vinzenz/hyperhive
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
hyperhive/nix/frontend.nix
iris 0e2319d206 frontend: populate real npmDepsHash from prefetch-npm-deps 
Manager approval 1b1bcca added `pkgs.prefetch-npm-deps` to my
container. Ran `prefetch-npm-deps frontend/package-lock.json` →
`sha256-MHXxkZpe/5LAhpQ76ZK94znG2noTobthjUi6iNY8/K4=`. Replaced
the `lib.fakeHash` placeholder in `nix/frontend.nix` with the real
value; updated the comment to point at the recompute command instead
of the let-it-fail workflow.

This unblocks PR #350 for merge — `nix build .#frontend` will now
succeed without the operator having to compute and patch the hash.

Refs #273.
2026-05-23 14:51:01 +02:00

60 lines
2.2 KiB
Nix
Raw Blame History

{
buildNpmPackage,
lib,
branding-svg,
}:
# Hermetic build of the npm-managed frontend workspaces (see
# `frontend/README.md`). Consumes `frontend/package-lock.json` as the
# source of truth for dependency versions; `npmDepsHash` pins the
# vendor-tarball hash so a stale lockfile fails the build instead of
# silently fetching different upstream tarballs.
#
# Output layout (`$out`) — two subdirectories, one per surface, that
# the Rust binaries serve via `tower_http::ServeDir`:
#
# $out/dashboard/ the hive-c0re dashboard SPA assets
# index.html app.js app.js.map dashboard.css favicon.svg
# $out/agent/ the per-agent default UI (layered with
# hyperhive.frontend.extraFiles at activation time)
# index.html app.js stats.html stats.js agent.css screen.html
#
# The dashboard favicon lives outside the npm tree (`branding/hyperhive
# .svg` at the repo root) — we copy it in during the install phase so
# the served prefix has everything in one place.
buildNpmPackage {
pname = "hyperhive-frontend";
version = "0.0.0";
src = ../frontend;
# Computed from `frontend/package-lock.json` via
# prefetch-npm-deps frontend/package-lock.json
# Update whenever the lockfile changes. Recompute locally with the
# same command (`pkgs.prefetch-npm-deps`), or let the build fail
# and copy the actual hash from the error message.
npmDepsHash = "sha256-MHXxkZpe/5LAhpQ76ZK94znG2noTobthjUi6iNY8/K4=";
# `npm run build` recurses into all workspaces (`--workspaces
# --if-present`). The workspaces' build scripts each run their own
# `build.mjs` (esbuild).
npmBuildScript = "build";
# buildNpmPackage's default install phase copies the working dir into
# $out, which is overkill — we only want the dist trees. Hand-roll
# the install to keep $out tight.
dontNpmInstall = true;
installPhase = ''
runHook preInstall
mkdir -p $out/dashboard $out/agent
cp -r packages/dashboard/dist/. $out/dashboard/
cp -r packages/agent/dist/. $out/agent/
cp ${branding-svg} $out/dashboard/favicon.svg
runHook postInstall
'';
meta = {
description = "Bundled browser-facing assets for the hyperhive dashboard and per-agent UI";
homepage = "https://git.berlin.ccc.de/vinzenz/hyperhive";
};
}
Reference in a new issue View git blame Copy permalink