{ pkgs, stdenv, lib, bundler, fetchurl, fetchFromGitHub, bundlerEnv, libiconv , ruby, tzdata, git, nodejs, procps, dpkg, yarn }: /* When updating the Gemfile add `gem "activerecord-nulldb-adapter"` to allow building the assets without a database */ let # Taken from yarn2nix buildYarnPackageDeps = { name, packageJson, yarnLock, yarnNix, pkgConfig ? {}, yarnFlags ? [] }: let offlineCache = (pkgs.callPackage yarnNix {}).offline_cache; extraBuildInputs = (lib.flatten (builtins.map (key: pkgConfig.${key} . buildInputs or [] ) (builtins.attrNames pkgConfig))); postInstall = (builtins.map (key: if (pkgConfig.${key} ? postInstall) then '' for f in $(find -L -path '*/node_modules/${key}' -type d); do (cd "$f" && (${pkgConfig.${key}.postInstall})) done '' else "" ) (builtins.attrNames pkgConfig)); in stdenv.mkDerivation { name = "${name}-modules"; phases = ["buildPhase"]; buildInputs = [ yarn nodejs ] ++ extraBuildInputs; buildPhase = '' # Yarn writes cache directories etc to $HOME. export HOME=`pwd`/yarn_home cp ${packageJson} ./package.json cp ${yarnLock} ./yarn.lock chmod +w ./yarn.lock yarn config --offline set yarn-offline-mirror ${offlineCache} # Do not look up in the registry, but in the offline cache. # TODO: Ask upstream to fix this mess. sed -i -E 's|^(\s*resolved\s*")https?://.*/|\1|' yarn.lock yarn install ${lib.escapeShellArgs yarnFlags} ${lib.concatStringsSep "\n" postInstall} mkdir $out mv node_modules $out/ patchShebangs $out ''; }; node-env = buildYarnPackageDeps { name = "gitlab"; packageJson = ./package.json; yarnLock = ./yarn.lock; yarnNix = ./yarn.nix; yarnFlags = [ "--offline" "--frozen-lockfile" "--ignore-engines" "--ignore-scripts" ]; # pkgConfig might need to come from node-packages ? }; ruby-env = bundlerEnv { name = "gitlab-env-0.2"; inherit ruby; gemdir = ./.; meta = with lib; { homepage = http://www.gitlab.com/; platforms = platforms.linux; maintainers = with maintainers; [ fpletz globin ]; license = licenses.mit; }; }; version = "9.4.5"; in stdenv.mkDerivation rec { name = "gitlab-${version}"; buildInputs = [ ruby-env ruby bundler tzdata git nodejs procps dpkg yarn ]; src = fetchFromGitHub { owner = "gitlabhq"; repo = "gitlabhq"; rev = "v${version}"; sha256 = "1jdvgpzkrap9n9pclyi5ln5l5qfhj4y8ygb1w90jkgrd785bg573"; }; patches = [ ./remove-hardcoded-locations.patch ./nulladapter.patch ]; postPatch = '' # For reasons I don't understand "bundle exec" ignores the # RAILS_ENV causing tests to be executed that fail because we're # not installing development and test gems above. Deleting the # tests works though.: rm lib/tasks/test.rake rm config/initializers/gitlab_shell_secret_token.rb substituteInPlace app/controllers/admin/background_jobs_controller.rb \ --replace "ps -U" "${procps}/bin/ps -U" # required for some gems: cat > config/database.yml < database: gitlab host: <%= ENV["GITLAB_DATABASE_HOST"] || "127.0.0.1" %> password: <%= ENV["GITLAB_DATABASE_PASSWORD"] || "blerg" %> username: gitlab encoding: utf8 EOF ''; buildPhase = '' mv config/gitlab.yml.example config/gitlab.yml # Emulate yarn install --production --pure-lockfile mkdir -p node_modules/ ln -s ${node-env}/node_modules/* node_modules/ ln -s ${node-env}/node_modules/.bin node_modules/ # Compile assets. We skip the yarn check because it fails export GITLAB_DATABASE_ADAPTER=nulldb export SKIP_STORAGE_VALIDATION=true rake gettext:compile RAILS_ENV=production rake rake:assets:precompile RAILS_ENV=production NODE_ENV=production rake webpack:compile RAILS_ENV=production NODE_ENV=production rake gitlab:assets:fix_urls RAILS_ENV=production NODE_ENV=production mv config/gitlab.yml config/gitlab.yml.example rm config/secrets.yml mv config config.dist ''; installPhase = '' mkdir -p $out/share cp -r . $out/share/gitlab ln -sf /run/gitlab/uploads $out/share/gitlab/public/uploads ln -sf /run/gitlab/config $out/share/gitlab/config # rake tasks to mitigate CVE-2017-0882 # see https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/ cp ${./reset_token.rake} $out/share/gitlab/lib/tasks/reset_token.rake ''; passthru = { inherit ruby-env; inherit ruby; }; }