tjh.dev
1{ lib
2, stdenv
3, fetchFromGitHub
4, buildGoModule
5, makeWrapper
6, cacert
7, moreutils
8, jq
9, git
10, rsync
11, pkg-config
12, yarn
13, python3
14, esbuild
15, nodejs
16, node-gyp
17, libsecret
18, xorg
19, ripgrep
20, AppKit
21, Cocoa
22, CoreServices
23, Security
24, cctools
25, xcbuild
26, quilt
27, nixosTests
28}:
29
30let
31 system = stdenv.hostPlatform.system;
32
33 python = python3;
34 yarn' = yarn.override { inherit nodejs; };
35 defaultYarnOpts = [ ];
36
37 esbuild' = esbuild.override {
38 buildGoModule = args: buildGoModule (args // rec {
39 version = "0.16.17";
40 src = fetchFromGitHub {
41 owner = "evanw";
42 repo = "esbuild";
43 rev = "v${version}";
44 hash = "sha256-8L8h0FaexNsb3Mj6/ohA37nYLFogo5wXkAhGztGUUsQ=";
45 };
46 vendorHash = "sha256-+BfxCyg0KkDQpHt/wycy/8CTG6YBA/VJvJFhhzUnSiQ=";
47 });
48 };
49
50 # replaces esbuild's download script with a binary from nixpkgs
51 patchEsbuild = path: version: ''
52 mkdir -p ${path}/node_modules/esbuild/bin
53 jq "del(.scripts.postinstall)" ${path}/node_modules/esbuild/package.json | sponge ${path}/node_modules/esbuild/package.json
54 sed -i 's/${version}/${esbuild'.version}/g' ${path}/node_modules/esbuild/lib/main.js
55 ln -s -f ${esbuild'}/bin/esbuild ${path}/node_modules/esbuild/bin/esbuild
56 '';
57
58 # Comment from @code-asher, the code-server maintainer
59 # See https://github.com/NixOS/nixpkgs/pull/240001#discussion_r1244303617
60 #
61 # If the commit is missing it will break display languages (Japanese, Spanish,
62 # etc). For some reason VS Code has a hard dependency on the commit being set
63 # for that functionality.
64 # The commit is also used in cache busting. Without the commit you could run
65 # into issues where the browser is loading old versions of assets from the
66 # cache.
67 # Lastly, it can be helpful for the commit to be accurate in bug reports
68 # especially when they are built outside of our CI as sometimes the version
69 # numbers can be unreliable (since they are arbitrarily provided).
70 #
71 # To compute the commit when upgrading this derivation, do:
72 # `$ git rev-parse <git-rev>` where <git-rev> is the git revision of the `src`
73 # Example: `$ git rev-parse v4.16.1`
74 commit = "94ef3776ad7bebfb5780dfc9632e04d20d5c9a6c";
75in
76stdenv.mkDerivation (finalAttrs: {
77 pname = "code-server";
78 version = "4.16.1";
79
80 src = fetchFromGitHub {
81 owner = "coder";
82 repo = "code-server";
83 rev = "v${finalAttrs.version}";
84 fetchSubmodules = true;
85 hash = "sha256-h4AooHHKV/EfN2S1z7CQKqnYW3uA3sKhSW4senlzjxI=";
86 };
87
88 yarnCache = stdenv.mkDerivation {
89 name = "${finalAttrs.pname}-${finalAttrs.version}-${system}-yarn-cache";
90 inherit (finalAttrs) src;
91
92 nativeBuildInputs = [ yarn' git cacert ];
93
94 buildPhase = ''
95 runHook preBuild
96
97 export HOME=$PWD
98 export GIT_SSL_CAINFO="${cacert}/etc/ssl/certs/ca-bundle.crt"
99
100 yarn --cwd "./vendor" install --modules-folder modules --ignore-scripts --frozen-lockfile
101
102 yarn config set yarn-offline-mirror $out
103 find "$PWD" -name "yarn.lock" -printf "%h\n" | \
104 xargs -I {} yarn --cwd {} \
105 --frozen-lockfile --ignore-scripts --ignore-platform \
106 --ignore-engines --no-progress --non-interactive
107
108 find ./lib/vscode -name "yarn.lock" -printf "%h\n" | \
109 xargs -I {} yarn --cwd {} \
110 --ignore-scripts --ignore-engines
111
112 runHook postBuild
113 '';
114
115 outputHashMode = "recursive";
116 outputHashAlgo = "sha256";
117 outputHash = "sha256-vkju+oxEYrEXFAnjz/Mf1g0ZhxBALLAaRuWE0swSWwM=";
118 };
119
120 nativeBuildInputs = [
121 nodejs
122 yarn'
123 python
124 pkg-config
125 makeWrapper
126 git
127 rsync
128 jq
129 moreutils
130 quilt
131 ];
132
133 buildInputs = lib.optionals (!stdenv.isDarwin) [ libsecret ]
134 ++ (with xorg; [ libX11 libxkbfile ])
135 ++ lib.optionals stdenv.isDarwin [
136 AppKit
137 Cocoa
138 CoreServices
139 Security
140 cctools
141 xcbuild
142 ];
143
144 patches = [
145 # Remove all git calls from the VS Code build script except `git rev-parse
146 # HEAD` which is replaced in postPatch with the commit.
147 ./build-vscode-nogit.patch
148 ];
149
150 postPatch = ''
151 export HOME=$PWD
152
153 patchShebangs ./ci
154
155 # inject git commit
156 substituteInPlace ./ci/build/build-vscode.sh \
157 --replace '$(git rev-parse HEAD)' "${commit}"
158 substituteInPlace ./ci/build/build-release.sh \
159 --replace '$(git rev-parse HEAD)' "${commit}"
160 '';
161
162 configurePhase = ''
163 runHook preConfigure
164
165 # run yarn offline by default
166 echo '--install.offline true' >> .yarnrc
167
168 # set default yarn opts
169 ${lib.concatMapStrings (option: ''
170 yarn --offline config set ${option}
171 '') defaultYarnOpts}
172
173 # set offline mirror to yarn cache we created in previous steps
174 yarn --offline config set yarn-offline-mirror "${finalAttrs.yarnCache}"
175
176 # skip unnecessary electron download
177 export ELECTRON_SKIP_BINARY_DOWNLOAD=1
178
179 # set nodedir to prevent node-gyp from downloading headers
180 # taken from https://nixos.org/manual/nixpkgs/stable/#javascript-tool-specific
181 mkdir -p $HOME/.node-gyp/${nodejs.version}
182 echo 9 > $HOME/.node-gyp/${nodejs.version}/installVersion
183 ln -sfv ${nodejs}/include $HOME/.node-gyp/${nodejs.version}
184 export npm_config_nodedir=${nodejs}
185
186 # use updated node-gyp. fixes the following error on Darwin:
187 # PermissionError: [Errno 1] Operation not permitted: '/usr/sbin/pkgutil'
188 export npm_config_node_gyp=${node-gyp}/lib/node_modules/node-gyp/bin/node-gyp.js
189
190 runHook postConfigure
191 '';
192
193 buildPhase = ''
194 runHook preBuild
195
196 # install code-server dependencies
197 yarn --offline --ignore-scripts
198
199 # apply patches
200 quilt push -a
201
202 # patch shebangs of everything to allow binary packages to build
203 patchShebangs .
204
205 export PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
206 export SKIP_SUBMODULE_DEPS=1
207 export NODE_OPTIONS=--openssl-legacy-provider
208
209 # rebuild binary packages now that scripts have been patched
210 echo "----- NPM rebuild"
211 npm rebuild --prefer-offline
212
213 # Replicate ci/dev/postinstall.sh
214 echo "----- Replicate ci/dev/postinstall.sh"
215 yarn --cwd "./vendor" install --modules-folder modules --offline --ignore-scripts --frozen-lockfile
216
217 # remove all built-in extensions, as these are 3rd party extensions that
218 # get downloaded from vscode marketplace
219 jq --slurp '.[0] * .[1]' "./lib/vscode/product.json" <(
220 cat << EOF
221 {
222 "builtInExtensions": []
223 }
224 EOF
225 ) | sponge ./lib/vscode/product.json
226
227 # disable automatic updates
228 sed -i '/update.mode/,/\}/{s/default:.*/default: "none",/g}' \
229 lib/vscode/src/vs/platform/update/common/update.config.contribution.ts
230
231 # Patch out remote download of nodejs from build script
232 patch -p1 -i ${./remove-node-download.patch}
233
234 # Fetch packages for vscode
235 find ./lib/vscode -name "yarn.lock" -printf "%h\n" | \
236 xargs -I {} yarn --cwd {} \
237 --frozen-lockfile --ignore-scripts --ignore-engines
238
239 # patch shebangs of everything to allow binary packages to build
240 patchShebangs .
241
242 ${patchEsbuild "./lib/vscode/build" "0.12.6"}
243 ${patchEsbuild "./lib/vscode/extensions" "0.11.23"}
244 '' + lib.optionalString stdenv.isDarwin ''
245 # use prebuilt binary for @parcel/watcher, which requires macOS SDK 10.13+
246 # (see issue #101229)
247 pushd ./lib/vscode/remote/node_modules/@parcel/watcher
248 mkdir -p ./build/Release
249 mv ./prebuilds/darwin-x64/node.napi.glibc.node ./build/Release/watcher.node
250 jq "del(.scripts) | .gypfile = false" ./package.json | sponge ./package.json
251 popd
252 '' + ''
253
254 # put ripgrep binary into bin, so postinstall does not try to download it
255 find -name ripgrep -type d \
256 -execdir mkdir -p {}/bin \; \
257 -execdir ln -s ${ripgrep}/bin/rg {}/bin/rg \;
258
259 # run postinstall scripts after patching
260 find ./lib/vscode \( -path "*/node_modules/*" -or -path "*/extensions/*" \) \
261 -and -type f -name "yarn.lock" -printf "%h\n" | \
262 xargs -I {} sh -c 'jq -e ".scripts.postinstall" {}/package.json >/dev/null && yarn --cwd {} postinstall --frozen-lockfile --offline || true'
263
264 # build code-server
265 yarn build
266
267 # build vscode
268 VERSION=${finalAttrs.version} yarn build:vscode
269
270 # inject version into package.json
271 jq --slurp '.[0] * .[1]' ./package.json <(
272 cat << EOF
273 {
274 "version": "${finalAttrs.version}"
275 }
276 EOF
277 ) | sponge ./package.json
278
279 # create release
280 yarn release
281
282 runHook postBuild
283 '';
284
285 installPhase = ''
286 runHook preInstall
287
288 mkdir -p $out/libexec/code-server $out/bin
289
290 # copy release to libexec path
291 cp -R -T release "$out/libexec/code-server"
292
293 # install only production dependencies
294 yarn --offline --cwd "$out/libexec/code-server" --production
295
296 # create wrapper
297 makeWrapper "${nodejs}/bin/node" "$out/bin/code-server" \
298 --add-flags "$out/libexec/code-server/out/node/entry.js"
299
300 runHook postInstall
301 '';
302
303 passthru = {
304 prefetchYarnCache = lib.overrideDerivation finalAttrs.yarnCache (d: {
305 outputHash = lib.fakeSha256;
306 });
307 tests = {
308 inherit (nixosTests) code-server;
309 };
310 # vscode-with-extensions compatibility
311 executableName = "code-server";
312 longName = "Visual Studio Code Server";
313 };
314
315 meta = {
316 description = "Run VS Code on a remote server";
317 longDescription = ''
318 code-server is VS Code running on a remote server, accessible through the
319 browser.
320 '';
321 homepage = "https://github.com/coder/code-server";
322 license = lib.licenses.mit;
323 maintainers = with lib.maintainers; [ offline henkery code-asher ];
324 platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" ];
325 mainProgram = "code-server";
326 };
327})