63 lines
2 KiB
Nix
63 lines
2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
withSystem,
|
|
...
|
|
}: {
|
|
defaultEffectSystem = "aarch64-linux";
|
|
|
|
hercules-ci = {
|
|
flake-update = {
|
|
enable = true;
|
|
when.dayOfWeek = "Mon";
|
|
};
|
|
};
|
|
|
|
herculesCI = herculesCI: {
|
|
onPush.default = {
|
|
outputs.effects = {
|
|
pin-cache = withSystem config.defaultEffectSystem ({
|
|
pkgs,
|
|
hci-effects,
|
|
...
|
|
}: let
|
|
collectDrvs = prefix: attrs: let
|
|
drvs = lib.pipe attrs [
|
|
(lib.filterAttrs (_: lib.isDerivation))
|
|
(lib.mapAttrsToList (name: drv: {
|
|
name = "${prefix}.${name}";
|
|
inherit drv;
|
|
}))
|
|
];
|
|
recursed = lib.pipe attrs [
|
|
(lib.filterAttrs (_: val:
|
|
(!lib.isDerivation val) && (lib.isAttrs val) && (val.recurseForDerivations or true)))
|
|
(lib.mapAttrsToList (name: collectDrvs "${prefix}.${name}"))
|
|
];
|
|
in
|
|
drvs ++ (lib.flatten recursed);
|
|
collected = collectDrvs "packages" herculesCI.config.onPush.default.outputs.packages;
|
|
cachixCommands =
|
|
lib.concatMapStringsSep
|
|
"\n"
|
|
({
|
|
name,
|
|
drv,
|
|
}: "cachix pin nrabulinski ${lib.escapeShellArg name} ${lib.escapeShellArg drv}")
|
|
collected;
|
|
in
|
|
hci-effects.runIf (herculesCI.config.branch == "main") (hci-effects.mkEffect {
|
|
secretsMap."cachix-token" = "cachix-token";
|
|
inputs = [pkgs.cachix];
|
|
userSetupScript = ''
|
|
cachix authtoken $(readSecretString cachix-token .token)
|
|
'';
|
|
# Discarding the context is fine here because we don't actually want to build those derivations.
|
|
# They have already been built as part of this job,
|
|
# we only want to pin them to make sure cachix doesn't GC them.
|
|
effectScript = builtins.unsafeDiscardStringContext cachixCommands;
|
|
}));
|
|
};
|
|
};
|
|
};
|
|
}
|