From 6ebb41cc3822676afdb41ce2bbad75aaa125fdde Mon Sep 17 00:00:00 2001
From: Siddarth Kumar <siddarthkay@gmail.com>
Date: Sun, 3 Aug 2025 18:25:02 +0530
Subject: [PATCH] ci: add nix flake and use in CI

Using system tooling can lead to weird behavior of available Node
versions, for example this IPv6 resolution error:
```
[3/5] Fetching packages...
error Error: connect EHOSTUNREACH 2606:4700::6810:1922:443
    at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1495:16)
```
---
 Jenkinsfile | 23 ++++++++++++++---------
 flake.lock  | 26 ++++++++++++++++++++++++++
 flake.nix   | 35 +++++++++++++++++++++++++++++++++++
 3 files changed, 75 insertions(+), 9 deletions(-)
 create mode 100644 flake.lock
 create mode 100644 flake.nix

diff --git a/Jenkinsfile b/Jenkinsfile
index c229d343..adb20462 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,5 +1,5 @@
 #!/usr/bin/env groovy
-library 'status-jenkins-lib@v1.8.8'
+library 'status-jenkins-lib@v1.9.24'
 
 pipeline {
   agent { label 'linux' }
@@ -21,14 +21,16 @@ pipeline {
   stages {
     stage('Install') {
       steps {
-        sh 'yarn install'
+        script {
+          nix.develop('yarn install')
+        }
       }
     }
 
     stage('Build') {
       steps {
         script {
-          sh 'yarn build'
+          nix.develop('yarn build')
           jenkins.genBuildMetaJSON('build/build.json')
         }
       }
@@ -37,12 +39,15 @@ pipeline {
     stage('Publish') {
       steps {
         sshagent(credentials: ['status-im-auto-ssh']) {
-          sh """
-            ghp-import \
-              -b ${deployBranch()} \
-              -c ${deployDomain()} \
-              -p build
-          """
+          script {
+            nix.develop("""
+              ghp-import \
+                -b ${deployBranch()} \
+                -c ${deployDomain()} \
+                -p build
+            """, sandbox: false,
+                 keepEnv: ['SSH_AUTH_SOCK'])
+          }
          }
       }
     }
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 00000000..47e90054
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,26 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1754028485,
+        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-25.05",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 00000000..bd3e6499
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,35 @@
+{
+  description = "Nix flake development shell.";
+
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-25.05";
+  };
+
+  outputs =
+    { self, nixpkgs }:
+    let
+      supportedSystems = [
+        "x86_64-linux"
+        "aarch64-linux"
+        "x86_64-darwin"
+        "aarch64-darwin"
+      ];
+      forEachSystem = nixpkgs.lib.genAttrs supportedSystems;
+      pkgsFor = forEachSystem (system: import nixpkgs { inherit system; });
+    in
+    rec {
+      formatter = forEachSystem (system: pkgsFor.${system}.nixpkgs-fmt);
+
+      devShells = forEachSystem (system: {
+        default = pkgsFor.${system}.mkShellNoCC {
+          packages = with pkgsFor.${system}.buildPackages; [
+            git        # 2.44.1
+            openssh    # 9.7p1
+            yarn       # 1.22.22
+            nodejs_20  # v20.15.1
+            ghp-import # 2.1.0
+          ];
+        };
+      });
+    };
+}