about summary refs log tree commit diff
path: root/ops/terraform/deploy-nixos/nix-eval.sh
diff options
context:
space:
mode:
authorFlorian Klink <flokli@flokli.de>2024-03-20T13·42+0200
committerclbot <clbot@tvl.fyi>2024-03-26T17·17+0000
commitf055c75bc0f8f01f0e7b1d397210c62584cd5ec3 (patch)
tree1031fdfdded157ccb51dd09d4a3222ffd9fdc72a /ops/terraform/deploy-nixos/nix-eval.sh
parent34d1cc178fb21e1e7e0d5c7e4cedeca1abfa6da1 (diff)
feat(ops/terraform/deploy-nixos): add `build` parameter r/7782
If this is set to true (and only then), also invoke `nix-build` on the
previously-instantiated .drv to cause builds/substitutions on the local
machine.

There's no terraform example for this in here, but this is useful if you
want to perform builds locally, for example to upload nix-built blobs
elsewhere through terraform.

Change-Id: Idcf7b8527aa9c27f6f9ca60ca607c29d82e1cce9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11215
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Diffstat (limited to 'ops/terraform/deploy-nixos/nix-eval.sh')
-rwxr-xr-xops/terraform/deploy-nixos/nix-eval.sh11
1 files changed, 10 insertions, 1 deletions
diff --git a/ops/terraform/deploy-nixos/nix-eval.sh b/ops/terraform/deploy-nixos/nix-eval.sh
index d7d59e317b61..5c7b14f57dc9 100755
--- a/ops/terraform/deploy-nixos/nix-eval.sh
+++ b/ops/terraform/deploy-nixos/nix-eval.sh
@@ -18,15 +18,24 @@ set -ueo pipefail
 #  - `argstr`: A map containing string keys and values
 #    which are passed to Nix as `--argstr $key $value`
 #    command line args. Optional.
+#  - `build`: A boolean (or string being "true" or "false") stating whether the
+#    expression should also be built/substituted on the machine executing this script.
 #
 # jq's @sh format takes care of escaping.
-eval "$(jq -r '@sh "attrpath=\(.attrpath) && entrypoint=\(.entrypoint) && argstr=\((.argstr // {}) | to_entries | map ("--argstr", .key, .value) | join(" "))"')"
+eval "$(jq -r '@sh "attrpath=\(.attrpath) && entrypoint=\(.entrypoint) && argstr=\((.argstr // {}) | to_entries | map ("--argstr", .key, .value) | join(" ")) build=\(.build)"')"
 
 # Evaluate the expression.
 [[ -z "$entrypoint" ]] && entrypoint=$(git rev-parse --show-toplevel)
 # shellcheck disable=SC2086,SC2154
 drv=$(nix-instantiate -A "${attrpath}" "${entrypoint}" ${argstr})
 
+# If `build` is set to true, invoke nix-build on the .drv.
+# We need to swallow all stdout, to not garble the JSON printed later.
+# shellcheck disable=SC2154
+if [ "${build}" == "true" ]; then
+  nix-build --no-out-link "${drv}" > /dev/null
+fi
+
 # Determine the output path.
 outPath=$(nix show-derivation "${drv}" | jq -r ".\"${drv}\".outputs.out.path")