tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / build-support / fetchgitlab / default.nix
at haskell-updates 149 lines 4.0 kB view raw
1{ 2 lib, 3 repoRevToNameMaybe, 4 fetchgit, 5 fetchzip, 6}: 7 8lib.makeOverridable ( 9 # gitlab example 10 { 11 owner, 12 repo, 13 rev ? null, 14 tag ? null, 15 name ? repoRevToNameMaybe repo (lib.revOrTag rev tag) "gitlab", 16 protocol ? "https", 17 domain ? "gitlab.com", 18 group ? null, 19 fetchSubmodules ? false, 20 leaveDotGit ? false, 21 deepClone ? false, 22 forceFetchGit ? false, 23 sparseCheckout ? [ ], 24 private ? false, 25 varPrefix ? null, 26 ... # For hash agility 27 }@args: 28 29 assert ( 30 lib.assertMsg (lib.xor (tag == null) ( 31 rev == null 32 )) "fetchFromGitLab requires one of either `rev` or `tag` to be provided (not both)." 33 ); 34 35 let 36 slug = lib.concatStringsSep "/" ( 37 (lib.optional (group != null) group) 38 ++ [ 39 owner 40 repo 41 ] 42 ); 43 revWithTag = if tag != null then "refs/tags/" + tag else rev; 44 escapedSlug = lib.replaceStrings [ "." "/" ] [ "%2E" "%2F" ] slug; 45 escapedRevWithTag = lib.replaceStrings [ "+" "%" "/" ] [ "%2B" "%25" "%2F" ] revWithTag; 46 passthruAttrs = removeAttrs args [ 47 "protocol" 48 "domain" 49 "owner" 50 "group" 51 "repo" 52 "rev" 53 "tag" 54 "fetchSubmodules" 55 "forceFetchGit" 56 "private" 57 "varPrefix" 58 "leaveDotGit" 59 "deepClone" 60 ]; 61 62 varBase = "NIX${lib.optionalString (varPrefix != null) "_${varPrefix}"}_GITLAB_PRIVATE_"; 63 useFetchGit = 64 fetchSubmodules || leaveDotGit || deepClone || forceFetchGit || (sparseCheckout != [ ]); 65 fetcher = if useFetchGit then fetchgit else fetchzip; 66 67 privateAttrs = lib.optionalAttrs private ( 68 lib.throwIfNot (protocol == "https") "private token login is only supported for https" { 69 netrcPhase = '' 70 if [ -z "''$${varBase}USERNAME" -o -z "''$${varBase}PASSWORD" ]; then 71 echo "Error: Private fetchFromGitLab requires the nix building process (nix-daemon in multi user mode) to have the ${varBase}USERNAME and ${varBase}PASSWORD env vars set." >&2 72 exit 1 73 fi 74 '' 75 + ( 76 if useFetchGit then 77 # GitLab supports HTTP Basic Authentication only when Git is used: 78 # https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#project-access-tokens 79 '' 80 cat > netrc <<EOF 81 machine ${domain} 82 login ''$${varBase}USERNAME 83 password ''$${varBase}PASSWORD 84 EOF 85 '' 86 else 87 # Access via the GitLab API requires a custom header and does not work 88 # with HTTP Basic Authentication: 89 # https://docs.gitlab.com/ee/api/#personalprojectgroup-access-tokens 90 '' 91 # needed because fetchurl always sets --netrc-file if a netrcPhase is present 92 touch netrc 93 94 cat > private-token <<EOF 95 PRIVATE-TOKEN: ''$${varBase}PASSWORD 96 EOF 97 curlOpts="$curlOpts --header @./private-token" 98 '' 99 ); 100 netrcImpureEnvVars = [ 101 "${varBase}USERNAME" 102 "${varBase}PASSWORD" 103 ]; 104 } 105 ); 106 107 gitRepoUrl = "${protocol}://${domain}/${slug}.git"; 108 109 fetcherArgs = 110 ( 111 if useFetchGit then 112 { 113 inherit 114 rev 115 deepClone 116 tag 117 fetchSubmodules 118 sparseCheckout 119 leaveDotGit 120 ; 121 url = gitRepoUrl; 122 } 123 else 124 { 125 url = "${protocol}://${domain}/api/v4/projects/${escapedSlug}/repository/archive.tar.gz?sha=${escapedRevWithTag}"; 126 127 passthru = { 128 inherit gitRepoUrl; 129 }; 130 } 131 ) 132 // privateAttrs 133 // passthruAttrs 134 // { 135 inherit name; 136 }; 137 in 138 139 fetcher fetcherArgs 140 // { 141 meta.homepage = "${protocol}://${domain}/${slug}/"; 142 inherit 143 tag 144 owner 145 repo 146 ; 147 rev = revWithTag; 148 } 149)