2018-09-21 09:37:51 +02:00
|
|
|
{ stdenv, lib, fetchurl, fetchFromGitLab, bundlerEnv
|
2019-10-08 11:24:06 +02:00
|
|
|
, ruby, tzdata, git, nettools, nixosTests, nodejs
|
|
|
|
, gitlabEnterprise ? false, callPackage, yarn
|
2019-10-19 16:36:24 +02:00
|
|
|
, yarn2nix-moretea, replace
|
2015-01-25 22:01:48 +01:00
|
|
|
}:
|
2014-10-25 18:22:49 +02:00
|
|
|
|
|
|
|
let
|
2019-10-08 15:52:11 +02:00
|
|
|
data = (builtins.fromJSON (builtins.readFile ./data.json));
|
2019-10-08 11:24:06 +02:00
|
|
|
|
|
|
|
version = data.version;
|
|
|
|
src = fetchFromGitLab {
|
|
|
|
owner = data.owner;
|
|
|
|
repo = data.repo;
|
|
|
|
rev = data.rev;
|
|
|
|
sha256 = data.repo_hash;
|
|
|
|
};
|
|
|
|
|
2019-07-10 02:09:15 +02:00
|
|
|
rubyEnv = bundlerEnv rec {
|
2017-09-03 15:38:28 +02:00
|
|
|
name = "gitlab-env-${version}";
|
2015-01-25 22:01:48 +01:00
|
|
|
inherit ruby;
|
2019-10-08 15:52:11 +02:00
|
|
|
gemdir = ./rubyEnv;
|
2019-07-10 02:09:15 +02:00
|
|
|
gemset =
|
|
|
|
let x = import (gemdir + "/gemset.nix");
|
|
|
|
in x // {
|
|
|
|
# grpc expects the AR environment variable to contain `ar rpc`. See the
|
|
|
|
# discussion in nixpkgs #63056.
|
|
|
|
grpc = x.grpc // {
|
|
|
|
patches = [ ./fix-grpc-ar.patch ];
|
|
|
|
dontBuild = false;
|
|
|
|
};
|
|
|
|
};
|
2019-07-16 01:18:42 +02:00
|
|
|
groups = [
|
2019-10-01 15:38:22 +02:00
|
|
|
"default" "unicorn" "ed25519" "metrics" "development" "puma" "test" "kerberos"
|
2019-07-16 01:18:42 +02:00
|
|
|
];
|
2019-07-10 02:09:15 +02:00
|
|
|
# N.B. omniauth_oauth2_generic and apollo_upload_server both provide a
|
|
|
|
# `console` executable.
|
|
|
|
ignoreCollisions = true;
|
2015-01-25 22:01:48 +01:00
|
|
|
};
|
2014-10-25 18:22:49 +02:00
|
|
|
|
2019-10-08 11:24:06 +02:00
|
|
|
yarnOfflineCache = (callPackage ./yarnPkgs.nix {}).offline_cache;
|
2017-09-03 15:38:28 +02:00
|
|
|
|
2019-10-08 11:24:06 +02:00
|
|
|
assets = stdenv.mkDerivation {
|
|
|
|
pname = "gitlab-assets";
|
|
|
|
inherit version src;
|
|
|
|
|
|
|
|
nativeBuildInputs = [ rubyEnv.wrappedRuby rubyEnv.bundler nodejs yarn ];
|
|
|
|
|
|
|
|
configurePhase = ''
|
|
|
|
runHook preConfigure
|
|
|
|
|
|
|
|
# Some rake tasks try to run yarn automatically, which won't work
|
|
|
|
rm lib/tasks/yarn.rake
|
|
|
|
|
|
|
|
# The rake tasks won't run without a basic configuration in place
|
|
|
|
mv config/database.yml.env config/database.yml
|
|
|
|
mv config/gitlab.yml.example config/gitlab.yml
|
|
|
|
|
|
|
|
# Yarn and bundler wants a real home directory to write cache, config, etc to
|
|
|
|
export HOME=$NIX_BUILD_TOP/fake_home
|
|
|
|
|
|
|
|
# Make yarn install packages from our offline cache, not the registry
|
|
|
|
yarn config --offline set yarn-offline-mirror ${yarnOfflineCache}
|
|
|
|
|
|
|
|
# Fixup "resolved"-entries in yarn.lock to match our offline cache
|
|
|
|
${yarn2nix-moretea.fixup_yarn_lock}/bin/fixup_yarn_lock yarn.lock
|
|
|
|
|
|
|
|
yarn install --offline --frozen-lockfile --ignore-scripts --no-progress --non-interactive
|
|
|
|
|
|
|
|
patchShebangs node_modules/
|
|
|
|
|
|
|
|
runHook postConfigure
|
|
|
|
'';
|
|
|
|
|
|
|
|
buildPhase = ''
|
|
|
|
runHook preBuild
|
|
|
|
|
|
|
|
bundle exec rake gettext:po_to_json RAILS_ENV=production NODE_ENV=production
|
|
|
|
bundle exec rake rake:assets:precompile RAILS_ENV=production NODE_ENV=production
|
2019-11-04 16:46:05 +01:00
|
|
|
bundle exec rake webpack:compile RAILS_ENV=production NODE_ENV=production NODE_OPTIONS="--max_old_space_size=2048"
|
2019-10-08 11:24:06 +02:00
|
|
|
bundle exec rake gitlab:assets:fix_urls RAILS_ENV=production NODE_ENV=production
|
|
|
|
|
|
|
|
runHook postBuild
|
|
|
|
'';
|
|
|
|
|
|
|
|
installPhase = ''
|
|
|
|
runHook preInstall
|
|
|
|
|
|
|
|
mv public/assets $out
|
|
|
|
|
|
|
|
runHook postInstall
|
|
|
|
'';
|
2017-09-03 15:38:28 +02:00
|
|
|
};
|
2015-01-25 22:01:48 +01:00
|
|
|
in
|
2019-08-13 23:52:01 +02:00
|
|
|
stdenv.mkDerivation {
|
2019-10-08 15:52:11 +02:00
|
|
|
name = "gitlab${lib.optionalString gitlabEnterprise "-ee"}-${version}";
|
2016-01-30 14:47:04 +01:00
|
|
|
|
2019-10-08 11:24:06 +02:00
|
|
|
inherit src;
|
2015-10-21 19:48:56 +02:00
|
|
|
|
2018-01-07 04:59:27 +01:00
|
|
|
buildInputs = [
|
2019-07-05 00:20:00 +02:00
|
|
|
rubyEnv rubyEnv.wrappedRuby rubyEnv.bundler tzdata git nettools
|
2018-01-07 04:59:27 +01:00
|
|
|
];
|
|
|
|
|
2018-09-21 09:37:51 +02:00
|
|
|
patches = [ ./remove-hardcoded-locations.patch ];
|
2016-01-30 14:47:04 +01:00
|
|
|
|
2014-10-25 18:22:49 +02:00
|
|
|
postPatch = ''
|
2019-10-08 15:52:11 +02:00
|
|
|
${lib.optionalString (!gitlabEnterprise) ''
|
|
|
|
# Remove all proprietary components
|
|
|
|
rm -rf ee
|
|
|
|
''}
|
|
|
|
|
2015-01-25 22:01:48 +01:00
|
|
|
# For reasons I don't understand "bundle exec" ignores the
|
|
|
|
# RAILS_ENV causing tests to be executed that fail because we're
|
|
|
|
# not installing development and test gems above. Deleting the
|
2019-10-08 11:24:06 +02:00
|
|
|
# tests works though.
|
2015-01-25 22:01:48 +01:00
|
|
|
rm lib/tasks/test.rake
|
2014-10-25 18:22:49 +02:00
|
|
|
|
2015-10-21 19:48:56 +02:00
|
|
|
rm config/initializers/gitlab_shell_secret_token.rb
|
|
|
|
|
2018-03-22 02:08:49 +01:00
|
|
|
sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake
|
2018-11-02 21:22:51 +01:00
|
|
|
sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb
|
2019-10-19 16:36:24 +02:00
|
|
|
|
|
|
|
# Always require lib-files and application.rb through their store
|
|
|
|
# path, not their relative state directory path. This gets rid of
|
|
|
|
# warnings and means we don't have to link back to lib from the
|
|
|
|
# state directory.
|
|
|
|
${replace}/bin/replace-literal -f -r -e '../lib' "$out/share/gitlab/lib" config
|
|
|
|
${replace}/bin/replace-literal -f -r -e "require_relative 'application'" "require_relative '$out/share/gitlab/config/application'" config
|
2015-01-25 22:01:48 +01:00
|
|
|
'';
|
2016-01-30 14:47:04 +01:00
|
|
|
|
2015-01-25 22:01:48 +01:00
|
|
|
buildPhase = ''
|
2017-09-03 15:38:28 +02:00
|
|
|
rm -f config/secrets.yml
|
2016-01-30 14:47:04 +01:00
|
|
|
mv config config.dist
|
2019-10-08 11:24:06 +02:00
|
|
|
rm -r tmp
|
2014-10-25 18:22:49 +02:00
|
|
|
'';
|
2016-01-30 14:47:04 +01:00
|
|
|
|
2015-01-25 22:01:48 +01:00
|
|
|
installPhase = ''
|
|
|
|
mkdir -p $out/share
|
|
|
|
cp -r . $out/share/gitlab
|
2019-10-08 11:24:06 +02:00
|
|
|
ln -sf ${assets} $out/share/gitlab/public/assets
|
2017-09-03 15:38:28 +02:00
|
|
|
rm -rf $out/share/gitlab/log
|
|
|
|
ln -sf /run/gitlab/log $out/share/gitlab/log
|
2016-01-30 14:47:04 +01:00
|
|
|
ln -sf /run/gitlab/uploads $out/share/gitlab/public/uploads
|
|
|
|
ln -sf /run/gitlab/config $out/share/gitlab/config
|
2017-10-14 22:58:02 +02:00
|
|
|
ln -sf /run/gitlab/tmp $out/share/gitlab/tmp
|
2017-03-21 12:52:39 +01:00
|
|
|
|
|
|
|
# rake tasks to mitigate CVE-2017-0882
|
|
|
|
# see https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/
|
|
|
|
cp ${./reset_token.rake} $out/share/gitlab/lib/tasks/reset_token.rake
|
2015-01-25 22:01:48 +01:00
|
|
|
'';
|
2016-01-30 14:47:04 +01:00
|
|
|
|
2015-01-25 22:01:48 +01:00
|
|
|
passthru = {
|
2019-10-08 15:52:11 +02:00
|
|
|
inherit rubyEnv assets;
|
2018-04-25 19:57:10 +02:00
|
|
|
ruby = rubyEnv.wrappedRuby;
|
2018-11-23 15:03:02 +01:00
|
|
|
GITALY_SERVER_VERSION = data.passthru.GITALY_SERVER_VERSION;
|
|
|
|
GITLAB_PAGES_VERSION = data.passthru.GITLAB_PAGES_VERSION;
|
|
|
|
GITLAB_SHELL_VERSION = data.passthru.GITLAB_SHELL_VERSION;
|
|
|
|
GITLAB_WORKHORSE_VERSION = data.passthru.GITLAB_WORKHORSE_VERSION;
|
2019-06-13 02:23:15 +02:00
|
|
|
tests = {
|
|
|
|
nixos-test-passes = nixosTests.gitlab;
|
|
|
|
};
|
2014-10-25 18:22:49 +02:00
|
|
|
};
|
2018-08-20 20:08:12 +02:00
|
|
|
|
2018-09-21 09:37:51 +02:00
|
|
|
meta = with lib; {
|
|
|
|
homepage = http://www.gitlab.com/;
|
|
|
|
platforms = platforms.linux;
|
2019-10-08 16:37:01 +02:00
|
|
|
maintainers = with maintainers; [ fpletz globin krav talyz ];
|
2018-09-21 09:40:08 +02:00
|
|
|
} // (if gitlabEnterprise then
|
|
|
|
{
|
|
|
|
license = licenses.unfreeRedistributable; # https://gitlab.com/gitlab-org/gitlab-ee/raw/master/LICENSE
|
|
|
|
description = "GitLab Enterprise Edition";
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
license = licenses.mit;
|
|
|
|
description = "GitLab Community Edition";
|
|
|
|
longDescription = "GitLab Community Edition (CE) is an open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, and more. Self-host GitLab CE on your own servers, in a container, or on a cloud provider.";
|
|
|
|
});
|
2014-10-25 18:22:49 +02:00
|
|
|
}
|