From 0c185b2eb05a49b4b03589df6e6be4508e6d290b Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gregor.kleen@ifi.lmu.de>
Date: Wed, 15 Sep 2021 13:33:32 +0200
Subject: [PATCH] chore(gitlab-ci): ...

---
 .gitlab-ci.yml                  |  7 ++++---
 .gitlab-ci/make-minio-bucket.sh |  6 ++++++
 .gitlab-ci/nix-bootstrap.conf   |  5 +++++
 .gitlab-ci/nix.conf             |  7 ++++---
 .gitlab-ci/upload-to-cache.sh   |  9 +++++++++
 .gitlab-ci/write-minio-creds.sh | 10 ++++++++++
 6 files changed, 38 insertions(+), 6 deletions(-)
 create mode 100755 .gitlab-ci/make-minio-bucket.sh
 create mode 100644 .gitlab-ci/nix-bootstrap.conf
 create mode 100755 .gitlab-ci/upload-to-cache.sh
 create mode 100755 .gitlab-ci/write-minio-creds.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0d90ec014..d4b4b02c5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -22,15 +22,16 @@ node dependencies:
     - nix -L build -o result .#uniworxNodeDependencies
     - nix-store --export $(nix-store -qR result) > node-dependencies.nar
   before_script: &nix-before
+    - install -m 0644 .gitlab-ci/nix-bootstrap.conf /etc/nix/nix.conf
+    - .gitlab-ci/write-minio-creds.sh
+    - .gitlab-ci/make-minio-bucket.sh
+    - cp -pr --reflink=auto -L .gitlab-ci/upload-to-cache.sh /etc/nix/upload-to-cache.sh
     - install -m 0644 .gitlab-ci/nix.conf /etc/nix/nix.conf
     - git config --global init.defaultBranch master
     - install -v -m 0700 -d ~/.ssh
     - install -v -T -m 0644 "${SSH_KNOWN_HOSTS}" ~/.ssh/known_hosts
     - install -v -T -m 0400 "${SSH_DEPLOY_KEY}" ~/.ssh/deploy && echo "IdentityFile ~/.ssh/deploy" >> ~/.ssh/config; 
     - install -v -T -m 0644 "${FONTAWESOME_NPM_AUTH_FILE}" /etc/fontawesome-token
-  after_script: &nix-after
-    - nix-env -f '<nixpkgs>' -riA tree
-    - tree -a /minio-gitlab-runner-cache
   artifacts:
     paths:
       - node-dependencies.nar
diff --git a/.gitlab-ci/make-minio-bucket.sh b/.gitlab-ci/make-minio-bucket.sh
new file mode 100755
index 000000000..176c3cc16
--- /dev/null
+++ b/.gitlab-ci/make-minio-bucket.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p bash -p coreutils -p minio-client
+
+export MC_HOST_minio-gitlab-runner-cache=https://$(cat /minio-gitlab-runner-cache/accesskey):$(cat /minio-gitlab-runner-cache/secretkey)@minio-gitlab-runner-cache:9000
+
+mc mb --ignore-existing minio-gitlab-runner-cache/nix-cache
diff --git a/.gitlab-ci/nix-bootstrap.conf b/.gitlab-ci/nix-bootstrap.conf
new file mode 100644
index 000000000..036c2fc5e
--- /dev/null
+++ b/.gitlab-ci/nix-bootstrap.conf
@@ -0,0 +1,5 @@
+sandbox = true
+experimental-features = nix-command flakes ca-references
+substituters = https://hydra.iohk.io https://cache.nixos.org/
+trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+require-sigs = true
\ No newline at end of file
diff --git a/.gitlab-ci/nix.conf b/.gitlab-ci/nix.conf
index 036c2fc5e..c427db666 100644
--- a/.gitlab-ci/nix.conf
+++ b/.gitlab-ci/nix.conf
@@ -1,5 +1,6 @@
 sandbox = true
 experimental-features = nix-command flakes ca-references
-substituters = https://hydra.iohk.io https://cache.nixos.org/
-trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
-require-sigs = true
\ No newline at end of file
+substituters = https://hydra.iohk.io https://cache.nixos.org/ s3://nix-cache?scheme=https&endpoint=minio-gitlab-runner-cache:9000
+trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= minio-gitlab-runner-cache:ZN5neq93MHqpnieHSBlxGgWvCL0WKrZ2S9QS+U5Bnro=
+require-sigs = true
+post-build-hook = /etc/nix/upload-to-cache.sh
\ No newline at end of file
diff --git a/.gitlab-ci/upload-to-cache.sh b/.gitlab-ci/upload-to-cache.sh
new file mode 100755
index 000000000..b176fcf26
--- /dev/null
+++ b/.gitlab-ci/upload-to-cache.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p bash -p coreutils
+
+set -eu
+set -f # disable globbing
+export IFS=' '
+
+echo "Signing and uploading paths" $OUT_PATHS
+exec nix copy --to "s3://nix-cache?scheme=https&endpoint=minio-gitlab-runner-cache:9000&secret-key=${NIX_CACHE_KEYFILE}" $OUT_PATHS
diff --git a/.gitlab-ci/write-minio-creds.sh b/.gitlab-ci/write-minio-creds.sh
new file mode 100755
index 000000000..f706d4607
--- /dev/null
+++ b/.gitlab-ci/write-minio-creds.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p bash -p coreutils
+
+umask 0750
+mkdir -p ~/.aws
+cat > ~/.aws/credentials <<EOF
+[default]
+aws_access_key_id = $(cat /minio-gitlab-runner-cache/accesskey)
+aws_secret_access_key = $(cat /minio-gitlab-runner-cache/secretkey)
+EOF