This commit is contained in:
commit
b7a391377b
13
.drone.yml
Normal file
13
.drone.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
kind: pipeline
|
||||
name: default
|
||||
|
||||
steps:
|
||||
- name: docker
|
||||
image: plugins/docker
|
||||
settings:
|
||||
registry: r.sbruder.de
|
||||
username:
|
||||
from_secret: docker_username
|
||||
password:
|
||||
from_secret: docker_password
|
||||
repo: r.sbruder.de/drone-nix
|
5
Dockerfile
Normal file
5
Dockerfile
Normal file
|
@ -0,0 +1,5 @@
|
|||
FROM nixos/nix
|
||||
|
||||
COPY entrypoint.sh /
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
21
LICENSE
Normal file
21
LICENSE
Normal file
|
@ -0,0 +1,21 @@
|
|||
The MIT License
|
||||
|
||||
Copyright 2020 Simon Bruder
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
this software and associated documentation files (the "Software"), to deal in
|
||||
the Software without restriction, including without limitation the rights to
|
||||
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
||||
of the Software, and to permit persons to whom the Software is furnished to do
|
||||
so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
37
entrypoint.sh
Executable file
37
entrypoint.sh
Executable file
|
@ -0,0 +1,37 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
if [ -z "$PLUGIN_BINARY_CACHE_URL" ] || [ -z "$PLUGIN_BINARY_CACHE_PUBLIC_KEY" ] || [ -z "$PLUGIN_BINARY_CACHE_PRIVATE_KEY" ]; then
|
||||
echo "Please specify 'binary_cache_url', 'binary_cache_public_key', and 'binary_cache_private_key'"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$PLUGIN_AWS_ACCESS_KEY_ID" ] || [ -z "$PLUGIN_AWS_SECRET_ACCESS_KEY" ]; then
|
||||
echo "WARNING: 'aws_access_key_id' and 'aws_secret_access_key' are not defined, uploading to s3 will probably fail"
|
||||
fi
|
||||
|
||||
cat >> /etc/nix/nix.conf << EOF
|
||||
substituters = https://cache.nixos.org/ ${PLUGIN_BINARY_CACHE_URL}
|
||||
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${PLUGIN_BINARY_CACHE_PUBLIC_KEY}
|
||||
EOF
|
||||
|
||||
# remove previous result (nix-build fails when it is not a symlink)
|
||||
rm -rf result
|
||||
|
||||
nix-build
|
||||
|
||||
# replace symlink by content of closure
|
||||
result="$(readlink -f result)"
|
||||
rm result
|
||||
cp -a "$result" result
|
||||
|
||||
# push full nix store to binary cache
|
||||
# find -print0 / xargs -0 is not used because NULL is not allowed in variables
|
||||
closures="$(find /nix/store/ -not -path "*.drv" -not -path "/nix/store/.links" -mindepth 1 -maxdepth 1)"
|
||||
|
||||
echo "signing closures"
|
||||
echo "${PLUGIN_BINARY_CACHE_PRIVATE_KEY}" > /run/binary-cache-key.private
|
||||
echo "$closures" | xargs nix sign-paths --key-file /run/binary-cache-key.private
|
||||
|
||||
echo "uploading closures"
|
||||
echo "$closures" | AWS_ACCESS_KEY_ID="$PLUGIN_AWS_ACCESS_KEY_ID" AWS_SECRET_ACCESS_KEY="$PLUGIN_AWS_SECRET_ACCESS_KEY" xargs nix copy --to "$PLUGIN_BINARY_CACHE_URL"
|
Reference in a new issue