pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / applications / version-management / gitlab / default.nix
at 23.11-beta 218 lines 7.8 kB view raw
Raito Bezarius gitlab: use Ruby 3.2
2e7b72c5
1{ stdenv, lib, fetchurl, fetchpatch, fetchFromGitLab, bundlerEnv 2, ruby_3_2, tzdata, git, nettools, nixosTests, nodejs, openssl 3, gitlabEnterprise ? false, callPackage, yarn 4, fixup_yarn_lock, replace, file, cacert, fetchYarnDeps, makeWrapper, pkg-config 5}: 6 7let 8 data = lib.importJSON ./data.json; 9 10 version = data.version; 11 src = fetchFromGitLab { 12 owner = data.owner; 13 repo = data.repo; 14 rev = data.rev; 15 sha256 = data.repo_hash; 16 }; 17 18 rubyEnv = bundlerEnv rec { 19 name = "gitlab-env-${version}"; 20 ruby = ruby_3_2; 21 gemdir = ./rubyEnv; 22 gemset = 23 let x = import (gemdir + "/gemset.nix") src; 24 in x // { 25 gpgme = x.gpgme // { 26 nativeBuildInputs = [ pkg-config ]; 27 }; 28 # the openssl needs the openssl include files 29 openssl = x.openssl // { 30 buildInputs = [ openssl ]; 31 }; 32 ruby-magic = x.ruby-magic // { 33 buildInputs = [ file ]; 34 buildFlags = [ "--enable-system-libraries" ]; 35 }; 36 }; 37 groups = [ 38 "default" "unicorn" "ed25519" "metrics" "development" "puma" "test" "kerberos" 39 ]; 40 # N.B. omniauth_oauth2_generic and apollo_upload_server both provide a 41 # `console` executable. 42 ignoreCollisions = true; 43 44 extraConfigPaths = [ "${src}/vendor" "${src}/gems" ]; 45 }; 46 47 assets = stdenv.mkDerivation { 48 pname = "gitlab-assets"; 49 inherit version src; 50 51 yarnOfflineCache = fetchYarnDeps { 52 yarnLock = src + "/yarn.lock"; 53 sha256 = data.yarn_hash; 54 }; 55 56 nativeBuildInputs = [ rubyEnv.wrappedRuby rubyEnv.bundler nodejs yarn git cacert ]; 57 58 patches = [ 59 # Since version 12.6.0, the rake tasks need the location of git, 60 # so we have to apply the location patches here too. 61 ./remove-hardcoded-locations.patch 62 63 # Gitlab edited the default database config since [1] and the 64 # installer now complains about valid keywords only being "main", "ci" and "embedded". 65 # 66 # [1]: https://gitlab.com/gitlab-org/gitlab/-/commit/99c0fac52b10cd9df62bbe785db799352a2d9028 67 ./Remove-unsupported-database-names.patch 68 ]; 69 # One of the patches uses this variable - if it's unset, execution 70 # of rake tasks fails. 71 GITLAB_LOG_PATH = "log"; 72 FOSS_ONLY = !gitlabEnterprise; 73 74 configurePhase = '' 75 runHook preConfigure 76 77 # Some rake tasks try to run yarn automatically, which won't work 78 rm lib/tasks/yarn.rake 79 80 # The rake tasks won't run without a basic configuration in place 81 mv config/database.yml.postgresql config/database.yml 82 mv config/gitlab.yml.example config/gitlab.yml 83 84 # Yarn and bundler wants a real home directory to write cache, config, etc to 85 export HOME=$NIX_BUILD_TOP/fake_home 86 87 # Make yarn install packages from our offline cache, not the registry 88 yarn config --offline set yarn-offline-mirror $yarnOfflineCache 89 90 # Fixup "resolved"-entries in yarn.lock to match our offline cache 91 ${fixup_yarn_lock}/bin/fixup_yarn_lock yarn.lock 92 93 yarn install --offline --frozen-lockfile --ignore-scripts --no-progress --non-interactive 94 95 patchShebangs node_modules/ 96 patchShebangs scripts/frontend/ 97 98 runHook postConfigure 99 ''; 100 101 buildPhase = '' 102 runHook preBuild 103 104 bundle exec rake gettext:po_to_json RAILS_ENV=production NODE_ENV=production 105 bundle exec rake rake:assets:precompile RAILS_ENV=production NODE_ENV=production 106 bundle exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production 107 bundle exec rake gitlab:assets:fix_urls RAILS_ENV=production NODE_ENV=production 108 bundle exec rake gitlab:assets:check_page_bundle_mixins_css_for_sideeffects RAILS_ENV=production NODE_ENV=production 109 110 runHook postBuild 111 ''; 112 113 installPhase = '' 114 runHook preInstall 115 116 mv public/assets $out 117 118 runHook postInstall 119 ''; 120 }; 121in 122stdenv.mkDerivation { 123 name = "gitlab${lib.optionalString gitlabEnterprise "-ee"}-${version}"; 124 125 inherit src; 126 127 nativeBuildInputs = [ makeWrapper ]; 128 buildInputs = [ 129 rubyEnv rubyEnv.wrappedRuby rubyEnv.bundler tzdata git nettools 130 ]; 131 132 patches = [ 133 # Change hardcoded paths to the NixOS equivalent 134 ./remove-hardcoded-locations.patch 135 ]; 136 137 postPatch = '' 138 ${lib.optionalString (!gitlabEnterprise) '' 139 # Remove all proprietary components 140 rm -rf ee 141 sed -i 's/-ee//' ./VERSION 142 ''} 143 144 # For reasons I don't understand "bundle exec" ignores the 145 # RAILS_ENV causing tests to be executed that fail because we're 146 # not installing development and test gems above. Deleting the 147 # tests works though. 148 rm lib/tasks/test.rake 149 150 rm config/initializers/gitlab_shell_secret_token.rb 151 152 sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake 153 sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb 154 155 mv config/puma.rb.example config/puma.rb 156 # Always require lib-files and application.rb through their store 157 # path, not their relative state directory path. This gets rid of 158 # warnings and means we don't have to link back to lib from the 159 # state directory. 160 ${replace}/bin/replace-literal -f -r -e '../../lib' "$out/share/gitlab/lib" config 161 ${replace}/bin/replace-literal -f -r -e '../lib' "$out/share/gitlab/lib" config 162 ${replace}/bin/replace-literal -f -r -e "require_relative 'application'" "require_relative '$out/share/gitlab/config/application'" config 163 ${replace}/bin/replace-literal -f -r -e 'require_relative "/home/git/gitlab/lib/gitlab/puma/error_handler"' "require_relative '$out/share/gitlab/lib/gitlab/puma/error_handler'" config 164 ''; 165 166 buildPhase = '' 167 rm -f config/secrets.yml 168 mv config config.dist 169 rm -r tmp 170 ''; 171 172 installPhase = '' 173 mkdir -p $out/share 174 cp -r . $out/share/gitlab 175 ln -sf ${assets} $out/share/gitlab/public/assets 176 rm -rf $out/share/gitlab/log 177 ln -sf /run/gitlab/log $out/share/gitlab/log 178 ln -sf /run/gitlab/uploads $out/share/gitlab/public/uploads 179 ln -sf /run/gitlab/config $out/share/gitlab/config 180 ln -sf /run/gitlab/tmp $out/share/gitlab/tmp 181 182 # rake tasks to mitigate CVE-2017-0882 183 # see https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/ 184 cp ${./reset_token.rake} $out/share/gitlab/lib/tasks/reset_token.rake 185 186 # manually patch the shebang line in generate-loose-foreign-key 187 wrapProgram $out/share/gitlab/scripts/decomposition/generate-loose-foreign-key --set ENABLE_SPRING 0 --add-flags 'runner -e test' 188 ''; 189 190 passthru = { 191 inherit rubyEnv assets; 192 ruby = rubyEnv.wrappedRuby; 193 GITALY_SERVER_VERSION = data.passthru.GITALY_SERVER_VERSION; 194 GITLAB_PAGES_VERSION = data.passthru.GITLAB_PAGES_VERSION; 195 GITLAB_SHELL_VERSION = data.passthru.GITLAB_SHELL_VERSION; 196 GITLAB_WORKHORSE_VERSION = data.passthru.GITLAB_WORKHORSE_VERSION; 197 gitlabEnv.FOSS_ONLY = lib.boolToString (!gitlabEnterprise); 198 tests = { 199 nixos-test-passes = nixosTests.gitlab; 200 }; 201 }; 202 203 meta = with lib; { 204 homepage = "http://www.gitlab.com/"; 205 platforms = platforms.linux; 206 maintainers = teams.gitlab.members; 207 } // (if gitlabEnterprise then 208 { 209 license = licenses.unfreeRedistributable; # https://gitlab.com/gitlab-org/gitlab-ee/raw/master/LICENSE 210 description = "GitLab Enterprise Edition"; 211 } 212 else 213 { 214 license = licenses.mit; 215 description = "GitLab Community Edition"; 216 longDescription = "GitLab Community Edition (CE) is an open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, and more. Self-host GitLab CE on your own servers, in a container, or on a cloud provider."; 217 }); 218}