Merge pull request #146398 from hercules-ci/hercules-ci-agent-update-0.8.4

hercules-ci-agent: 0.8.3 -> 0.8.4
2021-11-20 01:11:17 +01:00 · 2021-11-20 01:11:17 +01:00 · 2a1b1189ef
parent f7f2ce6f9e 3a98abe8bd
commit 2a1b1189ef
3 changed files with 75 additions and 20 deletions
--- a/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix
+++ b/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix
@ -1,10 +1,10 @@
 /*

-This file is for options that NixOS and nix-darwin have in common.
+  This file is for options that NixOS and nix-darwin have in common.

-Platform-specific code is in the respective default.nix files.
+  Platform-specific code is in the respective default.nix files.

- */
+*/

 { config, lib, options, pkgs, ... }:
 let
@ -27,6 +27,16 @@ let
  settingsModule = { config, ... }: {
    freeformType = format.type;
    options = {
+      apiBaseUrl = mkOption {
+        description = ''
+          API base URL that the agent will connect to.
+
+          When using Hercules CI Enterprise, set this to the URL where your
+          Hercules CI server is reachable.
+        '';
+        type = types.str;
+        default = "https://hercules-ci.com";
+      };
      baseDirectory = mkOption {
        type = types.path;
        default = "/var/lib/hercules-ci-agent";
@ -55,6 +65,25 @@ let
        type = types.either types.ints.positive (types.enum [ "auto" ]);
        default = "auto";
      };
+      labels = mkOption {
+        description = ''
+          A key-value map of user data.
+
+          This data will be available to organization members in the dashboard and API.
+
+          The values can be of any TOML type that corresponds to a JSON type, but arrays
+          can not contain tables/objects due to limitations of the TOML library. Values
+          involving arrays of non-primitive types may not be representable currently.
+        '';
+        type = format.type;
+        defaultText = literalExpression ''
+          {
+            agent.source = "..."; # One of "nixpkgs", "flake", "override"
+            lib.version = "...";
+            pkgs.version = "...";
+          }
+        '';
+      };
      workDirectory = mkOption {
        description = ''
          The directory in which temporary subdirectories are created for task state. This includes sources for Nix evaluation.
@ -66,6 +95,8 @@ let
      staticSecretsDirectory = mkOption {
        description = ''
          This is the default directory to look for statically configured secrets like <literal>cluster-join-token.key</literal>.
+
+          See also <literal>clusterJoinTokenPath</literal> and <literal>binaryCachesPath</literal> for fine-grained configuration.
        '';
        type = types.path;
        default = config.baseDirectory + "/secrets";
@ -74,24 +105,48 @@ let
      clusterJoinTokenPath = mkOption {
        description = ''
          Location of the cluster-join-token.key file.
+
+          You can retrieve the contents of the file when creating a new agent via
+          <link xlink:href="https://hercules-ci.com/dashboard">https://hercules-ci.com/dashboard</link>.
+
+          As this value is confidential, it should not be in the store, but
+          installed using other means, such as agenix, NixOps
+          <literal>deployment.keys</literal>, or manual installation.
+
+          The contents of the file are used for authentication between the agent and the API.
        '';
        type = types.path;
        default = config.staticSecretsDirectory + "/cluster-join-token.key";
        defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"'';
-        # internal: It's a bit too detailed to show by default in the docs,
-        # but useful to define explicitly to allow reuse by other modules.
-        internal = true;
      };
      binaryCachesPath = mkOption {
        description = ''
-          Location of the binary-caches.json file.
+          Path to a JSON file containing binary cache secret keys.
+
+          As these values are confidential, they should not be in the store, but
+          copied over using other means, such as agenix, NixOps
+          <literal>deployment.keys</literal>, or manual installation.
+
+          The format is described on <link xlink:href="https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/">https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/</link>.
        '';
        type = types.path;
        default = config.staticSecretsDirectory + "/binary-caches.json";
        defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"'';
-        # internal: It's a bit too detailed to show by default in the docs,
-        # but useful to define explicitly to allow reuse by other modules.
-        internal = true;
+      };
+      secretsJsonPath = mkOption {
+        description = ''
+          Path to a JSON file containing secrets for effects.
+
+          As these values are confidential, they should not be in the store, but
+          copied over using other means, such as agenix, NixOps
+          <literal>deployment.keys</literal>, or manual installation.
+
+          The format is described on <link xlink:href="https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/">https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/</link>.
+
+        '';
+        type = types.path;
+        default = config.staticSecretsDirectory + "/secrets.json";
+        defaultText = literalExpression ''staticSecretsDirectory + "/secrets.json"'';
      };
    };
  };
@ -177,7 +232,7 @@ in

      These are written as options instead of let binding to allow sharing with
      default.nix on both NixOS and nix-darwin.
-     */
+    */
    tomlFile = mkOption {
      type = types.path;
      internal = true;
--- a/nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix
+++ b/nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix
@ -1,10 +1,10 @@
 /*

-This file is for NixOS-specific options and configs.
+  This file is for NixOS-specific options and configs.

-Code that is shared with nix-darwin goes in common.nix.
+  Code that is shared with nix-darwin goes in common.nix.

- */
+*/

 { pkgs, config, lib, ... }:
 let
--- a/pkgs/development/haskell-modules/hackage-packages.nix
+++ b/pkgs/development/haskell-modules/hackage-packages.nix
@ -128820,8 +128820,8 @@ self: {
     }:
     mkDerivation {
       pname = "hercules-ci-agent";
-       version = "0.8.3";
-       sha256 = "0gwbks6yrjjrys39043wdyx1v0fg8ailv3149b2xi4d49p4jin40";
+       version = "0.8.4";
+       sha256 = "1w93027i5kddn1rj5dgnmvgsadfv3s6ziyga4k3mp094wx2g6syy";
       isLibrary = true;
       isExecutable = true;
       libraryHaskellDepends = [
@ -128959,8 +128959,8 @@ self: {
     }:
     mkDerivation {
       pname = "hercules-ci-cli";
-       version = "0.2.3";
-       sha256 = "10scykaf8kadvgvc5pxjdyn8zvxqmp5gkdy0n82p4mmf2chmdzqz";
+       version = "0.2.4";
+       sha256 = "0imx1srpi518616jif62l542qpw2wcfiq5a622rg5w76k2vz0hpl";
       isLibrary = true;
       isExecutable = true;
       libraryHaskellDepends = [
@ -129016,8 +129016,8 @@ self: {
     }:
     mkDerivation {
       pname = "hercules-ci-cnix-store";
-       version = "0.2.1.0";
-       sha256 = "18165kwcklp6hg9sh5rmqprnc0ixiq8l9w4y87c9m54dbpwdp4na";
+       version = "0.2.1.1";
+       sha256 = "0cxir973y3hkm34ci7hc5zsp94s31nnrlkgspwwdd2rakyf4525i";
       libraryHaskellDepends = [
         base bytestring conduit containers inline-c inline-c-cpp protolude
         template-haskell unix unliftio-core vector