Skip to content
This repository has been archived by the owner on Mar 11, 2020. It is now read-only.

serokell/derivery

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits

src

src

 
 

.gitignore

.gitignore

 
 

COPYING.md

COPYING.md

 
 

README.org

README.org

 
 

rebar.config

rebar.config

 
 

rebar.lock

rebar.lock

 
 

shell.nix

shell.nix

 
 

Repository files navigation

Derivery

CI/CD hook for Nix-based projects.

Rationale

Leveraging Nix as builder results in dependencies being cached by default (short build times), being able to reuse build artifacts as binary cache, and deep integration in Nix ecosystem and tooling.

Continuous delivery is implemented by creating a symlink to a Nix path in home directory on push to a branch. For example, push to master will trigger a nix-build that will produce a symlink ~/user/repo/refs/heads/master pointing to nix/store…-repo. This approach ensures that deployments are always atomic.

Symlink can be directly used to serve static content. Additionally, CD touches home directory on successful build, which can be used to trigger `nixos-rebuild` via systemd path activation: https://github.com/serokell/serokell-public-overlay/blob/public/modules/services/derivery.nix

Setup

Service

Build

  1. Checkout this repo.
  2. Install rebar3.
  3. Run rebar3 release.

Alternatively, use this Nix derivation: https://github.com/serokell/serokell-public-overlay/blob/public/pkgs/derivery/default.nix

Setup

There are two required OTP parameters:

  • github_secret for webhook secret (arbitrary string)
  • github_token for private access token with repo and gist capabilities, set up one at https://github.com/settings/tokens

Create a derivery.config file with your parameters:

[{derivery, [{github_secret, "correct horse battery staple"},
             {github_token, "86fb269d190d2c85f6e0468ceca42a20"}]}].

Pass in config to release via ERL_FLAGS environment variable:

ERL_FLAGS="-config derivery.config" _build/default/rel/derivery/bin/derivery

Reverse proxy

Server is listening on port 50493 (unless you pass in custom port in OTP config). It’s highly recommended that you set up a reverse proxy that does TLS and listens on conventional port.

Nix expression

To set up CI for your project, add default.nix to the root of your repository. It should be a Nix expression that builds your repo and optionally runs tests.

For example, here’s how default.nix might look like for an Autotools project:

with import <nixpkgs> {};

stdenv.mkDerivation rec {
  name = "example";
  src = stdenv.lib.cleanSource ./.;

  nativeBuildInputs = [ autoreconfHook pkgconfig ];
  buildInputs = [ gtk3 ];

  enableParallelBuilding = true;
}

GitHub webhook

Go to https://github.com/owner/repo/settings/hooks and create a new webhook. Settings:

  • Payload URL: https://ci.example.com
  • Content type: application/json
  • Secret: same as OTP github_secret
  • Events: enable “Pull requests” for CI, enable “Pushes” for CD

About

Continuous integration and delivery hook for Nix projects

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

7 stars

Watchers

31 watching

Forks

1 fork
Report repository

Releases

8 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages