core/pkgs/build-support/fetchs3/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

59 lines
1.1 KiB
Nix
Raw Normal View History

2024-05-02 00:46:19 +00:00
{
lib,
runCommand,
awscli,
}:
{
s3url,
name ? builtins.baseNameOf s3url,
sha256,
region ? "us-east-1",
credentials ? null, # Default to looking at local EC2 metadata service
recursiveHash ? false,
postFetch ? null,
}:
let
mkCredentials =
{
access_key_id,
secret_access_key,
session_token ? null,
}:
{
AWS_ACCESS_KEY_ID = access_key_id;
AWS_SECRET_ACCESS_KEY = secret_access_key;
AWS_SESSION_TOKEN = session_token;
};
credentialAttrs = lib.optionalAttrs (credentials != null) (mkCredentials credentials);
in
runCommand name
(
{
nativeBuildInputs = [ awscli ];
outputHashAlgo = "sha256";
outputHash = sha256;
outputHashMode = if recursiveHash then "recursive" else "flat";
preferLocalBuild = true;
AWS_DEFAULT_REGION = region;
}
// credentialAttrs
)
(
if postFetch != null then
''
downloadedFile="$(mktemp)"
aws s3 cp ${s3url} $downloadedFile
${postFetch}
''
else
''
aws s3 cp ${s3url} $out
''
)