mirror of
https://gitlab.com/TECHNOFAB/nix-gitlab-ci.git
synced 2025-12-12 02:00:13 +01:00
319 lines
10 KiB
Nix
319 lines
10 KiB
Nix
{
|
|
outputs = {
|
|
flake-parts,
|
|
systems,
|
|
...
|
|
} @ inputs:
|
|
flake-parts.lib.mkFlake {inherit inputs;} {
|
|
imports = [
|
|
inputs.devenv.flakeModule
|
|
inputs.treefmt-nix.flakeModule
|
|
inputs.nix-mkdocs.flakeModule
|
|
inputs.nixtest.flakeModule
|
|
./lib/flakeModule.nix
|
|
];
|
|
systems = import systems;
|
|
flake = {};
|
|
perSystem = {
|
|
pkgs,
|
|
config,
|
|
self',
|
|
system,
|
|
...
|
|
}: rec {
|
|
treefmt = {
|
|
projectRootFile = "flake.nix";
|
|
programs = {
|
|
alejandra.enable = true;
|
|
mdformat.enable = true;
|
|
yamlfmt.enable = true;
|
|
};
|
|
settings.formatter = {
|
|
yamlfmt.excludes = ["templates/nix-gitlab-ci.yml"];
|
|
mdformat.command = let
|
|
pkg = pkgs.python3.withPackages (p: [
|
|
p.mdformat
|
|
p.mdformat-mkdocs
|
|
]);
|
|
in "${pkg}/bin/mdformat";
|
|
};
|
|
};
|
|
devenv.shells.default = {
|
|
containers = pkgs.lib.mkForce {};
|
|
packages = with pkgs; [dive skopeo];
|
|
|
|
pre-commit = {
|
|
hooks = {
|
|
treefmt = {
|
|
enable = true;
|
|
packageOverrides.treefmt = config.treefmt.build.wrapper;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
doc = {
|
|
path = ./docs;
|
|
deps = pp: [
|
|
pp.mkdocs-material
|
|
(pp.callPackage inputs.mkdocs-material-umami {})
|
|
];
|
|
config = {
|
|
site_name = "Nix GitLab CI";
|
|
repo_name = "TECHNOFAB/nix-gitlab-ci";
|
|
repo_url = "https://gitlab.com/TECHNOFAB/nix-gitlab-ci";
|
|
edit_uri = "edit/main/docs/";
|
|
theme = {
|
|
name = "material";
|
|
features = ["content.code.copy" "content.action.edit"];
|
|
icon.repo = "simple/gitlab";
|
|
logo = "images/logo.png";
|
|
favicon = "images/favicon.png";
|
|
palette = [
|
|
{
|
|
scheme = "default";
|
|
media = "(prefers-color-scheme: light)";
|
|
primary = "deep orange";
|
|
accent = "orange";
|
|
toggle = {
|
|
icon = "material/brightness-7";
|
|
name = "Switch to dark mode";
|
|
};
|
|
}
|
|
{
|
|
scheme = "slate";
|
|
media = "(prefers-color-scheme: dark)";
|
|
primary = "deep orange";
|
|
accent = "orange";
|
|
toggle = {
|
|
icon = "material/brightness-4";
|
|
name = "Switch to light mode";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
plugins = ["search" "material-umami"];
|
|
nav = [
|
|
{"Introduction" = "index.md";}
|
|
{"Setup" = "setup.md";}
|
|
{"Usage" = "usage.md";}
|
|
{"CI/CD Component" = "cicd_component.md";}
|
|
{"Environment Variables" = "environment_variables.md";}
|
|
{"Caching" = "caching.md";}
|
|
{"Multiple Pipelines" = "multi_pipeline.md";}
|
|
{"Utilities" = "utilities.md";}
|
|
{"Kubernetes Runner Example" = "kubernetes_runner.md";}
|
|
{"Example Configs" = "examples.md";}
|
|
];
|
|
markdown_extensions = [
|
|
{
|
|
"pymdownx.highlight".pygments_lang_class = true;
|
|
}
|
|
"pymdownx.inlinehilite"
|
|
"pymdownx.snippets"
|
|
"pymdownx.superfences"
|
|
"fenced_code"
|
|
"admonition"
|
|
];
|
|
extra.analytics = {
|
|
provider = "umami";
|
|
site_id = "28f7c904-db22-4c2b-9ee4-ed42e14b6db9";
|
|
src = "https://analytics.tf/umami";
|
|
domains = "nix-gitlab-ci.projects.tf";
|
|
feedback = {
|
|
title = "Was this page helpful?";
|
|
ratings = [
|
|
{
|
|
icon = "material/thumb-up-outline";
|
|
name = "This page is helpful";
|
|
data = "good";
|
|
note = "Thanks for your feedback!";
|
|
}
|
|
{
|
|
icon = "material/thumb-down-outline";
|
|
name = "This page could be improved";
|
|
data = "bad";
|
|
note = "Thanks for your feedback! Please leave feedback by creating an issue :)";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
# should set the "default" pipeline
|
|
ci = {
|
|
stages = ["test" "nixtest" "build" "deploy"];
|
|
jobs = {
|
|
"test" = {
|
|
stage = "test";
|
|
nix = {
|
|
deps = [pkgs.hello pkgs.curl];
|
|
enable-runner-cache = true;
|
|
};
|
|
variables = {
|
|
TEST = "test";
|
|
TEST_WITH_DERIVATION = "${pkgs.hello}/test";
|
|
};
|
|
script = [
|
|
"hello"
|
|
"curl google.de"
|
|
"echo $TEST $TEST_WITH_DERIVATION"
|
|
];
|
|
};
|
|
"test-default" = {
|
|
stage = "test";
|
|
nix.deps = [pkgs.hello];
|
|
script = ["hello"];
|
|
};
|
|
"test-non-nix" = {
|
|
nix.enable = false;
|
|
stage = "test";
|
|
image = "alpine:latest";
|
|
script = [
|
|
"echo \"This job will not be modified to use nix\""
|
|
];
|
|
};
|
|
# -- actually useful jobs --
|
|
"docs" = {
|
|
stage = "build";
|
|
script = [
|
|
# sh
|
|
''
|
|
nix build .#docs:default
|
|
mkdir -p public
|
|
cp -r result/. public/
|
|
''
|
|
];
|
|
artifacts.paths = ["public"];
|
|
};
|
|
"pages" = {
|
|
nix.enable = false;
|
|
image = "alpine:latest";
|
|
stage = "deploy";
|
|
script = ["true"];
|
|
artifacts.paths = ["public"];
|
|
rules = [
|
|
{
|
|
"if" = "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH";
|
|
}
|
|
];
|
|
};
|
|
"nixtest" = {
|
|
stage = "nixtest";
|
|
script = [
|
|
# sh
|
|
"nix run .#nixtests:run -- --junit=junit.xml"
|
|
];
|
|
allow_failure = true;
|
|
artifacts = {
|
|
when = "always";
|
|
reports.junit = "junit.xml";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
pipelines."non-default" = {
|
|
stages = ["test"];
|
|
jobs = {
|
|
"test" = {
|
|
stage = "test";
|
|
script = [
|
|
"echo Hello from another pipeline"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
nixtest.suites = let
|
|
jsonFile = file: builtins.fromJSON (builtins.readFile file);
|
|
in {
|
|
"Pipeline YAMLs" = [
|
|
{
|
|
name = "default";
|
|
type = "snapshot";
|
|
actual = jsonFile self'.legacyPackages."gitlab-ci:pipeline:default";
|
|
}
|
|
{
|
|
name = "non-default";
|
|
type = "snapshot";
|
|
actual = jsonFile self'.legacyPackages."gitlab-ci:pipeline:non-default";
|
|
}
|
|
];
|
|
};
|
|
|
|
packages = let
|
|
setupScript = pkgs.writeShellScriptBin "setup_nix_ci" (builtins.readFile ./scripts/setup_nix_ci.sh);
|
|
finalizeScript = pkgs.writeShellScriptBin "finalize_nix_ci" (builtins.readFile ./scripts/finalize_nix_ci.sh);
|
|
in {
|
|
setup-script = setupScript;
|
|
finalize-script = finalizeScript;
|
|
image = pkgs.dockerTools.buildImage {
|
|
name = "nix-ci";
|
|
fromImage = let
|
|
hashes = {
|
|
"x86_64-linux" = "sha256-kJ7dqje5o1KPr3RDZ7/THbhMSoiCU1C/7HshDrNfwnM=";
|
|
"aarch64-linux" = "sha256-jz+Z3Ji+hy5d9ImOh/YOKCqy9P9/cseSov+5J/O95bg=";
|
|
};
|
|
# check digest of tags like nixos-24.11-aarch64-linux etc.
|
|
digests = {
|
|
"x86_64-linux" = "sha256:345f210dea4cbd049e2d01d13159c829066dfb6e273cdd49ea878186d17b19f7";
|
|
"aarch64-linux" = "sha256:66163fdf446d851416dd4e9be28c0794d9c2550214a57a846957699a3f5747f6";
|
|
};
|
|
hash = hashes.${system} or (throw "Unsupported system");
|
|
imageDigest = digests.${system} or (throw "Unsupported system");
|
|
in
|
|
pkgs.dockerTools.pullImage {
|
|
imageName = "nixpkgs/nix-flakes";
|
|
inherit hash imageDigest;
|
|
};
|
|
copyToRoot = pkgs.buildEnv {
|
|
name = "image-root";
|
|
paths = with pkgs;
|
|
[
|
|
gitMinimal
|
|
gnugrep
|
|
gnused
|
|
coreutils
|
|
diffutils
|
|
cachix
|
|
attic-client
|
|
]
|
|
++ [
|
|
setupScript
|
|
finalizeScript
|
|
];
|
|
pathsToLink = ["/bin"];
|
|
};
|
|
};
|
|
};
|
|
|
|
checks = packages;
|
|
};
|
|
};
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
|
|
|
# flake & devenv related
|
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
|
systems.url = "github:nix-systems/default-linux";
|
|
devenv.url = "github:cachix/devenv";
|
|
treefmt-nix.url = "github:numtide/treefmt-nix";
|
|
nix-mkdocs.url = "gitlab:technofab/nixmkdocs?dir=lib";
|
|
mkdocs-material-umami.url = "gitlab:technofab/mkdocs-material-umami";
|
|
nixtest.url = "gitlab:technofab/nixtest?dir=lib";
|
|
};
|
|
|
|
nixConfig = {
|
|
extra-substituters = [
|
|
"https://cache.nixos.org/"
|
|
"https://nix-community.cachix.org"
|
|
"https://devenv.cachix.org"
|
|
];
|
|
|
|
extra-trusted-public-keys = [
|
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
|
|
];
|
|
};
|
|
}
|