1image: guix
 2packages:
 3- plzip
 4sources:
 5- https://git.sr.ht/~singpolyma/sgx-jmp
 6secrets:
 7- 9ded4157-4cf9-42ae-b7d0-55eb6e52ea37
 8- fd52c9ce-04e8-4684-af6c-1ab78d2e124a
 9artifacts:
10- sgx-jmp.scm
11- sgx-jmp.nar.lz
12tasks:
13- bake: |
14    printf "(define-module (sgx-jmp))\n" > sgx-jmp.scm
15    sed '/^;;;;$/q' sgx-jmp/guix.scm >> sgx-jmp.scm
16    printf "(define-public sgx-jmp\n\t" >> sgx-jmp.scm
17    cd sgx-jmp
18    printf '(load "%s/guix.scm")\n(write sgx-jmp-baked)\n' "$(pwd)" | guix repl /dev/stdin >> ../sgx-jmp.scm
19    cd -
20    printf ")\n" >> sgx-jmp.scm
21    rm -f sgx-jmp/guix.scm
22    [ "$BUILD_REASON" = patchset ] || rm -rf sgx-jmp
23- build: |
24    if [ "$BUILD_REASON" = patchset ]; then with_source="--with-source=$PWD/sgx-jmp"; fi
25    guix build $with_source --no-grafts -r out -L. sgx-jmp
26- archive: |
27    if [ -e signing-key.sec ]; then
28      sudo mv signing-key.pub /etc/guix/
29      sudo mv signing-key.sec /etc/guix/
30      sudo chown root:root /etc/guix/signing-key.sec
31      sudo chmod 0400 /etc/guix/signing-key.sec
32    fi
33    guix archive --export -r --no-grafts $(readlink -f out) > sgx-jmp.nar
34    plzip sgx-jmp.nar