nix: add support for INFURA_TOKEN var for Android build

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2020-10-06 13:54:28 +02:00
parent 085ae22be1
commit 908b5f723c
No known key found for this signature in database
GPG Key ID: 4EF064D0E6D63020
5 changed files with 29 additions and 24 deletions

View File

@ -1,7 +1,6 @@
# Helper for verifying an environment variable is set
name: ''
if [[ -z ''$${name} ]]; then
echo 'Not env var set: ${name}' >&2
exit 1
echo 'WARNING! Env var not set: ${name}' >&2
fi
''

View File

@ -4,5 +4,5 @@
getConfig = import ./getConfig.nix { inherit lib config; };
mkFilter = import ./mkFilter.nix { inherit lib; };
mergeSh = import ./mergeSh.nix { inherit lib; };
assertEnvVarSet = import ./assertEnvVarSet.nix;
checkEnvVarSet = import ./checkEnvVarSet.nix;
}

View File

@ -47,6 +47,7 @@ stdenv.mkDerivation {
# For optional INFURA_TOKEN variable
secretsPhase = if (secretsFile != "") then ''
source "${secretsFile}"
${lib.checkEnvVarSet "INFURA_TOKEN"}
'' else ''
echo "No secrets provided!"
'';

View File

@ -17,7 +17,7 @@ assert (lib.stringLength watchmanSockPath) > 0 -> stdenv.isDarwin;
let
inherit (lib)
toLower optionalString stringLength assertMsg
getConfig makeLibraryPath assertEnvVarSet elem;
getConfig makeLibraryPath checkEnvVarSet elem;
# Pass secretsFile for INFURA_TOKEN to jsbundle build
builtJsBundle = jsbundle { inherit secretsFile; };
@ -87,8 +87,8 @@ in stdenv.mkDerivation rec {
STATUS_GO_ANDROID_LIBDIR = "${status-go}";
phases = [
"unpackPhase" "secretsPhase" "secretsCheckPhase"
"keystorePhase" "buildPhase" "checkPhase" "installPhase"
"unpackPhase" "secretsPhase" "keystorePhase"
"buildPhase" "checkPhase" "installPhase"
];
unpackPhase = ''
@ -119,6 +119,9 @@ in stdenv.mkDerivation rec {
# if secretsFile is not set we use generate keystore
secretsPhase = if (secretsFile != "") then ''
source "${secretsFile}"
${checkEnvVarSet "KEYSTORE_ALIAS"}
${checkEnvVarSet "KEYSTORE_PASSWORD"}
${checkEnvVarSet "KEYSTORE_KEY_PASSWORD"}
'' else keystore.shellHook;
# if keystorePath is set copy it into build directory
@ -128,11 +131,6 @@ in stdenv.mkDerivation rec {
export KEYSTORE_PATH="$PWD/status-im.keystore"
cp -a --no-preserve=ownership "${keystorePath}" "$KEYSTORE_PATH"
'';
secretsCheckPhase = ''
${assertEnvVarSet "KEYSTORE_ALIAS"}
${assertEnvVarSet "KEYSTORE_PASSWORD"}
${assertEnvVarSet "KEYSTORE_KEY_PASSWORD"}
'';
buildPhase = let
adhocEnvVars = optionalString stdenv.isLinux
"LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${makeLibraryPath [ pkgs.zlib ]}";

View File

@ -7,20 +7,19 @@ GIT_ROOT=$(cd "${BASH_SOURCE%/*}" && git rev-parse --show-toplevel)
source "${GIT_ROOT}/scripts/colors.sh"
function must_get_env() {
declare -n VAR_NAME="$1"
if [[ -n "${VAR_NAME}" ]]; then
echo "${VAR_NAME}"
declare -n VAR_VALUE="$1"
if [[ -n "${VAR_VALUE}" ]]; then
echo "${VAR_VALUE}"
return
fi
echo -e "${RED}No required env variable:${RST} ${BLD}${!VAR_NAME}${RST}" 1>&2
echo -e "${RED}No required env variable:${RST} ${BLD}${!VAR_VALUE}${RST}" 1>&2
exit 1
}
function append_env_export() {
ENV_VAR_NAME=${1}
if [[ -n "${!ENV_VAR_NAME}" ]]; then
echo "export ${ENV_VAR_NAME}=\"${!ENV_VAR_NAME}\";" >> "${SECRETS_FILE_PATH}"
fi
VAR_NAME=${1}
VAR_VALUE=$(must_get_env "${VAR_NAME}")
echo "export ${VAR_NAME}=\"${VAR_VALUE}\";" >> "${SECRETS_FILE_PATH}"
}
config=''
@ -38,15 +37,23 @@ config+="status-im.android.abi-split=\"$(must_get_env ANDROID_ABI_SPLIT)\";"
config+="status-im.android.abi-include=\"$(must_get_env ANDROID_ABI_INCLUDE)\";"
nixOpts=()
# If no secrets were passed there's no need to pass the 'secretsFile'
if [[ -n "${KEYSTORE_ALIAS}${KEYSTORE_ALIAS}${KEYSTORE_ALIAS}" ]]; then
# Secrets like this can't be passed via args or they end up in derivation
SECRETS_FILE_PATH=$(mktemp)
trap "rm -f ${SECRETS_FILE_PATH}" EXIT ERR INT QUIT
# We create if now so the trap knows its location
export SECRETS_FILE_PATH=$(mktemp)
chmod 644 ${SECRETS_FILE_PATH}
# If secrets file was created we want to remove it.
trap "rm -vf ${SECRETS_FILE_PATH}" EXIT ERR INT QUIT
# Secrets like this can't be passed via args or they end up in derivation.
if [[ -n "${KEYSTORE_ALIAS}${KEYSTORE_ALIAS}${KEYSTORE_ALIAS}" ]]; then
# WARNING: All three have to be set!
append_env_export 'KEYSTORE_PASSWORD'
append_env_export 'KEYSTORE_ALIAS'
append_env_export 'KEYSTORE_KEY_PASSWORD'
fi
if [[ -n "${INFURA_TOKEN}" ]]; then
append_env_export 'INFURA_TOKEN'
fi
# If no secrets were passed there's no need to pass the 'secretsFile'.
if [[ -s "${SECRETS_FILE_PATH}" ]]; then
nixOpts+=("--argstr" "secretsFile" "${SECRETS_FILE_PATH}")
fi