Refactor so `src` is a direct `fetchgit` (instead of a wrapper drv), and
move the package.json engine-strip into a `frontendSrc` derivation that
only fetchPnpmDeps sees. nix-update needs to introspect `src.url` and
`src.rev`; the previous wrapper hid them.
Expose `frontend.pnpmDeps` via passthru so nix-update finds the third
hash. Now `just gitea-update` does the full cycle:
1. git ls-remote → latest commit on feat/projects-api
2. set src.hash / pnpmDeps.hash / goModules.vendorHash to fakeHash
3. nix-build each to capture real hashes
4. nom build the package for final verification
nix-update rewrites version to nixpkgs `<tag>-unstable-<date>` style. Lose
the descriptive "-projects-api" suffix in the version, but pname is
unchanged so store paths still read `gitea-projects-api-*`.
Builds oleks/gitea feat/projects-api (Gitea 1.27.0-dev + Projects REST API)
as `nix build .#gitea-projects-api`. Exposes `out` (binary) and `data`
(templates, options, frontend bundle, locale files) matching the layout
nixpkgs' `services.gitea` module expects.
Notes:
- Pins Go 1.26.3 (built from upstream src) because the fork's go.mod
requires it, while pinned nixpkgs only has 1.26.0.
- Patches package.json to drop engines.pnpm before fetchPnpmDeps runs:
gitea wants pnpm >= 11, but nixpkgs only packages pnpm 10. The
pnpm-lock.yaml is v9 (forward-compatible) so pnpm 10 produces the
same install closure.
- Platforms: x86_64-linux, aarch64-linux (skipped on s390x cross since
the frontend pnpm step has no s390x toolchain).
Pipeline #41 died with exit 127 on `free -h` — procps isn't in the
nix-ci image. New info() helper runs the command and ignores the exit
code, so missing tools no longer abort the build. Also switched to
/proc/meminfo since it's always available on Linux.
google-antigravity pulls in google-chrome, which transitively builds
liberation-fonts; fontforge segfaults while generating the .ttf files
(pipeline #40). Package definitions stay in the flake for local
builds — re-enable in CI once upstream fontforge is fixed.
setup.sh now traces each command (set -ex) so /etc/hosts, nix.conf,
and netrc setup are visible in pipeline logs.
build.py replaces capture() with a streaming build() helper for
nix builds: stderr is inherited (live --print-build-logs output)
while stdout is captured for the out path. Also dumps nix version,
uname, disk, and memory at the start so failures have context.
s390x had no dedicated builder and ran as a cross-compile pinned to
amd64 via nodeSelector, colliding with the x86_64-linux step on the
same node — Woodpecker's k8s backend couldn't create the per-step
secret twice and the workflow failed with either "secrets already
exists" or "Canceled". Disable until a real s390x builder is wired up.
Step names now match the kubernetes.io/arch label they target; the
ci/build.py argument keeps the Nix system tuple (x86_64-linux,
aarch64-linux).
- packages/xontribs.nix: xontrib-prompt-starship, -broot, -term-integrations
wheels for use with `programs.xonsh.extraPackages` (or xonsh.override)
- packages/hyprspace.nix + hyprspace flake input (flake=false): rebuild
plugin against the consumer's hyprland; exposed via overlays.hyprspace
- overlays/gcc15-fixes.nix: hotdoc/kitty/libsecret/xdg-desktop-portal/afdko
workarounds so fleet nodes on the same pin can opt in with one line
- flake.nix: lift overlays out of eachSystem to the root (overlays.default
was previously nested per-system, which doesn't match flake schema)
- packages/xontribs.nix: xontrib-prompt-starship, -broot, -term-integrations
wheels for use with `programs.xonsh.extraPackages` (or xonsh.override)
- packages/hyprspace.nix + hyprspace flake input (flake=false): rebuild
plugin against the consumer's hyprland; exposed via overlays.hyprspace
- overlays/gcc15-fixes.nix: hotdoc/kitty/libsecret/xdg-desktop-portal/afdko
workarounds so fleet nodes on the same pin can opt in with one line
- flake.nix: lift overlays out of eachSystem to the root (overlays.default
was previously nested per-system, which doesn't match flake schema)
Move attic-client s390x cross-compilation from building/s390x/attic-client-s390x
and geesefs from building/s390x/geesefs-s390x into flake-hub. Replace ci/build.sh
with ci/build.xsh. All packages now built and pushed to attic via the existing
Woodpecker pipeline on push to main.
Use fetchFromGitHub with tag = version so the version string and
source are inherently linked via rec. Adds .woodpecker.yaml to
build all flake packages on tag push.
Oleks
oleks