ed4a09c6f3
On start, unicorn, sidekiq and other parts running ruby code emits quite a few warnings similar to /var/gitlab/state/config/application.rb:202: warning: already initialized constant Gitlab::Application::LOOSE_EE_APP_ASSETS /nix/store/ysb0lgbzxp7a9y4yl8d4f9wrrzy9kafc-gitlab-ee-12.3.5/share/gitlab/config/application.rb:202: warning: previous definition of LOOSE_EE_APP_ASSETS was here /var/gitlab/state/lib/gitlab.rb:38: warning: already initialized constant Gitlab::COM_URL /nix/store/ysb0lgbzxp7a9y4yl8d4f9wrrzy9kafc-gitlab-ee-12.3.5/share/gitlab/lib/gitlab.rb:38: warning: previous definition of COM_URL was here This seems to be caused by the same ruby files being evaluated multiple times due to the paths being different - sometimes they're loaded using the direct path and sometimes through a symlink, due to our split between config and package data. To fix this, we make sure that the offending files in the state directory always reference the store path, regardless of that being the real file or a symlink.
179 lines
5.8 KiB
Nix
179 lines
5.8 KiB
Nix
{ stdenv, lib, fetchurl, fetchFromGitLab, bundlerEnv
|
|
, ruby, tzdata, git, nettools, nixosTests, nodejs
|
|
, gitlabEnterprise ? false, callPackage, yarn
|
|
, yarn2nix-moretea, replace
|
|
}:
|
|
|
|
let
|
|
data = (builtins.fromJSON (builtins.readFile ./data.json));
|
|
|
|
version = data.version;
|
|
src = fetchFromGitLab {
|
|
owner = data.owner;
|
|
repo = data.repo;
|
|
rev = data.rev;
|
|
sha256 = data.repo_hash;
|
|
};
|
|
|
|
rubyEnv = bundlerEnv rec {
|
|
name = "gitlab-env-${version}";
|
|
inherit ruby;
|
|
gemdir = ./rubyEnv;
|
|
gemset =
|
|
let x = import (gemdir + "/gemset.nix");
|
|
in x // {
|
|
# grpc expects the AR environment variable to contain `ar rpc`. See the
|
|
# discussion in nixpkgs #63056.
|
|
grpc = x.grpc // {
|
|
patches = [ ./fix-grpc-ar.patch ];
|
|
dontBuild = false;
|
|
};
|
|
};
|
|
groups = [
|
|
"default" "unicorn" "ed25519" "metrics" "development" "puma" "test" "kerberos"
|
|
];
|
|
# N.B. omniauth_oauth2_generic and apollo_upload_server both provide a
|
|
# `console` executable.
|
|
ignoreCollisions = true;
|
|
};
|
|
|
|
yarnOfflineCache = (callPackage ./yarnPkgs.nix {}).offline_cache;
|
|
|
|
assets = stdenv.mkDerivation {
|
|
pname = "gitlab-assets";
|
|
inherit version src;
|
|
|
|
nativeBuildInputs = [ rubyEnv.wrappedRuby rubyEnv.bundler nodejs yarn ];
|
|
|
|
configurePhase = ''
|
|
runHook preConfigure
|
|
|
|
# Some rake tasks try to run yarn automatically, which won't work
|
|
rm lib/tasks/yarn.rake
|
|
|
|
# The rake tasks won't run without a basic configuration in place
|
|
mv config/database.yml.env config/database.yml
|
|
mv config/gitlab.yml.example config/gitlab.yml
|
|
|
|
# Yarn and bundler wants a real home directory to write cache, config, etc to
|
|
export HOME=$NIX_BUILD_TOP/fake_home
|
|
|
|
# Make yarn install packages from our offline cache, not the registry
|
|
yarn config --offline set yarn-offline-mirror ${yarnOfflineCache}
|
|
|
|
# Fixup "resolved"-entries in yarn.lock to match our offline cache
|
|
${yarn2nix-moretea.fixup_yarn_lock}/bin/fixup_yarn_lock yarn.lock
|
|
|
|
yarn install --offline --frozen-lockfile --ignore-scripts --no-progress --non-interactive
|
|
|
|
patchShebangs node_modules/
|
|
|
|
runHook postConfigure
|
|
'';
|
|
|
|
buildPhase = ''
|
|
runHook preBuild
|
|
|
|
bundle exec rake gettext:po_to_json RAILS_ENV=production NODE_ENV=production
|
|
bundle exec rake rake:assets:precompile RAILS_ENV=production NODE_ENV=production
|
|
bundle exec rake webpack:compile RAILS_ENV=production NODE_ENV=production NODE_OPTIONS="--max_old_space_size=4096"
|
|
bundle exec rake gitlab:assets:fix_urls RAILS_ENV=production NODE_ENV=production
|
|
|
|
runHook postBuild
|
|
'';
|
|
|
|
installPhase = ''
|
|
runHook preInstall
|
|
|
|
mv public/assets $out
|
|
|
|
runHook postInstall
|
|
'';
|
|
};
|
|
in
|
|
stdenv.mkDerivation {
|
|
name = "gitlab${lib.optionalString gitlabEnterprise "-ee"}-${version}";
|
|
|
|
inherit src;
|
|
|
|
buildInputs = [
|
|
rubyEnv rubyEnv.wrappedRuby rubyEnv.bundler tzdata git nettools
|
|
];
|
|
|
|
patches = [ ./remove-hardcoded-locations.patch ];
|
|
|
|
postPatch = ''
|
|
${lib.optionalString (!gitlabEnterprise) ''
|
|
# Remove all proprietary components
|
|
rm -rf ee
|
|
''}
|
|
|
|
# For reasons I don't understand "bundle exec" ignores the
|
|
# RAILS_ENV causing tests to be executed that fail because we're
|
|
# not installing development and test gems above. Deleting the
|
|
# tests works though.
|
|
rm lib/tasks/test.rake
|
|
|
|
rm config/initializers/gitlab_shell_secret_token.rb
|
|
|
|
sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake
|
|
sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb
|
|
|
|
# Always require lib-files and application.rb through their store
|
|
# path, not their relative state directory path. This gets rid of
|
|
# warnings and means we don't have to link back to lib from the
|
|
# state directory.
|
|
${replace}/bin/replace-literal -f -r -e '../lib' "$out/share/gitlab/lib" config
|
|
${replace}/bin/replace-literal -f -r -e "require_relative 'application'" "require_relative '$out/share/gitlab/config/application'" config
|
|
'';
|
|
|
|
buildPhase = ''
|
|
rm -f config/secrets.yml
|
|
mv config config.dist
|
|
rm -r tmp
|
|
'';
|
|
|
|
installPhase = ''
|
|
mkdir -p $out/share
|
|
cp -r . $out/share/gitlab
|
|
ln -sf ${assets} $out/share/gitlab/public/assets
|
|
rm -rf $out/share/gitlab/log
|
|
ln -sf /run/gitlab/log $out/share/gitlab/log
|
|
ln -sf /run/gitlab/uploads $out/share/gitlab/public/uploads
|
|
ln -sf /run/gitlab/config $out/share/gitlab/config
|
|
ln -sf /run/gitlab/tmp $out/share/gitlab/tmp
|
|
|
|
# rake tasks to mitigate CVE-2017-0882
|
|
# see https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/
|
|
cp ${./reset_token.rake} $out/share/gitlab/lib/tasks/reset_token.rake
|
|
'';
|
|
|
|
passthru = {
|
|
inherit rubyEnv assets;
|
|
ruby = rubyEnv.wrappedRuby;
|
|
GITALY_SERVER_VERSION = data.passthru.GITALY_SERVER_VERSION;
|
|
GITLAB_PAGES_VERSION = data.passthru.GITLAB_PAGES_VERSION;
|
|
GITLAB_SHELL_VERSION = data.passthru.GITLAB_SHELL_VERSION;
|
|
GITLAB_WORKHORSE_VERSION = data.passthru.GITLAB_WORKHORSE_VERSION;
|
|
tests = {
|
|
nixos-test-passes = nixosTests.gitlab;
|
|
};
|
|
};
|
|
|
|
meta = with lib; {
|
|
homepage = http://www.gitlab.com/;
|
|
platforms = platforms.linux;
|
|
maintainers = with maintainers; [ fpletz globin krav talyz ];
|
|
} // (if gitlabEnterprise then
|
|
{
|
|
license = licenses.unfreeRedistributable; # https://gitlab.com/gitlab-org/gitlab-ee/raw/master/LICENSE
|
|
description = "GitLab Enterprise Edition";
|
|
}
|
|
else
|
|
{
|
|
license = licenses.mit;
|
|
description = "GitLab Community Edition";
|
|
longDescription = "GitLab Community Edition (CE) is an open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, and more. Self-host GitLab CE on your own servers, in a container, or on a cloud provider.";
|
|
});
|
|
}
|