From f055c75bc0f8f01f0e7b1d397210c62584cd5ec3 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Wed, 20 Mar 2024 15:42:02 +0200 Subject: feat(ops/terraform/deploy-nixos): add `build` parameter If this is set to true (and only then), also invoke `nix-build` on the previously-instantiated .drv to cause builds/substitutions on the local machine. There's no terraform example for this in here, but this is useful if you want to perform builds locally, for example to upload nix-built blobs elsewhere through terraform. Change-Id: Idcf7b8527aa9c27f6f9ca60ca607c29d82e1cce9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11215 Reviewed-by: tazjin Autosubmit: flokli Tested-by: BuildkiteCI --- ops/terraform/deploy-nixos/nix-eval.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'ops') diff --git a/ops/terraform/deploy-nixos/nix-eval.sh b/ops/terraform/deploy-nixos/nix-eval.sh index d7d59e317b..5c7b14f57d 100755 --- a/ops/terraform/deploy-nixos/nix-eval.sh +++ b/ops/terraform/deploy-nixos/nix-eval.sh @@ -18,15 +18,24 @@ set -ueo pipefail # - `argstr`: A map containing string keys and values # which are passed to Nix as `--argstr $key $value` # command line args. Optional. +# - `build`: A boolean (or string being "true" or "false") stating whether the +# expression should also be built/substituted on the machine executing this script. # # jq's @sh format takes care of escaping. -eval "$(jq -r '@sh "attrpath=\(.attrpath) && entrypoint=\(.entrypoint) && argstr=\((.argstr // {}) | to_entries | map ("--argstr", .key, .value) | join(" "))"')" +eval "$(jq -r '@sh "attrpath=\(.attrpath) && entrypoint=\(.entrypoint) && argstr=\((.argstr // {}) | to_entries | map ("--argstr", .key, .value) | join(" ")) build=\(.build)"')" # Evaluate the expression. [[ -z "$entrypoint" ]] && entrypoint=$(git rev-parse --show-toplevel) # shellcheck disable=SC2086,SC2154 drv=$(nix-instantiate -A "${attrpath}" "${entrypoint}" ${argstr}) +# If `build` is set to true, invoke nix-build on the .drv. +# We need to swallow all stdout, to not garble the JSON printed later. +# shellcheck disable=SC2154 +if [ "${build}" == "true" ]; then + nix-build --no-out-link "${drv}" > /dev/null +fi + # Determine the output path. outPath=$(nix show-derivation "${drv}" | jq -r ".\"${drv}\".outputs.out.path") -- cgit 1.4.1