diff options
author | Rick van Schijndel <Mindavi@users.noreply.github.com> | 2023-09-12 17:31:26 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-09-12 17:31:26 +0200 |
commit | a31a3eca58cd68c9118aa6edb4c5cd56531a1321 (patch) | |
tree | 9c2b4c468bb5023f141f39fa32e860dedd964986 /pkgs/build-support | |
parent | 80616a47486f85bbe60650b6770cf8129333a26f (diff) | |
parent | 7f76ac6e098c7d0b8793b829cf122da5901e130c (diff) |
Merge pull request #251066 from lilyinstarlight/feature/prefetch-npm-deps-tokens
prefetch-npm-deps: add support for NIX_NPM_TOKENS env var
Diffstat (limited to 'pkgs/build-support')
4 files changed, 19 insertions, 4 deletions
diff --git a/pkgs/build-support/node/fetch-npm-deps/default.nix b/pkgs/build-support/node/fetch-npm-deps/default.nix index ac76758ba50ed..67a4c337c0d2d 100644 --- a/pkgs/build-support/node/fetch-npm-deps/default.nix +++ b/pkgs/build-support/node/fetch-npm-deps/default.nix @@ -165,7 +165,9 @@ dontInstall = true; - impureEnvVars = lib.fetchers.proxyImpureEnvVars; + # NIX_NPM_TOKENS environment variable should be a JSON mapping in the shape of: + # `{ "registry.example.com": "example-registry-bearer-token", ... }` + impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [ "NIX_NPM_TOKENS" ]; SSL_CERT_FILE = if (hash_.outputHash == "" || hash_.outputHash == lib.fakeSha256 || hash_.outputHash == lib.fakeSha512 || hash_.outputHash == lib.fakeHash) then "${cacert}/etc/ssl/certs/ca-bundle.crt" diff --git a/pkgs/build-support/node/fetch-npm-deps/src/main.rs b/pkgs/build-support/node/fetch-npm-deps/src/main.rs index 62e5752c74c04..9d86bd8091a79 100644 --- a/pkgs/build-support/node/fetch-npm-deps/src/main.rs +++ b/pkgs/build-support/node/fetch-npm-deps/src/main.rs @@ -108,7 +108,7 @@ fn fixup_lockfile( // Recursive helper to fixup v1 lockfile deps fn fixup_v1_deps( - dependencies: &mut serde_json::Map<String, Value>, + dependencies: &mut Map<String, Value>, cache: &Option<HashMap<String, String>>, fixed: &mut bool, ) { diff --git a/pkgs/build-support/node/fetch-npm-deps/src/parse/mod.rs b/pkgs/build-support/node/fetch-npm-deps/src/parse/mod.rs index e1b491cccea23..b37652ffdf82d 100644 --- a/pkgs/build-support/node/fetch-npm-deps/src/parse/mod.rs +++ b/pkgs/build-support/node/fetch-npm-deps/src/parse/mod.rs @@ -139,9 +139,9 @@ impl Package { None => Specifics::Registry { integrity: pkg .integrity - .expect("non-git dependencies should have assosciated integrity") + .expect("non-git dependencies should have associated integrity") .into_best() - .expect("non-git dependencies should have non-empty assosciated integrity"), + .expect("non-git dependencies should have non-empty associated integrity"), }, }; diff --git a/pkgs/build-support/node/fetch-npm-deps/src/util.rs b/pkgs/build-support/node/fetch-npm-deps/src/util.rs index a165461fa71a2..7a220f681c0d8 100644 --- a/pkgs/build-support/node/fetch-npm-deps/src/util.rs +++ b/pkgs/build-support/node/fetch-npm-deps/src/util.rs @@ -3,6 +3,7 @@ use isahc::{ config::{CaCertificate, Configurable, RedirectPolicy, SslOption}, Body, Request, RequestExt, }; +use serde_json::{Map, Value}; use std::{env, path::Path}; use url::Url; @@ -22,6 +23,18 @@ pub fn get_url(url: &Url) -> Result<Body, isahc::Error> { } } + // Respect NIX_NPM_TOKENS environment variable, which should be a JSON mapping in the shape of: + // `{ "registry.example.com": "example-registry-bearer-token", ... }` + if let Some(host) = url.host_str() { + if let Ok(npm_tokens) = env::var("NIX_NPM_TOKENS") { + if let Ok(tokens) = serde_json::from_str::<Map<String, Value>>(&npm_tokens) { + if let Some(token) = tokens.get(host).and_then(|val| val.as_str()) { + request = request.header("Authorization", format!("Bearer {token}")); + } + } + } + } + Ok(request.body(())?.send()?.into_body()) } |