{ outputs = { flake-parts, systems, ... } @ inputs: flake-parts.lib.mkFlake {inherit inputs;} { imports = [ inputs.devenv.flakeModule inputs.treefmt-nix.flakeModule ./lib/flakeModule.nix ]; systems = import systems; flake = {}; perSystem = { pkgs, inputs', config, ... }: rec { treefmt = { projectRootFile = "flake.nix"; programs = { alejandra.enable = true; mdformat.enable = true; yamlfmt.enable = true; }; }; devenv.shells.default = { containers = pkgs.lib.mkForce {}; packages = with pkgs; [dive skopeo]; pre-commit = { hooks = { treefmt = { enable = true; packageOverrides.treefmt = config.treefmt.build.wrapper; }; }; }; }; ci = { # use the image built in the parent pipeline for dogfooding config.default-nix-image = "registry.gitlab.com/technofab/nix-gitlab-ci/nix-ci:$CI_COMMIT_SHORT_SHA"; stages = ["test"]; jobs = { "test" = { stage = "test"; nix = { deps = [pkgs.hello pkgs.curl]; disable-cache = false; }; variables = { TEST = "test"; TEST_WITH_DERIVATION = "${pkgs.hello}/test"; }; script = [ "hello" "curl google.de" "echo $TEST $TEST_WITH_DERIVATION" ]; }; "test-non-nix" = { nix.enable = false; stage = "test"; image = "alpine:latest"; script = [ "echo \"This job will not be modified to use nix\"" ]; }; }; }; packages = let setupScript = extra_setup: pkgs.writeShellScriptBin "setup_nix_ci" '' echo -e "\\e[0Ksection_start:`date +%s`:nix_setup[collapsed=true]\\r\\e[0KSetting up Nix CI" nix path-info --all > /tmp/nix-store-before if [ -z "$NIX_CI_DISABLE_CACHE" ]; then ${extra_setup} else echo "Caching disabled (NIX_CI_DISABLE_CACHE), skipping cache configuration" fi export NIX_CONFIG=" extra-trusted-public-keys = $NIX_PUBLIC_KEYS extra-trusted-substituters = $NIX_SUBSTITUTERS extra-substituters = $NIX_SUBSTITUTERS $NIX_EXTRA_CONFIG " echo -e "\\e[0Ksection_end:`date +%s`:nix_setup\\r\\e[0K" ${ "" # load the job's deps only if the name was passed } if [[ ! -z $1 ]]; then echo -e "\\e[0Ksection_start:`date +%s`:nix_deps[collapsed=true]\\r\\e[0KFetching deps for job" nix build .#gitlab-ci-job-deps:$1 source $(readlink -f result) echo -e "\\e[0Ksection_end:`date +%s`:nix_deps\\r\\e[0K" fi ''; finalizeScript = push_command: pkgs.writeShellScriptBin "finalize_nix_ci" '' echo -e "\\e[0Ksection_start:`date +%s`:cache_push[collapsed=true]\\r\\e[0KPushing new store paths to cache" nix path-info --all > /tmp/nix-store-after ${pkgs.diffutils}/bin/diff --new-line-format="%L" \ --old-line-format="" --unchanged-line-format="" \ /tmp/nix-store-before /tmp/nix-store-after \ | { if [ -z "$NIX_CI_DISABLE_CACHE" ]; then ${push_command} else ${pkgs.busybox}/bin/wc -l | { read count; echo "Caching disabled, not uploading $count new store entries..."; } fi } echo -e "\\e[0Ksection_end:`date +%s`:cache_push\\r\\e[0K" ''; mkImage = extraPackages: pkgs.dockerTools.buildImage { name = "nix-gitlab-ci"; fromImage = pkgs.dockerTools.pullImage { imageName = "nixpkgs/nix-flakes"; imageDigest = "sha256:d88e521662cb6bf9cef006b79ed6ed1069e297171f3c2585f2b898b30f7c045c"; sha256 = "1pcbgxz9c98mfqrzyi14h568dw8vxj1kbgirnwl6vs8wfaamjaaf"; finalImageName = "nixpkgs/nix-flakes"; finalImageTag = "latest"; }; copyToRoot = pkgs.buildEnv { name = "image-root"; paths = [ pkgs.gitMinimal pkgs.gnugrep ] ++ extraPackages; pathsToLink = ["/bin"]; }; }; in { setup-script = setupScript "true # extra_setup"; finalize-script = finalizeScript "true # push_command"; image = mkImage [ (setupScript '' cachedir="$(pwd)/.nix-cache" echo "Configuring caching with the Runner Cache in $cachedir..." export NIX_SUBSTITUTERS="$NIX_SUBSTITUTERS file://$cachedir?priority=10&trusted=true" '') (finalizeScript '' while read entry; do [[ "$entry" == *.drv ]] && entry+="^*" || true nix copy --quiet --to "file://$(pwd)/.nix-cache" $entry || true echo -n "." done '') ]; image-cachix = mkImage [ (setupScript '' echo "Configuring caching with cachix..." ${pkgs.cachix}/bin/cachix use $CACHIX_CACHE || true '') (finalizeScript "${pkgs.cachix}/bin/cachix push $CACHIX_CACHE || true") ]; image-attic = mkImage [ (setupScript '' echo "Configuring caching with attic..." ${inputs'.attic.packages.attic-client}/bin/attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" || true ${inputs'.attic.packages.attic-client}/bin/attic use "$ATTIC_CACHE" || true '') (finalizeScript "${inputs'.attic.packages.attic-client}/bin/attic push ci:$ATTIC_CACHE || true") ]; }; checks = packages; }; }; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; # flake & devenv related flake-parts.url = "github:hercules-ci/flake-parts"; systems.url = "github:nix-systems/default-linux"; devenv = { url = "github:cachix/devenv"; inputs.pre-commit-hooks.follows = "pre-commit-hooks"; }; pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; treefmt-nix.url = "github:numtide/treefmt-nix"; attic = { url = "gitlab:TECHNOFAB/attic"; inputs.nixpkgs.follows = "nixpkgs"; }; }; nixConfig = { extra-substituters = [ "https://cache.nixos.org/" "https://nix-community.cachix.org" ]; extra-trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; }; }