Skip to content
Nix CI/CD hook for GitHub
Erlang Nix
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
.gitignore
COPYING.md
README.org
rebar.config
rebar.lock
shell.nix

README.org

Derivery

CI/CD hook for Nix-based projects.

Rationale

Leveraging Nix as builder results in dependencies being cached by default (short build times), being able to reuse build artifacts as binary cache, and deep integration in Nix ecosystem and tooling.

Continuous delivery is implemented by creating a symlink to a Nix path in home directory on push to a branch. For example, push to master will trigger a nix-build that will produce a symlink ~/user/repo/refs/heads/master pointing to nix/store…-repo. This approach ensures that deployments are always atomic.

Symlink can be directly used to serve static content. Additionally, CD touches home directory on successful build, which can be used to trigger `nixos-rebuild` via systemd path activation: https://github.com/serokell/serokell-public-overlay/blob/public/modules/services/derivery.nix

Setup

Service

Build

  1. Checkout this repo.
  2. Install rebar3.
  3. Run rebar3 release.

Alternatively, use this Nix derivation: https://github.com/serokell/serokell-public-overlay/blob/public/pkgs/derivery/default.nix

Setup

There are two required OTP parameters:

  • github_secret for webhook secret (arbitrary string)
  • github_token for private access token with repo and gist capabilities, set up one at https://github.com/settings/tokens

Create a derivery.config file with your parameters:

[{derivery, [{github_secret, "correct horse battery staple"},
             {github_token, "86fb269d190d2c85f6e0468ceca42a20"}]}].

Pass in config to release via ERL_FLAGS environment variable:

ERL_FLAGS="-config derivery.config" _build/default/rel/derivery/bin/derivery

Reverse proxy

Server is listening on port 50493 (unless you pass in custom port in OTP config). It’s highly recommended that you set up a reverse proxy that does TLS and listens on conventional port.

Nix expression

To set up CI for your project, add default.nix to the root of your repository. It should be a Nix expression that builds your repo and optionally runs tests.

For example, here’s how default.nix might look like for an Autotools project:

with import <nixpkgs> {};

stdenv.mkDerivation rec {
  name = "example";
  src = stdenv.lib.cleanSource ./.;

  nativeBuildInputs = [ autoreconfHook pkgconfig ];
  buildInputs = [ gtk3 ];

  enableParallelBuilding = true;
}

GitHub webhook

Go to https://github.com/owner/repo/settings/hooks and create a new webhook. Settings:

  • Payload URL: https://ci.example.com
  • Content type: application/json
  • Secret: same as OTP github_secret
  • Events: enable “Pull requests” for CI, enable “Pushes” for CD
You can’t perform that action at this time.