feat: Enable allowUnfree for Terraform versions >= 1.6 (#72)

BREAKING CHANGE: Change `nixpkgs-unstable` config to allow unfree packages
stackbuilders · May 9, 2024 · 4f09d5a · 4f09d5a
1 parent 1430810
commit 4f09d5a
Show file tree

Hide file tree

Showing 12 changed files with 188 additions and 61 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -52,21 +52,27 @@ jobs:
         run: |
           if grep -q authToken ~/.config/cachix/cachix.dhall; then
             echo "Cachix token is present"
-            cachix watch-exec nixpkgs-terraform nix -- flake check --impure
+            cachix watch-exec nixpkgs-terraform nix -- flake check
           else
             echo "Cachix token is not present"
-            nix flake check --impure
+            nix flake check
           fi
-        env:
-          NIXPKGS_ALLOW_UNFREE: 1
 
   template:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     needs: [build]
     strategy:
       matrix:
-        template: [default, devenv, terranix]
+        template:
+          - name: config
+            test: nix flake metadata
+          - name: default
+            test: nix develop --accept-flake-config --impure -c terraform --version
+          - name: devenv
+            test: nix develop --accept-flake-config --impure -c terraform --version
+          - name: terranix
+            test: nix develop --accept-flake-config --impure -c terraform --version
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -78,10 +84,8 @@ jobs:
         run: echo "tmpdir=$(mktemp -d)" >> "$GITHUB_OUTPUT"
         id: mktemp
       - name: Scaffold a new project
-        run: nix flake init -t ${{ github.workspace }}#${{ matrix.template }}
+        run: nix flake init -t ${{ github.workspace }}#${{ matrix.template.name }}
         working-directory: ${{ steps.mktemp.outputs.tmpdir }}
-      - name: Run smoke test
-        run: nix develop --accept-flake-config --impure -c terraform --version
+      - name: Run test
+        run: ${{ matrix.template.test }}
         working-directory: ${{ steps.mktemp.outputs.tmpdir }}
-        env:
-          NIXPKGS_ALLOW_UNFREE: 1
diff --git a/README.md b/README.md
@@ -9,10 +9,15 @@
 [![flakestry.dev](https://flakestry.dev/api/badge/flake/github/stackbuilders/nixpkgs-terraform)](https://flakestry.dev/flake/github/stackbuilders/nixpkgs-terraform/)
 
 This [flake](https://nixos.wiki/wiki/Flakes) exposes a collection of Terraform
-[versions](versions.json) as Nix packages, starting with version 1.0.0. The
+[versions](versions.json) as Nix packages, starting with version `1.0.0`. The
 packages provided can be used for creating reproducible development
 environments using a [nix-shell] or [devenv](https://devenv.sh).
 
+**Note:** Starting with version `4.0`, this project enables `allowUnfree` by
+default in order to build Terraform versions with a [BSL
+license][license-change]; however, this flag can be disabled via a
+configuration flake; see [here](templates/config) for more details.
+
 ## How it works
 
 This flake provides a set of Terraform versions in the form of:
@@ -123,10 +128,9 @@ command:
 env NIXPKGS_ALLOW_UNFREE=1 nix develop --impure
 ```
 
-**Note:** Due to Hashicorp’s most recent [license
-change](https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license),
-the `NIXPKGS_ALLOW_UNFREE` flag is required for Terraform versions `>= 1.6.0`,
-`nix develop` should work out of the box for older versions.
+**Note:** Due to Hashicorp’s most recent [license change][license-change] the
+`NIXPKGS_ALLOW_UNFREE` flag is required for Terraform versions `>= 1.6.0`, `nix
+develop` should work out of the box for older versions.
 
 ### Templates
 
@@ -178,5 +182,6 @@ alt="Stack Builders" width="50%"></img>
 [Check out our libraries](https://github.com/stackbuilders/) | [Join our
 team](https://www.stackbuilders.com/join-us/)
 
+[license-change]: https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license
 [nix-shell]: https://nixos.wiki/wiki/Development_environment_with_nix-shell
 [semantic-release]: https://semantic-release.gitbook.io/semantic-release/
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -2,56 +2,85 @@
   description = "A collection of Terraform versions that are automatically updated";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
+    # TODO: change config input after merging PR
+    # config.url = "github:stackbuilders/nixpkgs-terraform?dir=templates/config";
+    config.url = "github:stackbuilders/nixpkgs-terraform/poc_allow_unfree?dir=templates/config";
+    flake-parts.url = "github:hercules-ci/flake-parts";
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
-
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
     systems.url = "github:nix-systems/default";
-    flake-parts.url = "github:hercules-ci/flake-parts";
   };
 
-  outputs = { self, flake-parts, ... }@inputs: flake-parts.lib.mkFlake { inherit inputs; } {
-    imports = [
-      inputs.flake-parts.flakeModules.easyOverlay
-    ];
-    systems = import inputs.systems;
-
-    perSystem = { config, pkgs, pkgs-unstable, system, ... }: {
-      _module.args = {
-        pkgs-unstable = inputs.nixpkgs-unstable.legacyPackages.${system};
-      };
+  outputs = inputs@{ self, ... }: inputs.flake-parts.lib.mkFlake
+    { inherit inputs; }
+    {
+      imports = [
+        inputs.flake-parts.flakeModules.easyOverlay
+      ];
 
-      checks = config.packages;
+      systems = import inputs.systems;
 
-      packages =
+      perSystem = { config, pkgs, pkgs-unstable, system, ... }:
         let
-          versions = builtins.fromJSON (builtins.readFile ./versions.json);
-          releases = import ./lib/releases.nix { inherit pkgs pkgs-unstable; custom-lib = self.lib; releases = versions.releases; };
-          latestVersions = builtins.mapAttrs (_cycle: version: releases.${version}) versions.latest;
+          flakeConfig = import inputs.config;
         in
-        releases // latestVersions;
+        {
+          _module.args = {
+            pkgs-unstable = import inputs.nixpkgs-unstable {
+              inherit system;
+              config = flakeConfig.nixpkgs-unstable;
+            };
+          };
 
-      overlayAttrs = {
-        terraform-versions = config.packages;
-      };
-    };
+          checks = config.packages;
 
-    flake = {
-      templates = {
-        default = {
-          description = "Simple nix-shell with Terraform installed via nixpkgs-terraform";
-          path = ./templates/default;
-        };
-        devenv = {
-          description = "Using nixpkgs-terraform with devenv";
-          path = ./templates/devenv;
+          packages =
+            let
+              filteredVersions =
+                let
+                  versions = builtins.fromJSON (builtins.readFile ./versions.json);
+                  allowUnfree = flakeConfig.nixpkgs-unstable.allowUnfree;
+                  versionLessThan1_6 = version: builtins.compareVersions version "1.6.0" < 0;
+                in
+                {
+                  releases = pkgs.lib.filterAttrs (version: _: allowUnfree || versionLessThan1_6 version) versions.releases;
+                  latest = pkgs.lib.filterAttrs (_: version: allowUnfree || versionLessThan1_6 version) versions.latest;
+                };
+              releases = import ./lib/releases.nix {
+                inherit pkgs pkgs-unstable; custom-lib = self.lib;
+                releases = filteredVersions.releases;
+                silenceWarnings = flakeConfig.nixpkgs-terraform.silenceWarnings;
+              };
+              latestVersions = builtins.mapAttrs (_cycle: version: releases.${version}) filteredVersions.latest;
+            in
+            releases // latestVersions;
+
+          overlayAttrs = {
+            terraform-versions = config.packages;
+          };
         };
-        terranix = {
-          description = "Using nixpkgs-terraform with terranix";
-          path = ./templates/terranix;
+
+      flake = {
+        templates = {
+          config = {
+            description = "Template use to override nixpkgs-terraform default configuration";
+            path = ./templates/config;
+          };
+          default = {
+            description = "Simple nix-shell with Terraform installed via nixpkgs-terraform";
+            path = ./templates/default;
+          };
+          devenv = {
+            description = "Using nixpkgs-terraform with devenv";
+            path = ./templates/devenv;
+          };
+          terranix = {
+            description = "Using nixpkgs-terraform with terranix";
+            path = ./templates/terranix;
+          };
         };
-      };
 
-      lib = import ./lib;
+        lib = import ./lib;
+      };
     };
-  };
 }
diff --git a/lib/build-terraform.nix b/lib/build-terraform.nix
@@ -1,9 +1,10 @@
-{ pkgs, pkgs-unstable, version, hash, vendorHash }:
+{ pkgs, pkgs-unstable, version, hash, vendorHash, silenceWarnings ? false }:
 # https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license
 if builtins.compareVersions version "1.6.0" >= 0
 then
 # https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/applications/networking/cluster/terraform/default.nix
-  (pkgs-unstable.mkTerraform {
+  (pkgs.lib.warnIf (! silenceWarnings) ("allowUnfree is enabled to build version " + version) pkgs-unstable.mkTerraform
+  {
     inherit version hash vendorHash;
     patches = [ ../patches/provider-path-0_15.patch ];
   })

diff --git a/lib/releases.nix b/lib/releases.nix
@@ -1,6 +1,6 @@
-{ custom-lib, pkgs, pkgs-unstable, releases }:
+{ custom-lib, pkgs, pkgs-unstable, releases, silenceWarnings }:
 builtins.mapAttrs
   (version: { hash, vendorHash }: custom-lib.buildTerraform {
-    inherit pkgs pkgs-unstable version hash vendorHash;
+    inherit pkgs pkgs-unstable version hash vendorHash silenceWarnings;
   })
   releases
diff --git a/templates/config/README.md b/templates/config/README.md
@@ -0,0 +1,61 @@
+# nixpkgs-terraform - config
+
+This flake stores the default configuration for `nixpkgs-terraform`.
+
+## Usage
+
+To override the default configuration, create a new flake project and follow
+the steps described below:
+
+Create an empty directory:
+
+```sh
+mkdir config
+```
+
+Scaffold a new flake project using the `config` template:
+
+```sh
+cd config
+nix flake init -t github:stackbuilders/nixpkgs-terraform#config
+```
+
+After modifying the default configuration in the `default.nix` file, create a
+new input for the configuration flake and override the `config` input for
+`nixpkgs-terraform` as follows:
+
+```nix
+inputs = {
+  nixpkgs-terraform-config.url = "./config";
+  nixpkgs-terraform.url = "github:stackbuilders/nixpkgs-terraform";
+  nixpkgs-terraform.inputs.config.follows = "nixpkgs-terraform-config";
+};
+```
+
+The relative path `./config` provided in the example above could be replaced
+with a full path or a git URL; look at the [URL-like
+syntax](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#url-like-syntax)
+for more details.
+
+## Overview
+
+The following section provides an overview of all the available options
+supported by `nixpkgs-terraform`.
+
+### `nixpkgs-unstable.allowUnfree` (default `true`)
+
+Control whether Terraform versions after the [HashiCorp license
+change](https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license)
+are available or not; if set to `true`, all free and non-free versions are
+available; otherwise, only free versions are available.
+
+### `nixpkgs-terraform.silenceWarnings` (default `true`)
+
+Starting with version `4.0`, the flag `allowUnfree` is enabled by default; to
+notify users of this change, a warning message is printed whenever a non-free
+package is evaluated. If set to `true`, the warning message is silence.
+
+## References
+
+This configuration flake has the same structure as
+[nix-systems/default](https://github.com/nix-systems/default).
diff --git a/templates/config/default.nix b/templates/config/default.nix
@@ -0,0 +1,4 @@
+{
+  nixpkgs-unstable.allowUnfree = true;
+  nixpkgs-terraform.silenceWarnings = false;
+}
diff --git a/templates/config/flake.nix b/templates/config/flake.nix
@@ -0,0 +1,5 @@
+{
+  description = "Template use to override nixpkgs-terraform default configuration";
+
+  outputs = _: { };
+}
diff --git a/templates/default/flake.nix b/templates/default/flake.nix
@@ -19,7 +19,7 @@
         (system:
           let
             pkgs = nixpkgs.legacyPackages.${system};
-            terraform = nixpkgs-terraform.packages.${system}."1.7.4";
+            terraform = nixpkgs-terraform.packages.${system}."1.8.1";
           in
           {
             default = pkgs.mkShell {

diff --git a/templates/devenv/flake.nix b/templates/devenv/flake.nix
@@ -20,15 +20,14 @@
         (system:
           let
             pkgs = nixpkgs.legacyPackages.${system};
-            terraform = nixpkgs-terraform.packages.${system}."1.7.4";
           in
           {
             default = devenv.lib.mkShell {
               inherit inputs pkgs;
               modules = [
                 ({ pkgs, config, ... }: {
                   languages.terraform.enable = true;
-                  languages.terraform.package = terraform;
+                  languages.terraform.version = "1.8.1";
                 })
               ];
             };

diff --git a/templates/terranix/flake.nix b/templates/terranix/flake.nix
@@ -26,7 +26,7 @@
         (system:
           let
             pkgs = nixpkgs.legacyPackages.${system};
-            terraform = nixpkgs-terraform.packages.${system}."1.7.4";
+            terraform = nixpkgs-terraform.packages.${system}."1.8.1";
           in
           {
             default = pkgs.mkShell {