I’m trying to find a thing, and I’m not turning up anything in my web searches so I figure I’d ask the cool people for help.

I’ve got several projects, tracked in Git, that rely on having a set of command line tools installed to work on locally - as an example, one requires Helm, Helmfile, sops, several Helm plugins, Pluto, Kubeval and the Kubernetes CLI. Because I don’t hate future me, I want to ensure that I’m installing specific versions of these tools rather than just grabbing whatever happens to be the latest version. I also want to ensure that my CI runner grabs the same versions, so I can be reasonably sure that what I’ve tried locally will actually work when I go to deploy it.

My current solution to this is a big ol’ Bash script, which works, but is kind of a pain to maintain. What I’m trying to find is a tool where I:

  • Can write a definition, ideally somewhere shared between projects, of what it means to “install tool X”
  • Include a file in my project that lists the tools and versions I want
  • Run the tool on my machine and let it go grab the platform- and architecture- specific binaries from wherever, and install them somewhere that I can add to my $PATH for this specific project
  • Run the tool in CI and do the same - if it can cache stuff then awesome

Linux support is a must, other platforms would be nice as well.

Basically I’m looking for Pythons’ pip + virtualenv workflow, but for prebuilt tools like helm, terraform, sops, etc. Anyone know of anything? I’ve looked at homebrew (seems to want to install system-wide), and VSCode dev containers (doesn’t solve the CI need, and I’d still need to solve installing the tools myself)

  • RegalPotoo@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    5
    ·
    11 months ago

    Very briefly playing about with Nix it does seem pretty compelling - only issue I can see is I don’t seem to have a straight forward way of installing a specific version of a tool from the official repo - you get whatever the current version is that the package maintainers have published for the specific snapshot you are using. I guess I could maintain my own packaging for different versions if it turns out to be important

    • chameleon@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      11 months ago

      You can hardcode a specific version of nixpkgs, instead of a branch. With the new Nix CLI & flakes enabled you can do something like this:

      nix run "github:NixOS/nixpkgs/b4372c4924d9182034066c823df76d6eaf1f4ec4#cowsay" "moo mooooooo"
      
      

      That’s the commit I’m seeing for nixos-23.11 today, and it should still give you that exact version of cowsay years from now.

      Of course, the better option is to make a dev shell with flakes. Flakes come with a lockfile builtin that accomplishes the same effect, and there’s no problems having different projects on different lockfiles/versions. It’s a bit more work to learn, the Zero to Nix tutorials are pretty decent at teaching and come with examples though (ultimately most things are ~30 lines of boilerplate and a list of packages that you want).

    • degen@midwest.social
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      I only started diving into nix this year so I’m still learning, but yeah, I’m pretty sure the lack of granular versioning is a common pain point with nixpkgs. I’d suggest checking out flakes if you haven’t already, but be warned, it gets hairy lol

      • anti-idpol action
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        11 months ago

        It is not? At one of my previous jobs it was nix that allowed me to get a compatible legacy version of kubectl up and running easily iirc

        • jeffhykin@lemm.ee
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          11 months ago

          It definitely still is. I use nix on the daily and specialize in old versions seach; Just because it’s very possible doesn’t mean people don’t find it to be a pain point.

          With the right tools (which are not easily found in the docs or on Google) finding one old version is fine. Running one old version is flawless. But mixing that old version with newer versions of other packages causes problems because of the nix LD_LIBRARY_PATH issue.

          • anti-idpol action
            link
            fedilink
            arrow-up
            1
            ·
            11 months ago

            Eh so probably got lucky with the fact that the software I needed was statically linked

            • jeffhykin@lemm.ee
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              11 months ago

              I was lucky for a while too, since you can also get lucky with dynamically linked libraries. Sometimes they find the new version of the .so (from other packages) and it works, but sometimes it finds a system .so and works until there is a system update. Which ruins the whole reproducability thing, although using the sandbox options of nix can help with this.

              Nixpkgs is better about patching the RPATH now, but that’s the thing; using old versions is like going back in time. We’d need to go back in the git history and also patch the super old version.

              There are tools like nix-ld which can help, but they need to be setup and they’ve got edgecases too.

    • jeffhykin@lemm.ee
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      11 months ago

      Use this! nvs --install ruby@2 (I’d attach the gif but lemm.ee doesn’t support images)

      I had your exact complaint. And it only took me 3 years and hundreds of hours of learning nix to make that tool 😅

      Btw, while it solves version search, fair warning you’re going to immediately run into other usability problems. I use nix every day but I don’t gaslight people into thinking it’s usable.

    • ericjmorey
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      If you’re using the Debian “no Frankenstein” approach, you’re limited to what is packaged, but if you do your own thing, you can have it build/install whatever you want.