libre.sh/scimserviceprovider
2
0
Fork 0
Code Issues 10 Pull requests Releases 1 Activity Actions
scimserviceprovider/flake.nix
Hugo Renard 9066e6096b
All checks were successful
/ build (push) Successful in 32s
Details
/ release (push) Has been skipped
Details
ci: add compliance check
2024-12-04 12:02:00 +01:00

214 lines
7.8 KiB
Nix
Raw Permalink Blame History

{
description = "Empty Template";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
scim2-cli.url = "github:hrenard/scim2-cli";
};
outputs =
{
nixpkgs,
flake-utils,
scim2-cli,
...
}:
flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
config = pkgs.writeText "config.php" ''
<?php
$CONFIG = [
'config_is_read_only' => true,
'logfile' => getenv('NEXTCLOUD_DATA_DIR').'/nextcloud.log',
'apps_paths' => [
[
'path'=> '${pkgs.nextcloud28}/apps',
'url' => '/apps',
'writable' => false,
],
[
'path'=> getenv('NEXTCLOUD_DATA_DIR').'/apps',
'url' => '/apps',
'writable' => true,
],
],
];
'';
occ = pkgs.writeShellApplication {
name = "occ";
runtimeInputs = with pkgs; [
nextcloud28
php
];
text = ''
NEXTCLOUD_DATA_DIR="$(mktemp -d)"
export NEXTCLOUD_DATA_DIR="$NEXTCLOUD_DATA_DIR"
export NEXTCLOUD_CONFIG_DIR="$NEXTCLOUD_DATA_DIR/config"
mkdir "$NEXTCLOUD_CONFIG_DIR"
mkdir "$NEXTCLOUD_DATA_DIR/apps"
cp ${config} "$NEXTCLOUD_CONFIG_DIR/config.php"
exec php ${pkgs.nextcloud28}/occ "$@"
'';
};
src = ./.;
version = builtins.readFile (
pkgs.runCommand "version" { } ''
${pkgs.coreutils}/bin/cat ${src}/appinfo/info.xml | ${pkgs.xq-xml}/bin/xq -x "info/version" | ${pkgs.coreutils}/bin/tr -d '\n' > $out
''
);
vendor = pkgs.stdenv.mkDerivation {
pname = "scimserviceprovider-vendor";
inherit src version;
doCheck = false;
dontFixup = true;
nativeBuildInputs = with pkgs; [
cacert
php
php.packages.composer
rsync
];
buildPhase = ''
runHook preBuild
export COMPOSER_MIRROR_PATH_REPOS=1
export COMPOSER_CACHE_DIR=/dev/null
export COMPOSER_HTACCESS_PROTECT=0
composer install --no-interaction --no-dev
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir $out
rsync -av --progress vendor/ $out --exclude .git
runHook postInstall
'';
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = "sha256-fPSCufyPWf1G1XH3NsbuWSbKBBw/AM6j6Vd9lX+6qIQ=";
#outputHash = pkgs.lib.fakeHash;
};
scimserviceprovider = pkgs.stdenv.mkDerivation {
pname = "scimserviceprovider";
inherit src version;
installPhase = ''
runHook preInstall
mkdir $out
cp -r appinfo $out/
cp -r lib $out/
cp LICENSE $out/
ln -sv ${vendor} $out/vendor
runHook postInstall
'';
};
scimserviceproviderArchive = "${scimserviceprovider.pname}-v${scimserviceprovider.version}.tar.gz";
scimserviceproviderArchiveSignature = "${scimserviceprovider.pname}-v${scimserviceprovider.version}.tar.gz.sign";
make = pkgs.writeShellApplication {
name = "make";
runtimeInputs = with pkgs; [
coreutils
gnutar
openssl
occ
];
text = ''
SCIMSERVICEPROVIDER_CRT_PATH="$HOME/.nextcloud/certificates/scimserviceprovider.crt"
SCIMSERVICEPROVIDER_KEY_PATH="$HOME/.nextcloud/certificates/scimserviceprovider.key"
CI=''${CI:-false}
if [ "$CI" = true ]; then
echo "Loading CI secrets"
SCIMSERVICEPROVIDER_CRT_PATH="$PWD/scimserviceprovider.crt"
SCIMSERVICEPROVIDER_KEY_PATH="$PWD/scimserviceprovider.key"
echo -n "$SCIMSERVICEPROVIDER_CRT" | base64 -d > "$SCIMSERVICEPROVIDER_CRT_PATH"
echo -n "$SCIMSERVICEPROVIDER_KEY" | base64 -d > "$SCIMSERVICEPROVIDER_KEY_PATH"
fi
rm -rf build
mkdir -p build/scimserviceprovider
cd build
cp -Lr --no-preserve=all ${scimserviceprovider}/* scimserviceprovider/
occ integrity:sign-app --privateKey="$SCIMSERVICEPROVIDER_KEY_PATH" --certificate="$SCIMSERVICEPROVIDER_CRT_PATH" --path="$PWD/scimserviceprovider"
tar czf ${scimserviceproviderArchive} scimserviceprovider
openssl dgst -sha512 -sign "$SCIMSERVICEPROVIDER_KEY_PATH" "$PWD/${scimserviceproviderArchive}" | openssl base64 -A > "$PWD/${scimserviceproviderArchiveSignature}"
'';
};
publish = pkgs.writeShellApplication {
name = "publish";
runtimeInputs = with pkgs; [
coreutils
curl
];
text = ''
printf '{"download":"https://forge.libre.sh/libre.sh/scimserviceprovider/releases/download/${scimserviceprovider.version}/${scimserviceproviderArchive}","signature":"%s"}' "$(cat artifact/${scimserviceproviderArchiveSignature})" | curl --fail-with-body -s -X POST https://apps.nextcloud.com/api/v1/apps/releases -H "Authorization: Token $NC_STORE_TOKEN" -H "Content-Type: application/json" -d @-
'';
};
release = pkgs.writeShellApplication {
name = "publish";
runtimeInputs = with pkgs; [
coreutils
findutils
tea
git-cliff
];
text = ''
export XDG_CONFIG_HOME=$PWD/.config
export GITEA_SERVER_TOKEN="$GITHUB_TOKEN"
tea login add --url "$GITHUB_SERVER_URL"
# shellcheck disable=SC2046
tea release create $(find artifact/ -type f -printf "--asset %p ") --note "$(git-cliff -s all --tag "$GITHUB_REF_NAME")" --repo "$GITHUB_REPOSITORY" --tag "$GITHUB_REF_NAME" --title "$GITHUB_REF_NAME"
'';
};
in
{
packages.default = scimserviceprovider;
packages.scimserviceprovider = scimserviceprovider;
packages.vendor = vendor;
packages.occ = occ;
packages.make = make;
packages.publish = publish;
packages.release = release;
checks.compliance = pkgs.testers.runNixOSTest {
name = "compliance";
nodes.machine =
{ config, pkgs, ... }:
{
environment.systemPackages = [
scim2-cli.packages.${system}.default
config.services.nextcloud.occ
];
services.nextcloud = {
enable = true;
hostName = "localhost";
extraApps = {
inherit scimserviceprovider;
};
config = {
adminpassFile = "${(pkgs.writeText "ncpass" ''P@ssw0rd'')}";
};
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
system.stateVersion = "24.11";
};
testScript = ''
machine.wait_for_unit("nginx.service")
machine.wait_for_unit("phpfpm-nextcloud.service")
result = machine.execute("scim2 --url http://localhost/index.php/apps/scimserviceprovider --header 'Authorization: Basic cm9vdDpQQHNzdzByZA==' test -v")[1]
if "ERROR" in result:
raise Exception(result)
'';
};
devShells.default = pkgs.mkShell {
buildInputs = [
occ
make
];
};
}
);
}
Reference in a new issue View git blame Copy permalink