I’d like to build a new docker image when a new commit is pushed to my repository and there is a change to the nix expression from previous build.
I’m planning to use docker image as an efficient way to cache shell.nix for CI environment.
Using pre-built binary from official binary cache server solves half of the problem. nix-shell still needs to fetch those packages from the Internet to run. I want to avoid relying on internet connection when possible to reduce possible failure points. Due to how nix works, nix-shell fetches build-time packages even when binary cache is available, making cold start even slower.
So I’d like to cache packages excluding build-time one, but how could this be done?
First solution I came up with is packaging all tools written in shell.nix as a docker image, and use that on CI.
With that, docker image is reused as long as the same CI runner is available. I’m on AWS, so I could also set up lifecycle rules to discard older images. If runners are running on ECS or Kubernetes, older images also get discarded automatically on each machine.
I don’t want to version the image manually (increment version number every time nix expression changes), so being able to generate docker image tag from resulting nix expression would be nice.
I’m not sure the same thing could be done without docker. There are some tools that runs nix-shell with cached packages, could those tools run on CI? Probably I still need to generate unique id to be used as a cache key.