dynamoDb (attrsOf targetType): Optional.
+ Mapping of names to multiple databases.
+ Defaults to { }.
+
targetType (submodule):
+
name (str),
+
host (str): Optional, defaults to 127.0.0.1.
+
port (str): Optional, defaults to 8022.
+
infra (str): Optional. Absolute path to the directory containing the
+ terraform infrastructure.
+
daemonMode (boolean): Optional, defaults to false.
+
data (listOf str): Optional, defaults to []. Absolute paths with json documents,
+ with the format defined for
+ BatchWriteItem.
+
dataDerivation (listOf package): Optional, defaults to [].
+ Derivations where the output ($ out), are json documents,
+ with the format defined for
+ BatchWriteItem.
+ This is useful if you want to perform transformations on your data.
When used as a Makes declaration (at makes.nix attrs):
+
+
computeOnAwsBatch: attrsOf JobType (Optional Attr)
+ Job groups to submit.
+ Defaults to { }.
+
+
When used as a makes input:
+
+
computeOnAwsBatch: JobType -> SourceAble
+ Source able batch file to send jobs to aws batch.
+
+
+Warning
+
When used as a makes input, all arguments are required
+and defaults are not available.
+However nested jobs (see nextJob argument)
+do have defaults enabled.
+
+
Types:
+
+
JobType = attrs
+
allowDuplicates: bool (Optional Attr)
+ Set to false in order to prevent submitting the job
+ if there is already a job in the queue with the same name.
+ Defaults to false.
+
attempts: positiveInt (Optional Attr)
+ If the value of attempts is greater than one,
+ the job is retried on failure the same number of attempts as the value.
+ Defaults to 1.
+
attemptDurationSeconds: positiveInt
+ The time duration in seconds
+ (measured from the job attempt's startedAt timestamp)
+ after which Batch terminates your jobs
+ if they have not finished.
+
command: listOf str
+ The command to send to the container.
+ It overrides the one specified
+ in the Batch job definition.
+ Additional arguments can be propagated when running this module output.
+
dryRun: bool (Optional Attr) (Not supported on nextJob)
+ Do not send any job. Only check the correctness of the pipeline definition.
+
definition: str
+ Name of the Batch job definition
+ that we will use as base for submitting the job.
+ In general an Batch job definition is required
+ in order to specify which container image
+ our job is going to run on.
+
environment: listOf str (Optional Attr)
+ Name of the environment variables
+ whose names and values should be copied from the machine running Makes
+ to the machine on Batch running the job.
+ Defaults to [ ].
+
includePositionalArgsInName: bool (Optional Attr).
+ Enable to make positional arguments part of the job name.
+ This is useful for identifying jobs
+ in the Batch console
+ more easily.
+ Defaults to true.
+
nextJob: attrs (Optional Attr)
+ The next job that will be executed after its parent finish.
+ You must provide a name attribute and all the required
+ attrs of JobType.
+ Defaults to { }.
+
memory: positiveInt
+ Amount of memory, in MiB that is reserved for the job.
+
parallel: positiveInt (Optional Attr)
+ Number of parallel jobs to trigger using
+ Batch Array Jobs.
+ Defaults to 1.
+
propagateTags: bool (Optional Attr)
+ Enable tags to be propagated into the ECS tasks.
+ Defaults to true.
+
queue: nullOr str
+ Name of the Batch queue we should submit the job to.
+ If null then queue is fetch from
+ the MAKES_COMPUTE_ON_AWS_BATCH_QUEUE environment variable at runtime.
+
setup: listOf SourceAble
+ Makes Environment
+ or Makes Secrets
+ to source (as in Bash's source)
+ before anything else.
+ Defaults to [ ].
+
tags: attrsOf str (Optional Attr).
+ Tags to apply to the batch job.
+ Defaults to { }.
+
vcpus: positiveInt
+ Amount of virtual CPUs that is reserved for the job.
Note that positional arguments ([ "1" "2" "3" ] in this case)
+will be appended to the end of command
+before sending the job to Batch.
+
deployContainerImage
+
Deploy a set of container images
+in OCI Format
+to the specified container registries.
+
For details on how to build container images in OCI Format
+please read the makeContainerImage reference.
+
Types:
+
+
deployContainerImage:
+
images (attrsOf imageType): Optional.
+ Definitions of container images to deploy.
+ Defaults to { }.
+
+
+
imageType (submodule):
+
attempts (ints.positive): Optional.
+ If the value of attempts is greater than one,
+ the job is retried on failure the same number of attempts as the value.
+ Defaults to 1.
+
credentials:
+
token (str):
+ Name of the environment variable
+ that stores the value of the registry token.
+
user (str):
+ Name of the environment variable
+ that stores the value of the registry user.
+
+
+
registry (str):
+ Registry in which the image will be copied to.
+
setup (listOf package): Optional.
+ Makes Environment
+ or Makes Secrets
+ to source (as in Bash's source)
+ before anything else.
+ Defaults to [ ].
+
sign (bool): Optional.
+ Sign container image
+ with Cosign
+ by using a
+ OIDC keyless approach.
+ Defaults to false.
+
src (package):
+ Derivation that contains the container image in OCI Format.
+
tag (str):
+ The tag under which the image will be stored in the registry.
$cat/path/to/some/dir/.envrc
+
+source"$(mgithub:fluidattacks/makes@main/dev/example)/template"
+
+# Now every time you enter /path/to/some/dir
+# the shell will automatically load the environment
+$cd/path/to/some/dir
+
+direnv:loading/path/to/some/dir/.envrc
+direnv:export~PATH
+
+/path/to/some/dir$hello
+
+Hello,world!
+
+# If you exit the directory, the development environment is unloaded
+/path/to/some/dir$cd..
+
+direnv:unloading
+
+/path/to/some$hello
+
+hello:commandnotfound
+
$cat/path/to/some/dir/.envrc
+
+cd/path/to/my/project
+source"$(m./dev/example)/template"
+
+# Now every time you enter /path/to/some/dir
+# the shell will automatically load the environment
+$cd/path/to/some/dir
+
+direnv:loading/path/to/some/dir/.envrc
+direnv:export~PATH
+
+/path/to/some/dir$hello
+
+Hello,world!
+
+# If you exit the directory, the development environment is unloaded
+/path/to/some/dir$cd..
+
+direnv:unloading
+
+/path/to/some$hello
+
+hello:commandnotfound
+
{
+formatTerraform={
+enable=true;
+targets=[
+"/"# Entire project
+"/main.tf"# A file
+"/terraform/module"# A directory within the project
+];
+};
+}
+
It creates a commit diff
+between you current branch
+and the main branch of the repository.
+All commits included in the diff
+are linted using Commitlint.
+
Types:
+
+
lintGitCommitMsg:
+
enable (boolean): Optional.
+ Defaults to false.
+
branch (str): Optional.
+ Name of the main branch.
+ Defaults to main.
+
config (str): Optional.
+ Path to a configuration file for Commitlint.
+ Defaults to
+ config.js.
{
+lintGitCommitMsg={
+enable=true;
+branch="my-branch-name";
+# If you want to use custom configs or parsers you can do it like this:
+# config = "/src/config/config.js";
+# parser = "/src/config/parser.js";
+};
+}
+
Calculate your remote repository Scorecard.
+This module is only
+available for GitHub projects at the moment.
+
Pre-requisites:
+
+
To run this module you need to set up a valid GITHUB_AUTH_TOKEN on your
+ target repository. You can set this up in your CI or locally to run this
+ check on your machine.
+
+
Types:
+
+
+
checks (listOf str): Optional,
+ defaults to all the checks available for Scorecard:
format (str): Optional, defaults to JSON. This is the format which
+ the scorecard will be printed. Accepted values are: "default" which is an
+ ASCII Table and JSON.
+
+
target (str): Mandatory, this is the repository url where you want to run
+ scorecard.
m./calculateScorecard
+...
+[INFO]CalculatingScorecard
+{
+"date":"2022-02-28",
+"repo":{
+"name":"github.com/fluidattacks/makes",
+"commit":"739dcdc0513c29de67406e543e1392ea194b3452"
+},
+"scorecard":{
+"version":"4.0.1",
+"commit":"c60b66bbc8b85286416d6ab9ae9324a095e66c94"
+},
+"score":5,
+"checks":[
+{
+"details":[
+"Warn: 16 commits out of 30 are checked with a SAST tool",
+"Warn: CodeQL tool not detected"
+],
+"score":5,
+"reason":"SAST tool is not run on all commits -- score normalized to 5",
+"name":"SAST",
+"documentation":{
+"url":"https://github.com/ossf/scorecard/blob/c60b66bbc8b85286416d6ab9ae9324a095e66c94/docs/checks.md#sast",
+"short":"Determines if the project uses static code analysis."
+}
+}
+],
+"metadata":null
+}
+[INFO]Aggregatescore:5
+
If you decided to go
+with a Multi-user installation
+when installing Nix,
+you will have to take additional steps
+in order to make the cache work.
+
As the Multi-user installation
+does not trust your user by default,
+you will have to add yourself
+to the trusted-users in the
+Nix Configuration File.
Managing secrets is critical for application security.
+
The following functions are secure
+and allow you to re-use secrets
+across different Makes components.
+
secretsForAwsFromEnv
+
Load AWS secrets
+from environment variables.
+
Types:
+
+
secretsForAwsFromEnv (attrsOf awsFromEnvType): Optional.
+ Defaults to { }.
+
awsFromEnvType (submodule):
+
accessKeyId (str): Optional.
+ Name of the environment variable
+ that stores the value of the AWS Access Key Id.
+ Defaults to "AWS_ACCESS_KEY_ID".
+
defaultRegion (str): Optional.
+ Name of the environment variable
+ that stores the value of the AWS Default Region.
+ Defaults to "AWS_DEFAULT_REGION" (Which defaults to "us-east-1").
+
secretAccessKey (str): Optional.
+ Name of the environment variable
+ that stores the value of the AWS Secret Access Key.
+ Defaults to "AWS_SECRET_ACCESS_KEY".
+
sessionToken (str): Optional.
+ Name of the environment variable
+ that stores the value of the AWS Session Token.
+ Defaults to "AWS_SESSION_TOKEN" (Which defaults to "").
Load GPG public or private keys
+from environment variables
+into an ephemeral key-ring.
+
Each key content must be stored
+in a environment variable
+in ASCII Armor format.
+
Types:
+
+
secretsForGpgFromEnv (attrsOf (listOf str)): Optional.
+ Mapping of name
+ to a list of environment variable names
+ where the GPG key contents are stored.
+ Defaults to { }.
Export secrets in a format suitable for Terraform
+from the given environment variables.
+
Types:
+
+
secretsForTerraformFromEnv (attrsOf (attrsOf str)): Optional.
+ Mapping of secrets group name
+ to a mapping of Terraform variable names
+ to environment variable names.
+ Defaults to { }.
/tmp/some-random-unique-dir
+├──__project__# The entire source code of your project
+│├──...
+│└──path/to/src
+...# repeat for all extraSrcs
+├──"${extraSrcName}"
+│└──"${extraSrcValue}"
+...
+
modules (attrsOf moduleType): Optional.
+ Terraform modules to switch workspace.
+ Defaults to { }.
+
+
+
moduleType (submodule):
+
setup (listOf package): Optional.
+ Makes Environment
+ or Makes Secrets
+ to source (as in Bash's source)
+ before anything else.
+ Defaults to [ ].
+
src (str):
+ Path to the Terraform module.
+
variable (str): Optional.
+ Name of the environment variable that contains
+ the name of the workspace you want to use.
+ Defaults to "".
+ When "" provided, workspace is default.
+
version (enum [ "0.14" "0.15" "1.0" ]):
+ Terraform version your module is built with.
sha256 (str):
+ SHA256 of the expected output,
+ In order to get the SHA256
+ you can omit this parameter and execute Makes,
+ Makes will tell you the correct SHA256 on failure.
Fetch a Zip (.zip) or Tape Archive (.tar) from the specified URL
+and unpack it.
+
Types:
+
+
fetchArchive (function { ... } -> package):
+
url (str):
+ URL to download.
+
sha256 (str):
+ SHA256 of the expected output,
+ In order to get the SHA256
+ you can omit this parameter and execute Makes,
+ Makes will tell you the correct SHA256 on failure.
+
stripRoot (bool): Optional.
+ Most archives have a symbolic top-level directory
+ that is discarded during unpack phase.
+ If this is not the case you can set this flag to false.
+ Defaults to true.
By default all licenses in the Nixpkgs repository are accepted.
+Options to decline individual licenses are provided below.
+
+
Types:
+
+
fetchNixpkgs (function { ... } -> anything):
+
rev (str):
+ Commit, branch or tag to fetch.
+
allowUnfree (bool): Optional.
+ Allow software that do not respect the freedom of its users.
+ Defaults to true.
+
acceptAndroidSdkLicense (bool): Optional.
+ Accept the Android SDK license.
+ Defaults to true.
+
overalys (listOf overlayType): Optional.
+ Overlays to apply to the Nixpkgs set.
+ Defaults to [ ].
+
sha256 (str):
+ SHA256 of the expected output,
+ In order to get the SHA256
+ you can omit this parameter and execute Makes,
+ Makes will tell you the correct SHA256 on failure.
sha256 (str):
+ SHA256 of the expected output,
+ In order to get the SHA256
+ you can omit this parameter and execute Makes,
+ Makes will tell you the correct SHA256 on failure.
Transform a Nix attrsOf strLike expression
+into a Bash associative array (map).
+It can be used for passing
+several arguments from Nix
+to Bash.
+You can combine with toBashArray for more complex structures.
Derivation outputs live in the /nix/store.
+Their locations in the filesystem are always in the form:
+/nix/store/hash123-name where
+hash123 is computed by hashing the derivation's inputs.
+
Derivation outputs are:
+
+
A regular file
+
A regular directory that contains arbitrary contents
+
+
For instance the derivation output for Bash is:
+/nix/store/kxj6cblcsd1qcbbxlmbswwrn89zcmgd6-bash-4.4-p23
+which contains, among other files:
bin (listOf coercibleToStr): Optional.
+ Append /bin
+ of each element in the list
+ to PATH.
+ Defaults to [ ].
+
rpath (listOf coercibleToStr): Optional.
+ Append /lib and /lib64
+ of each element in the list
+ to LD_LIBRARY_PATH.
+ Defaults to [ ].
+
source (listOf coercibleToStr): Optional.
+ Source (as in Bash's source command)
+ each element in the list.
+ Defaults to [ ].
+
+
+
+
Types specific to Crystal:
+
+
makeSearchPaths (function { ... } -> package):
+
crystalLib (listOf coercibleToStr): Optional.
+ Append /lib
+ of each element in the list
+ to CRYSTAL_LIBRARY_PATH.
+ Defaults to [ ].
+
+
+
+
Types specific to Java:
+
+
makeSearchPaths (function { ... } -> package):
+
javaClass (listOf coercibleToStr): Optional.
+ Append each element in the list
+ to CLASSPATH.
+ Defaults to [ ].
+
+
+
+
Types specific to Kubernetes:
+
+
makeSearchPaths (function { ... } -> package):
+
kubeConfig (listOf coercibleToStr): Optional.
+ Append each element in the list
+ to KUBECONFIG.
+ Defaults to [ ].
+
+
+
+
Types specific to pkg-config:
+
+
makeSearchPaths (function { ... } -> package):
+
pkgConfig (listOf coercibleToStr): Optional.
+ Append /lib/pkgconfig
+ of each element in the list
+ to PKG_CONFIG_PATH.
+ Defaults to [ ].
+
+
+
+
Types specific to OCaml:
+
+
makeSearchPaths (function { ... } -> package):
+
ocamlBin (listOf coercibleToStr): Optional.
+ Append /bin
+ of each element in the list
+ to PATH.
+ Defaults to [ ].
+
ocamlLib (listOf coercibleToStr): Optional.
+ Append /
+ of each element in the list
+ to OCAMLPATH.
+ Defaults to [ ].
+
ocamlStublib (listOf coercibleToStr): Optional.
+ Append /stublib
+ of each element in the list
+ to CAML_LD_LIBRARY_PATH.
+ Defaults to [ ]
+
+
+
+
Types specific to Python:
+
+
makeSearchPaths (function { ... } -> package):
+
pythonMypy (listOf coercibleToStr): Optional.
+ Append /
+ of each element in the list
+ to MYPYPATH.
+ Defaults to [ ].
+
pythonMypy39 (listOf coercibleToStr): Optional.
+ Append /lib/python3.9/site-packages
+ of each element in the list
+ to MYPYPATH.
+ Defaults to [ ].
+
pythonMypy310 (listOf coercibleToStr): Optional.
+ Append /lib/python3.10/site-packages
+ of each element in the list
+ to MYPYPATH.
+ Defaults to [ ].
+
pythonMypy311 (listOf coercibleToStr): Optional.
+ Append /lib/python3.11/site-packages
+ of each element in the list
+ to MYPYPATH.
+ Defaults to [ ].
+
pythonPackage (listOf coercibleToStr): Optional.
+ Append /
+ of each element in the list
+ to PYTHONPATH.
+ Defaults to [ ].
+
pythonPackage39 (listOf coercibleToStr): Optional.
+ Append /lib/python3.9/site-packages
+ of each element in the list
+ to PYTHONPATH.
+ Defaults to [ ].
+
pythonPackage310 (listOf coercibleToStr): Optional.
+ Append /lib/python3.10/site-packages
+ of each element in the list
+ to PYTHONPATH.
+ Defaults to [ ].
+
pythonPackage311 (listOf coercibleToStr): Optional.
+ Append /lib/python3.11/site-packages
+ of each element in the list
+ to PYTHONPATH.
+ Defaults to [ ].
+
+
+
+
Types specific to Node.js:
+
+
makeSearchPaths (function { ... } -> package):
+
nodeBin (listOf coercibleToStr): Optional.
+ Append /.bin
+ of each element in the list
+ to PATH.
+ Defaults to [ ].
+
nodeModule (listOf coercibleToStr): Optional.
+ Append /
+ of each element in the list
+ to NODE_PATH.
+ Defaults to [ ].
+
+
+
+
Types specific to Ruby:
+
+
makeSearchPaths (function { ... } -> package):
+
rubyBin (listOf coercibleToStr): Optional.
+ Append /bin
+ of each element in the list
+ to PATH.
+ Defaults to [ ].
+
rubyGemPath (listOf coercibleToStr): Optional.
+ Append /
+ of each element in the list
+ to GEM_PATH.
+ Defaults to [ ].
+
+
+
+
Types for non covered cases:
+
+
makeSearchPaths (function { ... } -> package):
+
+
export (listOf (tuple [ str coercibleToStr str ])): Optional.
+ Export (as in Bash's export command)
+ each tuple in the list.
+
Defaults to [ ].
+
Tuples elements are:
+
+
Name of the environment variable to export.
+
Base package to export from.
+
Relative path with respect to the package that should be appended.
{
+ makeSearchPaths,
+...
+}:
+makeSearchPaths {
+bin=[ inputs.nixpkgs.git ];
+source=[
+[./template.sh"a""b""c"]
+# add more as you need ...
+];
+export=[
+["PATH" inputs.nixpkgs.bash "/bin"]
+["CPATH" inputs.nixpkgs.glib.dev "/include/glib-2.0"]
+# add more as you need ...
+];
+}
+
External environment variables are not visible by the builder script.
+ This means you can't use secrets here.
+
Search Paths as in makeSearchPaths are completely empty.
+
The HOME environment variable is set to /homeless-shelter.
+
Only GNU coreutils commands (cat, echo, ls, ...)
+ are present by default.
+
An environment variable called out is present
+ and represents the derivation's output.
+ The derivation must produce an output,
+ may be a file, or a directory.
+
+
Convenience bash functions are exported:
+
+
echo_stderr: Like echo but to standard error.
+
debug: Like echo_stderr but with a [DEBUG] prefix.
+
info: Like echo_stderr but with a [INFO] prefix.
+
warn: Like echo_stderr but with a [WARNING] prefix.
+
error: Like echo_stderr but with a [ERROR] prefix.
+ Returns exit code 1 to signal failure.
+
critical: Like echo_stderr but with a [CRITICAL] prefix.
+ Exits immediately with exit code 1, aborting the entire execution.
+
copy: Like cp but making paths writeable after copying them.
+
+
require_env_var: errors when the specified env var is not set,
+ or set to an empty value.
Replace placeholders with the specified values
+in a file of any format.
+
Types:
+
+
makeTemplate (function { ... } -> package):
+
local (bool): Optional.
+ Should we always build locally this step?
+ Thus effectively ignoring any configured binary caches.
+ Defaults to true.
+
name (str):
+ Custom name to assign to the build step, be creative, it helps in debugging.
+
replace (attrsOf strLike): Optional.
+ Placeholders will be replaced in the script with their respective value.
+ Variable names must start with __arg, end with __
+ and have at least 6 characters long.
+ Defaults to { }.
+
template (either str package):
+ A string, file, output or package
+ in which placeholders will be replaced.
Wrap a Bash script
+that runs in a almost-isolated environment.
+
+
The file system is not isolated, the script runs in user-space.
+
External environment variables are visible by the script.
+ You can use this to propagate secrets.
+
Search Paths as in makeSearchPaths are completely empty.
+
The HOME_IMPURE environment variable is set to the user's home directory.
+
The HOME environment variable is set to a temporary directory.
+
Only GNU coreutils commands (cat, echo, ls, ...)
+ are present by default.
+
An environment variable called STATE points to a directory
+ that can be used to store the script's state (if any).
+ That state can be optionally persisted.
+ That state can be optionally shared across repositories.
+
+
Convenience bash functions are exported:
+
+
+
running_in_ci_cd_provider:
+ Detects if we are running on the CI/CD provider (gitlab/github/etc).
prompt_user_for_confirmation:
+ Warns the user about a possibly destructive action
+ that will be executed soon
+ and aborts if the user does not confirm aproppriately.
+
This function assumes a positive answer
+when running on the CI/CD provider
+because there is no human interaction.
+ - prompt_user_for_input:
+Ask the user to type information
+or optionally use a default value by pressing ENTER.
+
This function assumes the default value
+when running on the CI/CD provider
+because there is no human interaction.
entrypoint (either str package):
+ A Bash script that performs the build step.
+
name (str):
+ Custom name to assign to the build step, be creative, it helps in debugging.
+
replace (attrsOf strLike): Optional.
+ Placeholders will be replaced in the script with their respective value.
+ Variable names must start with __arg, end with __
+ and have at least 6 characters long.
+ Defaults to { }.
+
searchPaths (asIn makeSearchPaths): Optional.
+ Arguments here will be passed as-is to makeSearchPaths.
+ Defaults to makeSearchPaths's defaults.
+
persistState (bool): Optional.
+ If true, state will not be cleared before each script run.
+ Defaults to false.
+
+
globalState (bool): Optional.
+ If true, script state will be written to globalStateDir and
+ to projectStateDir otherwise.
+ Defaults to false, if projectStateDir is specified or derived.
+
+Note
+
+
It is implicitly true, if projectStateDir == globalStateDir.
+
projectStateDir == globalStateDir is the default if
+projectIdentifier is not configured.
Makes will automatically recognize as outputs all main.nix files
+under the makes/ directory in the root of the project.
+This "magic" makes/ directory can be configured via the
+extendingMakesDirs option.
+
You can create any directory structure you want.
+Output names will me mapped in an intuitive way:
+
+
+
+
main.nix position
+
Output name
+
Invocation command
+
+
+
+
+
/path/to/my/project/makes/main.nix
+
outputs."/"
+
$ m . /
+
+
+
/path/to/my/project/makes/example/main.nix
+
outputs."/example"
+
$ m . /example
+
+
+
/path/to/my/project/makes/other/example/main.nix
+
outputs."/other/example"
+
$ m . /other/example
+
+
+
+
Makes offers you a few building blocks
+for you to reuse.
Self sign certificates
+by using the openssl req command,
+then using openssl x509
+to print out the certificate
+in text form.
+
Types:
+
+
makeSslCertificate (function { ... } -> package):
+
days (ints.positive): Optional.
+ Ammount of days to certify the certificate for.
+ Defaults to 30.
+
keyType (str): Optional.
+ Defines the key type for the certificate
+ (option used for the -newkey option on the req command).
+ It uses the form rsa:nbits, where nbits is the number of bits.
+ Defaults to rsa:4096.
+
name (str):
+ Custom name to assign to the build step, be creative, it helps in debugging.
+
options (listOf (listOf str)):
+ Contains a list of options to create the certificate with your own needs.
+ Here you can use the same options used with openssl req.
Replace common shebangs
+for their Nix equivalent.
+
For example:
+
+
/bin/env xxx -> /nix/store/..-name/bin/xxx
+
/usr/bin/env xxx -> /nix/store/..-name/bin/xxx
+
/path/to/my/xxx -> /nix/store/..-name/bin/xxx
+
+
Types:
+
+
pathShebangs (package):
+ When sourced,
+ it exports a Bash function called patch_shebangs
+ into the evaluation context.
+ This function receives one or more files or directories as arguments
+ and replace shebangs of the executable files in-place.
+ Note that only shebangs that resolve to executables in the "${PATH}"
+ (a.k.a. searchPaths.bin) will be taken into account.
pythonProjectDir (path): Required.
+ Python project where both
+ pyproject.toml and poetry.lock
+ are located.
+
pythonVersion (str): Required.
+ Python version used to build the environment.
+ Supported versions are 3.9, 3.10, 3.11 and 3.12.
+
preferWheels (bool): Optional.
+ Use pre-compiled wheels from PyPI.
+ Defaults to true.
+
+
overrides (function {...} -> package): Optional.
+ Override build attributes for libraries within the environment.
+ For more information see here.
+ Defaults to (self: super: {}).
+
+Note
+
By default we override every python package deleting the
+homeless-shelter directory and changing the HOME variable,
+we make this to assure purity of builds without sandboxing.
pythonProjectDir (path): Required.
+ Python project where both
+ pyproject.toml and poetry.lock
+ are located.
+
pythonVersion (str): Required.
+ Python version used to build the environment.
+ Supported versions are 3.9, 3.10, 3.11 and 3.12.
+
preferWheels (bool): Optional.
+ Use pre-compiled wheels from PyPI.
+ Defaults to true.
+
+
overrides (function {...} -> package): Optional.
+ Override build attributes for libraries within the environment.
+ For more information see here.
+ Defaults to (self: super: {}).
+
+Note
+
By default we override every python package deleting the
+homeless-shelter directory and changing the HOME variable,
+we make this to assure purity of builds without sandboxing.
Refer to makePythonLock
+to learn how to generate a poetry.lock.
+
+
makePythonPyprojectPackage
+
Create a python package bundle using nixpkgs build functions.
+This bundle includes the package itself, some modifications
+over the tests and its python environments.
+
Types:
+
+
makePythonPyprojectPackage: Input -> Bundle
+
Input: Attrs
+
buildEnv: Attrs -> PythonEnvDerivation
+ The nixpkgs buildEnv.override function.
+ Commonly found at nixpkgs."${python_version}".buildEnv.override
+
buildPythonPackage: Attrs -> PythonPkgDerivation
+ The nixpkgs buildPythonPackage function.
+ Commonly found at nixpkgs."${python_version}".pkgs.buildPythonPackage
+
+
pkgDeps: Attrs
+ The package dependencies.
+ Usually other python packages build with nix,
+ but can be also a nix derivation of a binary.
+
+
runtime_deps: listOf Derivation
+
build_deps: listOf Derivation
+
test_deps: listOf Derivation
+
src: NixPath
+The nix path to the source code of the python package.
+i.e. not only the package itself, it should also contain
+a tests folder/module, the pyproject conf and any other meta-package
+data that the build or tests requires (e.g. custom mypy conf).
+
+
+
Bundle: Attrs
+
check: Attrs
+Builds of the package only including one test.
+
+
+
tests: Derivation
+
types: Derivation
+
env: Attrs
+
+
+
dev: PythonEnvDerivation
+ The python environment containing only
+ runtime_deps and test_deps
+
runtime: PythonEnvDerivation
+ The python environment containing only
+ the package itself and its runtime_deps.
+
pkg: PythonPkgDerivation
+The output of the nixpkgs buildPythonPackage function
+i.e. the python package
+
+
+
+
+
+
+
+
+Tip
+
The default implemented tests require mypy and pytest as test_deps.
+If you do not want the default, you can override the checkPhase
+of the package i.e. using pythonOverrideUtils or using the
+overridePythonAttrs function included on the derivation of
+nix built python packages.
Because env.runtime include the package,
+all tests are triggered when building the environment.
+If is desirable only to trigger an specific check phase,
+then use the check derivations that override this phase.
+
+
+Tip
+
To avoid performance issues use a shared cache
+system (e.g. cachix) or an override over the package
+to skip tests (unsafe way) to ensure that tests are
+executed only once (or never).
+This can also help on performance over heavy
+compilation/build processes.
+
+
makePythonVscodeSettings
+
Generate visual studio code configuration for python development.
+
Types:
+
+
makePythonVscodeSettings: Input -> SourceAble
+
Input = Attrs
+
name: str
+
env: PythonEnvDerivation
+ A python environment derivation. e.g. can be builded from nixpkgs
+ standard builders or from some env of the outputs of makePythonPyprojectPackage
+
bins: listOf Derivation
+ Derivations to include on the searchPaths.bins input
Integrating python packages built with nix can create conflicts when
+integrating various into one environment. This utils helps unifying
+the dependencies into one and only one version per package.
+
Types:
+
+
+
PythonOverride = PythonPkgDerivation -> PythonPkgDerivation
+ A functions that creates a new modified PythonPkgDerivation from the original.
+
+
+
pythonOverrideUtils: Attrs
+
+
compose: (listOf functions) -> _A -> _Z
+ Function composition, the last function on the list is the first applied.
+ For each function _R -> _S on the list, its predecessor must match
+ their domain with the range of the function i.e. _S -> _T.
+
no_check_override: PythonOverride
+ Skips the python package tests that are triggered on the build process.
+ This override is defined through recursive_python_pkg_override.
+
recursive_python_pkg_override: (Derivation -> bool) -> PythonOverride -> PythonOverride
+ Search over all the tree of sub-dependencies the derivation
+ that evaluates to true as defined by the supplied first argument
+ filter Derivation -> bool.
+ If match, the supplied PythonOverride (second arg) is applied.
+
replace_pkg: (listOf str) -> PythonPkgDerivation -> PythonOverride
+ Replace all python packages that match the supplied list of names,
+ with the supplied python package.
+ The returned override is defined through recursive_python_pkg_override
name (str):
+ Custom name to assign to the build step, be creative, it helps in debugging.
+
ruby (enum [ "3.1" "3.2" "3.3" ]):
+ Version of the Ruby interpreter.
+
searchPathsBuild (asIn makeSearchPaths): Optional.
+ Arguments here will be passed as-is to makeSearchPaths
+ and used while installing gems.
+ Defaults to makeSearchPaths's defaults.
+
searchPathsRuntime (asIn makeSearchPaths): Optional.
+ Arguments here will be passed as-is to makeSearchPaths
+ and propagated to the runtime environment.
+ Defaults to makeSearchPaths's defaults.
+
sourcesYaml (package):
+ sources.yaml file
+ computed as explained in the pre-requisites section.