refactor(build-image): Extract package set loading into helper

Some upcoming changes might require the Nix build to be split into
multiple separate nix-build invocations of different expressions, thus
splitting this out is useful.

It also fixes an issue where `build-image/default.nix` might be called
in an environment where no Nix channels are configured.
This commit is contained in:
Vincent Ambo 2019-08-13 23:03:16 +01:00 committed by Vincent Ambo
parent 3939722063
commit d9168e3e4d
4 changed files with 87 additions and 65 deletions

View file

@ -18,9 +18,11 @@
# registry API. # registry API.
{ {
# Package set to used (this will usually be loaded by load-pkgs.nix)
pkgs,
# Image Name # Image Name
name, name,
# Image tag, the Nix's output hash will be used if null # Image tag, the Nix output's hash will be used if null
tag ? null, tag ? null,
# Tool used to determine layer grouping # Tool used to determine layer grouping
groupLayers, groupLayers,
@ -36,71 +38,13 @@
# the default here is set to something a little less than that. # the default here is set to something a little less than that.
maxLayers ? 96, maxLayers ? 96,
# Configuration for which package set to use when building.
#
# Both channels of the public nixpkgs repository as well as imports
# from private repositories are supported.
#
# This setting can be invoked with three different formats:
#
# 1. nixpkgs!$channel (e.g. nixpkgs!nixos-19.03)
# 2. git!$repo!$rev (e.g. git!git@github.com:NixOS/nixpkgs.git!master)
# 3. path!$path (e.g. path!/var/local/nixpkgs)
#
# '!' was chosen as the separator because `builtins.split` does not
# support regex escapes and there are few other candidates. It
# doesn't matter much because this is invoked by the server.
pkgSource ? "nixpkgs!nixos-19.03",
... ...
}: }:
with builtins; let
# If a nixpkgs channel is requested, it is retrieved from Github (as
# a tarball) and imported.
fetchImportChannel = channel:
let url = "https://github.com/NixOS/nixpkgs-channels/archive/${channel}.tar.gz";
in import (fetchTarball url) {};
# If a git repository is requested, it is retrieved via
# builtins.fetchGit which defaults to the git configuration of the
# outside environment. This means that user-configured SSH
# credentials etc. are going to work as expected.
fetchImportGit = url: rev:
let
# builtins.fetchGit needs to know whether 'rev' is a reference
# (e.g. a branch/tag) or a revision (i.e. a commit hash)
#
# Since this data is being extrapolated from the supplied image
# tag, we have to guess if we want to avoid specifying a format.
#
# There are some additional caveats around whether the default
# branch contains the specified revision, which need to be
# explained to users.
spec = if (stringLength rev) == 40 then {
inherit url rev;
} else {
inherit url;
ref = rev;
};
in import (fetchGit spec) {};
importPath = path: import (toPath path) {};
source = split "!" pkgSource;
sourceType = elemAt source 0;
pkgs =
if sourceType == "nixpkgs"
then fetchImportChannel (elemAt source 2)
else if sourceType == "git"
then fetchImportGit (elemAt source 2) (elemAt source 4)
else if sourceType == "path"
then importPath (elemAt source 2)
else throw("Invalid package set source specification: ${pkgSource}");
in
# Since this is essentially a re-wrapping of some of the functionality that is # Since this is essentially a re-wrapping of some of the functionality that is
# implemented in the dockerTools, we need all of its components in our top-level # implemented in the dockerTools, we need all of its components in our top-level
# namespace. # namespace.
with builtins;
with pkgs; with pkgs;
with dockerTools; with dockerTools;

View file

@ -16,14 +16,17 @@
# moves the files needed to call the Nix builds at runtime in the # moves the files needed to call the Nix builds at runtime in the
# correct locations. # correct locations.
{ pkgs ? import <nixpkgs> { }, self ? ./. { pkgs ? null, self ? ./.
# Because of the insanity occuring below, this function must mirror # Because of the insanity occuring below, this function must mirror
# all arguments of build-image.nix. # all arguments of build-image.nix.
, tag ? null, name ? null, packages ? null, maxLayers ? null, pkgSource ? null , pkgSource ? "nixpkgs!nixos-19.03"
, tag ? null, name ? null, packages ? null, maxLayers ? null
}@args: }@args:
with pkgs; rec { let pkgs = import ./load-pkgs.nix { inherit pkgSource; };
in with pkgs; rec {
groupLayers = buildGoPackage { groupLayers = buildGoPackage {
name = "group-layers"; name = "group-layers";
goDeps = ./go-deps.nix; goDeps = ./go-deps.nix;
@ -76,7 +79,7 @@ with pkgs; rec {
}; };
buildImage = import ./build-image.nix buildImage = import ./build-image.nix
({ inherit groupLayers; } // (lib.filterAttrs (_: v: v != null) args)); ({ inherit pkgs groupLayers; } // (lib.filterAttrs (_: v: v != null) args));
# Wrapper script which is called by the Nixery server to trigger an # Wrapper script which is called by the Nixery server to trigger an
# actual image build. This exists to avoid having to specify the # actual image build. This exists to avoid having to specify the

View file

@ -0,0 +1,73 @@
# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Load a Nix package set from a source specified in one of the following
# formats:
#
# 1. nixpkgs!$channel (e.g. nixpkgs!nixos-19.03)
# 2. git!$repo!$rev (e.g. git!git@github.com:NixOS/nixpkgs.git!master)
# 3. path!$path (e.g. path!/var/local/nixpkgs)
#
# '!' was chosen as the separator because `builtins.split` does not
# support regex escapes and there are few other candidates. It
# doesn't matter much because this is invoked by the server.
{ pkgSource, args ? { } }:
with builtins;
let
# If a nixpkgs channel is requested, it is retrieved from Github (as
# a tarball) and imported.
fetchImportChannel = channel:
let
url =
"https://github.com/NixOS/nixpkgs-channels/archive/${channel}.tar.gz";
in import (fetchTarball url) args;
# If a git repository is requested, it is retrieved via
# builtins.fetchGit which defaults to the git configuration of the
# outside environment. This means that user-configured SSH
# credentials etc. are going to work as expected.
fetchImportGit = url: rev:
let
# builtins.fetchGit needs to know whether 'rev' is a reference
# (e.g. a branch/tag) or a revision (i.e. a commit hash)
#
# Since this data is being extrapolated from the supplied image
# tag, we have to guess if we want to avoid specifying a format.
#
# There are some additional caveats around whether the default
# branch contains the specified revision, which need to be
# explained to users.
spec = if (stringLength rev) == 40 then {
inherit url rev;
} else {
inherit url;
ref = rev;
};
in import (fetchGit spec) args;
# No special handling is used for paths, so users are expected to pass one
# that will work natively with Nix.
importPath = path: import (toPath path) args;
source = split "!" pkgSource;
sourceType = elemAt source 0;
in if sourceType == "nixpkgs" then
fetchImportChannel (elemAt source 2)
else if sourceType == "git" then
fetchImportGit (elemAt source 2) (elemAt source 4)
else if sourceType == "path" then
importPath (elemAt source 2)
else
throw ("Invalid package set source specification: ${pkgSource}")

View file

@ -25,7 +25,9 @@ rec {
nixery-server = callPackage ./server { }; nixery-server = callPackage ./server { };
# Implementation of the image building & layering logic # Implementation of the image building & layering logic
nixery-build-image = (import ./build-image { inherit pkgs; }).wrapper; nixery-build-image = (import ./build-image {
pkgSource = "path!${<nixpkgs>}";
}).wrapper;
# Use mdBook to build a static asset page which Nixery can then # Use mdBook to build a static asset page which Nixery can then
# serve. This is primarily used for the public instance at # serve. This is primarily used for the public instance at