This commit is contained in:
commit
b7a391377b
13
.drone.yml
Normal file
13
.drone.yml
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
kind: pipeline
|
||||||
|
name: default
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: docker
|
||||||
|
image: plugins/docker
|
||||||
|
settings:
|
||||||
|
registry: r.sbruder.de
|
||||||
|
username:
|
||||||
|
from_secret: docker_username
|
||||||
|
password:
|
||||||
|
from_secret: docker_password
|
||||||
|
repo: r.sbruder.de/drone-nix
|
||||||
5
Dockerfile
Normal file
5
Dockerfile
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
FROM nixos/nix
|
||||||
|
|
||||||
|
COPY entrypoint.sh /
|
||||||
|
|
||||||
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
21
LICENSE
Normal file
21
LICENSE
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
The MIT License
|
||||||
|
|
||||||
|
Copyright 2020 Simon Bruder
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||||
|
this software and associated documentation files (the "Software"), to deal in
|
||||||
|
the Software without restriction, including without limitation the rights to
|
||||||
|
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
||||||
|
of the Software, and to permit persons to whom the Software is furnished to do
|
||||||
|
so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
||||||
37
entrypoint.sh
Executable file
37
entrypoint.sh
Executable file
|
|
@ -0,0 +1,37 @@
|
||||||
|
#!/bin/sh
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [ -z "$PLUGIN_BINARY_CACHE_URL" ] || [ -z "$PLUGIN_BINARY_CACHE_PUBLIC_KEY" ] || [ -z "$PLUGIN_BINARY_CACHE_PRIVATE_KEY" ]; then
|
||||||
|
echo "Please specify 'binary_cache_url', 'binary_cache_public_key', and 'binary_cache_private_key'"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$PLUGIN_AWS_ACCESS_KEY_ID" ] || [ -z "$PLUGIN_AWS_SECRET_ACCESS_KEY" ]; then
|
||||||
|
echo "WARNING: 'aws_access_key_id' and 'aws_secret_access_key' are not defined, uploading to s3 will probably fail"
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat >> /etc/nix/nix.conf << EOF
|
||||||
|
substituters = https://cache.nixos.org/ ${PLUGIN_BINARY_CACHE_URL}
|
||||||
|
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${PLUGIN_BINARY_CACHE_PUBLIC_KEY}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# remove previous result (nix-build fails when it is not a symlink)
|
||||||
|
rm -rf result
|
||||||
|
|
||||||
|
nix-build
|
||||||
|
|
||||||
|
# replace symlink by content of closure
|
||||||
|
result="$(readlink -f result)"
|
||||||
|
rm result
|
||||||
|
cp -a "$result" result
|
||||||
|
|
||||||
|
# push full nix store to binary cache
|
||||||
|
# find -print0 / xargs -0 is not used because NULL is not allowed in variables
|
||||||
|
closures="$(find /nix/store/ -not -path "*.drv" -not -path "/nix/store/.links" -mindepth 1 -maxdepth 1)"
|
||||||
|
|
||||||
|
echo "signing closures"
|
||||||
|
echo "${PLUGIN_BINARY_CACHE_PRIVATE_KEY}" > /run/binary-cache-key.private
|
||||||
|
echo "$closures" | xargs nix sign-paths --key-file /run/binary-cache-key.private
|
||||||
|
|
||||||
|
echo "uploading closures"
|
||||||
|
echo "$closures" | AWS_ACCESS_KEY_ID="$PLUGIN_AWS_ACCESS_KEY_ID" AWS_SECRET_ACCESS_KEY="$PLUGIN_AWS_SECRET_ACCESS_KEY" xargs nix copy --to "$PLUGIN_BINARY_CACHE_URL"
|
||||||
Reference in a new issue