Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jsonresume PDF doesn't generate correctly inside Nix sandbox. #16

Open
Lehmanator opened this issue May 22, 2024 · 0 comments
Open

jsonresume PDF doesn't generate correctly inside Nix sandbox. #16

Lehmanator opened this issue May 22, 2024 · 0 comments
Assignees
@Lehmanator
Labels
bug Something isn't working

Comments

@Lehmanator
Copy link
Owner

Problem

PDF generation is broken for all current themes inside the Nix sandbox.

End result is that a fully-automated CI/CD process for PDF generation & deployment will build a faulty PDF.

All themes linking remote resources in the HTML will be incorrect in some way, but current themes are completely unreadable.

Cause

Nix sandbox prevents fetching external assets from the internet.

All current themes link to CDN assets for things like bootstrap, font-awesome, other CSS, etc.

The puppeteer-cli PDF generation command: puppeteer print ./index.html resume.pdf tries to render the HTML document in a headless Chromium instance, which cannot reach the assets required by the HTML.

Potential solutions

Prefetch external assets and specify their hash of fixed-output derivation.

Cons:

  • Each change to JSON data will require changing the hash of the derivation output
  • Breaks ability to rapidly iterate on resume data using nix build.

Pros:

  • No patching theme packages.
  • No rewriting HTML to remove external links

Call nix build with --impure` arg in CI workflow.

TODO: How to allow internet inside build sandbox?

Cons:

  • Adds impurity to builds
  • packages.jsonresume-pdf* packages cannot be built in pure nix build

Pros:

  • Minimal changes to build process.

Build PDF in separate GitHub Actions workflow

Only build the HTML in the CI workflow.
Create second workflow for running PDF generation.
Run workflow upon GitHub pages deployment.
Call puppeteer-cli on GitHub pages URL instead of HTML file.

Cons:

  • Requires separate GitHub Actions workflow.
  • New GA workflow depends on successful GitHub pages deployment to update the data.
  • May create extra releases for no-op changes if GitHub pages deployment doesn't successfully update with new HTML.
  • Requires immediate usage of GitHub releases & new associated GA workflow.
  • PDF links cannot be relative dirs to Git repo assets, must link to GitHub releases.
  • Nix workflow and GA workflows will now diverge.

Pros:

  • Minimal changes within Nix build process

Patch jsonresume-theme-* packages to bundle-in all external assets.

Cons:

  • Must prefetch and retrieve hashes for every jsonresume-theme NPM package.
  • Must keep patches up-to-date when packages change the linked assets.

Pros:

  • Might be able to create wrapper for buildNpmPackage that performs this.

Rewrite HTML external asset links during HTML generation derivation.

Cons:

  • Updates cannot be one-shot updates of source rev + hash

Pros:
@Lehmanator Lehmanator self-assigned this May 22, 2024
@Lehmanator Lehmanator added the bug Something isn't working label May 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Lehmanator Lehmanator

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Lehmanator