ci: add nix flake and use in CI

Using system tooling can lead to weird behavior of available Node versions, for example this IPv6 resolution error: ``` [3/5] Fetching packages... error Error: connect EHOSTUNREACH 2606:4700::6810:1922:443 at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1495:16) ```
2026-01-05 06:03:54 -05:00 · 2025-07-30 23:25:00 +05:30
parent 23c66ba7dc
commit f2790317ba
3 changed files with 83 additions and 13 deletions
--- a/35
+++ b/35
@@ -1,5 +1,5 @@
 #!/usr/bin/env groovy
-library 'status-jenkins-lib@v1.8.15'
+library 'status-jenkins-lib@v1.9.24'

 pipeline {
  agent { label 'linux' }
@@ -23,32 +23,41 @@ pipeline {
  stages {
    stage('Install') {
      steps {
-        sh 'yarn install'
+        script {
+          nix.develop('yarn install')
+        }
      }
    }

    stage('Scrape') {
      steps {
-        sh 'yarn scrape'
+        script {
+          nix.develop('yarn scrape', keepEnv: ['INCLUDED_DIRS','FETCH_MODE'])
+        }
      }
    }

    stage('Build') {
-      steps { script {
-        sh 'yarn build'
-        jenkins.genBuildMetaJSON('build/build.json')
-      } }
+      steps {
+        script {
+          nix.develop('yarn build')
+          jenkins.genBuildMetaJSON('build/build.json')
+        }
+      }
    }

    stage('Publish') {
      steps {
        sshagent(credentials: ['status-im-auto-ssh']) {
-          sh """
-          ghp-import \
-              -b ${deployBranch()} \
-              -c ${deployDomain()} \
-              -p build
-          """
+          script {
+            nix.develop("""
+              ghp-import \
+                -b ${deployBranch()} \
+                -c ${deployDomain()} \
+                -p build
+            """, sandbox: false,
+                 keepEnv: ['SSH_AUTH_SOCK'])
+          }
        }
      }
    }
--- a/flake.lock
+++ b/flake.lock
@@ -0,0 +1,26 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1753749649,
+        "narHash": "sha256-+jkEZxs7bfOKfBIk430K+tK9IvXlwzqQQnppC2ZKFj4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-25.05",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@@ -0,0 +1,35 @@
+{
+  description = "Nix flake development shell.";
+
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-25.05";
+  };
+
+  outputs =
+    { self, nixpkgs }:
+    let
+      supportedSystems = [
+        "x86_64-linux"
+        "aarch64-linux"
+        "x86_64-darwin"
+        "aarch64-darwin"
+      ];
+      forEachSystem = nixpkgs.lib.genAttrs supportedSystems;
+      pkgsFor = forEachSystem (system: import nixpkgs { inherit system; });
+    in
+    rec {
+      formatter = forEachSystem (system: pkgsFor.${system}.nixpkgs-fmt);
+
+      devShells = forEachSystem (system: {
+        default = pkgsFor.${system}.mkShellNoCC {
+          packages = with pkgsFor.${system}.buildPackages; [
+            git        # 2.44.1
+            openssh    # 9.7p1
+            yarn       # 1.22.22
+            nodejs_20  # v20.15.1
+            ghp-import # 2.1.0
+          ];
+        };
+      });
+    };
+}