Continuous Integration setup - devshell
<ol class="chapter"><li class="chapter-item expanded "><a href="intro.html"><strong aria-hidden="true">1.</strong> Intro</a></li><li class="chapter-item expanded "><a href="getting_started.html"><strong aria-hidden="true">2.</strong> Getting started</a></li><li class="chapter-item expanded "><a href="ci.html" class="active"><strong aria-hidden="true">3.</strong> Continuous Integration setup</a></li><li class="chapter-item expanded "><a href="extending.html"><strong aria-hidden="true">4.</strong> Extending devshell</a></li><li class="chapter-item expanded "><a href="modules_schema.html"><strong aria-hidden="true">5.</strong> devshell.toml schema</a></li><li class="chapter-item expanded "><a href="env.html"><strong aria-hidden="true">6.</strong> env vars</a></li><li class="chapter-item expanded "><a href="99_todo.html"><strong aria-hidden="true">7.</strong> TODO</a></li></ol>
<h1 id="continuous-integration-setup-ci"><a class="header" href="#continuous-integration-setup-ci">Continuous Integration setup (CI)</a></h1>
<p>Traditionally, the CI build environment has to be kept in sync with the
project. If the project needs <code>make</code> to build, the CI has to be configured to
have it available. This can become quite tricky whenever a version requirement
<p>With devshell, the only dependency is Nix. Once the devshell is built, all the
dependencies are loaded into scope and automatically are in sync with the
current code checkout.</p>
<h2 id="general-approach"><a class="header" href="#general-approach">General approach</a></h2>
<p>The only dependency we need installed in the CI environment is Nix.</p>
<p>Assuming that the <code>shell.nix</code> file exists, the general approach is to build it
with nix to get back the entrypoint script. And then executed that script with
the commands.</p>
<p>For example, let's say that <code>make</code> is being used to build the project.</p>
<p>The <code>devshell.toml</code> would have it as part of its commands:</p>
<pre><code class="language-toml">[[commands]]
package = &quot;gnumake&quot;
<p>All the CI has to do, is this: <code>nix-shell --run &quot;$(nix-build shell.nix)/entrypoint make&quot;</code>.</p>
<li><code>$(nix-build shell.nix)/entrypoint</code> outputs a path to the entrypoint script</li>
<li><code>nix-shell --run</code> sets the required environment variables for the entrypoint script to work.</li>
<li>The entrypoint script is executed with <code>make</code> as an argument. It loads the
<li>Finally make is executed in the context of the project environment, with
all the same dependencies as the developer's.</li>
<h2 id="hercules-ci"><a class="header" href="#hercules-ci">Hercules CI</a></h2>
<p><a href="">Hercules CI</a> is a Nix-based continuous integration and deployment service.</p>
<h3 id="build"><a class="header" href="#build">Build</a></h3>
<p>If you haven't packaged your project with Nix or if a check can't run in the Nix sandbox, you can run it as an <a href="">effect</a>.</p>
shell = import ./shell.nix {};
pkgs = shell.pkgs;
effectsSrc =
builtins.fetchTarball &quot;;;
inherit (import effectsSrc { inherit pkgs; }) effects;
inherit shell;
build = effects.mkEffect {
src = ./.;
effectScript = ''
go build
inputs = [
<p>Replace COMMIT_HASH by the latest git sha from <a href=""><code>hercules-ci-effects</code></a>,
or, if you prefer, you can bring <code>effects</code> into scope <a href="">using another pinning method</a>.</p>
<h3 id="run-locally"><a class="header" href="#run-locally">Run locally</a></h3>
<p>The <a href=""><code>hci</code> command</a> is available in <code>nixos-21.05</code> and <code>nixos-unstable</code>.</p>
package = &quot;hci&quot;
<p>Use <a href=""><code>hci effect run</code></a>. Following the previous example:</p>
<pre><code class="language-console">hci effect run build --no-token
<h3 id="shell-only"><a class="header" href="#shell-only">Shell only</a></h3>
<p>To build the shell itself on <code>x86_64-linux</code>:</p>
shell = import ./shell.nix {};
# ... any extra Nix packages you want to build; perhaps
# pkgs = import ./default.nix {} // { recurseForDerivations = true; };
<h3 id="system"><a class="header" href="#system"><code>system</code></a></h3>
<p>If you build for <a href="">multiple systems</a>, pass <code>system</code>:</p>
<pre><code>import ./shell.nix { inherit system; };
<h2 id="github-actions"><a class="header" href="#github-actions">GitHub Actions</a></h2>
<p>Add the following file to your project. Replace the <code>&lt;your build command&gt;</code>
part with whatever is needed to build the project.</p>
<pre><code class="language-yaml">name: devshell
- master
os: [ ubuntu-20.04, macos-latest ]
runs-on: ${{ matrix.os }}
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v12
- uses: cachix/cachix-action@v8
name: &quot;&lt;your cache here&gt;&quot;
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
- run: |
source &quot;$(nix-build shell.nix)&quot;
&lt;your build command&gt;
<h2 id="todo"><a class="header" href="#todo">TODO</a></h2>
<p>Add more CI-specific examples.</p>
