lorri Running shellHooks that hit external resources

At CircuitHub, we use a single mono repo and have a shell.nix in it which contains, amongst other things:

      shellHook =
          ''
          export                                                                   \
            PGDATABASE=$( vault read -field=database secret/dev/staging-database ) \
            PGHOST=$( vault read -field=host secret/dev/staging-database )         \
            PGPASS=$( vault read -field=password secret/dev/staging-database )     \
            PGUSER=$( vault read -field=user secret/dev/staging-database )

So by entering a nix-shell, our developers are also in an environment that can talk to a shared staging database. lorri now supports shellHook, but it does this in a jail that can't use vault as that requires HTTP requests.

Jun 06 '19 13:06 ocharles

We cannot run shellHooks outside of a nix build environment, because of the effects described in https://github.com/target/lorri/issues/7#issuecomment-480298131.

What we could do though, is introduce a special field, e.g. lorriHook, which would have a different semantics and environment than shellHook and which could run setup code like the above in the direnv setup phase.

Jun 10 '19 13:06 Profpatsch

I'd be fine with that

Jun 10 '19 14:06 ocharles

As a workaround, @hanstolpo pointed out to me that you can just whack

eval "$shellHook"

at the end of .envrc for now to work around this.

Jul 01 '19 16:07 ocharles

btw, lorriHook field with eval "$lorriHook" in .envrc works too!

Nov 24 '19 21:11 srghma

@ocharles Your solution did not work for me (details at #444) since lorri build seems to panic out beforehand. See also: https://github.com/target/lorri/pull/265 (closed without merging)

Jul 02 '20 02:07 blaggacao