{ outputs = { flake-parts, systems, ... } @ inputs: flake-parts.lib.mkFlake {inherit inputs;} { imports = [ inputs.devenv.flakeModule inputs.treefmt-nix.flakeModule inputs.nix-mkdocs.flakeModule ./lib/flakeModule.nix ]; systems = import systems; flake = {}; perSystem = { pkgs, config, system, ... }: rec { treefmt = { projectRootFile = "flake.nix"; programs = { alejandra.enable = true; mdformat.enable = true; yamlfmt.enable = true; }; settings.formatter = { yamlfmt.excludes = ["templates/nix-gitlab-ci.yml"]; mdformat.command = let pkg = pkgs.python3.withPackages (p: [ p.mdformat p.mdformat-mkdocs ]); in "${pkg}/bin/mdformat"; }; }; devenv.shells.default = { containers = pkgs.lib.mkForce {}; packages = with pkgs; [dive skopeo]; pre-commit = { hooks = { treefmt = { enable = true; packageOverrides.treefmt = config.treefmt.build.wrapper; }; }; }; }; doc = { path = ./docs; deps = pp: [ pp.mkdocs-material (pp.callPackage inputs.mkdocs-material-umami {}) ]; config = { site_name = "Nix GitLab CI"; repo_name = "TECHNOFAB/nix-gitlab-ci"; repo_url = "https://gitlab.com/TECHNOFAB/nix-gitlab-ci"; edit_uri = "edit/main/docs/"; theme = { name = "material"; features = ["content.code.copy" "content.action.edit"]; icon.repo = "simple/gitlab"; logo = "images/logo.png"; favicon = "images/favicon.png"; palette = [ { scheme = "default"; media = "(prefers-color-scheme: light)"; primary = "deep orange"; accent = "orange"; toggle = { icon = "material/brightness-7"; name = "Switch to dark mode"; }; } { scheme = "slate"; media = "(prefers-color-scheme: dark)"; primary = "deep orange"; accent = "orange"; toggle = { icon = "material/brightness-4"; name = "Switch to light mode"; }; } ]; }; plugins = ["search" "material-umami"]; nav = [ {"Introduction" = "index.md";} {"Setup" = "setup.md";} {"Usage" = "usage.md";} {"CI/CD Component" = "cicd_component.md";} {"Environment Variables" = "environment_variables.md";} {"Caching" = "caching.md";} {"Multiple Pipelines" = "multi_pipeline.md";} {"Utilities" = "utilities.md";} {"Kubernetes Runner Example" = "kubernetes_runner.md";} {"Example Configs" = "examples.md";} ]; markdown_extensions = [ { "pymdownx.highlight".pygments_lang_class = true; } "pymdownx.inlinehilite" "pymdownx.snippets" "pymdownx.superfences" "fenced_code" "admonition" ]; extra.analytics = { provider = "umami"; site_id = "28f7c904-db22-4c2b-9ee4-ed42e14b6db9"; src = "https://analytics.tf/umami"; domains = "nix-gitlab-ci.projects.tf"; feedback = { title = "Was this page helpful?"; ratings = [ { icon = "material/thumb-up-outline"; name = "This page is helpful"; data = "good"; note = "Thanks for your feedback!"; } { icon = "material/thumb-down-outline"; name = "This page could be improved"; data = "bad"; note = "Thanks for your feedback! Please leave feedback by creating an issue :)"; } ]; }; }; }; }; # should set the "default" pipeline ci = { stages = ["test" "build" "deploy"]; jobs = { "test" = { stage = "test"; nix = { deps = [pkgs.hello pkgs.curl]; enable-runner-cache = true; }; variables = { TEST = "test"; TEST_WITH_DERIVATION = "${pkgs.hello}/test"; }; script = [ "hello" "curl google.de" "echo $TEST $TEST_WITH_DERIVATION" ]; }; "test-default" = { stage = "test"; nix.deps = [pkgs.hello]; script = ["hello"]; }; "test-non-nix" = { nix.enable = false; stage = "test"; image = "alpine:latest"; script = [ "echo \"This job will not be modified to use nix\"" ]; }; # -- actually useful jobs -- "docs" = { stage = "build"; script = [ # sh '' nix build .#docs:default mkdir -p public cp -r result/. public/ '' ]; artifacts.paths = ["public"]; }; "pages" = { nix.enable = false; image = "alpine:latest"; stage = "deploy"; script = ["true"]; artifacts.paths = ["public"]; rules = [ { "if" = "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH"; } ]; }; }; }; pipelines."non-default" = { stages = ["test"]; jobs = { "test" = { stage = "test"; script = [ "echo Hello from another pipeline" ]; }; }; }; packages = let setupScript = pkgs.writeShellScriptBin "setup_nix_ci" (builtins.readFile ./scripts/setup_nix_ci.sh); finalizeScript = pkgs.writeShellScriptBin "finalize_nix_ci" (builtins.readFile ./scripts/finalize_nix_ci.sh); in { setup-script = setupScript; finalize-script = finalizeScript; image = pkgs.dockerTools.buildImage { name = "nix-ci"; fromImage = let hashes = { "x86_64-linux" = "sha256-kJ7dqje5o1KPr3RDZ7/THbhMSoiCU1C/7HshDrNfwnM="; "aarch64-linux" = "sha256-jz+Z3Ji+hy5d9ImOh/YOKCqy9P9/cseSov+5J/O95bg="; }; # check digest of tags like nixos-24.11-aarch64-linux etc. digests = { "x86_64-linux" = "sha256:345f210dea4cbd049e2d01d13159c829066dfb6e273cdd49ea878186d17b19f7"; "aarch64-linux" = "sha256:66163fdf446d851416dd4e9be28c0794d9c2550214a57a846957699a3f5747f6"; }; hash = hashes.${system} or (throw "Unsupported system"); imageDigest = digests.${system} or (throw "Unsupported system"); in pkgs.dockerTools.pullImage { imageName = "nixpkgs/nix-flakes"; inherit hash imageDigest; }; copyToRoot = pkgs.buildEnv { name = "image-root"; paths = with pkgs; [ gitMinimal gnugrep gnused coreutils diffutils cachix attic-client ] ++ [ setupScript finalizeScript ]; pathsToLink = ["/bin"]; }; }; }; checks = packages; }; }; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; # flake & devenv related flake-parts.url = "github:hercules-ci/flake-parts"; systems.url = "github:nix-systems/default-linux"; devenv.url = "github:cachix/devenv"; treefmt-nix.url = "github:numtide/treefmt-nix"; nix-mkdocs.url = "gitlab:technofab/nixmkdocs?dir=lib"; mkdocs-material-umami.url = "gitlab:technofab/mkdocs-material-umami"; }; nixConfig = { extra-substituters = [ "https://cache.nixos.org/" "https://nix-community.cachix.org" "https://devenv.cachix.org" ]; extra-trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" ]; }; }