diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7d511fa..2a94b82 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,13 +52,11 @@ jobs: run: | if grep -q authToken ~/.config/cachix/cachix.dhall; then echo "Cachix token is present" - cachix watch-exec nixpkgs-terraform nix -- flake check --impure + cachix watch-exec nixpkgs-terraform nix -- flake check else echo "Cachix token is not present" - nix flake check --impure + nix flake check fi - env: - NIXPKGS_ALLOW_UNFREE: 1 template: runs-on: ubuntu-latest @@ -66,7 +64,15 @@ jobs: needs: [build] strategy: matrix: - template: [default, devenv, terranix] + template: + - name: config + test: nix flake metadata + - name: default + test: nix develop --accept-flake-config --impure -c terraform --version + - name: devenv + test: nix develop --accept-flake-config --impure -c terraform --version + - name: terranix + test: nix develop --accept-flake-config --impure -c terraform --version steps: - name: Checkout code uses: actions/checkout@v4 @@ -78,10 +84,8 @@ jobs: run: echo "tmpdir=$(mktemp -d)" >> "$GITHUB_OUTPUT" id: mktemp - name: Scaffold a new project - run: nix flake init -t ${{ github.workspace }}#${{ matrix.template }} + run: nix flake init -t ${{ github.workspace }}#${{ matrix.template.name }} working-directory: ${{ steps.mktemp.outputs.tmpdir }} - - name: Run smoke test - run: nix develop --accept-flake-config --impure -c terraform --version + - name: Run test + run: ${{ matrix.template.test }} working-directory: ${{ steps.mktemp.outputs.tmpdir }} - env: - NIXPKGS_ALLOW_UNFREE: 1 diff --git a/README.md b/README.md index a197292..d396e35 100644 --- a/README.md +++ b/README.md @@ -9,10 +9,15 @@ [![flakestry.dev](https://flakestry.dev/api/badge/flake/github/stackbuilders/nixpkgs-terraform)](https://flakestry.dev/flake/github/stackbuilders/nixpkgs-terraform/) This [flake](https://nixos.wiki/wiki/Flakes) exposes a collection of Terraform -[versions](versions.json) as Nix packages, starting with version 1.0.0. The +[versions](versions.json) as Nix packages, starting with version `1.0.0`. The packages provided can be used for creating reproducible development environments using a [nix-shell] or [devenv](https://devenv.sh). +**Note:** Starting with version `4.0`, this project enables `allowUnfree` by +default in order to build Terraform versions with a [BSL +license][license-change]; however, this flag can be disabled via a +configuration flake; see [here](templates/config) for more details. + ## How it works This flake provides a set of Terraform versions in the form of: @@ -123,10 +128,9 @@ command: env NIXPKGS_ALLOW_UNFREE=1 nix develop --impure ``` -**Note:** Due to Hashicorp’s most recent [license -change](https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license), -the `NIXPKGS_ALLOW_UNFREE` flag is required for Terraform versions `>= 1.6.0`, -`nix develop` should work out of the box for older versions. +**Note:** Due to Hashicorp’s most recent [license change][license-change] the +`NIXPKGS_ALLOW_UNFREE` flag is required for Terraform versions `>= 1.6.0`, `nix +develop` should work out of the box for older versions. ### Templates @@ -178,5 +182,6 @@ alt="Stack Builders" width="50%"> [Check out our libraries](https://github.com/stackbuilders/) | [Join our team](https://www.stackbuilders.com/join-us/) +[license-change]: https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license [nix-shell]: https://nixos.wiki/wiki/Development_environment_with_nix-shell [semantic-release]: https://semantic-release.gitbook.io/semantic-release/ diff --git a/flake.lock b/flake.lock index 94af971..7dfa94c 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,23 @@ { "nodes": { + "config": { + "locked": { + "dir": "templates/config", + "lastModified": 1714182936, + "narHash": "sha256-q7L4hHUxwEhb7LQE2OlQIXORzesxgJRl/gbD2xhxBGM=", + "owner": "stackbuilders", + "repo": "nixpkgs-terraform", + "rev": "1a3fbda3edb789369ec58424f9bd8771a978b019", + "type": "github" + }, + "original": { + "dir": "templates/config", + "owner": "stackbuilders", + "ref": "poc_allow_unfree", + "repo": "nixpkgs-terraform", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -70,6 +88,7 @@ }, "root": { "inputs": { + "config": "config", "flake-parts": "flake-parts", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", diff --git a/flake.nix b/flake.nix index c30151a..3daaf04 100644 --- a/flake.nix +++ b/flake.nix @@ -2,56 +2,85 @@ description = "A collection of Terraform versions that are automatically updated"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + # TODO: change config input after merging PR + # config.url = "github:stackbuilders/nixpkgs-terraform?dir=templates/config"; + config.url = "github:stackbuilders/nixpkgs-terraform/poc_allow_unfree?dir=templates/config"; + flake-parts.url = "github:hercules-ci/flake-parts"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; - + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; systems.url = "github:nix-systems/default"; - flake-parts.url = "github:hercules-ci/flake-parts"; }; - outputs = { self, flake-parts, ... }@inputs: flake-parts.lib.mkFlake { inherit inputs; } { - imports = [ - inputs.flake-parts.flakeModules.easyOverlay - ]; - systems = import inputs.systems; - - perSystem = { config, pkgs, pkgs-unstable, system, ... }: { - _module.args = { - pkgs-unstable = inputs.nixpkgs-unstable.legacyPackages.${system}; - }; + outputs = inputs@{ self, ... }: inputs.flake-parts.lib.mkFlake + { inherit inputs; } + { + imports = [ + inputs.flake-parts.flakeModules.easyOverlay + ]; - checks = config.packages; + systems = import inputs.systems; - packages = + perSystem = { config, pkgs, pkgs-unstable, system, ... }: let - versions = builtins.fromJSON (builtins.readFile ./versions.json); - releases = import ./lib/releases.nix { inherit pkgs pkgs-unstable; custom-lib = self.lib; releases = versions.releases; }; - latestVersions = builtins.mapAttrs (_cycle: version: releases.${version}) versions.latest; + flakeConfig = import inputs.config; in - releases // latestVersions; + { + _module.args = { + pkgs-unstable = import inputs.nixpkgs-unstable { + inherit system; + config = flakeConfig.nixpkgs-unstable; + }; + }; - overlayAttrs = { - terraform-versions = config.packages; - }; - }; + checks = config.packages; - flake = { - templates = { - default = { - description = "Simple nix-shell with Terraform installed via nixpkgs-terraform"; - path = ./templates/default; - }; - devenv = { - description = "Using nixpkgs-terraform with devenv"; - path = ./templates/devenv; + packages = + let + filteredVersions = + let + versions = builtins.fromJSON (builtins.readFile ./versions.json); + allowUnfree = flakeConfig.nixpkgs-unstable.allowUnfree; + versionLessThan1_6 = version: builtins.compareVersions version "1.6.0" < 0; + in + { + releases = pkgs.lib.filterAttrs (version: _: allowUnfree || versionLessThan1_6 version) versions.releases; + latest = pkgs.lib.filterAttrs (_: version: allowUnfree || versionLessThan1_6 version) versions.latest; + }; + releases = import ./lib/releases.nix { + inherit pkgs pkgs-unstable; custom-lib = self.lib; + releases = filteredVersions.releases; + silenceWarnings = flakeConfig.nixpkgs-terraform.silenceWarnings; + }; + latestVersions = builtins.mapAttrs (_cycle: version: releases.${version}) filteredVersions.latest; + in + releases // latestVersions; + + overlayAttrs = { + terraform-versions = config.packages; + }; }; - terranix = { - description = "Using nixpkgs-terraform with terranix"; - path = ./templates/terranix; + + flake = { + templates = { + config = { + description = "Template use to override nixpkgs-terraform default configuration"; + path = ./templates/config; + }; + default = { + description = "Simple nix-shell with Terraform installed via nixpkgs-terraform"; + path = ./templates/default; + }; + devenv = { + description = "Using nixpkgs-terraform with devenv"; + path = ./templates/devenv; + }; + terranix = { + description = "Using nixpkgs-terraform with terranix"; + path = ./templates/terranix; + }; }; - }; - lib = import ./lib; + lib = import ./lib; + }; }; - }; } diff --git a/lib/build-terraform.nix b/lib/build-terraform.nix index ec57d03..dc82a05 100644 --- a/lib/build-terraform.nix +++ b/lib/build-terraform.nix @@ -1,9 +1,10 @@ -{ pkgs, pkgs-unstable, version, hash, vendorHash }: +{ pkgs, pkgs-unstable, version, hash, vendorHash, silenceWarnings ? false }: # https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license if builtins.compareVersions version "1.6.0" >= 0 then # https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/applications/networking/cluster/terraform/default.nix - (pkgs-unstable.mkTerraform { + (pkgs.lib.warnIf (! silenceWarnings) ("allowUnfree is enabled to build version " + version) pkgs-unstable.mkTerraform + { inherit version hash vendorHash; patches = [ ../patches/provider-path-0_15.patch ]; }) diff --git a/lib/releases.nix b/lib/releases.nix index a0573ba..5f21620 100644 --- a/lib/releases.nix +++ b/lib/releases.nix @@ -1,6 +1,6 @@ -{ custom-lib, pkgs, pkgs-unstable, releases }: +{ custom-lib, pkgs, pkgs-unstable, releases, silenceWarnings }: builtins.mapAttrs (version: { hash, vendorHash }: custom-lib.buildTerraform { - inherit pkgs pkgs-unstable version hash vendorHash; + inherit pkgs pkgs-unstable version hash vendorHash silenceWarnings; }) releases diff --git a/templates/config/README.md b/templates/config/README.md new file mode 100644 index 0000000..eacdf1c --- /dev/null +++ b/templates/config/README.md @@ -0,0 +1,61 @@ +# nixpkgs-terraform - config + +This flake stores the default configuration for `nixpkgs-terraform`. + +## Usage + +To override the default configuration, create a new flake project and follow +the steps described below: + +Create an empty directory: + +```sh +mkdir config +``` + +Scaffold a new flake project using the `config` template: + +```sh +cd config +nix flake init -t github:stackbuilders/nixpkgs-terraform#config +``` + +After modifying the default configuration in the `default.nix` file, create a +new input for the configuration flake and override the `config` input for +`nixpkgs-terraform` as follows: + +```nix +inputs = { + nixpkgs-terraform-config.url = "./config"; + nixpkgs-terraform.url = "github:stackbuilders/nixpkgs-terraform"; + nixpkgs-terraform.inputs.config.follows = "nixpkgs-terraform-config"; +}; +``` + +The relative path `./config` provided in the example above could be replaced +with a full path or a git URL; look at the [URL-like +syntax](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#url-like-syntax) +for more details. + +## Overview + +The following section provides an overview of all the available options +supported by `nixpkgs-terraform`. + +### `nixpkgs-unstable.allowUnfree` (default `true`) + +Control whether Terraform versions after the [HashiCorp license +change](https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license) +are available or not; if set to `true`, all free and non-free versions are +available; otherwise, only free versions are available. + +### `nixpkgs-terraform.silenceWarnings` (default `true`) + +Starting with version `4.0`, the flag `allowUnfree` is enabled by default; to +notify users of this change, a warning message is printed whenever a non-free +package is evaluated. If set to `true`, the warning message is silence. + +## References + +This configuration flake has the same structure as +[nix-systems/default](https://github.com/nix-systems/default). diff --git a/templates/config/default.nix b/templates/config/default.nix new file mode 100644 index 0000000..407a8f0 --- /dev/null +++ b/templates/config/default.nix @@ -0,0 +1,4 @@ +{ + nixpkgs-unstable.allowUnfree = true; + nixpkgs-terraform.silenceWarnings = false; +} diff --git a/templates/config/flake.nix b/templates/config/flake.nix new file mode 100644 index 0000000..b41a411 --- /dev/null +++ b/templates/config/flake.nix @@ -0,0 +1,5 @@ +{ + description = "Template use to override nixpkgs-terraform default configuration"; + + outputs = _: { }; +} diff --git a/templates/default/flake.nix b/templates/default/flake.nix index 68cae15..19bd3e1 100644 --- a/templates/default/flake.nix +++ b/templates/default/flake.nix @@ -19,7 +19,7 @@ (system: let pkgs = nixpkgs.legacyPackages.${system}; - terraform = nixpkgs-terraform.packages.${system}."1.7.4"; + terraform = nixpkgs-terraform.packages.${system}."1.8.1"; in { default = pkgs.mkShell { diff --git a/templates/devenv/flake.nix b/templates/devenv/flake.nix index deefe1d..8b2ac61 100644 --- a/templates/devenv/flake.nix +++ b/templates/devenv/flake.nix @@ -20,7 +20,6 @@ (system: let pkgs = nixpkgs.legacyPackages.${system}; - terraform = nixpkgs-terraform.packages.${system}."1.7.4"; in { default = devenv.lib.mkShell { @@ -28,7 +27,7 @@ modules = [ ({ pkgs, config, ... }: { languages.terraform.enable = true; - languages.terraform.package = terraform; + languages.terraform.version = "1.8.1"; }) ]; }; diff --git a/templates/terranix/flake.nix b/templates/terranix/flake.nix index 78dd670..9c1ca0a 100644 --- a/templates/terranix/flake.nix +++ b/templates/terranix/flake.nix @@ -26,7 +26,7 @@ (system: let pkgs = nixpkgs.legacyPackages.${system}; - terraform = nixpkgs-terraform.packages.${system}."1.7.4"; + terraform = nixpkgs-terraform.packages.${system}."1.8.1"; in { default = pkgs.mkShell {