2019-08-12 18:14:00 +02:00
|
|
|
# Copyright 2019 Google LLC
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# https://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
|
|
|
|
# This file builds the tool used to calculate layer distribution and
|
|
|
|
# moves the files needed to call the Nix builds at runtime in the
|
|
|
|
# correct locations.
|
|
|
|
|
2019-08-14 00:03:16 +02:00
|
|
|
{ pkgs ? null, self ? ./.
|
2019-08-12 18:14:00 +02:00
|
|
|
|
2019-08-12 20:02:13 +02:00
|
|
|
# Because of the insanity occuring below, this function must mirror
|
|
|
|
# all arguments of build-image.nix.
|
2019-08-14 00:03:16 +02:00
|
|
|
, pkgSource ? "nixpkgs!nixos-19.03"
|
|
|
|
, tag ? null, name ? null, packages ? null, maxLayers ? null
|
2019-08-12 20:02:13 +02:00
|
|
|
}@args:
|
|
|
|
|
2019-08-14 00:03:16 +02:00
|
|
|
let pkgs = import ./load-pkgs.nix { inherit pkgSource; };
|
|
|
|
in with pkgs; rec {
|
|
|
|
|
2019-08-12 20:02:13 +02:00
|
|
|
groupLayers = buildGoPackage {
|
2019-08-12 18:14:00 +02:00
|
|
|
name = "group-layers";
|
|
|
|
goDeps = ./go-deps.nix;
|
|
|
|
goPackagePath = "github.com/google/nixery/group-layers";
|
|
|
|
|
2019-08-12 20:02:13 +02:00
|
|
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
|
|
|
# WARNING: HERE BE DRAGONS! #
|
|
|
|
# #
|
|
|
|
# The hack below is used to break evaluation purity. The issue is #
|
|
|
|
# that Nixery's build instructions (the default.nix in the folder #
|
|
|
|
# above this one) must build a program that can invoke Nix at #
|
|
|
|
# runtime, with a derivation that needs a program tracked in this #
|
|
|
|
# source tree (`group-layers`). #
|
|
|
|
# #
|
|
|
|
# Simply installing that program in the $PATH of Nixery does not #
|
|
|
|
# work, because the runtime Nix builds use their own isolated #
|
|
|
|
# environment. #
|
|
|
|
# #
|
|
|
|
# I first attempted to naively copy the sources into the Nix #
|
|
|
|
# store, so that Nixery could build `group-layers` when it starts #
|
|
|
|
# up - however those sources are not available to a nested Nix #
|
|
|
|
# build because they're not part of the context of the nested #
|
|
|
|
# invocation. #
|
|
|
|
# #
|
|
|
|
# Nix has several primitives under `builtins.` that can break #
|
|
|
|
# evaluation purity, these (namely readDir and readFile) are used #
|
|
|
|
# below to break out of the isolated environment and reconstruct #
|
|
|
|
# the source tree for `group-layers`. #
|
|
|
|
# #
|
|
|
|
# There might be a better way to do this, but I don't know what #
|
|
|
|
# it is. #
|
|
|
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
|
|
|
src = runCommand "group-layers-srcs" { } ''
|
|
|
|
mkdir -p $out
|
|
|
|
${with builtins;
|
|
|
|
let
|
|
|
|
files =
|
|
|
|
(attrNames (lib.filterAttrs (_: t: t != "symlink") (readDir self)));
|
|
|
|
commands =
|
|
|
|
map (f: "cp ${toFile f (readFile "${self}/${f}")} $out/${f}") files;
|
|
|
|
in lib.concatStringsSep "\n" commands}
|
|
|
|
'';
|
|
|
|
|
2019-08-12 18:14:00 +02:00
|
|
|
meta = {
|
2019-08-12 20:02:13 +02:00
|
|
|
description =
|
|
|
|
"Tool to group a set of packages into container image layers";
|
2019-08-12 18:14:00 +02:00
|
|
|
license = lib.licenses.asl20;
|
|
|
|
maintainers = [ lib.maintainers.tazjin ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2019-08-12 20:02:13 +02:00
|
|
|
buildImage = import ./build-image.nix
|
2019-08-14 00:03:16 +02:00
|
|
|
({ inherit pkgs groupLayers; } // (lib.filterAttrs (_: v: v != null) args));
|
2019-08-12 20:02:13 +02:00
|
|
|
|
2019-08-12 18:14:00 +02:00
|
|
|
# Wrapper script which is called by the Nixery server to trigger an
|
2019-08-12 20:02:13 +02:00
|
|
|
# actual image build. This exists to avoid having to specify the
|
|
|
|
# location of build-image.nix at runtime.
|
|
|
|
wrapper = writeShellScriptBin "nixery-build-image" ''
|
|
|
|
exec ${nix}/bin/nix-build \
|
|
|
|
--show-trace \
|
|
|
|
--no-out-link "$@" \
|
|
|
|
--argstr self "${./.}" \
|
|
|
|
-A buildImage ${./.}
|
|
|
|
'';
|
|
|
|
}
|