Merge branch 'typo' into 'main'

docs: fix Soonix URL in README.md

See merge request TECHNOFAB/nix-gitlab-ci!16

.gitlab-ci.yml

@@ -55,3 +55,5 @@ stages:
 - build-images
 - build
 - trigger
+variables:
+  NIX_CI_IMAGE: $CI_REGISTRY_IMAGE/nix-ci:$CI_COMMIT_SHORT_SHA

README.md

@@ -108,4 +108,4 @@ There is also `.#gitlab-ci:pipeline:<pipeline name>:job-deps:<name>` which gener
 
 Some parts of this implementation are adapted/inspired from https://gitlab.com/Cynerd/gitlab-ci-nix
 
-[docs-soonix]: https://nix-gitlab-ci.projects,tf/soonix "Soonix Integration"
+[docs-soonix]: https://nix-gitlab-ci.projects.tf/soonix "Soonix Integration"

docs/index.md

@@ -9,3 +9,14 @@ This project provides a Nix flake module that allows you to generate your `.gitl
 - **Modularity:** Define and manage your CI configurations in a structured and modular way using Nix modules, making it easier to share and reuse CI logic across multiple projects.
 
 This documentation will guide you through setting up and using Nix GitLab CI for your projects.
+
+## Warnings
+
+To save you from frantically searching these docs if something doesn't work as expected, here are the most important warnings ;)
+
+!!! warning
+
+    Do not put Nix store paths into global/pipeline variables. They will simply be passed through,
+    resulting in bad portability (if two runners have different archs for example, one cannot find the path).
+    If you need any Nix store path in env variables, always do it on the job level, there
+    it will automatically be computed at runtime, thus will always work no matter which runner it runs on.

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1756542300,
-        "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
+        "lastModified": 1764667669,
+        "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
+        "rev": "418468ac9527e799809c900eda37cbff999199b6",
         "type": "github"
       },
       "original": {
@@ -37,11 +37,11 @@
       },
       "locked": {
         "dir": "lib",
-        "lastModified": 1756370106,
-        "narHash": "sha256-l84ojcHuQWBwn4BRxQsMMfQpcq/Az/sHh/hSqFgVtyg=",
+        "lastModified": 1758738378,
+        "narHash": "sha256-NjzqdvQCDDdObEBH8x/vdhbdhrIB+N9E570uCdksGHY=",
         "owner": "rensa-nix",
         "repo": "core",
-        "rev": "9c1a29fa9ba7cbbb78b9e47eb8afbcd29303a3b4",
+        "rev": "abe19f9f13aff41de2b63304545c87d193d19ef4",
         "type": "gitlab"
       },
       "original": {

lib/VERSION

@@ -1 +1 @@
-3.0.1
+3.1.2

lib/impl/helpers.nix

@@ -50,7 +50,7 @@ in rec {
   filterJobVariables = shouldContain: job:
     concatMapAttrs (
       name: value:
-        optionalAttrs ((hasInfix "/nix/store/" value) == shouldContain) {
+        optionalAttrs ((hasInfix builtins.storeDir value) == shouldContain) {
           ${name} = value;
         }
     )

lib/impl/jobPatched.nix

@@ -11,13 +11,13 @@ in
     pipelineName,
     nixConfig,
   }:
+    if ! nixConfig.enable
+    then job
+    else
       (builtins.removeAttrs job ["variables" "cache"])
-    // (optionalAttrs nixConfig.enable (
-      (prependToBeforeScript ["source setup_nix_ci \"gitlab-ci:pipeline:${pipelineName}:job-deps:${key}\""] job)
+      // (prependToBeforeScript ["source setup_nix_ci \"gitlab-ci:pipeline:${pipelineName}:job-deps:${key}\""] job)
       // (appendToAfterScript ["finalize_nix_ci"] job)
-    ))
-    // optionalAttrs nixConfig.enable (
-      (let
+      // (let
         variables =
           (filterJobVariables false job)
           // optionalAttrs nixConfig.enableRunnerCache {
@@ -40,4 +40,3 @@ in
         optionalAttrs (cache != []) {
           inherit cache;
         })
-    )

lib/impl/modules/job.nix

@@ -646,8 +646,8 @@ in rec {
       };
       depsDrv = cilib.mkJobDeps {
         key = name;
-        job = config.finalConfig;
         nixConfig = config.nix;
+        inherit job;
       };
       runnerDrv = cilib.mkJobRun {
         key = name;

lib/impl/modules/root.nix

@@ -4,7 +4,7 @@
   pipelineSubmodule,
   ...
 }: let
-  inherit (lib) mkOption types;
+  inherit (lib) mkOption types foldr;
 in rec {
   configSubmodule = {
     options = {
@@ -65,7 +65,7 @@ in rec {
       };
     };
     config = {
-      packages = lib.fold (pipeline: acc: acc // pipeline) {} (
+      packages = foldr (pipeline: acc: acc // pipeline) {} (
         map (pipeline: pipeline.packages) (builtins.attrValues config.pipelines)
       );
       soonix = config.config.soonix.finalConfig;

nix/repo/ci.nix

@@ -10,6 +10,7 @@ in
       # the child pipeline can then use the built images to test them
       extraData = {
         stages = ["build-images" "build" "trigger"];
+        variables.NIX_CI_IMAGE = "$CI_REGISTRY_IMAGE/nix-ci:$CI_COMMIT_SHORT_SHA";
         "build:image" = {
           stage = "build-images";
           parallel.matrix = [

nix/repo/flake.lock

@@ -3,11 +3,11 @@
     "devshell-lib": {
       "locked": {
         "dir": "lib",
-        "lastModified": 1755673398,
-        "narHash": "sha256-51MmR+Eo1+bKDd/Ss77wwTqi4yAR2xgmyCSEbKWSpj0=",
+        "lastModified": 1758204313,
+        "narHash": "sha256-ainbY0Oajb1HMdvy+A8QxF/P5qwcbEzJGEY5pzKdDdc=",
         "owner": "rensa-nix",
         "repo": "devshell",
-        "rev": "e76bef387e8a4574f9b6d37b1a424e706491af08",
+        "rev": "7d0c4bc78d9f017a739b0c7eb2f4e563118353e6",
         "type": "gitlab"
       },
       "original": {
@@ -20,11 +20,11 @@
     "nixmkdocs-lib": {
       "locked": {
         "dir": "lib",
-        "lastModified": 1757055638,
-        "narHash": "sha256-KHYSkEreFe4meXzSdEbknC/HwaQSNClQkc8vzHlAsMM=",
+        "lastModified": 1763481845,
+        "narHash": "sha256-Bp0+9rDmlPWMcnKqGx+BG4+o5KO8FuDAOvXRnXrm3Fo=",
         "owner": "TECHNOFAB",
         "repo": "nixmkdocs",
-        "rev": "7840a5febdbeaf2da90babf6c94b3d0929d2bf74",
+        "rev": "73d59093df94a894d25bc4bf71880b6f00faa62f",
         "type": "gitlab"
       },
       "original": {
@@ -37,11 +37,11 @@
     "nixtest-lib": {
       "locked": {
         "dir": "lib",
-        "lastModified": 1756812148,
-        "narHash": "sha256-0g8KNk4zoLApA51PBHOWqPLRYpprjrQuSzNCjfBQgu8=",
+        "lastModified": 1759340550,
+        "narHash": "sha256-EH9heYb/nHHzCpUGQGqVQnuyVGQ7D6MVMgJmzNvvmJ8=",
         "owner": "TECHNOFAB",
         "repo": "nixtest",
-        "rev": "5741109cc9ec2b6d41b56abd3f5bc51ed7a9a228",
+        "rev": "5a7053afcbb211b9cf8fe87f7892bb9f6b76b678",
         "type": "gitlab"
       },
       "original": {
@@ -63,11 +63,11 @@
     "soonix-lib": {
       "locked": {
         "dir": "lib",
-        "lastModified": 1756797658,
-        "narHash": "sha256-4rkyP4oaoqG/FFVL7W8U+8hGer4tOBPff/2SeN5tJYQ=",
+        "lastModified": 1763323017,
+        "narHash": "sha256-MJyg37d+VMfRoFiVUj16FW+zkEwQXbgK9LoFF/SHoxA=",
         "owner": "TECHNOFAB",
         "repo": "soonix",
-        "rev": "3baef660cf8b87391d475a0455dd66fae0e60008",
+        "rev": "078034b01e4eaf1f9436d46721f7cbe0d96eb8b4",
         "type": "gitlab"
       },
       "original": {
@@ -80,11 +80,11 @@
     "treefmt-nix": {
       "flake": false,
       "locked": {
-        "lastModified": 1756662192,
-        "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=",
+        "lastModified": 1762938485,
+        "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4",
+        "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4",
         "type": "github"
       },
       "original": {

tests/cilib_test.nix

@@ -64,6 +64,22 @@
           nixConfig.enable = false;
         };
       }
+      {
+        name = "jobPatched nix disabled with variables and cache";
+        expected = {
+          variables."HELLO" = "world";
+          cache = [{key = "example";}];
+        };
+        actual = mkJobPatched {
+          key = "test";
+          pipelineName = "test";
+          job = {
+            variables."HELLO" = "world";
+            cache = [{key = "example";}];
+          };
+          nixConfig.enable = false;
+        };
+      }
       {
         name = "jobPatched without runner cache";
         expected = {
@@ -129,7 +145,7 @@
           # sh
           ''
             set -euo pipefail
-            ${ntlib.helpers.path [pkgs.jq pkgs.gnugrep pkgs.coreutils]}
+            ${ntlib.helpers.path (with pkgs; [jq gnugrep coreutils])}
             echo "two keys, one json one pretty"
             jq 'keys | length == 2' "${pipeline}" | grep -q true
             echo "key[0] is exactly 'gitlab-ci:pipeline:test'"
@@ -145,10 +161,13 @@
           '';
       }
       {
-        name = "handle store paths in variables";
+        name = "ignore store paths in variables with nix disabled";
         expected = {
           stages = ["test"];
-          test.stage = "test";
+          test = {
+            stage = "test";
+            variables."TEST" = "${pkgs.hello}";
+          };
         };
         actual =
           (mkPipeline {
@@ -163,6 +182,28 @@
             };
           }).finalConfig;
       }
+      {
+        # it doesn't make much sense to have any nix store path in variables, but we ignore it for global variables
+        name = "ignore store paths in global variables";
+        expected = {
+          variables = {
+            HELLO = "world";
+            CURL = toString pkgs.curl;
+          };
+        };
+        actual =
+          (mkPipeline {
+            name = "test";
+            nixConfig.enable = true;
+            pipeline = {
+              variables = {
+                HELLO = "world";
+                CURL = toString pkgs.curl;
+              };
+              jobs = {};
+            };
+          }).finalConfig;
+      }
     ];
   };
 }

tests/modules_test.nix

@@ -77,6 +77,27 @@
             assert_file_contains ${package} '"EXAMPLE":"/nix/store/.*-hello-.*"'
           '';
       }
+      {
+        name = "correctly inject variables containing nix store paths at runtime";
+        type = "script";
+        script = let
+          package =
+            (cilib.mkCI {
+              pipelines."test".jobs."test" = {
+                stage = ".pre";
+                variables.EXAMPLE = "${pkgs.hello}";
+                script = [];
+              };
+            }).packages."gitlab-ci:pipeline:test:job-deps:test";
+        in
+          # sh
+          ''
+            ${ntlib.helpers.path [pkgs.gnugrep]}
+            ${ntlib.helpers.scriptHelpers}
+            assert_file_contains ${package} 'export PATH=":$PATH";'
+            assert_file_contains ${package} 'export EXAMPLE="/nix/store/.*-hello-.*"'
+          '';
+      }
     ];
   };
 }