I’m trying to wrap my head around where I should put the logic to inject authentication to fetch gems from my company’s private gemserver. All the developer machines I manage have credentials written in a file at ~/.bundle/config
, which looks like:
---
BUNDLE_PACKAGES__SHOPIFY__IO: 1234hexencodedtoken123412341234
...
The key in this file corresponds to the hostname ‘packages.shopify.io’, and is identical to the environment variable name that would override this setting—this is just how bundler works.
Right now, I’ve already taught bundix how to prefetch private gems, but it writes out a gemset.nix
that nix is still incapable of fetching later on. I’ve hacked together a solution for this but I don’t think it’s a very good one and I’d like feedback on how I could do this better, or what the best practice would be.
My modified gemset.nix
is:
let
hostnameFromURL = url: # String -> String
builtins.elemAt (
builtins.match "https?://([^/]+)/.*" url # [ "packages.shopify.io" ]
) 0; # "packages.shopify.io"
bundlerVarFromHostname = hostname: # String -> String
with import <nixpkgs> { }; "BUNDLE_" + lib.toUpper (
builtins.replaceStrings ["."] ["__"] hostname # "packages__shopify__io"
); # "BUNDLE_PACKAGES__SHOPIFY__IO"
lookUpBundlerConfig = var: # String -> String
if builtins.getEnv var != ""
then builtins.getEnv var
else builtins.elemAt (
builtins.match ".*\n${var}: ([^\n]+)\n.*" (
builtins.readFile ((builtins.getEnv "HOME") + "/.bundle/config")
)
) 0;
injectAuth = url: # String -> String
let
hostname = hostnameFromURL url;
var = bundlerVarFromHostname hostname;
token = lookUpBundlerConfig var;
in
builtins.replaceStrings ["://"] ["://${token}@"] url;
in
{
abc = {
dependencies = ["def"];
groups = ["development" "test"];
platforms = [];
source = {
remotes = [(injectAuth "https://packages.shopify.io/shopify/gems")];
sha256 = "0000000000000000000000000000000000000000000000000001";
type = "gem";
};
version = "0.0.1";
};
}
I originally posted this with a different version of the code, which still exists at: Fetching private gems using bundler's credentials · Issue #61 · nix-community/bundix · GitHub