38 lines
1.5 KiB
Bash
Executable File
38 lines
1.5 KiB
Bash
Executable File
#!/bin/sh
|
|
set -e
|
|
|
|
if [ -z "$PLUGIN_BINARY_CACHE_URL" ] || [ -z "$PLUGIN_BINARY_CACHE_PUBLIC_KEY" ] || [ -z "$PLUGIN_BINARY_CACHE_PRIVATE_KEY" ]; then
|
|
echo "Please specify 'binary_cache_url', 'binary_cache_public_key', and 'binary_cache_private_key'"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "$PLUGIN_AWS_ACCESS_KEY_ID" ] || [ -z "$PLUGIN_AWS_SECRET_ACCESS_KEY" ]; then
|
|
echo "WARNING: 'aws_access_key_id' and 'aws_secret_access_key' are not defined, uploading to s3 will probably fail"
|
|
fi
|
|
|
|
cat >> /etc/nix/nix.conf << EOF
|
|
substituters = https://cache.nixos.org/ ${PLUGIN_BINARY_CACHE_URL}
|
|
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${PLUGIN_BINARY_CACHE_PUBLIC_KEY}
|
|
EOF
|
|
|
|
# remove previous result (nix-build fails when it is not a symlink)
|
|
rm -rf result
|
|
|
|
nix-build
|
|
|
|
# replace symlink by content of closure
|
|
result="$(readlink -f result)"
|
|
rm result
|
|
cp -a "$result" result
|
|
|
|
# push full nix store to binary cache
|
|
# find -print0 / xargs -0 is not used because NULL is not allowed in variables
|
|
closures="$(find /nix/store/ -not -path "*.drv" -not -path "/nix/store/.links" -mindepth 1 -maxdepth 1)"
|
|
|
|
echo "signing closures"
|
|
echo "${PLUGIN_BINARY_CACHE_PRIVATE_KEY}" > /run/binary-cache-key.private
|
|
echo "$closures" | xargs nix sign-paths --key-file /run/binary-cache-key.private
|
|
|
|
echo "uploading closures"
|
|
echo "$closures" | AWS_ACCESS_KEY_ID="$PLUGIN_AWS_ACCESS_KEY_ID" AWS_SECRET_ACCESS_KEY="$PLUGIN_AWS_SECRET_ACCESS_KEY" xargs nix copy --to "$PLUGIN_BINARY_CACHE_URL"
|