Using nix in a continuous delivery workflow

Can nix be used in a continuous-delivery workflow?

We're using semaphore as our continuous integration service, and now I'm looking into building packages upon a successful build. For this I'm considering using nix.

I don't know what would be the right way of setting up a continuous delivery pipeline with this package manager. It seems that such an automated process would involve:

1. Making a branch of the nixpkgs repository (in the CI server).
2. Updating the rev field of fetchFromGithub.
3. (automatically) submitting a pull-request.

But I don't know if this makes sense, and also I'm concerned that the continuous-delivery process involved a manual step (having an human aproving the pull-request).

Can nix be used in a continuous-delivery workflow?

Yes. It's typically done with Hydra, a CI system built with Nix. But, it may be possible to do this with Semaphore.

Semaphore CI provides build environments that are language specific, but... it's running Ubuntu, so theoretically you can do something like this:

1. Install Nix as if it were a dependency. See this article.
2. Add your Nix package, which I suppose you can do with Git. You don't really need to clone Nixpkgs.
3. Use nix-build to build your package. This will create a result symbolic link to the build output.
4. Deploy using git-deploy.

If you do something like this with your package you can call it directly from nix-build because you won't have to provide the package dependencies as arguments:

{ pkgs ? import <nixpkgs> {} }:
let
   stdenv = pkgs.stdenv;
   ...
in
  stdenv.mkDerivation {
    ..
  }

Optimization

Installing Nix for every build is wasteful, but perhaps you can cache the Nix store. See this article.