From ed0e34dc2246074392457291d7754faabb136b6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?N=C3=ADcolas=20Varela=20Auler?= Date: Fri, 29 Nov 2024 09:57:36 -0300 Subject: [PATCH] ci: attempt to run checks at buildbot-nix (#159) * ci: attempting build and clippy on buildbot-nix * unrelated: removing unneded cargo audit bypass * bump: updates to flake and cargo to trigger rebuild --- .cargo/audit.toml | 1 - Cargo.lock | 23 +++---- devshells.nix | 31 +++++++++ flake.lock | 169 ++++++++++++++++++++++++++++++++++++++++------ flake.nix | 165 ++++++++++++++++++++++++++++---------------- 5 files changed, 297 insertions(+), 92 deletions(-) create mode 100644 devshells.nix diff --git a/.cargo/audit.toml b/.cargo/audit.toml index cd58582..4ec13c4 100644 --- a/.cargo/audit.toml +++ b/.cargo/audit.toml @@ -1,7 +1,6 @@ [advisories] ignore = [ "RUSTSEC-2023-0071", # rsa marvin attack - "RUSTSEC-2024-0370", # proc-macro-error unmaintained triggered by validator ] [output] diff --git a/Cargo.lock b/Cargo.lock index 86f9193..84129d7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -691,9 +691,9 @@ dependencies = [ [[package]] name = "email-encoding" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60d1d33cdaede7e24091f039632eb5d3c7469fe5b066a985281a34fc70fa317f" +checksum = "ea3d894bbbab314476b265f9b2d46bf24b123a36dd0e96b06a1b49545b9d9dcc" dependencies = [ "base64 0.22.1", "memchr", @@ -1869,16 +1869,16 @@ dependencies = [ [[package]] name = "opentelemetry" -version = "0.27.0" +version = "0.27.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f3cebff57f7dbd1255b44d8bddc2cebeb0ea677dbaa2e25a3070a91b318f660" +checksum = "ab70038c28ed37b97d8ed414b6429d343a8bbf44c9f79ec854f3a643029ba6d7" dependencies = [ "futures-core", "futures-sink", "js-sys", - "once_cell", "pin-project-lite", "thiserror", + "tracing", ] [[package]] @@ -1942,16 +1942,15 @@ checksum = "bc1b6902ff63b32ef6c489e8048c5e253e2e4a803ea3ea7e783914536eb15c52" [[package]] name = "opentelemetry_sdk" -version = "0.27.0" +version = "0.27.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27b742c1cae4693792cc564e58d75a2a0ba29421a34a85b50da92efa89ecb2bc" +checksum = "231e9d6ceef9b0b2546ddf52335785ce41252bc7474ee8ba05bfad277be13ab8" dependencies = [ "async-trait", "futures-channel", "futures-executor", "futures-util", "glob", - "once_cell", "opentelemetry", "percent-encoding", "rand", @@ -2544,9 +2543,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.18" +version = "0.23.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c9cc1d47e243d655ace55ed38201c19ae02c148ae56412ab8750e8f0166ab7f" +checksum = "934b404430bb06b3fae2cba809eb45a1ab1aecd64491213d7c3301b88393f8d1" dependencies = [ "once_cell", "ring", @@ -3568,9 +3567,9 @@ dependencies = [ [[package]] name = "tracing" -version = "0.1.40" +version = "0.1.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" +checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0" dependencies = [ "log", "pin-project-lite", diff --git a/devshells.nix b/devshells.nix new file mode 100644 index 0000000..3a41fde --- /dev/null +++ b/devshells.nix @@ -0,0 +1,31 @@ +{ + perSystem = { + inputs', + self', + pkgs, + system, + ... + }: { + devShells.default = let + rust = pkgs.rust-bin.selectLatestNightlyWith (toolchain: toolchain.default); + in + pkgs.mkShellNoCC { + buildInputs = with pkgs; [ + bacon + cargo-expand + cargo-llvm-cov + cargo-nextest + cargo-watch + jq + nixpkgs-fmt + openssl + pkg-config + postgresql + python3 + rust + svix-cli + sqlx-cli + ]; + }; + }; +} diff --git a/flake.lock b/flake.lock index d7c8afd..8172a2c 100644 --- a/flake.lock +++ b/flake.lock @@ -1,20 +1,104 @@ { "nodes": { - "flake-utils": { + "buildbot-nix": { "inputs": { - "systems": "systems" + "flake-parts": "flake-parts", + "hercules-ci-effects": "hercules-ci-effects", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "lastModified": 1732578586, + "narHash": "sha256-kR2RwG4H32zRkyVVfDKUnoPxORb6DzztE16oc98ZzSg=", + "owner": "nix-community", + "repo": "buildbot-nix", + "rev": "037344cad03e933ea370c0766b39b959820446e5", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "nix-community", + "repo": "buildbot-nix", + "type": "github" + } + }, + "crane": { + "locked": { + "lastModified": 1732407143, + "narHash": "sha256-qJOGDT6PACoX+GbNH2PPx2ievlmtT1NVeTB80EkRLys=", + "owner": "ipetkov", + "repo": "crane", + "rev": "f2b4b472983817021d9ffb60838b2b36b9376b20", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "buildbot-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "hercules-ci-effects": { + "inputs": { + "flake-parts": [ + "buildbot-nix", + "flake-parts" + ], + "nixpkgs": [ + "buildbot-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730903510, + "narHash": "sha256-mnynlrPeiW0nUQ8KGZHb3WyxAxA3Ye/BH8gMjdoKP6E=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "b89ac4d66d618b915b1f0a408e2775fe3821d141", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-effects", "type": "github" } }, @@ -34,6 +118,18 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1730504152, + "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1728538411, @@ -52,9 +148,12 @@ }, "root": { "inputs": { - "flake-utils": "flake-utils", + "buildbot-nix": "buildbot-nix", + "crane": "crane", + "flake-parts": "flake-parts_2", "nixpkgs": "nixpkgs", - "rust-overlay": "rust-overlay" + "rust-overlay": "rust-overlay", + "treefmt-nix": "treefmt-nix_2" } }, "rust-overlay": { @@ -62,11 +161,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1732588352, - "narHash": "sha256-J2/hxOO1VtBA/u+a+9E+3iJpWT3xsBdghgYAVfoGCJo=", + "lastModified": 1732761189, + "narHash": "sha256-A2a4Cw66421Wojv1uqSGkD1XW960uJ7wHuwmvGCUJ8s=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "414e748aae5c9e6ca63c5aafffda03e5dad57ceb", + "rev": "fd0e3bf854b937632c92819d55d4ff8a130d5658", "type": "github" }, "original": { @@ -75,18 +174,44 @@ "type": "github" } }, - "systems": { + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "buildbot-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730321837, + "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "lastModified": 1732643199, + "narHash": "sha256-uI7TXEb231o8dkwB5AUCecx3AQtosRmL6hKgnckvjps=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "84637a7ab04179bdc42aa8fd0af1909fba76ad0c", "type": "github" }, "original": { - "owner": "nix-systems", - "repo": "default", + "owner": "numtide", + "repo": "treefmt-nix", "type": "github" } } diff --git a/flake.nix b/flake.nix index 96b4412..06f45bc 100644 --- a/flake.nix +++ b/flake.nix @@ -4,70 +4,121 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; rust-overlay.url = "github:oxalica/rust-overlay"; - flake-utils.url = "github:numtide/flake-utils"; + flake-parts.url = "github:hercules-ci/flake-parts"; + + buildbot-nix.url = "github:nix-community/buildbot-nix"; + buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; + + treefmt-nix.url = "github:numtide/treefmt-nix"; + treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; + + crane.url = "github:ipetkov/crane"; }; - outputs = { + outputs = inputs @ { + flake-parts, nixpkgs, rust-overlay, - flake-utils, + crane, ... }: - flake-utils.lib.eachDefaultSystem ( - system: let - # shuttle = pkgs.rustPlatform.buildRustPackage rec { - # pname = "shuttle"; - # version = "v0.45.0"; - # src = pkgs.fetchFromGitHub { - # owner = "shuttle-hq"; - # repo = pname; - # rev = version; - # hash = "sha256-bjGyLfeo11Y55WqPwcUxnNkexozlxC61/rSa65gBGZ4="; - # }; - # doCheck = false; - # cargoLock = { - # lockFile = "${src}/Cargo.lock"; - # outputHashes = { - # "async-posthog-0.2.3" = "sha256-V0f9+UKZkqh80p7UjINEbAW9y8cKBmJTRjAJZV3no1M="; - # "hyper-reverse-proxy-0.5.2-dev" = "sha256-R1ZXGgWvwHWRHmKX823QLqM6ZJW+tzWUXigKkAyI5OE="; - # "permit-client-rs-2.0.0" = "sha256-MxsgqPbvWDYDOb3oGuD1I6d3cdcGAhfoWsI7cwfhrb4="; - # "permit-pdp-client-rs-0.2.0" = "sha256-F9wSvo3WzoRXjZb+We0Bvcwx3rRSG1QxXPsvrmtIN38="; - # }; - # }; - # # cargoHash = ""; - # }; - rust = pkgs.rust-bin.selectLatestNightlyWith (toolchain: toolchain.default); - # rust = pkgs.rust-bin.beta.latest.default; - overlays = [(import rust-overlay)]; - pkgs = import nixpkgs { - inherit system overlays; - }; - in - with pkgs; { - devShells.default = mkShell { - buildInputs = [ - bacon - cargo-expand - cargo-llvm-cov - cargo-nextest - cargo-watch - jq - nixpkgs-fmt - openssl - pkg-config - postgresql - python3 - rust - svix-cli - sqlx-cli + (flake-parts.lib.evalFlakeModule {inherit inputs;} ( + { + lib, + self, + inputs, + ... + }: { + imports = [ + ./devshells.nix + ]; + + systems = [ + "x86_64-linux" + ]; + + perSystem = { + self', + system, + pkgs, + ... + }: let + craneLib = (inputs.crane.mkLib pkgs).overrideToolchain (p: p.rust-bin.selectLatestNightlyWith (toolchain: toolchain.default)); + in { + _module.args.pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + overlays = [ + (import rust-overlay) ]; + }; - shellHook = '' - # export DATABASE_URL=postgres://postgres:postgres@localhost:17144/finnish - # export DATABASE_URL=postgres://postgres:postgres@localhost:21372/finnish - # export DATABASE_URL=postgres://postgres@localhost:6543/finapp - ''; + checks = let + # rust = pkgs.rust-bin.selectLatestNightlyWith (toolchain: toolchain.default); + # NB: we don't need to overlay our custom toolchain for the *entire* + # pkgs (which would require rebuidling anything else which uses rust). + # Instead, we just want to update the scope that crane will use by appending + # our specific toolchain there. + ## src = craneLib.cleanCargoSource ./.; + unfilteredRoot = ./.; # The original, unfiltered source + src = lib.fileset.toSource { + root = unfilteredRoot; + fileset = lib.fileset.unions [ + # Default files from crane (Rust and cargo files) + (craneLib.fileset.commonCargoSources unfilteredRoot) + # Include all the .sql migrations as well + ./migrations + ./.sqlx + ./templates + ]; + }; + + # Common arguments can be set here to avoid repeating them later + commonArgs = { + inherit src; + strictDeps = true; + + buildInputs = [ + pkgs.openssl + pkgs.pkg-config + ]; + nativeBuildInputs = [ + pkgs.pkg-config + pkgs.openssl + ]; + }; + + # Build *just* the cargo dependencies, so we can reuse + # all of that work (e.g. via cachix) when running in CI + cargoArtifacts = craneLib.buildDepsOnly commonArgs; + + # Build the actual crate itself, reusing the dependency + # artifacts from above. + ## runs tests -> which will break currently due to network connectivity + ## my-crate = craneLib.buildPackage (commonArgs + my-crate = craneLib.cargoBuild (commonArgs + // { + inherit cargoArtifacts; + }); + in { + # Build the crate as part of `nix flake check` for convenience + inherit my-crate; + + # Run clippy (and deny all warnings) on the crate source, + # again, reusing the dependency artifacts from above. + # + # Note that this is done as a separate derivation so that + # we can block the CI if there are issues here, but not + # prevent downstream consumers from building our crate by itself. + my-crate-clippy = craneLib.cargoClippy (commonArgs + // { + inherit cargoArtifacts; + cargoClippyExtraArgs = "--all-targets -- --deny warnings"; + }); }; - } - ); + }; + } + )) + .config + .flake; }