nix-gitlab-ci/templates/nix-gitlab-ci.yml

spec:
  inputs:
    cache_strategy:
      type: string
      description: |
        (empty for auto) | none | runner | cachix | attic
        Sets the default strategy and will be overridden by $NIX_CI_CACHE_STRATEGY
      default: "none"
    cache_files:
      type: array
      description: |
        Files to use as the cache key for the generated pipeline yaml.
        If you use "ci.nix" to define CI, add that here for example
      default: ["flake.nix", "flake.lock"]
---
stages:
  - build
  - trigger
variables:
  # which version of the image should be used
  _NIX_CI_VERSION: ${NIX_CI_VERSION}
  _NIX_CI_IMAGE: registry.gitlab.com/technofab/nix-gitlab-ci/nix-ci:${_NIX_CI_VERSION}
  # force build the pipeline yaml
  _NIX_CI_FORCE_BUILD: ${NIX_CI_FORCE_BUILD}
  # disable caching on the child pipeline jobs
  _NIX_CI_DISABLE_CACHE: ${NIX_CI_DISABLE_CACHE}
  # type of cache strategy to use (none, runner, attic, cachix)
  _NIX_CI_CACHE_STRATEGY: $[[ inputs.cache_strategy ]]
  # for multiple pipelines
  _NIX_CI_PIPELINE_NAME: ${CI_PIPELINE_SOURCE}
.env_overrides: &env_overrides
  rules:
    - if: $NIX_CI_IMAGE != null
      variables:
        _NIX_CI_IMAGE: $NIX_CI_IMAGE
    - if: $NIX_CI_CACHE_STRATEGY != null
      variables:
        _NIX_CI_CACHE_STRATEGY: $NIX_CI_CACHE_STRATEGY
    - if: $NIX_CI_PIPELINE_NAME != null
      variables:
        _NIX_CI_PIPELINE_NAME: $NIX_CI_PIPELINE_NAME
    - when: on_success
nix-ci:build:
  <<: *env_overrides
  stage: build
  image: $_NIX_CI_IMAGE
  cache:
    - key:
        files: $[[ inputs.cache_files ]]
      paths:
        - generated-gitlab-ci.yml
    - key: nix
      paths:
        - .nix-cache/
  before_script:
    # generated-gitlab-ci-<pipeline>.yml exists in the cache
    - '[ -f "generated-gitlab-ci-${_NIX_CI_PIPELINE_NAME}.yml" ] && export CACHED=true && echo "A cached pipeline file exists (skip cache with NIX_CI_FORCE_BUILD)" || true'
    # allow the user to manually skip the cache (when the key files are not correctly configured etc.)
    - '[ -n "$_NIX_CI_FORCE_BUILD" ] && unset CACHED && echo "Caching skipped for this job (through NIX_CI_FORCE_BUILD)" || true'
    # only setup when we need to generate the pipeline yaml
    - 'if [ -z "$CACHED" ]; then source setup_nix_ci; fi'
  script:
    # build the generated-gitlab-ci.yml if it does not exist in the cache
    - 'if [ -z "$CACHED" ]; then nix build .#gitlab-ci:pipeline:${_NIX_CI_PIPELINE_NAME} && install result generated-gitlab-ci-${_NIX_CI_PIPELINE_NAME}.yml; fi'
  after_script:
    # NOTE: environment variables of before_script and script don't exist here anymore
    #
    # save to binary cache or Gitlab CI cache only if we actually built something
    #  check if /tmp/nix-store-before exists as $CACHED never exists here and the file only exists if "setup_nix_ci" is called
    - 'if [ -f "/tmp/nix-store-before" ]; then finalize_nix_ci; fi'
  artifacts:
    paths:
      - generated-gitlab-ci-${_NIX_CI_PIPELINE_NAME}.yml
nix-ci:trigger:
  <<: *env_overrides
  stage: trigger
  needs:
    - nix-ci:build
  trigger:
    include:
      - artifact: generated-gitlab-ci.yml
        job: nix-ci:build
    strategy: depend
    forward:
      pipeline_variables: true