nixpkgs/pkgs/applications/version-management/gitlab/default.nix
talyz 59324d1fb9 gitlab: Build frontend assets from source
Instead of extracting prebuilt assets from the debian build, build
them from the source. This should give faster package updates and
reduces the amount of data needed to be downloaded by more than 500MB.
2019-10-08 11:24:06 +02:00

168 lines
5.3 KiB
Nix

{ stdenv, lib, fetchurl, fetchFromGitLab, bundlerEnv
, ruby, tzdata, git, nettools, nixosTests, nodejs
, gitlabEnterprise ? false, callPackage, yarn
, yarn2nix-moretea
}:
let
flavour = if gitlabEnterprise then "ee" else "ce";
data = (builtins.fromJSON (builtins.readFile ./data.json)).${flavour};
version = data.version;
src = fetchFromGitLab {
owner = data.owner;
repo = data.repo;
rev = data.rev;
sha256 = data.repo_hash;
};
rubyEnv = bundlerEnv rec {
name = "gitlab-env-${version}";
inherit ruby;
gemdir = ./rubyEnv- + (if gitlabEnterprise then "ee" else "ce");
gemset =
let x = import (gemdir + "/gemset.nix");
in x // {
# grpc expects the AR environment variable to contain `ar rpc`. See the
# discussion in nixpkgs #63056.
grpc = x.grpc // {
patches = [ ./fix-grpc-ar.patch ];
dontBuild = false;
};
};
groups = [
"default" "unicorn" "ed25519" "metrics" "development" "puma" "test" "kerberos"
];
# N.B. omniauth_oauth2_generic and apollo_upload_server both provide a
# `console` executable.
ignoreCollisions = true;
};
yarnOfflineCache = (callPackage ./yarnPkgs.nix {}).offline_cache;
assets = stdenv.mkDerivation {
pname = "gitlab-assets";
inherit version src;
nativeBuildInputs = [ rubyEnv.wrappedRuby rubyEnv.bundler nodejs yarn ];
configurePhase = ''
runHook preConfigure
# Some rake tasks try to run yarn automatically, which won't work
rm lib/tasks/yarn.rake
# The rake tasks won't run without a basic configuration in place
mv config/database.yml.env config/database.yml
mv config/gitlab.yml.example config/gitlab.yml
# Yarn and bundler wants a real home directory to write cache, config, etc to
export HOME=$NIX_BUILD_TOP/fake_home
# Make yarn install packages from our offline cache, not the registry
yarn config --offline set yarn-offline-mirror ${yarnOfflineCache}
# Fixup "resolved"-entries in yarn.lock to match our offline cache
${yarn2nix-moretea.fixup_yarn_lock}/bin/fixup_yarn_lock yarn.lock
yarn install --offline --frozen-lockfile --ignore-scripts --no-progress --non-interactive
patchShebangs node_modules/
runHook postConfigure
'';
buildPhase = ''
runHook preBuild
bundle exec rake gettext:po_to_json RAILS_ENV=production NODE_ENV=production
bundle exec rake rake:assets:precompile RAILS_ENV=production NODE_ENV=production
bundle exec rake webpack:compile RAILS_ENV=production NODE_ENV=production NODE_OPTIONS="--max_old_space_size=4096"
bundle exec rake gitlab:assets:fix_urls RAILS_ENV=production NODE_ENV=production
runHook postBuild
'';
installPhase = ''
runHook preInstall
mv public/assets $out
runHook postInstall
'';
};
in
stdenv.mkDerivation {
name = "gitlab${if gitlabEnterprise then "-ee" else ""}-${version}";
inherit src;
buildInputs = [
rubyEnv rubyEnv.wrappedRuby rubyEnv.bundler tzdata git nettools
];
patches = [ ./remove-hardcoded-locations.patch ];
postPatch = ''
# For reasons I don't understand "bundle exec" ignores the
# RAILS_ENV causing tests to be executed that fail because we're
# not installing development and test gems above. Deleting the
# tests works though.
rm lib/tasks/test.rake
rm config/initializers/gitlab_shell_secret_token.rb
sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake
sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb
'';
buildPhase = ''
rm -f config/secrets.yml
mv config config.dist
rm -r tmp
'';
installPhase = ''
mkdir -p $out/share
cp -r . $out/share/gitlab
ln -sf ${assets} $out/share/gitlab/public/assets
rm -rf $out/share/gitlab/log
ln -sf /run/gitlab/log $out/share/gitlab/log
ln -sf /run/gitlab/uploads $out/share/gitlab/public/uploads
ln -sf /run/gitlab/config $out/share/gitlab/config
ln -sf /run/gitlab/tmp $out/share/gitlab/tmp
# rake tasks to mitigate CVE-2017-0882
# see https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/
cp ${./reset_token.rake} $out/share/gitlab/lib/tasks/reset_token.rake
'';
passthru = {
inherit rubyEnv;
ruby = rubyEnv.wrappedRuby;
GITALY_SERVER_VERSION = data.passthru.GITALY_SERVER_VERSION;
GITLAB_PAGES_VERSION = data.passthru.GITLAB_PAGES_VERSION;
GITLAB_SHELL_VERSION = data.passthru.GITLAB_SHELL_VERSION;
GITLAB_WORKHORSE_VERSION = data.passthru.GITLAB_WORKHORSE_VERSION;
tests = {
nixos-test-passes = nixosTests.gitlab;
};
};
meta = with lib; {
homepage = http://www.gitlab.com/;
platforms = platforms.linux;
maintainers = with maintainers; [ fpletz globin krav ];
} // (if gitlabEnterprise then
{
license = licenses.unfreeRedistributable; # https://gitlab.com/gitlab-org/gitlab-ee/raw/master/LICENSE
description = "GitLab Enterprise Edition";
}
else
{
license = licenses.mit;
description = "GitLab Community Edition";
longDescription = "GitLab Community Edition (CE) is an open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, and more. Self-host GitLab CE on your own servers, in a container, or on a cloud provider.";
});
}