pipeline { agent { /* the -u is necessary for acces to /nix */ docker { label 'linux' image 'statusteam/nix:jenkins' } } environment { /* we source .bash_profile to be able to use nix-store */ NIX_SSHOPTS="-o StrictHostKeyChecking=no source .bash_profile;" /* where our /nix/store is hosted */ NIX_CACHE_USER = 'nix-cache' NIX_CACHE_HOST = 'master-01.do-ams3.ci.misc.statusim.net' /* we add both keys so default binary cache also works */ NIX_BIN_CACHE = 'https://nix-cache.status.im/' NIX_BIN_CACHE_KEYS = ( 'nix-cache.status.im-1:x/93lOfLU+duPplwMSBR+OlY4+mo+dCN7n0mr4oPwgY= '+ 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=' ) } options { timestamps() disableConcurrentBuilds() /* Prevent Jenkins jobs from running forever */ timeout(time: 20, unit: 'MINUTES') /* Limit builds retained */ buildDiscarder(logRotator( numToKeepStr: '20', daysToKeepStr: '30', )) } stages { stage('Setup') { steps { sh 'nix-env -i openssh' } } stage('Build') { steps { /* we dogfood our own cache to speed up builds */ sh """ nix-build -A env.all \ --option extra-substituters '${NIX_BIN_CACHE}' \ --trusted-public-keys '${NIX_BIN_CACHE_KEYS}' """ } } stage('Upload') { steps { sshagent(credentials: ['nix-cache-ssh']) { sh """ find /nix/store/ -mindepth 1 -maxdepth 1 -not -name '.links' -and -not -name '*.lock' | \ xargs nix-copy-closure -v --to ${NIX_CACHE_USER}@${NIX_CACHE_HOST} """ } } } } }