status-react/ci/tools/Jenkinsfile.nix-cache

137 lines
4.2 KiB
Plaintext
Raw Normal View History

2023-06-29 15:40:43 +02:00
#!/usr/bin/env groovy
library 'status-jenkins-lib@v1.9.13'
pipeline {
agent { label params.AGENT_LABEL }
parameters {
string(
name: 'NIX_CACHE_HOST',
description: 'FQDN of Nix binary cache host.',
defaultValue: params.NIX_CACHE_HOST ?: 'cache-01.do-ams3.nix.ci.statusim.net'
)
string(
name: 'NIX_CACHE_USER',
description: 'Username for Nix binary cache host.',
defaultValue: params.NIX_CACHE_USER ?: 'nix-cache'
)
}
environment {
/* we source .bash_profile to be able to use nix-store */
NIX_SSHOPTS = "-oStrictHostKeyChecking=no"
NIX_CONF_DIR = "${env.WORKSPACE}/nix"
NIX_STORE_CMD = '/nix/var/nix/profiles/default/bin/nix-store'
NIX_SSH_REMOTE = "ssh://${params.NIX_CACHE_USER}@${params.NIX_CACHE_HOST}?remote-program=${env.NIX_STORE_CMD}"
}
options {
timestamps()
disableConcurrentBuilds()
/* Prevent Jenkins jobs from running forever */
ci: build generic status-go and all shells When discussing caching of `status-go` with Sid I noticed that the build we cache daily created from our nightly build is different from the build we create locally due to a single input. In a release CI host we can see the IPFS URL is that of Infura: ``` > find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1 /nix/store/2cc8ilhx5g3k2awbn4sla61n4cml2405-status-go-0.130.1-d2cce5e-android > RESULT=$(find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1) > nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway github.com/status-im/status-go/params.IpfsGatewayURL=https://status-im.infura-ipfs.io/ipfs/ ``` But for a local build the URL is the default, which is our own gateway: ``` > nix-build --no-out-link -A targets.status-go.mobile.android /nix/store/1p53m7a6y1kg3vcyd8d06scf3bsyn5rk-status-go-0.157.2-47711c4-android > RESULT=$(nix-build --no-out-link -A targets.status-go.mobile.android) > nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway github.com/status-im/status-go/params.IpfsGatewayURL=https://ipfs.status.im/ ``` This difference causes builds of `status-go` that get uploaded to our Nix cache to not match what developers locally would build, which results in a cache miss. This changes the Nix cache CI jobs to instead of building only dependencies (`buildInuts`) to simply build the generic versions of `status-go` without nightly specific inputs. Signed-off-by: Jakub Sokołowski <jakub@status.im>
2023-06-15 09:39:28 +02:00
timeout(time: 120, unit: 'MINUTES')
/* Limit builds retained */
buildDiscarder(logRotator(
numToKeepStr: '20',
daysToKeepStr: '30',
artifactNumToKeepStr: '1',
))
}
stages {
stage('Setup') {
steps { script {
nix.shell('nix-env -i openssh', sandbox: false, pure: false)
major nix refactor Changes: - Adds a new `nix-gc` Makefile target for removing old packages - Moves all `nix/*.sh` files to `nix/scripts/*.sh` to make things more tidy - Renames `TARGET_OS` into `TARGET` and makes it effective only with `nix/scripts/shell.sh` - Renames `target-os` Nix argument to just `target` and makes it effective only with `shell.nix` - Drops `IN_CI_ENVIRONMENT` env variable which was useless - Drops use of `target-os` argument outside of `shell.nix` (with few exceptions, but just in naming) - `nix/platform.nix` has been made obsolete and removed - Moves the definition of all major targets to `nix/targets.nix` - Moves the definition of all major shells to `nix/shells.nix` - Makes `default.nix` and `shell.nix` just thin wrappers around `nix/default.nix` - `nix/nixpkgs-bootstrap.nix` has been moved to `nix/pkgs.nix` - All package and tool overrides have been moved to `nix/pkgs.nix` - Explicit passing of contents of `pkgs` has been removed in favor of `callPackage` doing it for us - `nix/bootstrapped-shell.nix` has been moved to `nix/tools/mkShell.nix` - A new `mergeSh` tool has been added to `pkgs` from `nix/tools/mergeSh.nix` - This tool is used to merge shells created using `mkShell` - `mobile/targets/jsbundle.nix` has been moved to `mobile/android/jsbundle/default.nix` - Moves `status-go` version sanitization to `nix/status-go/utils.nix` - Renames version to rawVersion and versionName to cleanVersion in status-go derivation - Ports nix/mobile/ios/install-pods-and-status-go.sh to Nix sub-shells - Moves adjustment of `inotify/max_user_watches` out into `scripts/inotify_fix.sh` - Makes iOS builds use the Nix version of Fastlane Signed-off-by: Jakub Sokołowski <jakub@status.im>
2019-11-29 11:20:08 +01:00
/* some build targets don't build on MacOS */
os = sh(script: 'uname', returnStdout: true).trim()
arch = sh(script: 'arch', returnStdout: true).trim()
} }
}
stage('Build status-go') {
steps { script {
ci: build generic status-go and all shells When discussing caching of `status-go` with Sid I noticed that the build we cache daily created from our nightly build is different from the build we create locally due to a single input. In a release CI host we can see the IPFS URL is that of Infura: ``` > find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1 /nix/store/2cc8ilhx5g3k2awbn4sla61n4cml2405-status-go-0.130.1-d2cce5e-android > RESULT=$(find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1) > nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway github.com/status-im/status-go/params.IpfsGatewayURL=https://status-im.infura-ipfs.io/ipfs/ ``` But for a local build the URL is the default, which is our own gateway: ``` > nix-build --no-out-link -A targets.status-go.mobile.android /nix/store/1p53m7a6y1kg3vcyd8d06scf3bsyn5rk-status-go-0.157.2-47711c4-android > RESULT=$(nix-build --no-out-link -A targets.status-go.mobile.android) > nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway github.com/status-im/status-go/params.IpfsGatewayURL=https://ipfs.status.im/ ``` This difference causes builds of `status-go` that get uploaded to our Nix cache to not match what developers locally would build, which results in a cache miss. This changes the Nix cache CI jobs to instead of building only dependencies (`buildInuts`) to simply build the generic versions of `status-go` without nightly specific inputs. Signed-off-by: Jakub Sokołowski <jakub@status.im>
2023-06-15 09:39:28 +02:00
def platforms = ['mobile.android', 'mobile.ios', 'library']
if (os != 'Darwin') { platforms.removeAll { it == 'mobile.ios' } }
/* FIXME: "'x86_64-darwin' with features {} is required to build" */
ci: build generic status-go and all shells When discussing caching of `status-go` with Sid I noticed that the build we cache daily created from our nightly build is different from the build we create locally due to a single input. In a release CI host we can see the IPFS URL is that of Infura: ``` > find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1 /nix/store/2cc8ilhx5g3k2awbn4sla61n4cml2405-status-go-0.130.1-d2cce5e-android > RESULT=$(find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1) > nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway github.com/status-im/status-go/params.IpfsGatewayURL=https://status-im.infura-ipfs.io/ipfs/ ``` But for a local build the URL is the default, which is our own gateway: ``` > nix-build --no-out-link -A targets.status-go.mobile.android /nix/store/1p53m7a6y1kg3vcyd8d06scf3bsyn5rk-status-go-0.157.2-47711c4-android > RESULT=$(nix-build --no-out-link -A targets.status-go.mobile.android) > nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway github.com/status-im/status-go/params.IpfsGatewayURL=https://ipfs.status.im/ ``` This difference causes builds of `status-go` that get uploaded to our Nix cache to not match what developers locally would build, which results in a cache miss. This changes the Nix cache CI jobs to instead of building only dependencies (`buildInuts`) to simply build the generic versions of `status-go` without nightly specific inputs. Signed-off-by: Jakub Sokołowski <jakub@status.im>
2023-06-15 09:39:28 +02:00
if (arch == 'arm64') { platforms.removeAll { it == 'mobile.android' } }
platforms.each { platform ->
/* Allow for Android builds on Apple ARM. */
env.NIXPKGS_SYSTEM_OVERRIDE = nixSysOverride(os, arch, platform)
nix.build(
attr: "targets.status-go.${platform}",
sandbox: false,
link: false
)
}
} }
}
stage('Build android jsbundle') {
steps { script {
/* Build/fetch deps required for jsbundle build. */
nix.build(
attr: 'targets.mobile.jsbundle',
sandbox: false,
pure: false,
link: false
)
} }
}
stage('Build android deps') {
steps { script {
/* Allow for Android builds on Apple ARM. */
env.NIXPKGS_SYSTEM_OVERRIDE = nixSysOverride(os, arch, 'android')
/* Build/fetch deps required to build android release. */
nix.build(
attr: 'targets.mobile.android.build.buildInputs',
sandbox: false,
pure: false,
link: false
)
} }
}
stage('Build nix shell deps') {
steps { script {
ci: build generic status-go and all shells When discussing caching of `status-go` with Sid I noticed that the build we cache daily created from our nightly build is different from the build we create locally due to a single input. In a release CI host we can see the IPFS URL is that of Infura: ``` > find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1 /nix/store/2cc8ilhx5g3k2awbn4sla61n4cml2405-status-go-0.130.1-d2cce5e-android > RESULT=$(find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1) > nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway github.com/status-im/status-go/params.IpfsGatewayURL=https://status-im.infura-ipfs.io/ipfs/ ``` But for a local build the URL is the default, which is our own gateway: ``` > nix-build --no-out-link -A targets.status-go.mobile.android /nix/store/1p53m7a6y1kg3vcyd8d06scf3bsyn5rk-status-go-0.157.2-47711c4-android > RESULT=$(nix-build --no-out-link -A targets.status-go.mobile.android) > nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway github.com/status-im/status-go/params.IpfsGatewayURL=https://ipfs.status.im/ ``` This difference causes builds of `status-go` that get uploaded to our Nix cache to not match what developers locally would build, which results in a cache miss. This changes the Nix cache CI jobs to instead of building only dependencies (`buildInuts`) to simply build the generic versions of `status-go` without nightly specific inputs. Signed-off-by: Jakub Sokołowski <jakub@status.im>
2023-06-15 09:39:28 +02:00
def shells = ['android', 'ios', 'fastlane', 'keytool', 'clojure', 'gradle']
if (os != 'Darwin') { shells.removeAll { it == 'ios' } }
/* FIXME: "'x86_64-darwin' with features {} is required to build" */
if (arch == 'arm64') { shells.removeAll { it == 'android' } }
/* Build/fetch deps required to start default Nix shell. */
ci: build generic status-go and all shells When discussing caching of `status-go` with Sid I noticed that the build we cache daily created from our nightly build is different from the build we create locally due to a single input. In a release CI host we can see the IPFS URL is that of Infura: ``` > find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1 /nix/store/2cc8ilhx5g3k2awbn4sla61n4cml2405-status-go-0.130.1-d2cce5e-android > RESULT=$(find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1) > nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway github.com/status-im/status-go/params.IpfsGatewayURL=https://status-im.infura-ipfs.io/ipfs/ ``` But for a local build the URL is the default, which is our own gateway: ``` > nix-build --no-out-link -A targets.status-go.mobile.android /nix/store/1p53m7a6y1kg3vcyd8d06scf3bsyn5rk-status-go-0.157.2-47711c4-android > RESULT=$(nix-build --no-out-link -A targets.status-go.mobile.android) > nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway github.com/status-im/status-go/params.IpfsGatewayURL=https://ipfs.status.im/ ``` This difference causes builds of `status-go` that get uploaded to our Nix cache to not match what developers locally would build, which results in a cache miss. This changes the Nix cache CI jobs to instead of building only dependencies (`buildInuts`) to simply build the generic versions of `status-go` without nightly specific inputs. Signed-off-by: Jakub Sokołowski <jakub@status.im>
2023-06-15 09:39:28 +02:00
shells.each { shell ->
/* Allow for Android builds on Apple ARM. */
env.NIXPKGS_SYSTEM_OVERRIDE = nixSysOverride(os, arch, shell)
ci: build generic status-go and all shells When discussing caching of `status-go` with Sid I noticed that the build we cache daily created from our nightly build is different from the build we create locally due to a single input. In a release CI host we can see the IPFS URL is that of Infura: ``` > find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1 /nix/store/2cc8ilhx5g3k2awbn4sla61n4cml2405-status-go-0.130.1-d2cce5e-android > RESULT=$(find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1) > nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway github.com/status-im/status-go/params.IpfsGatewayURL=https://status-im.infura-ipfs.io/ipfs/ ``` But for a local build the URL is the default, which is our own gateway: ``` > nix-build --no-out-link -A targets.status-go.mobile.android /nix/store/1p53m7a6y1kg3vcyd8d06scf3bsyn5rk-status-go-0.157.2-47711c4-android > RESULT=$(nix-build --no-out-link -A targets.status-go.mobile.android) > nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway github.com/status-im/status-go/params.IpfsGatewayURL=https://ipfs.status.im/ ``` This difference causes builds of `status-go` that get uploaded to our Nix cache to not match what developers locally would build, which results in a cache miss. This changes the Nix cache CI jobs to instead of building only dependencies (`buildInuts`) to simply build the generic versions of `status-go` without nightly specific inputs. Signed-off-by: Jakub Sokołowski <jakub@status.im>
2023-06-15 09:39:28 +02:00
nix.build(
attr: "shells.${shell}.buildInputs",
sandbox: false,
link: false
)
}
} }
}
stage('Upload') {
steps { script {
sshagent(credentials: ['nix-cache-ssh']) {
nix.shell("""
find /nix/store/ -mindepth 1 -maxdepth 1 -type d \
-not -name '*.links' -and -not -name '*-status-mobile-*' \
| xargs nix copy --to ${NIX_SSH_REMOTE}
""",
pure: false
)
}
} }
}
}
post {
always { script {
nix.shell('nix-store --optimize', pure: false)
} }
}
}
def nixSysOverride(os, arch, target='android') {
return (
os == 'Darwin' &&
arch == 'arm64' &&
target =~ /.*android$/
) ? 'x86_64-darwin' : ''
}