Created
June 7, 2020 13:09
-
-
Save Profpatsch/4bd9bea84558a9560a3598e6376476c0 to your computer and use it in GitHub Desktop.
post-build-hooks in nix on circleci
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -eu | |
| # copy post-build-hook script to /etc/nix | |
| cp ./upload-to-cache.sh /etc/nix/ | |
| chmod a+x /etc/nix/upload-to-cache.sh | |
| # fetch the secret key used to access the S3 cache bucket from the | |
| # environment, and write to disk (it is used to by the | |
| # post-build-hook script) | |
| echo "$NIX_SECRET_KEY" > /etc/nix/secret-key | |
| # Actually write nix.conf file | |
| cat > /etc/nix/nix.conf <<EOF | |
| # circleci can’t handle nix sandboxes | |
| sandbox = false | |
| # TODO: we shouldn’t use an s3:// link here, rather set the bucket policies | |
| # to the ones described in https://nixos.org/nix/manual/#ssec-s3-substituter-anonymous-reads | |
| substituters = s3://zeus-logics-ci-build-cache?region=us-east-2 https://cache.nixos.org/ | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${NIX_PUBLIC_KEY} | |
| post-build-hook = /etc/nix/upload-to-cache.sh | |
| EOF | |
| echo "/etc/nix/nix.conf:" | |
| cat /etc/nix/nix.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set -eu | |
| set -f # disable globbing | |
| export IFS=' ' | |
| echo "Uploading to cache: " $OUT_PATHS | |
| exec \ | |
| nix copy \ | |
| -v \ | |
| --to 's3://my-bucket-name?region=aws-region-goes-here&secret-key=/etc/nix/secret-key' \ | |
| $OUT_PATHS \ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment