Allow specifying alternative paths for reading/writing flake locks #8042
Conversation
This allows having multiple separate lockfiles for a single project, which can be useful for testing against different versions of nixpkgs; it also allows tracking custom input overrides for remote flakes without requiring local clones of these flakes. For example, if I want to build Nix against my locally pinned nixpkgs, and have a lock file tracking this override independently of future updates to said nixpkgs: nix flake lock --output-lock-file /tmp/nix-flake.lock --override-input nixpkgs flake:nixpkgs nix build --reference-lock-file /tmp/nix-flake.lock Co-Authored-By: Will Fancher <[email protected]>
|
Awesome! Also fixes: #5673 |
| @@ -102,6 +102,28 @@ MixFlakeOptions::MixFlakeOptions() | |||
| }} | |||
| }); | |||
|
|
|||
| addFlag({ | |||
| .longName = "reference-lock-file", | |||
There was a problem hiding this comment.
I'm not sure if there is a real use case for a separate --reference-lock-file and --output-lock-file. With a unified --lock-file, the caller can always write the input lock file to that location to be overwritten.
There was a problem hiding this comment.
I like to keep the lock files of my projects in sync with that of my main deployment. With the separated options, I can use nix flake lock --reference-lock-file ~/deploy/flake.lock to keep them in sync (provided my deployment has a superset of the inputs of the project I'm updating).
It's also useful for updating individual inputs (but leaving everything else unmodified) without having a checkout of the whole repository, e.g. nix flake lock github:NixOS/patchelf --output-lock-file flake.lock --update-input nixpkgs or nix flake lock github:NixOS/patchelf --output-lock-file flake.lock --override-input nixpkgs github:nixos/nixpkgs/nixos-22.11. This is what I had in mind for Hydra, since it invokes multiple commands on the flake for a single evaluation and should use the same set of inputs each time.
There was a problem hiding this comment.
without having a checkout of the whole repository
Just for clarity: you mean checkout out the repository into a temporary directory because it will still land "checked out" in the nix store.
There was a problem hiding this comment.
Not necessarily in the future (#6530).
Co-authored-by: Eelco Dolstra <[email protected]>
| @@ -102,6 +102,28 @@ MixFlakeOptions::MixFlakeOptions() | |||
| }} | |||
| }); | |||
|
|
|||
| addFlag({ | |||
| .longName = "reference-lock-file", | |||
There was a problem hiding this comment.
If we go for --output-lock-file, why not call it --input-lock-file?
There was a problem hiding this comment.
"reference" seems more appropriate here, since the lock file may be completely foreign (e.g. I'm working on a project that uses nixos-22.11 and want it to use my deployment's lock file, so I run nix flake lock --reference-lock-file ~/deploy/flake.lock). This is very much my personal opinion though and if there's broad agreement that it should be called "input" I'd be willing to change it.
|
Can you add some tests? In particular, we need to test that |
|
@edolstra I wouldn't want |
|
Yes, I'll have a look at adding some tests. I don't think Requiring disabling all purity would also be terrible for e.g. the Hydra use case, allowing environment variables or nixpkgs config to leak into eval (because |
|
I think command line flags in general should be treated more like function arguments rather than impurities. They're explicit and require you to deliberately include them, as opposed to the implicit impurities like environment variables or out-of-tree files. So specifying a different lock file seems a lot more like a function argument than an impurity to me. It's effectively equivalent to making an ad-hoc parent flake and using the |
|
@lheckemann Yeah I said that wrong. I didn't mean impure but that |
github-actions
bot
added
the
with-tests
| if (lockFlags.outputLockFilePath) { | ||
| throw Error("--commit-lock-file and --output-lock-file are currently incompatible"); | ||
| } |
There was a problem hiding this comment.
If output-lock-file ends up under the git repository it could be commited like flake.lock. Any none absolute path that flattened does not start with .. should be commitable.
There was a problem hiding this comment.
This does not apply if symlinks are in use, and generating accurate commit messages would require reading the original lock file (if one already exists at the given path) as well as the reference lock file in order to generate an accurate commit message. Most of the value from this PR comes with the basic functionality and I'd welcome if someone else were to implement committing support in the future, but do not want to implement it myself at this time.
Motivation
This allows having multiple separate lockfiles for a single project, which can be useful for testing against different versions of nixpkgs; it also allows tracking custom input overrides for remote flakes without requiring local clones of these flakes.
For example, if I want to build Nix against my locally pinned nixpkgs, and have a lock file tracking this override independently of future updates to said nixpkgs:
Context
Hydra's current flake support is mediocre at best, and we think supporting alternative lock files would be extremely helpful to allow Hydra (and other CI systems!) to build jobsets against alternative input sets, update inputs (individually or all at once), etc.
Checklist for maintainers
Maintainers: tick if completed or explain if not relevant
tests/**.shsrc/*/teststests/nixos/*Priorities
Add 👍 to pull requests you find important.