable = false;
        };
      }
      {
        name = "jobPatched without runner cache";
        expected = {
@ -145,7 +129,7 @@
          # sh
          ''
            set -euo pipefail
-            ${ntlib.helpers.path (with pkgs; [jq gnugrep coreutils])}
+            ${ntlib.helpers.path [pkgs.jq pkgs.gnugrep pkgs.coreutils]}
            echo "two keys, one json one pretty"
            jq 'keys | length == 2' "${pipeline}" | grep -q true
            echo "key[0] is exactly 'gitlab-ci:pipeline:test'"
@ -161,13 +145,10 @@
          '';
      }
      {
-        name = "ignore store paths in variables with nix disabled";
+        name = "handle store paths in variables";
        expected = {
          stages = ["test"];
-          test = {
+          test.stage = "test";
            stage = "test";
            variables."TEST" = "${pkgs.hello}";
          };
        };
        actual =
          (mkPipeline {
@ -182,28 +163,6 @@
            };
          }).finalConfig;
      }
      {
        # it doesn't make much sense to have any nix store path in variables, but we ignore it for global variables
        name = "ignore store paths in global variables";
        expected = {
          variables = {
            HELLO = "world";
            CURL = toString pkgs.curl;
          };
        };
        actual =
          (mkPipeline {
            name = "test";
            nixConfig.enable = true;
            pipeline = {
              variables = {
                HELLO = "world";
                CURL = toString pkgs.curl;
              };
              jobs = {};
            };
          }).finalConfig;
      }
    ];
  };
 }
--- a/tests/modules_test.nix
+++ b/tests/modules_test.nix
@ -77,27 +77,6 @@
            assert_file_contains ${package} '"EXAMPLE":"/nix/store/.*-hello-.*"'
          '';
      }
      {
        name = "correctly inject variables containing nix store paths at runtime";
        type = "script";
        script = let
          package =
            (cilib.mkCI {
              pipelines."test".jobs."test" = {
                stage = ".pre";
                variables.EXAMPLE = "${pkgs.hello}";
                script = [];
              };
            }).packages."gitlab-ci:pipeline:test:job-deps:test";
        in
          # sh
          ''
            ${ntlib.helpers.path [pkgs.gnugrep]}
            ${ntlib.helpers.scriptHelpers}
            assert_file_contains ${package} 'export PATH=":$PATH";'
            assert_file_contains ${package} 'export EXAMPLE="/nix/store/.*-hello-.*"'
          '';
      }
    ];
  };
 }
@ -108,4 +108,4 @@ There is also `.#gitlab-ci:pipeline:<pipeline name>:job-deps:<name>` which gener

	`Some parts of this implementation are adapted/inspired from https://gitlab.com/Cynerd/gitlab-ci-nix`	`Some parts of this implementation are adapted/inspired from https://gitlab.com/Cynerd/gitlab-ci-nix`

	`[docs-soonix]: https://nix-gitlab-ci.projects.tf/soonix "Soonix Integration"`	`[docs-soonix]: https://nix-gitlab-ci.projects,tf/soonix "Soonix Integration"`