I’m porting a project at work to flakes, but only near the end did I realize that there was one package left that’s “very impure”: it uses leiningen and nodejs in the buildPhase. While this builds just fine with --no-sandbox, it’s also built in our client’s CI where there are HTTP_PROXY variables set that need to be known during the buildPhase.
So right now we build it like this:
nix-build --no-sandbox \
--argstr httpProxy "$HTTP_PROXY" \
--argstr httpsProxy "$HTTPS_PROXY" \
--argstr noProxy "$NO_PROXY" \
the_directory
the_directory/default.nix looks roughly like this:
{ pkgs ? import ../nix/pkgs.nix {}, httpProxy ? ""
, httpsProxy ? "", noProxy ? "" }:
pkgs.stdenv.mkDerivation {
...
http_proxy = "${httpProxy}";
HTTP_PROXY = "${httpProxy}";
https_proxy = "${httpsProxy}";
HTTPS_PROXY = "${httpsProxy}";
no_proxy = "${noProxy}";
NO_PROXY = "${noProxy}";
buildInputs = [ pkgs.leiningen pkgs.nodejs ];
buildPhase = ''
...
# These need the proxy settings to download their stuff
npm install
lein deps
lein release
...
'';
...
}
Now with flakes this doesn’t seem possible, as --arg and --argstr are prohibited.
If I knew the values of these environment variables (and if they didn’t change often) I could probably replace the input arguments with a .env file, having separate flake outputs for “with proxy variables” and “without proxy variables”, and then using nix build --no-sandbox .#theRespectiveOutput in CI.
Any ideas or things I might have overlooked here to make this special derivation work with flakes? Or even how to reference the result of an old-style nix-build output in my flake (because the result of this build is then used in another output that wraps a docker image around it with dockerTools).
[If there is no way to make this work with flakes, then I think I could live with using the old-style build for these two packages, but I’d have to somehow “get the pkgs from the flake”. Is this possible?]