build: simplify pushed artefact naming and set object content-type

2024-11-24 04:58:08 +03:00 · 2020-10-28 11:43:22 +01:00 · 2020-10-28 11:43:22 +01:00 · 59709752eb
commit 59709752eb
parent 2c17f382ed
3 changed files with 33 additions and 18 deletions
--- a/ci.nix
+++ b/ci.nix
@ -24,24 +24,29 @@ let
  serviceAccountKey = builtins.readFile ("/var/run/keys/service-account.json");

  # Push a split output derivation containing "out" and "hash" outputs.
-  pushObject = name: extension: drv:
+  pushObject =
+    { name, extension, drv, contentType ? "application/octet-stream" }:
    let
-      # Use the sha256 for the object key suffix.
+      # Use the sha256 for the object key prefix.
      sha256 = builtins.readFile (drv.hash + "/sha256");
-      # Use md5 as an idempotency check for gsutil
-      md5 = builtins.readFile (drv.hash + "/md5");
+      # Use md5 as an idempotency check for gsutil.
+      contentMD5 = builtins.readFile (drv.hash + "/md5");
    in localLib.pushStorageObject {
-      inherit serviceAccountKey md5;
+      inherit serviceAccountKey name contentMD5 contentType;

      bucket = "bootstrap.urbit.org";
-      object = "ci/${name}-${sha256}.${extension}";
-      name = "${name}.${extension}";
+      object = "ci/${lib.removeSuffix extension name}.${sha256}.${extension}";
      file = drv.out;
    };

-  # Push a split output pill derivation containing "build" attribute with the
-  # with the ".pill" file extension.
-  pushPill = name: drv: pushObject name "pill" drv.build;
+  # Build and push a split output pill derivation with the ".pill" file extension.
+  pushPill = name: pill:
+    pushObject {
+      inherit name;
+
+      drv = pill.build;
+      extension = "pill";
+    };

  systems = lib.filterAttrs (_: v: builtins.elem v.system supportedSystems) {
    linux = {
@ -100,7 +105,12 @@ in localLib.dimension "system" systems (systemName:
      hs = localLib.collectHaskellComponents haskellPackages;

      # Push the tarball to the remote google storage bucket.
-      release = pushObject tarball.name "tgz" tarball;
+      release = pushObject {
+        name = tarball.name;
+        extension = tarball.meta.extension;
+        contentType = "application/x-gtar";
+        drv = tarball;
+      };

      # Replace top-level pill attributes with push to google storage variants.
    } // lib.optionalAttrs (system == "x86_64-linux") {
--- a/nix/lib/make-release-tarball.nix
+++ b/nix/lib/make-release-tarball.nix
@ -1,6 +1,6 @@
 { lib, stdenvNoCC, coreutils }:

-{ name, contents # { target = source, ... }
+{ name, extension ? "tgz", contents # { target = source, ... }
 }:

 let
@ -12,7 +12,7 @@ let
    (lib.mapAttrsToList (_target: source: "${source}") contents);

 in stdenvNoCC.mkDerivation {
-  inherit name;
+  name = "${name}.${extension}";

  outputs = [ "out" "hash" ];
  nativeBuildInputs = [ coreutils ];
@ -35,4 +35,6 @@ in stdenvNoCC.mkDerivation {
  '';

  preferLocalBuild = true;
+
+  meta = { inherit extension; };
 }
--- a/nix/lib/push-storage-object.nix
+++ b/nix/lib/push-storage-object.nix
@ -5,7 +5,8 @@
 # upload. This is in additional to any sha256sum you might want to actually
 # name the object key under.

-{ bucket, object, name, file, md5, serviceAccountKey, preferLocalBuild ? true }:
+{ bucket, object, name, file, contentMD5, contentType, serviceAccountKey
+, preferLocalBuild ? true }:

 assert lib.asserts.assertMsg (builtins.isString serviceAccountKey)
  "`serviceAccountKey` must contain the JSON contents of a service-account key";
@ -28,7 +29,7 @@ in stdenvNoCC.mkDerivation {

    gcloud auth activate-service-account --key-file=- <<< '${serviceAccountKey}'

-    local_md5=$(echo -n '${md5}' | xxd -r -p | base64)
+    local_md5=$(echo -n '${contentMD5}' | xxd -r -p | base64)
    remote_md5=
       
    stat_uri() {
@ -43,7 +44,9 @@ in stdenvNoCC.mkDerivation {
    if ! stat_uri; then
       header "copying ${file} to ${uri}"

-       gsutil cp '${file}' '${uri}'
+       gsutil -h "Content-MD5:$local_md5" \
+              -h "Content-Type:${contentType}" \
+         cp '${file}' '${uri}'

       if ! stat_uri; then
         echo "failed calculating remote uri md5" >&2
@ -52,13 +55,13 @@ in stdenvNoCC.mkDerivation {
    fi 

    # This is the same format as md5sum (double space separator) and
-    # is used as the outputHash to ensure a fixed output derivation.
+    # needs to match the .outputHash to ensure a fixed output derivation.
    echo -n "$remote_md5  ${uri}" > $out
  '';

  outputHashAlgo = "sha256";
  outputHashMode = "flat";
-  outputHash = builtins.hashString "sha256" "${md5}  ${uri}";
+  outputHash = builtins.hashString "sha256" "${contentMD5}  ${uri}";

  inherit preferLocalBuild;
 }