
162 lines
4.9 KiB
Raw Normal View History

* Arguments:
* - pure - Use --pure mode with Nix for more deterministic behaviour
* - keep - List of env variables to keep even in pure mode
* - args - Map of arguments to provide to --argstr
def shell(Map opts = [:], String cmd) {
def defaults = [
pure: true,
args: ['target-os': env.TARGET_OS ? env.TARGET_OS : 'none'],
2019-07-04 14:49:21 +00:00
/* merge defaults with received opts */
opts = defaults + opts
/* previous merge overwrites the array */
opts.keep = (opts.keep + defaults.keep).unique()
/* not all targets can use a pure build */
if (env.TARGET_OS in ['windows', 'ios']) {
opts.pure = false
set +x
. ~/.nix-profile/etc/profile.d/
set -x
nix-shell --run \'${cmd}\' ${_getNixCommandArgs(opts, true)}
* Arguments:
* - pure - Use --pure mode with Nix for more deterministic behaviour
* - link - Bu default build creates a `result` directory, you can turn that off
* - keep - List of env variables to pass through to Nix build
* - args - Map of arguments to provide to --argstr
* - attr - Name of attribute to use with --attr flag
* - sbox - List of host file paths to pass to the Nix expression
* - safeEnv - Name of env variables to pass securely through to Nix build (they won't get captured in Nix derivation file)
def build(Map opts = [:]) {
def defaults = [
pure: true,
link: true,
args: ['target-os': env.TARGET_OS],
attr: null,
sbox: [],
safeEnv: [],
/* merge defaults with received opts */
opts = defaults + opts
/* Previous merge overwrites the array */
opts.args = defaults.args + opts.args
opts.keep = (opts.keep + defaults.keep).unique()
def nixPath = sh(
returnStdout: true,
script: """
set +x
. ~/.nix-profile/etc/profile.d/
set -x
nix-build ${_getNixCommandArgs(opts, false)}
/* if not linking, copy results, but only if there's just one path */
if (! && nixPath && !nixPath.contains('\n')) {
return nixPath
private def copyResults(path) {
def resultsPath = "${env.WORKSPACE}/result"
sh "rm -fr ${resultsPath}"
sh "mkdir -p ${resultsPath}"
sh "cp -fr ${path}/* ${resultsPath}/"
sh "chmod -R 755 ${resultsPath}"
private makeNixBuildEnvFile(Map opts = [:]) {
File envFile = File.createTempFile("nix-env", ".tmp")
if (!opts.safeEnv.isEmpty()) {
// Export the environment variables we want to keep into a temporary script we can pass to Nix and source it from the build script
def exportCommandList = opts.safeEnv.collect { envVarName -> """
echo \"export ${envVarName}=\\\"\$(printenv ${envVarName})\\\"\" >> ${envFile.absolutePath}
""" }
def exportCommands = exportCommandList.join("")
sh """
chmod u+x ${envFile.absolutePath}
opts.args = opts.args + [ 'secrets-file': envFile.absolutePath ]
opts.sbox = opts.sbox + envFile.absolutePath
return envFile
private def _getNixCommandArgs(Map opts = [:], boolean isShell) {
def keepFlags = []
def entryPoint = "\'${env.WORKSPACE}/shell.nix\'"
if (!isShell || opts.attr != null) {
entryPoint = "\'${env.WORKSPACE}/default.nix\'"
def extraSandboxPathsFlag = ''
if (isShell) {
keepFlags = opts.keep.collect { var -> "--keep ${var} " }
} else {
def envVarsList = opts.keep.collect { var -> "${var}=\"${env[var]}\";" }
keepFlags = ["--arg env \'{${envVarsList.join("")}}\'"]
/* Export the environment variables we want to keep into
* a Nix attribute set we can pass to Nix and source it from the build script */
def envFile = makeNixBuildEnvFile(opts)
def argsFlags = opts.args.collect { key,val -> "--argstr ${key} \'${val}\'" }
def attrFlag = ''
if (opts.attr != null) {
attrFlag = "--attr '${opts.attr}'"
if (opts.sbox != null && !opts.sbox.isEmpty()) {
extraSandboxPathsFlag = "--option extra-sandbox-paths \"${opts.sbox.join(' ')}\""
return [
opts.pure ? "--pure" : "", ? "" : "--no-out-link",
keepFlags.join(" "),
argsFlags.join(" "),
].join(" ")
def prepEnv() {
if (env.TARGET_OS in ['linux', 'windows', 'android']) {
def glibcLocales = sh(
returnStdout: true,
script: """
. ~/.nix-profile/etc/profile.d/ && \\
nix-build --no-out-link '<nixpkgs>' -A glibcLocales
* This is a hack to fix missing locale errors.
* See:
* -
* -
env.LOCALE_ARCHIVE_2_27 = "${glibcLocales}/lib/locale/locale-archive"
return this