A Purely Functional CI/CD Pipeline Using Jenkins with Guix

Session Description

Guix is Gnu’s next-gen, cross-platform package manager that provides guarantees beyond traditional package management tools. By utilising a containerised, purely-functional framework, each package build has byte-identical reproducibility. To harness Guix for our own delivery pipeline it was necessary to augment it with a traditional CI/CD tool, that is better suited to handling the particulars of scheduling, orchestration, and reporting the state of the CI/CD pipeline - for this job we picked Jenkins. The resulting methodology will be presented for interfacing Jenkins with Guix. This will include an outline of the system requirements and setup. I demonstrate how to tweak Jenkins’ standard configuration to seamlessly defer some operations to Guix, and the system of locks required to efficiently avoid package trampling. I also cover how to manage source and Guix package versioning within Jenkins’ DSL. I then show how Guix can be used as the central CD engine providing: dependency management, building, testing, deployment, and execution containers - with Jenkins’ overseeing each stage and tracking progress. I illustrate that Guix’s pure transactional nature allows for fast production rollbacks (and forwards). Finally, to allow developers to perfectly reproduce byte-identical builds and deployments for debugging, I demonstrate a means of unprivileged local package management, and a technique for associating Guix channel definitions with specific build artifacts in Jenkins, to perfectly describe and recreate any build and dependency-chain from any point in our version history