nixpkgs/pkgs/applications/version-management/gitlab/default.nix

208 lines
7.0 KiB
Nix
Raw Normal View History

{ stdenv, lib, fetchurl, fetchpatch, fetchFromGitLab, bundlerEnv
2020-09-28 21:42:57 +00:00
, ruby, tzdata, git, nettools, nixosTests, nodejs, openssl
, gitlabEnterprise ? false, callPackage, yarn
2021-10-17 17:19:22 +00:00
, fixup_yarn_lock, replace, file, cacert, fetchYarnDeps
2015-01-25 21:01:48 +00:00
}:
let
data = lib.importJSON ./data.json;
version = data.version;
src = fetchFromGitLab {
owner = data.owner;
repo = data.repo;
rev = data.rev;
sha256 = data.repo_hash;
};
rubyEnv = bundlerEnv rec {
2017-09-03 13:38:28 +00:00
name = "gitlab-env-${version}";
2015-01-25 21:01:48 +00:00
inherit ruby;
gemdir = ./rubyEnv;
gemset =
let x = import (gemdir + "/gemset.nix");
in x // {
2020-09-28 21:42:57 +00:00
# the openssl needs the openssl include files
openssl = x.openssl // {
buildInputs = [ openssl ];
};
2021-04-28 13:16:06 +00:00
ruby-magic = x.ruby-magic // {
2021-04-07 14:52:15 +00:00
buildInputs = [ file ];
buildFlags = [ "--enable-system-libraries" ];
};
2021-10-28 15:00:57 +00:00
# the included yarn rake task attaches the yarn:install task
# to assets:precompile, which is both unnecessary (since we
# run `yarn install` ourselves) and undoes the shebang patches
# in node_modules
railties = x.railties // {
dontBuild = false;
patches = [ ./railties-remove-yarn-install-enhancement.patch ];
patchFlags = "-p2";
};
};
2019-07-15 23:18:42 +00:00
groups = [
"default" "unicorn" "ed25519" "metrics" "development" "puma" "test" "kerberos"
2019-07-15 23:18:42 +00:00
];
# N.B. omniauth_oauth2_generic and apollo_upload_server both provide a
# `console` executable.
ignoreCollisions = true;
2015-01-25 21:01:48 +00:00
};
2021-10-17 17:19:22 +00:00
yarnOfflineCache = fetchYarnDeps {
yarnLock = src + "/yarn.lock";
sha256 = data.yarn_hash;
};
2017-09-03 13:38:28 +00:00
assets = stdenv.mkDerivation {
pname = "gitlab-assets";
inherit version src;
2021-08-05 12:22:39 +00:00
nativeBuildInputs = [ rubyEnv.wrappedRuby rubyEnv.bundler nodejs yarn git cacert ];
2019-12-22 23:39:33 +00:00
# Since version 12.6.0, the rake tasks need the location of git,
# so we have to apply the location patches here too.
patches = [ ./remove-hardcoded-locations.patch ];
# One of the patches uses this variable - if it's unset, execution
# of rake tasks fails.
GITLAB_LOG_PATH = "log";
FOSS_ONLY = !gitlabEnterprise;
configurePhase = ''
runHook preConfigure
# Some rake tasks try to run yarn automatically, which won't work
rm lib/tasks/yarn.rake
# The rake tasks won't run without a basic configuration in place
mv config/database.yml.env config/database.yml
mv config/gitlab.yml.example config/gitlab.yml
# Yarn and bundler wants a real home directory to write cache, config, etc to
export HOME=$NIX_BUILD_TOP/fake_home
# Make yarn install packages from our offline cache, not the registry
yarn config --offline set yarn-offline-mirror ${yarnOfflineCache}
# Fixup "resolved"-entries in yarn.lock to match our offline cache
${fixup_yarn_lock}/bin/fixup_yarn_lock yarn.lock
yarn install --offline --frozen-lockfile --ignore-scripts --no-progress --non-interactive
patchShebangs node_modules/
runHook postConfigure
'';
buildPhase = ''
runHook preBuild
bundle exec rake gettext:po_to_json RAILS_ENV=production NODE_ENV=production
bundle exec rake rake:assets:precompile RAILS_ENV=production NODE_ENV=production
2020-10-22 11:04:51 +00:00
bundle exec rake gitlab:assets:compile_webpack_if_needed RAILS_ENV=production NODE_ENV=production
bundle exec rake gitlab:assets:fix_urls RAILS_ENV=production NODE_ENV=production
2020-10-22 11:04:51 +00:00
bundle exec rake gitlab:assets:check_page_bundle_mixins_css_for_sideeffects RAILS_ENV=production NODE_ENV=production
runHook postBuild
'';
installPhase = ''
runHook preInstall
mv public/assets $out
runHook postInstall
'';
2017-09-03 13:38:28 +00:00
};
2015-01-25 21:01:48 +00:00
in
2019-08-13 21:52:01 +00:00
stdenv.mkDerivation {
name = "gitlab${lib.optionalString gitlabEnterprise "-ee"}-${version}";
inherit src;
2015-10-21 17:48:56 +00:00
2018-01-07 03:59:27 +00:00
buildInputs = [
rubyEnv rubyEnv.wrappedRuby rubyEnv.bundler tzdata git nettools
2018-01-07 03:59:27 +00:00
];
patches = [
# Change hardcoded paths to the NixOS equivalent
./remove-hardcoded-locations.patch
];
postPatch = ''
${lib.optionalString (!gitlabEnterprise) ''
# Remove all proprietary components
rm -rf ee
sed -i 's/-ee//' ./VERSION
''}
2015-01-25 21:01:48 +00:00
# For reasons I don't understand "bundle exec" ignores the
# RAILS_ENV causing tests to be executed that fail because we're
# not installing development and test gems above. Deleting the
# tests works though.
2015-01-25 21:01:48 +00:00
rm lib/tasks/test.rake
2015-10-21 17:48:56 +00:00
rm config/initializers/gitlab_shell_secret_token.rb
2018-03-22 01:08:49 +00:00
sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake
2018-11-02 20:22:51 +00:00
sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb
mv config/puma.rb.example config/puma.rb
# Always require lib-files and application.rb through their store
# path, not their relative state directory path. This gets rid of
# warnings and means we don't have to link back to lib from the
# state directory.
${replace}/bin/replace-literal -f -r -e '../lib' "$out/share/gitlab/lib" config
${replace}/bin/replace-literal -f -r -e "require_relative 'application'" "require_relative '$out/share/gitlab/config/application'" config
2015-01-25 21:01:48 +00:00
'';
2015-01-25 21:01:48 +00:00
buildPhase = ''
2017-09-03 13:38:28 +00:00
rm -f config/secrets.yml
mv config config.dist
rm -r tmp
'';
2015-01-25 21:01:48 +00:00
installPhase = ''
mkdir -p $out/share
cp -r . $out/share/gitlab
ln -sf ${assets} $out/share/gitlab/public/assets
2017-09-03 13:38:28 +00:00
rm -rf $out/share/gitlab/log
ln -sf /run/gitlab/log $out/share/gitlab/log
ln -sf /run/gitlab/uploads $out/share/gitlab/public/uploads
ln -sf /run/gitlab/config $out/share/gitlab/config
ln -sf /run/gitlab/tmp $out/share/gitlab/tmp
# rake tasks to mitigate CVE-2017-0882
# see https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/
cp ${./reset_token.rake} $out/share/gitlab/lib/tasks/reset_token.rake
2015-01-25 21:01:48 +00:00
'';
2015-01-25 21:01:48 +00:00
passthru = {
inherit rubyEnv assets;
2018-04-25 17:57:10 +00:00
ruby = rubyEnv.wrappedRuby;
GITALY_SERVER_VERSION = data.passthru.GITALY_SERVER_VERSION;
GITLAB_PAGES_VERSION = data.passthru.GITLAB_PAGES_VERSION;
GITLAB_SHELL_VERSION = data.passthru.GITLAB_SHELL_VERSION;
GITLAB_WORKHORSE_VERSION = data.passthru.GITLAB_WORKHORSE_VERSION;
gitlabEnv.FOSS_ONLY = lib.boolToString (!gitlabEnterprise);
tests = {
nixos-test-passes = nixosTests.gitlab;
};
};
2018-08-20 18:08:12 +00:00
2018-09-21 07:37:51 +00:00
meta = with lib; {
homepage = "http://www.gitlab.com/";
2018-09-21 07:37:51 +00:00
platforms = platforms.linux;
maintainers = with maintainers; [ fpletz globin krav talyz yayayayaka yuka ];
2018-09-21 07:40:08 +00:00
} // (if gitlabEnterprise then
{
license = licenses.unfreeRedistributable; # https://gitlab.com/gitlab-org/gitlab-ee/raw/master/LICENSE
description = "GitLab Enterprise Edition";
}
else
{
license = licenses.mit;
description = "GitLab Community Edition";
longDescription = "GitLab Community Edition (CE) is an open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, and more. Self-host GitLab CE on your own servers, in a container, or on a cloud provider.";
});
}