+56 -2

.tangled/workflows/build.yml

reviewed

··· 231 231 # We resolve $(pwd) to get the absolute workspace path. 232 232 WORKSPACE="$(pwd)" 233 233 234 234 + # In a Nixery container, <nixpkgs> is NOT on NIX_PATH by default. 235 235 + # We need to discover the nixpkgs path from the Nix store. 236 236 + # Nixery builds images from a pinned nixpkgs checkout that lives in 237 237 + # the store. We find it by tracing any installed package back to its 238 238 + # nixpkgs source. 239 239 + echo "=== Discovering nixpkgs path ===" 240 240 + NIXPKGS_PATH="" 241 241 + 242 242 + # Method 1: Check if NIX_PATH is already set and valid 243 243 + if [ -n "${NIX_PATH:-}" ]; then 244 244 + echo "NIX_PATH is set: ${NIX_PATH}" 245 245 + NIXPKGS_PATH=$(echo "$NIX_PATH" | tr ':' '\n' | grep 'nixpkgs=' | head -1 | sed 's/nixpkgs=//') 246 246 + fi 247 247 + 248 248 + # Method 2: Find nixpkgs in the Nix store via a known package derivation 249 249 + if [ -z "$NIXPKGS_PATH" ] || [ ! -d "$NIXPKGS_PATH" ]; then 250 250 + echo "Searching Nix store for nixpkgs source..." 251 251 + # nix-instantiate --find-file resolves <nixpkgs> but only if NIX_PATH is set. 252 252 + # Instead, find the nixpkgs checkout that Nixery used by looking at 253 253 + # the .drv files for a package we know is installed (coreutils). 254 254 + NIXPKGS_PATH=$(find /nix/store -maxdepth 1 -name '*-nixpkgs-src' -type d 2>/dev/null | head -1) 255 255 + fi 256 256 + 257 257 + # Method 3: Look for a channel-style nixpkgs directory 258 258 + if [ -z "$NIXPKGS_PATH" ] || [ ! -d "$NIXPKGS_PATH" ]; then 259 259 + NIXPKGS_PATH=$(find /nix/store -maxdepth 1 -name '*-nixos-*' -type d 2>/dev/null | grep -v '\.drv$' | head -1) 260 260 + fi 261 261 + 262 262 + # Method 4: Find any path containing a top-level pkgs/top-level/all-packages.nix 263 263 + if [ -z "$NIXPKGS_PATH" ] || [ ! -d "$NIXPKGS_PATH" ]; then 264 264 + NIXPKGS_PATH=$(find /nix/store -maxdepth 3 -path '*/pkgs/top-level/all-packages.nix' 2>/dev/null | head -1 | sed 's|/pkgs/top-level/all-packages.nix||') 265 265 + fi 266 266 + 267 267 + # Method 5: Use nix-instantiate --eval to locate nixpkgs from the registry 268 268 + if [ -z "$NIXPKGS_PATH" ] || [ ! -d "$NIXPKGS_PATH" ]; then 269 269 + echo "Trying nix-instantiate with flake registry..." 270 270 + NIXPKGS_PATH=$(nix-instantiate --eval -E 'builtins.fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz"; }' 2>/dev/null | tr -d '"') || true 271 271 + fi 272 272 + 273 273 + if [ -z "$NIXPKGS_PATH" ] || [ ! -d "$NIXPKGS_PATH" ]; then 274 274 + echo "ERROR: Could not discover nixpkgs in the Nix store." 275 275 + echo "Contents of /nix/store (first 30 entries):" 276 276 + ls /nix/store | head -30 277 277 + echo "" 278 278 + echo "Attempting build with -I nixpkgs=channel:nixos-unstable as fallback..." 279 279 + NIXPKGS_FLAG="-I nixpkgs=channel:nixos-unstable" 280 280 + PKG_ARG="import <nixpkgs> {}" 281 281 + else 282 282 + echo "Found nixpkgs at: ${NIXPKGS_PATH}" 283 283 + NIXPKGS_FLAG="" 284 284 + PKG_ARG="import ${NIXPKGS_PATH} {}" 285 285 + fi 286 286 + 234 287 nix-build nix/docker-image.nix \ 235 235 - --arg pkgs 'import <nixpkgs> {}' \ 288 288 + --arg pkgs "$PKG_ARG" \ 236 289 --argstr appVersion "${SHORT_SHA}" \ 237 290 --arg venvPath "${WORKSPACE}/.venv" \ 238 291 --arg appSrc "${WORKSPACE}" \ 239 292 --out-link result \ 240 293 --show-trace \ 241 241 - --option sandbox false 294 294 + --option sandbox false \ 295 295 + ${NIXPKGS_FLAG} 242 296 243 297 echo "" 244 298 echo "=== Build complete ==="

+7 -1

care/CLAUDE.md

reviewed

··· 428 428 - Flake is pinned to `nixos-unstable` (rev `5e2a59a5b1a82f89f2c7e598302a9cacebb72a67`) 429 429 - Python 3.13 is available in this channel 430 430 - All packages referenced in the dev shell are available 431 431 - - In CI, `nix-build` uses `<nixpkgs>` from the Nixery environment (which also uses nixpkgs) 431 431 + - In CI (Nixery), `<nixpkgs>` is **NOT** on `NIX_PATH` — the `nix-build` step must 432 432 + discover the nixpkgs store path at runtime and pass it as an absolute path via 433 433 + `--arg pkgs 'import /nix/store/…-source {}'`. The build step uses a multi-method 434 434 + discovery sequence (check `NIX_PATH`, search for `*-nixpkgs-src`, search for 435 435 + `*-nixos-*`, locate `pkgs/top-level/all-packages.nix`, and finally fall back to 436 436 + `-I nixpkgs=channel:nixos-unstable`). Using the bare `import <nixpkgs> {}` form 437 437 + will fail with `error: file 'nixpkgs' was not found in the Nix search path`. 432 438 433 439 --- 434 440