nix-bitcoin/pkgs/build-support/fetch-node-modules.nix
Erik Arvstedt b110e2aea6
fetch-node-modules: provide CA certs
Without this, the `npm ci` command in `fetchNodeModules` hangs.

It seems that npm didn't check certs previously, because these are
not availble in Nix build environments by default.
2023-12-14 14:50:31 +01:00

78 lines
1.8 KiB
Nix

# This is a modified version of
# https://github.com/NixOS/nixpkgs/pull/128749
{ lib, stdenvNoCC, makeWrapper, nodejs, cacert }:
{ src
, hash ? ""
, runScripts ? false
, preferLocalBuild ? true
, npmFlags ? ""
, ...
} @ args:
stdenvNoCC.mkDerivation ({
inherit src preferLocalBuild;
name = "${src.name}-node_modules";
nativeBuildInputs = [
makeWrapper
(if args ? nodejs then args.nodejs else nodejs)
];
outputHashMode = "recursive";
impureEnvVars = lib.fetchers.proxyImpureEnvVars;
phases = "unpackPhase patchPhase buildPhase installPhase";
# npm doesn't support var `SSL_CERT_FILE`.
NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = ''
runHook preBuild
if [[ ! -f package.json ]]; then
echo "Error: file `package.json` doesn't exist"
exit 1
fi
if [[ ! -f package-lock.json ]]; then
echo "Error: file `package-lock.json` doesn't exist"
exit 1
fi
export SOURCE_DATE_EPOCH=1
export npm_config_cache=/tmp
NPM_FLAGS="--omit=dev --omit=optional --no-update-notifier $npmFlags"
# Scripts may result in non-deterministic behavior.
# Some packages (e.g., Puppeteer) use postinstall scripts to download extra data.
if [[ ! $runScripts ]]; then
NPM_FLAGS+=" --ignore-scripts"
fi
echo "Running npm ci $NPM_FLAGS"
npm ci $NPM_FLAGS
cp package.json \
package-lock.json node_modules/
rm -f node_modules/.package-lock.json
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/lib
cp -r node_modules $out/lib
runHook postInstall
'';
} // (
if hash == "" then {
outputHashAlgo = "sha256";
outputHash = "";
} else {
outputHash = hash;
}
) // (builtins.removeAttrs args [ "hash" ]))