From b7a391377bb08e2b771cdf777f9b1e59d2c3eb1b Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Sat, 3 Oct 2020 14:43:35 +0200 Subject: [PATCH] Initial commit --- .drone.yml | 13 +++++++++++++ Dockerfile | 5 +++++ LICENSE | 21 +++++++++++++++++++++ entrypoint.sh | 37 +++++++++++++++++++++++++++++++++++++ 4 files changed, 76 insertions(+) create mode 100644 .drone.yml create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100755 entrypoint.sh diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..be8ca76 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,13 @@ +kind: pipeline +name: default + +steps: +- name: docker + image: plugins/docker + settings: + registry: r.sbruder.de + username: + from_secret: docker_username + password: + from_secret: docker_password + repo: r.sbruder.de/drone-nix diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..040a95a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,5 @@ +FROM nixos/nix + +COPY entrypoint.sh / + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..b708b18 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +The MIT License + +Copyright 2020 Simon Bruder + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..400132f --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,37 @@ +#!/bin/sh +set -e + +if [ -z "$PLUGIN_BINARY_CACHE_URL" ] || [ -z "$PLUGIN_BINARY_CACHE_PUBLIC_KEY" ] || [ -z "$PLUGIN_BINARY_CACHE_PRIVATE_KEY" ]; then + echo "Please specify 'binary_cache_url', 'binary_cache_public_key', and 'binary_cache_private_key'" + exit 1 +fi + +if [ -z "$PLUGIN_AWS_ACCESS_KEY_ID" ] || [ -z "$PLUGIN_AWS_SECRET_ACCESS_KEY" ]; then + echo "WARNING: 'aws_access_key_id' and 'aws_secret_access_key' are not defined, uploading to s3 will probably fail" +fi + +cat >> /etc/nix/nix.conf << EOF +substituters = https://cache.nixos.org/ ${PLUGIN_BINARY_CACHE_URL} +trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${PLUGIN_BINARY_CACHE_PUBLIC_KEY} +EOF + +# remove previous result (nix-build fails when it is not a symlink) +rm -rf result + +nix-build + +# replace symlink by content of closure +result="$(readlink -f result)" +rm result +cp -a "$result" result + +# push full nix store to binary cache +# find -print0 / xargs -0 is not used because NULL is not allowed in variables +closures="$(find /nix/store/ -not -path "*.drv" -not -path "/nix/store/.links" -mindepth 1 -maxdepth 1)" + +echo "signing closures" +echo "${PLUGIN_BINARY_CACHE_PRIVATE_KEY}" > /run/binary-cache-key.private +echo "$closures" | xargs nix sign-paths --key-file /run/binary-cache-key.private + +echo "uploading closures" +echo "$closures" | AWS_ACCESS_KEY_ID="$PLUGIN_AWS_ACCESS_KEY_ID" AWS_SECRET_ACCESS_KEY="$PLUGIN_AWS_SECRET_ACCESS_KEY" xargs nix copy --to "$PLUGIN_BINARY_CACHE_URL"