Add TIL on CI with Nix and Bash

6 files changed, 346 insertions, 0 deletions

diff --git a/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.md b/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.md
new file mode 100644
index 0000000..b26a06e
--- /dev/null
+++ b/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.md
@@ -0,0 +1,71 @@
+---
+
+title: DIY bare bones CI server with Bash and Nix
+
+date: 2020-11-12 3
+
+layout: post
+
+lang: en
+
+ref: diy-bare-bones-ci-server-with-bash-and-nix
+
+---
+
+With a server with Nix installed (no need for NixOS), you can leverage its build
+isolation for running CI jobs by adding a [post-receive][post-receive] Git hook
+to the server.
+
+In most of my project I like to keep a `test` attribute which runs the test with
+`nix-build -A test`. This way, a post-receive hook could look like:
+
+```shell
+#!/usr/bin/env bash
+set -Eeuo pipefail
+set -x
+
+LOGS_PREFIX="/data/static/ci-logs/libedn"
+mkdir -p "$LOGS_DIR"
+LOGFILE="${LOGS_DIR}/$(date -Is)-$(git rev-parse master).log"
+exec &> >(tee -a "${LOGFILE}")
+
+unset GIT_DIR
+CLONE="$(mktemp -d)"
+git clone . "$CLONE"
+pushd "$CLONE"
+
+finish() {
+  printf "\n\n>>> exit status was %s\n" "$?"
+}
+trap finish EXIT
+
+nix-build -A test
+```
+
+We initially (lines #5 to #8) create a log file, named after *when* the run is
+running and for *which* commit it is running for. The `exec` and `tee` combo
+allows the output of the script to go both to `stdout` *and* the log file. This
+makes the logs output show up when you do a `git push`.
+
+Lines #10 to #13 create a fresh clone of the repository and line #20 runs the
+test command.
+
+After using a similar post-receive hook for a while, I now even generate a
+simple HTML file to make the [logs available][ci-logs] through the browser.
+
+[post-receive]: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks
+[ci-logs]: https://ci.euandreh.xyz/
+
+## Upsides
+
+No vendor lock-in, as all you need is a server with Nix installed.
+
+And if you pin the Nixpkgs version you're using, this very simple setup yields
+extremely sandboxed runs on a very hermetic environment.
+
+## Downsides
+
+Besides the many missing shiny features of this very simplistic CI, `nix-build`
+can be very resource intensive. Specifically, it consumes too much memory. So if
+it has to download too many things, or the build closure gets too big, the
+server might very well run out of memory.
diff --git a/locale/eo/LC_MESSAGES/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.po b/locale/eo/LC_MESSAGES/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.po
new file mode 100644
index 0000000..cbc72d1
--- /dev/null
+++ b/locale/eo/LC_MESSAGES/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.po
@@ -0,0 +1,91 @@
+#
+msgid ""
+msgstr ""
+
+msgid "title: DIY bare bones CI server with Bash and Nix"
+msgstr ""
+
+msgid "date: 2020-11-12 3"
+msgstr ""
+
+msgid "layout: post"
+msgstr ""
+
+msgid "lang: en"
+msgstr ""
+
+msgid "ref: diy-bare-bones-ci-server-with-bash-and-nix"
+msgstr ""
+
+msgid ""
+"With a server with Nix installed (no need for NixOS), you can leverage its "
+"build isolation for running CI jobs by adding a [post-receive](https://git-"
+"scm.com/book/en/v2/Customizing-Git-Git-Hooks) Git hook to the server."
+msgstr ""
+
+msgid ""
+"In most of my project I like to keep a `test` attribute which runs the test "
+"with `nix-build -A test`. This way, a post-receive hook could look like:"
+msgstr ""
+
+msgid ""
+"#!/usr/bin/env bash\n"
+"set -Eeuo pipefail\n"
+"set -x\n"
+"\n"
+"LOGS_PREFIX=\"/data/static/ci-logs/libedn\"\n"
+"mkdir -p \"$LOGS_DIR\"\n"
+"LOGFILE=\"${LOGS_DIR}/$(date -Is)-$(git rev-parse master).log\"\n"
+"exec &> >(tee -a \"${LOGFILE}\")\n"
+"\n"
+"unset GIT_DIR\n"
+"CLONE=\"$(mktemp -d)\"\n"
+"git clone . \"$CLONE\"\n"
+"pushd \"$CLONE\"\n"
+"\n"
+"finish() {\n"
+"  printf \"\\n\\n>>> exit status was %s\\n\" \"$?\"\n"
+"}\n"
+"trap finish EXIT\n"
+"\n"
+"nix-build -A test\n"
+msgstr ""
+
+msgid ""
+"We initially (lines #5 to #8) create a log file, named after *when* the run "
+"is running and for *which* commit it is running for. The `exec` and `tee` "
+"combo allows the output of the script to go both to `stdout` *and* the log "
+"file. This makes the logs output show up when you do a `git push`."
+msgstr ""
+
+msgid ""
+"Lines #10 to #13 create a fresh clone of the repository and line #20 runs "
+"the test command."
+msgstr ""
+
+msgid ""
+"After using a similar post-receive hook for a while, I now even generate a "
+"simple HTML file to make the [logs available](https://ci.euandreh.xyz/) "
+"through the browser."
+msgstr ""
+
+msgid "Upsides"
+msgstr ""
+
+msgid "No vendor lock-in, as all you need is a server with Nix installed."
+msgstr ""
+
+msgid ""
+"And if you pin the Nixpkgs version you're using, this very simple setup "
+"yields extremely sandboxed runs on a very hermetic environment."
+msgstr ""
+
+msgid "Downsides"
+msgstr ""
+
+msgid ""
+"Besides the many missing shiny features of this very simplistic CI, `nix-"
+"build` can be very resource intensive. Specifically, it consumes too much "
+"memory. So if it has to download too many things, or the build closure gets "
+"too big, the server might very well run out of memory."
+msgstr ""
diff --git a/locale/fr/LC_MESSAGES/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.po b/locale/fr/LC_MESSAGES/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.po
new file mode 100644
index 0000000..cbc72d1
--- /dev/null
+++ b/locale/fr/LC_MESSAGES/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.po
@@ -0,0 +1,91 @@
+#
+msgid ""
+msgstr ""
+
+msgid "title: DIY bare bones CI server with Bash and Nix"
+msgstr ""
+
+msgid "date: 2020-11-12 3"
+msgstr ""
+
+msgid "layout: post"
+msgstr ""
+
+msgid "lang: en"
+msgstr ""
+
+msgid "ref: diy-bare-bones-ci-server-with-bash-and-nix"
+msgstr ""
+
+msgid ""
+"With a server with Nix installed (no need for NixOS), you can leverage its "
+"build isolation for running CI jobs by adding a [post-receive](https://git-"
+"scm.com/book/en/v2/Customizing-Git-Git-Hooks) Git hook to the server."
+msgstr ""
+
+msgid ""
+"In most of my project I like to keep a `test` attribute which runs the test "
+"with `nix-build -A test`. This way, a post-receive hook could look like:"
+msgstr ""
+
+msgid ""
+"#!/usr/bin/env bash\n"
+"set -Eeuo pipefail\n"
+"set -x\n"
+"\n"
+"LOGS_PREFIX=\"/data/static/ci-logs/libedn\"\n"
+"mkdir -p \"$LOGS_DIR\"\n"
+"LOGFILE=\"${LOGS_DIR}/$(date -Is)-$(git rev-parse master).log\"\n"
+"exec &> >(tee -a \"${LOGFILE}\")\n"
+"\n"
+"unset GIT_DIR\n"
+"CLONE=\"$(mktemp -d)\"\n"
+"git clone . \"$CLONE\"\n"
+"pushd \"$CLONE\"\n"
+"\n"
+"finish() {\n"
+"  printf \"\\n\\n>>> exit status was %s\\n\" \"$?\"\n"
+"}\n"
+"trap finish EXIT\n"
+"\n"
+"nix-build -A test\n"
+msgstr ""
+
+msgid ""
+"We initially (lines #5 to #8) create a log file, named after *when* the run "
+"is running and for *which* commit it is running for. The `exec` and `tee` "
+"combo allows the output of the script to go both to `stdout` *and* the log "
+"file. This makes the logs output show up when you do a `git push`."
+msgstr ""
+
+msgid ""
+"Lines #10 to #13 create a fresh clone of the repository and line #20 runs "
+"the test command."
+msgstr ""
+
+msgid ""
+"After using a similar post-receive hook for a while, I now even generate a "
+"simple HTML file to make the [logs available](https://ci.euandreh.xyz/) "
+"through the browser."
+msgstr ""
+
+msgid "Upsides"
+msgstr ""
+
+msgid "No vendor lock-in, as all you need is a server with Nix installed."
+msgstr ""
+
+msgid ""
+"And if you pin the Nixpkgs version you're using, this very simple setup "
+"yields extremely sandboxed runs on a very hermetic environment."
+msgstr ""
+
+msgid "Downsides"
+msgstr ""
+
+msgid ""
+"Besides the many missing shiny features of this very simplistic CI, `nix-"
+"build` can be very resource intensive. Specifically, it consumes too much "
+"memory. So if it has to download too many things, or the build closure gets "
+"too big, the server might very well run out of memory."
+msgstr ""
diff --git a/locale/pt/LC_MESSAGES/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.po b/locale/pt/LC_MESSAGES/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.po
new file mode 100644
index 0000000..cbc72d1
--- /dev/null
+++ b/locale/pt/LC_MESSAGES/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.po
@@ -0,0 +1,91 @@
+#
+msgid ""
+msgstr ""
+
+msgid "title: DIY bare bones CI server with Bash and Nix"
+msgstr ""
+
+msgid "date: 2020-11-12 3"
+msgstr ""
+
+msgid "layout: post"
+msgstr ""
+
+msgid "lang: en"
+msgstr ""
+
+msgid "ref: diy-bare-bones-ci-server-with-bash-and-nix"
+msgstr ""
+
+msgid ""
+"With a server with Nix installed (no need for NixOS), you can leverage its "
+"build isolation for running CI jobs by adding a [post-receive](https://git-"
+"scm.com/book/en/v2/Customizing-Git-Git-Hooks) Git hook to the server."
+msgstr ""
+
+msgid ""
+"In most of my project I like to keep a `test` attribute which runs the test "
+"with `nix-build -A test`. This way, a post-receive hook could look like:"
+msgstr ""
+
+msgid ""
+"#!/usr/bin/env bash\n"
+"set -Eeuo pipefail\n"
+"set -x\n"
+"\n"
+"LOGS_PREFIX=\"/data/static/ci-logs/libedn\"\n"
+"mkdir -p \"$LOGS_DIR\"\n"
+"LOGFILE=\"${LOGS_DIR}/$(date -Is)-$(git rev-parse master).log\"\n"
+"exec &> >(tee -a \"${LOGFILE}\")\n"
+"\n"
+"unset GIT_DIR\n"
+"CLONE=\"$(mktemp -d)\"\n"
+"git clone . \"$CLONE\"\n"
+"pushd \"$CLONE\"\n"
+"\n"
+"finish() {\n"
+"  printf \"\\n\\n>>> exit status was %s\\n\" \"$?\"\n"
+"}\n"
+"trap finish EXIT\n"
+"\n"
+"nix-build -A test\n"
+msgstr ""
+
+msgid ""
+"We initially (lines #5 to #8) create a log file, named after *when* the run "
+"is running and for *which* commit it is running for. The `exec` and `tee` "
+"combo allows the output of the script to go both to `stdout` *and* the log "
+"file. This makes the logs output show up when you do a `git push`."
+msgstr ""
+
+msgid ""
+"Lines #10 to #13 create a fresh clone of the repository and line #20 runs "
+"the test command."
+msgstr ""
+
+msgid ""
+"After using a similar post-receive hook for a while, I now even generate a "
+"simple HTML file to make the [logs available](https://ci.euandreh.xyz/) "
+"through the browser."
+msgstr ""
+
+msgid "Upsides"
+msgstr ""
+
+msgid "No vendor lock-in, as all you need is a server with Nix installed."
+msgstr ""
+
+msgid ""
+"And if you pin the Nixpkgs version you're using, this very simple setup "
+"yields extremely sandboxed runs on a very hermetic environment."
+msgstr ""
+
+msgid "Downsides"
+msgstr ""
+
+msgid ""
+"Besides the many missing shiny features of this very simplistic CI, `nix-"
+"build` can be very resource intensive. Specifically, it consumes too much "
+"memory. So if it has to download too many things, or the build closure gets "
+"too big, the server might very well run out of memory."
+msgstr ""
diff --git a/scripts/spelling/en.txt b/scripts/spelling/en.txt
index de42ebe..98a0351 100644
--- a/scripts/spelling/en.txt
+++ b/scripts/spelling/en.txt
@@ -48,6 +48,7 @@ realising
 reimplementation
 repo
 reproducibility
+sandboxed
 scriptable
 shouldn
 symlinks
diff --git a/scripts/spelling/international.txt b/scripts/spelling/international.txt
index 5a929e5..dc9b90e 100644
--- a/scripts/spelling/international.txt
+++ b/scripts/spelling/international.txt
@@ -71,6 +71,7 @@ Merkle
 NPM
 Nextcloud
 NixOS
+Nixpkgs
 OOP
 OTP
 POSIX