diff options
| author |  Théo Zimmermann <theo.zimmermann@univ-paris-diderot.fr> | 2018-07-05 16:06:25 +0200 |
|---|---|---|
| committer | Théo Zimmermann <theo.zimmermann@univ-paris-diderot.fr> | 2018-07-06 14:24:21 +0200 |
| commit | c2ab1e847670190d5c42d280c4375a73478d191d (patch) | |
| tree | f7bdb3d45da2c42f927cd90f47953f89c825d24d | |
| parent | 42774708bafe48aefe411fab4ca4d75407f9d1d6 (diff) | |
[pkg:nix] Add more comments and allow overriding extra substituters.
| -rw-r--r-- | .gitlab-ci.yml | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9b2f45e53..11614bc38 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -240,13 +240,25 @@ pkg:nix: image: nixorg/nix:latest # Minimal NixOS image which doesn't even contain git stage: test variables: + # By default we use coq.cachix.org as an extra substituter but this can be overridden + EXTRA_SUBSTITUTERS: https://coq.cachix.org + EXTRA_PUBLIC_KEYS: coq.cachix.org-1:Jgt0DwGAUo+wpxCM52k2V+E0hLoOzFPzvg94F65agtI= + # The following variables should not be overridden GIT_STRATEGY: none + CACHIX_PUBLIC_KEY: cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM= + NIXOS_PUBLIC_KEY: cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= + dependencies: [] # We don't need to download build artifacts before_script: [] # We don't want to use the shared 'before_script' script: + # Use current worktree as tmpdir to allow exporting artifacts in case of failure - export TMPDIR=$PWD - - nix-env -if https://github.com/cachix/cachix/tarball/master --substituters https://cachix.cachix.org --trusted-public-keys cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM= - - nix-build -E "import (fetchTarball $CI_PROJECT_URL/-/archive/$CI_COMMIT_SHA.tar.gz) {}" -K --extra-substituters https://coq.cachix.org --trusted-public-keys "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= coq.cachix.org-1:Jgt0DwGAUo+wpxCM52k2V+E0hLoOzFPzvg94F65agtI=" | if [ ! -z "$CACHIX_SIGNING_KEY" ]; then cachix push coq; fi + # Install Cachix as documented at https://github.com/cachix/cachix + - nix-env -if https://github.com/cachix/cachix/tarball/master --substituters https://cachix.cachix.org --trusted-public-keys "$CACHIX_PUBLIC_KEY" + # We build an expression rather than a direct URL to not be dependent on + # the URL location; we are forced to put the public key of cache.nixos.org + # because there is no --extra-trusted-public-key option. + - nix-build -E "import (fetchTarball $CI_PROJECT_URL/-/archive/$CI_COMMIT_SHA.tar.gz) {}" -K --extra-substituters "$EXTRA_SUBSTITUTERS" --trusted-public-keys "$NIXOS_PUBLIC_KEY $EXTRA_PUBLIC_KEYS" | if [ ! -z "$CACHIX_SIGNING_KEY" ]; then cachix push coq; fi artifacts: name: "$CI_JOB_NAME.logs" when: on_failure |