switch back to post-build-hook to push to hydra

hydra-notify seems to be single threaded and slow. `post-build-hook` hopefully is executed in parallel.
2022-08-14 15:31:50 +02:00 · 2022-08-14 15:31:50 +02:00 · 92d4799ced
commit 92d4799ced
parent bcbd1b3bfa
1 changed files with 22 additions and 15 deletions
--- a/services/hydra/default.nix
+++ b/services/hydra/default.nix
@ -6,6 +6,21 @@ let
  cfg = config;

  hydraPort = 3000;
+
+  upload-to-cachix = pkgs.writeScriptBin "upload-to-cachix" ''
+    #!/bin/sh
+    set -eu
+    set -f # disable globbing
+
+    # skip push if the declarative job spec
+    OUT_END=$(echo ''${OUT_PATHS: -10})
+    if [ "$OUT_END" == "-spec.json" ]; then
+      exit 0
+    fi
+
+    export HOME=/root
+    exec ${pkgs.cachix}/bin/cachix -c ${config.sops.secrets.nix-community-cachix.path} push nix-community $OUT_PATHS > /tmp/hydra_cachix 2>&1
+  '';
 in
 {
  options.services.hydra = {
@ -27,6 +42,12 @@ in
    sops.secrets.hydra-admin-password.owner = "hydra";
    sops.secrets.hydra-users.owner = "hydra";

+    nix.extraOptions = ''
+      builders-use-substitutes = true
+      allowed-uris = https://github.com/nix-community/ https://github.com/NixOS/
+      post-build-hook = ${upload-to-cachix}/bin/upload-to-cachix
+    '';
+
    nixpkgs.config = {
      whitelistedLicenses = with lib.licenses; [
        unfreeRedistributable
@ -40,13 +61,9 @@ in

    services.hydra.package = hydra.defaultPackage.${pkgs.system};

-    sops.secrets.nix-community-cachix = {
-      owner = "hydra-queue-runner";
-      sopsFile = ../../roles/nix-community-cache.yaml;
-    };
+    sops.secrets.nix-community-cachix.sopsFile = ../../roles/nix-community-cache.yaml;
    sops.secrets.id_buildfarm = {};

-
    services.hydra = {
      enable = true;
      hydraURL = "https://hydra.nix-community.org";
@ -64,14 +81,6 @@ in
      usersFile = config.sops.secrets.hydra-users.path;
      extraConfig = ''
        max_output_size = ${builtins.toString (8 * 1024 * 1024 * 1024)}
-
-        <runcommand>
-        command = ${pkgs.writeShellScript "cachix-upload" ''
-          export PATH=${config.nix.package}/bin
-          ${pkgs.jq}/bin/jq -r '.outputs | .[] | .path' < $HYDRA_JSON | \
-            ${pkgs.cachix}/bin/cachix -c ${config.sops.secrets.nix-community-cachix.path} push nix-community
-        ''}
-        </runcommand>
      '';
    };

@ -83,8 +92,6 @@ in
      };
    };

-    nix.extraOptions = "allowed-uris = https://github.com/nix-community/ https://github.com/NixOS/";
-
    services.nginx.virtualHosts = {
      "hydra.nix-community.org" = {
        forceSSL = true;