Nix in the Wild: Looker (GCP) (opens in new tab)

(floxdev.com)

3 pointstomberek2y ago2 comments

2 comments

2 comments · 1 top-level

sigmonsays2y ago· 1 in thread

i'd like to know more about taking a nix build from dev to qa to prod and what that process looks like.

I know it's just a git commit in time but what does the process actually entail. How are 'artifacts' moved between teams and worked on?

tomberekOP2y ago

Generally what we see people do is:

- build in CI

- push to a cache (eg: S3-compatible/HTTPS/SSH)

- use the cache elsewhere

In that paradigm, the artifacts live in the binary cache (sometimes called substituter), much like container images live in a registry. This raises the question of if or how to track precise artifacts in use. There is no standard for this yet. I've seen people use tags, branches, separate repos with manifests, DNS TXT records, etc. [ I work for https://floxdev.com/ where we are creating a standard for artifact lifecycle management and distribution called the Catalog into which you publish your artifacts, contact us if interested ].

The key selling point is that the resulting artifacts often have high de-duplication compared to container layers and have good correctness/completeness properties. We also can keep track of how things are built, so SBOM and supply chain information is very good.

j / k navigate · click thread line to collapse