From e2a92c9cfbd183cb26d473125d874b8f201d536b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gabriel=20N=C3=BCtzi?= <gnuetzi@gmail.com>
Date: Sat, 6 Jul 2024 21:43:32 +0200
Subject: [PATCH] fix: correct weird bug in `nix build` when in `devShell`
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Gabriel Nützi <gnuetzi@gmail.com>
---
 .github/workflows/normal.yaml | 38 +++++++++++++++++------------------
 justfile                      |  6 ++++++
 tools/nix/flake.nix           | 12 +++++++++++
 3 files changed, 36 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/normal.yaml b/.github/workflows/normal.yaml
index 3c33eec..db8a12c 100644
--- a/.github/workflows/normal.yaml
+++ b/.github/workflows/normal.yaml
@@ -43,11 +43,11 @@ jobs:
       - name: Setup Git & Cache Nix
         run: |
           ./tools/ci/setup-git.sh
-          just nix-develop echo "Built cache."
+          just nix-develop-ci echo "Built cache."
 
       - name: Format
         run: |
-          just nix-develop just format
+          just nix-develop-ci just format
 
   lint:
     runs-on: ubuntu-latest
@@ -62,16 +62,16 @@ jobs:
       - name: Setup Git & Cache Nix
         run: |
           ./tools/ci/setup-git.sh
-          just nix-develop echo "Built cache."
+          just nix-develop-ci echo "Built cache."
 
       - name: Lint
         run: |
-          just nix-develop just lint
+          just nix-develop-ci just lint
 
       - name: Lint Undefined-Behavior
         continue-on-error: true
         run: |
-          just nix-develop just lint-ub
+          just nix-develop-ci just lint-ub
 
       - name: Allow to fail
         if: failure()
@@ -90,14 +90,14 @@ jobs:
       - name: Setup Git & Cache Nix
         run: |
           ./tools/ci/setup-git.sh
-          just nix-develop echo "Built cache."
+          just nix-develop-ci echo "Built cache."
 
       - name: build
         run: |
-          just nix-develop just build
+          just nix-develop-ci just build
       - name: tests
         run: |
-          just nix-develop just test
+          just nix-develop-ci just test
 
   test:
     runs-on: ubuntu-latest
@@ -112,11 +112,11 @@ jobs:
       - name: Setup Git & Cache Nix
         run: |
           ./tools/ci/setup-git.sh
-          just nix-develop git --version
+          just nix-develop-ci git --version
 
       - name: Test
         run: |
-          just nix-develop just test
+          just nix-develop-ci just test
 
   package:
     runs-on: ubuntu-latest
@@ -134,17 +134,15 @@ jobs:
       - name: Setup Git
         run: |
           ./tools/ci/setup-git.sh
-           just nix-develop echo "Built cache."
+           just nix-develop-ci echo "Built cache."
 
       - name: Build package (nix)
         run: |
-          just nix-package
+          just nix-develop-ci nix-package
 
       - name: Build container image (nix)
         run: |
-          # TODO: This seems to error out into
-          # rdf-protect-base.json> variable $src or $srcs should point to the source
-          just nix-develop just nix-image
+          just nix-develop-ci just nix-image
 
   deploy:
     runs-on: ubuntu-latest
@@ -164,20 +162,20 @@ jobs:
       - name: Setup Git & Nix Cache
         run: |
           ./tools/ci/setup-git.sh
-           just nix-develop echo "Built cache."
+           just nix-develop-ci echo "Built cache."
 
       - name: Create version tag (if release)
         run: |
-          just nix-develop ./tools/ci/assert-tag.sh "$GITHUB_REF"
+          just nix-develop-ci ./tools/ci/assert-tag.sh "$GITHUB_REF"
 
       - name: Build container image (nix)
         run: |
-          just nix-develop just nix-image
+          just nix-develop-ci just nix-image
 
       - name: Push image (if release)
         run: |
-          just nix-develop tools/ci/upload-image.sh
+          just nix-develop-ci tools/ci/upload-image.sh
 
       - name: Push tag (if release)
         run: |
-          just nix-develop ./tools/ci/assert-tag.sh --push "$GITHUB_REF"
+          just nix-develop-ci ./tools/ci/assert-tag.sh --push "$GITHUB_REF"
diff --git a/justfile b/justfile
index 0a98fcc..8cb8b3b 100644
--- a/justfile
+++ b/justfile
@@ -17,6 +17,12 @@ nix-develop *args:
     { [ -n "${cmd:-}" ] || cmd=("zsh"); } && \
     nix develop ./tools/nix#default --command "${cmd[@]}"
 
+nix-develop-ci *args:
+    cd "{{root_dir}}" && \
+    cmd=("$@") && \
+    { [ -n "${cmd:-}" ] || cmd=("zsh"); } && \
+    nix develop ./tools/nix#ci --command "${cmd[@]}"
+
 ## Standard stuff =============================================================
 # Format the code.
 format *args:
diff --git a/tools/nix/flake.nix b/tools/nix/flake.nix
index 8f502a0..7f79357 100644
--- a/tools/nix/flake.nix
+++ b/tools/nix/flake.nix
@@ -98,6 +98,18 @@
               inherit buildInputs;
               nativeBuildInputs = nativeBuildInputsBasic ++ nativeBuildInputsDev;
             };
+
+            ci = mkShell {
+              inherit buildInputs;
+              nativeBuildInputs = nativeBuildInputsBasic ++ nativeBuildInputsDev;
+
+              # Due to some weird handling of TMPDIR inside containers:
+              # https://github.com/NixOS/nix/issues/8355
+              # We have to reset the TMPDIR to make `nix build` work inside
+              # a development shell.
+              # Without `nix develop` it works.
+              shellHook = "unset TMPDIR";
+            };
           };
 
           packages = {