feat(ops/terraform/deploy-nixos): add build parameter

If this is set to true (and only then), also invoke `nix-build` on the
previously-instantiated .drv to cause builds/substitutions on the local
machine.

There's no terraform example for this in here, but this is useful if you
want to perform builds locally, for example to upload nix-built blobs
elsewhere through terraform.

Change-Id: Idcf7b8527aa9c27f6f9ca60ca607c29d82e1cce9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11215
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
This commit is contained in:
Florian Klink 2024-03-20 15:42:02 +02:00 committed by clbot
parent 34d1cc178f
commit f055c75bc0

View file

@ -18,15 +18,24 @@ set -ueo pipefail
# - `argstr`: A map containing string keys and values # - `argstr`: A map containing string keys and values
# which are passed to Nix as `--argstr $key $value` # which are passed to Nix as `--argstr $key $value`
# command line args. Optional. # command line args. Optional.
# - `build`: A boolean (or string being "true" or "false") stating whether the
# expression should also be built/substituted on the machine executing this script.
# #
# jq's @sh format takes care of escaping. # jq's @sh format takes care of escaping.
eval "$(jq -r '@sh "attrpath=\(.attrpath) && entrypoint=\(.entrypoint) && argstr=\((.argstr // {}) | to_entries | map ("--argstr", .key, .value) | join(" "))"')" eval "$(jq -r '@sh "attrpath=\(.attrpath) && entrypoint=\(.entrypoint) && argstr=\((.argstr // {}) | to_entries | map ("--argstr", .key, .value) | join(" ")) build=\(.build)"')"
# Evaluate the expression. # Evaluate the expression.
[[ -z "$entrypoint" ]] && entrypoint=$(git rev-parse --show-toplevel) [[ -z "$entrypoint" ]] && entrypoint=$(git rev-parse --show-toplevel)
# shellcheck disable=SC2086,SC2154 # shellcheck disable=SC2086,SC2154
drv=$(nix-instantiate -A "${attrpath}" "${entrypoint}" ${argstr}) drv=$(nix-instantiate -A "${attrpath}" "${entrypoint}" ${argstr})
# If `build` is set to true, invoke nix-build on the .drv.
# We need to swallow all stdout, to not garble the JSON printed later.
# shellcheck disable=SC2154
if [ "${build}" == "true" ]; then
nix-build --no-out-link "${drv}" > /dev/null
fi
# Determine the output path. # Determine the output path.
outPath=$(nix show-derivation "${drv}" | jq -r ".\"${drv}\".outputs.out.path") outPath=$(nix show-derivation "${drv}" | jq -r ".\"${drv}\".outputs.out.path")