diff options
Diffstat (limited to '_tils')
| -rw-r--r-- | _tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.md | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.md b/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.md new file mode 100644 index 0000000..b26a06e --- /dev/null +++ b/_tils/2020-11-12-diy-bare-bones-ci-server-with-bash-and-nix.md @@ -0,0 +1,71 @@ +--- + +title: DIY bare bones CI server with Bash and Nix + +date: 2020-11-12 3 + +layout: post + +lang: en + +ref: diy-bare-bones-ci-server-with-bash-and-nix + +--- + +With a server with Nix installed (no need for NixOS), you can leverage its build +isolation for running CI jobs by adding a [post-receive][post-receive] Git hook +to the server. + +In most of my project I like to keep a `test` attribute which runs the test with +`nix-build -A test`. This way, a post-receive hook could look like: + +```shell +#!/usr/bin/env bash +set -Eeuo pipefail +set -x + +LOGS_PREFIX="/data/static/ci-logs/libedn" +mkdir -p "$LOGS_DIR" +LOGFILE="${LOGS_DIR}/$(date -Is)-$(git rev-parse master).log" +exec &> >(tee -a "${LOGFILE}") + +unset GIT_DIR +CLONE="$(mktemp -d)" +git clone . "$CLONE" +pushd "$CLONE" + +finish() { + printf "\n\n>>> exit status was %s\n" "$?" +} +trap finish EXIT + +nix-build -A test +``` + +We initially (lines #5 to #8) create a log file, named after *when* the run is +running and for *which* commit it is running for. The `exec` and `tee` combo +allows the output of the script to go both to `stdout` *and* the log file. This +makes the logs output show up when you do a `git push`. + +Lines #10 to #13 create a fresh clone of the repository and line #20 runs the +test command. + +After using a similar post-receive hook for a while, I now even generate a +simple HTML file to make the [logs available][ci-logs] through the browser. + +[post-receive]: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks +[ci-logs]: https://ci.euandreh.xyz/ + +## Upsides + +No vendor lock-in, as all you need is a server with Nix installed. + +And if you pin the Nixpkgs version you're using, this very simple setup yields +extremely sandboxed runs on a very hermetic environment. + +## Downsides + +Besides the many missing shiny features of this very simplistic CI, `nix-build` +can be very resource intensive. Specifically, it consumes too much memory. So if +it has to download too many things, or the build closure gets too big, the +server might very well run out of memory. |