Grab proot from bootstrap zip rather than including its nix path directly.

This means that the cachix substituter (or already having the package in your nix store somehow) is no longer required to build. This required reworking the deploy script. As a bonus you can now omit the second argument and it will tell you what it would have copied instead of copying anything. This is fixes one source of impurity, but for now flake builds will still require the --impure flag
2025-11-22 02:09:41 +01:00 · 2024-07-22 20:57:09 -07:00 · 2024-07-22 20:57:09 -07:00 · c5324bcad0
commit c5324bcad0
parent 248cc08061
12 changed files with 279 additions and 122 deletions
--- a/scripts/deploy.nix
+++ b/scripts/deploy.nix
@ -4,31 +4,44 @@

 let
  pkgs = nixpkgs.legacyPackages.${system};
-
-  runtimePackages = with pkgs; [
-    coreutils
-    git
-    gnugrep
-    gnused
-    gnutar
-    gzip
-    jq
-    nix
-    openssh
-    rsync
+  pypkgs = pkgs.python311Packages;
+  disablePyLints = [
+    "line-too-long"
+    "missing-module-docstring"
+    "wrong-import-position" # import should be at top of file: we purposefully don't import click and such so that users that try to run the script directly get a friendly error
+    "missing-function-docstring"
+    # c'mon, it's a script
+    "too-many-locals"
+    "too-many-branches"
+    "too-many-statements"
  ];
+  deriv = pypkgs.buildPythonApplication {
+    pname = "deploy";
+    version = "0.0";
+    src = ./.;
+
+    inherit (pkgs) nix git rsync;
+
+    propagatedBuildInputs = [ pypkgs.click ];
+
+    doCheck = true;
+    nativeCheckInputs = with pypkgs; [ mypy pylint black ];
+    checkPhase = ''
+      mypy --strict --no-color deploy.py
+      PYLINTHOME="$PWD/.pylint" pylint \
+        --score=n \
+        --clear-cache-post-run=y \
+        --disable=${pkgs.lib.concatStringsSep "," disablePyLints} \
+        deploy.py
+      black --check --diff deploy.py
+    '';
+
+    patchPhase = ''
+      substituteInPlace deploy.py \
+        --subst-var nix \
+        --subst-var git \
+        --subst-var rsync
+    '';
+  };
 in
-
-pkgs.runCommand
-  "deploy"
-{
-  preferLocalBuild = true;
-  allowSubstitutes = false;
-}
-  ''
-    install -D -m755  ${./deploy.sh} $out
-
-    substituteInPlace $out \
-      --subst-var-by bash "${pkgs.bash}" \
-      --subst-var-by path "${pkgs.lib.makeBinPath runtimePackages}"
-  ''
+"${deriv}/bin/deploy"