97 lines
3.3 KiB
Nix
97 lines
3.3 KiB
Nix
{ stdenv, fetchurl, runCommand, bun, bun2nix }:
|
|
|
|
# opencode-antigravity-auth ships only `dist/` in its npm tarball and relies on
|
|
# runtime `dependencies` (@opencode-ai/plugin, @openauthjs/openauth, zod, ...).
|
|
# opencode loads it via a file:// path and does NOT install those deps, so the
|
|
# tarball-only approach fails at load time with "Cannot find module
|
|
# '@opencode-ai/plugin'". We therefore vendor node_modules with bun2nix.
|
|
#
|
|
# bun.lock and bun.nix are generated on the fly rather than committed.
|
|
#
|
|
# The tarball ships no lockfile, so we synthesize one with `bun install
|
|
# --lockfile-only`. Resolving npm version ranges (e.g. "^4.1.4") into exact
|
|
# versions requires registry access, and Nix only permits network inside a
|
|
# fixed-output derivation — hence `lockfileHash` below. This is the single
|
|
# unavoidable hash for the dep graph: it pins the resolved lockfile, which in
|
|
# turn (via bun2nix -> fetchBunDeps) pins every transitive dependency, each
|
|
# fetched as its own hash-checked FOD. bun.nix itself stays uncommitted and
|
|
# is derived deterministically from the pinned lockfile.
|
|
#
|
|
# Bump `version`, `hash`, and `lockfileHash` together. To refresh lockfileHash,
|
|
# set it to lib.fakeHash, build, and copy the "got:" value from the error.
|
|
|
|
let
|
|
version = "1.6.0";
|
|
|
|
src = fetchurl {
|
|
url = "https://registry.npmjs.org/opencode-antigravity-auth/-/opencode-antigravity-auth-${version}.tgz";
|
|
hash = "sha256-bLoDjJHuHczxKbslyZSm4zKg5FhdRLdUteKXFmqVlHQ=";
|
|
};
|
|
|
|
# Fixed-output derivation: network-enabled, produces only the resolved
|
|
# bun.lock. Determinism is enforced by lockfileHash.
|
|
bunLock = stdenv.mkDerivation {
|
|
name = "opencode-antigravity-auth-bun.lock";
|
|
inherit src;
|
|
sourceRoot = "package";
|
|
nativeBuildInputs = [ bun ];
|
|
|
|
buildPhase = ''
|
|
export HOME="$TMPDIR"
|
|
bun install --lockfile-only --no-progress
|
|
'';
|
|
installPhase = "cp bun.lock $out";
|
|
|
|
outputHashMode = "flat";
|
|
outputHashAlgo = "sha256";
|
|
outputHash = "sha256-H+m181VozFyEEQVrOZTienj15Bgn1UXTG/G/B9gy1UE=";
|
|
};
|
|
|
|
# Derive a source tree containing the resolved bun.lock and a bun.nix
|
|
# generated from it. Fully offline — no network needed here.
|
|
srcWithBunNix = runCommand "opencode-antigravity-auth-src" {
|
|
nativeBuildInputs = [ bun2nix ];
|
|
} ''
|
|
mkdir -p $out
|
|
# The npm tarball unpacks to a top-level `package/` directory.
|
|
tar xzf ${src} --strip-components=1 -C $out
|
|
chmod -R u+w $out
|
|
|
|
cp ${bunLock} $out/bun.lock
|
|
bun2nix --lock-file $out/bun.lock --output-file $out/bun.nix
|
|
'';
|
|
in
|
|
stdenv.mkDerivation {
|
|
pname = "opencode-antigravity-auth";
|
|
inherit version;
|
|
|
|
src = srcWithBunNix;
|
|
|
|
nativeBuildInputs = [ bun2nix.hook ];
|
|
|
|
# The bun cache (symlink farm) built from the generated bun.nix. The hook
|
|
# copies this into a writable BUN_INSTALL_CACHE_DIR and runs `bun install
|
|
# --offline` against it to materialize node_modules with no network.
|
|
bunDeps = bun2nix.fetchBunDeps {
|
|
bunNix = "${srcWithBunNix}/bun.nix";
|
|
};
|
|
|
|
# This is a plugin (a library directory), not an app: skip bun build/check.
|
|
dontUseBunBuild = true;
|
|
dontUseBunCheck = true;
|
|
dontRunLifecycleScripts = true;
|
|
|
|
installPhase = ''
|
|
runHook preInstall
|
|
|
|
mkdir -p $out
|
|
cp -r dist package.json node_modules $out/
|
|
[ -f README.md ] && cp README.md $out/ || true
|
|
[ -f LICENSE ] && cp LICENSE $out/ || true
|
|
|
|
runHook postInstall
|
|
'';
|
|
|
|
dontFixup = true;
|
|
}
|