mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tvl-depot/default.nix
Vincent Ambo 5cad3f7b81 refactor(readTree): Move 'gather' into readTree itself 
Discovering CI targets is relevant to all readTree consumers and this
logic is not TVL-specific.

Change-Id: I81ed3d3f76a6c36119f04bee28ca995a013f0e35
2021-11-23 14:42:08 +00:00

111 lines
3.5 KiB
Nix
Raw Blame History

# This file sets up the top-level package set by traversing the package tree
# (see //nix/readTree for details) and constructing a matching attribute set
# tree.
{ nixpkgsBisectPath ? null, ... }@args:
let
inherit (builtins)
filter
;
readTree = import ./nix/readTree {};
# Disallow access to //users from other depot parts.
usersFilter = readTree.restrictFolder {
folder = "users";
reason = ''
Code under //users is not considered stable or dependable in the
wider depot context. If a project under //users is required by
something else, please move it to a different depot path.
'';
exceptions = [
# whitby is allowed to access //users for several reasons:
#
# 1. User SSH keys are set in //users.
# 2. Some personal websites or demo projects are served from it.
[ "ops" "machines" "whitby" ]
# Due to evaluation order this also affects these targets.
# TODO(tazjin): Can this one be removed somehow?
[ "ops" "nixos" ]
[ "ops" "machines" "all-systems" ]
];
};
# Disallow access to //corp from other depot parts.
corpFilter = readTree.restrictFolder {
folder = "corp";
reason = ''
Code under //corp may use incompatible licensing terms with
other depot parts and should not be used anywhere else.
'';
exceptions = [
# For the same reason as above, whitby is exempt to serve the
# corp website.
[ "ops" "machines" "whitby" ]
[ "ops" "nixos" ]
[ "ops" "machines" "all-systems" ]
];
};
readDepot = depotArgs: readTree {
args = depotArgs;
path = ./.;
filter = parts: args: corpFilter parts (usersFilter parts args);
scopedArgs = {
__findFile = _: _: throw "Do not import from NIX_PATH in the depot!";
};
};
# To determine build targets, we walk through the depot tree and
# fetch attributes that were imported by readTree and are buildable.
#
# Any build target that contains `meta.ci = false` will be skipped.
# Is this tree node eligible for build inclusion?
eligible = node: (node ? outPath) && (node.meta.ci or true);
in readTree.fix(self: (readDepot {
depot = self;
# Pass third_party as 'pkgs' (for compatibility with external
# imports for certain subdirectories)
pkgs = self.third_party.nixpkgs;
# Expose lib attribute to packages.
lib = self.third_party.nixpkgs.lib;
# Pass arguments passed to the entire depot through, for packages
# that would like to add functionality based on this.
#
# Note that it is intended for exceptional circumstance, such as
# debugging by bisecting nixpkgs.
externalArgs = args;
}) // {
# Make the path to the depot available for things that might need it
# (e.g. NixOS module inclusions)
path = self.third_party.nixpkgs.lib.cleanSource ./.;
# List of all buildable targets, for CI purposes.
#
# Note: To prevent infinite recursion, this *must* be a nested
# attribute set (which does not have a __readTree attribute).
ci.targets = readTree.gather eligible (self // {
# remove the pipelines themselves from the set over which to
# generate pipelines because that also leads to infinite
# recursion.
ops = self.ops // { pipelines = null; };
# remove nixpkgs from the set, for obvious reasons.
third_party = self.third_party // { nixpkgs = null; };
});
# Derivation that gcroots all depot targets.
ci.gcroot = self.third_party.nixpkgs.symlinkJoin {
name = "depot-gcroot";
paths = self.ci.targets;
};
})
Reference in a new issue View git blame Copy permalink