diff --git a/flake.nix b/flake.nix index 7d3fb15..fd74290 100644 --- a/flake.nix +++ b/flake.nix @@ -11,14 +11,23 @@ url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; + # Advisory db from rust-sec + advisory-db = { + url = "github:RustSec/advisory-db"; + flake = false; + }; }; description = "Rust Toolchain and Utility Flake"; outputs = { self, nixpkgs, utils, ... }@inputs: - (utils.lib.eachDefaultSystem (system: { + with builtins; + let + sources = fromJSON (readFile ./sources/sources.json); + rustPackageNames = attrNames sources ++ [ "cargo-release" "cargo-deny" ]; + # Build the rust packages we'll be using + in (utils.lib.eachDefaultSystem (system: { packages = let - sources = builtins.fromJSON (builtins.readFile ./sources/sources.json); pkgs = import nixpkgs { inherit system; overlays = [ (import inputs.rust-overlay) ]; @@ -30,10 +39,133 @@ rustc = rust; cargo = rust; }; - in builtins.mapAttrs (name: source: + in (mapAttrs (name: source: naersk-lib.buildPackage { pname = source.pname; src = pkgs.fetchCrate source; - }) sources; - })); + buildInputs = with pkgs; [ pkg-config openssl ]; + }) sources) // + # Packages that naersk has trouble building due to https://github.com/nix-community/naersk/issues/263 + { + cargo-release = pkgs.cargo-release; + cargo-deny = pkgs.cargo-deny; + }; + })) // + # Now provide our builder functions + { + # Build a rust flake with a single crate + single = { src, crateName, sharedDeps ? (system: [ ]) + , sharedNativeDeps ? (system: [ ]) }: + utils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ (import inputs.rust-overlay) ]; + }; + rust = pkgs.rust-bin.stable.latest.default.override { + extensions = [ "llvm-tools-preview" ]; + }; + naersk-lib = inputs.naersk.lib."${system}".override { + rustc = rust; + cargo = rust; + }; + devBase = with pkgs; + [ + # Build tools + openssl + pkg-config + rust-analyzer + cmake + gnuplot + # git tooling + gitFull + pre-commit + git-lfs + git-cliff + # Formatters + nixfmt + python311Packages.mdformat + ] ++ map (x: self.packages.${system}.${x}) rustPackageNames; + in rec { + # Main binary + packages.${crateName} = naersk-lib.buildPackage { + pname = "${crateName}"; + buildInputs = sharedDeps system; + nativeBuildInputs = sharedNativeDeps system; + root = src; + }; + # binary + tests + packages.tests.${crateName} = naersk-lib.buildPackage { + pname = "${crateName}"; + buildInputs = sharedDeps system; + nativeBuildInputs = sharedNativeDeps system; + root = src; + doCheck = true; + }; + # Docs + packages.docs.${crateName} = naersk-lib.buildPackage { + pname = "${crateName}"; + buildInputs = sharedDeps system; + nativeBuildInputs = sharedNativeDeps system; + root = src; + dontBuild = true; + doDoc = true; + doDocFail = true; + }; + + # Set the default package to the main binary + defaultPackage = packages.${crateName}; + + # CI tasks + packages.lints = { + # lint formatting + format.${crateName} = with import nixpkgs { inherit system; }; + stdenv.mkDerivation { + name = "format lint"; + src = src; + nativeBuildInputs = with pkgs; + [ rust-bin.stable.latest.default ] + ++ (sharedNativeDeps system); + buildInputs = sharedDeps system; + buildPhase = "cargo fmt -- --check"; + installPhase = "mkdir -p $out; echo 'done'"; + }; + # audit against stored advisory db + audit.${crateName} = with import nixpkgs { inherit system; }; + stdenv.mkDerivation { + name = "audit lint"; + src = src; + nativeBuildInputs = with pkgs; + [ rust-bin.stable.latest.default cargo-audit ] + ++ (sharedNativeDeps system); + buildInputs = sharedDeps system; + buildPhase = '' + export HOME=$TMP + mkdir -p ~/.cargo + cp -r ${advisory-db} ~/.cargo/advisory-db + cargo audit -n + ''; + installPhase = "mkdir -p $out; echo 'done'"; + }; + # Clippy + clippy.${crateName} = naersk-lib.buildPackage { + pname = "${crateName}"; + root = src; + buildInputs = sharedDeps system; + nativeBuildInputs = sharedNativeDeps system; + cargoTestCommands = (old: [ "cargo $cargo_options clippy" ]); + doCheck = true; + dontBuild = true; + }; + }; + + # Development environments + devShell = pkgs.mkShell { + inputsFrom = builtins.attrValues packages; + buildInputs = [ rust ] ++ devBase ++ (sharedDeps system) + ++ (sharedNativeDeps system); + }; + + }); + }; } diff --git a/sources/packages.txt b/sources/packages.txt index 081246f..6b78799 100644 --- a/sources/packages.txt +++ b/sources/packages.txt @@ -1,6 +1,4 @@ cargo-llvm-cov cargo-nextest -cargo-release cargo-udeps cargo-audit -cargo-deny diff --git a/sources/sources.json b/sources/sources.json index e3918e2..ac88a9b 100644 --- a/sources/sources.json +++ b/sources/sources.json @@ -4,11 +4,6 @@ "pname": "cargo-audit", "version": "0.17.6" }, - "cargo-deny": { - "hash": "sha256-/2HClc4rzQvvbmWXOotZuC9MEPPnPZKWCOVC2AadtG4=", - "pname": "cargo-deny", - "version": "0.13.9" - }, "cargo-llvm-cov": { "hash": "sha256-5xHDjNFQDmi+SnhxfoCxoBdCqHpZEk/87r2sBKsT+W4=", "pname": "cargo-llvm-cov", @@ -19,11 +14,6 @@ "pname": "cargo-nextest", "version": "0.9.52" }, - "cargo-release": { - "hash": "sha256-tmyIQMjKs37ZVqG/WV4Qe99Jc+bzneTmEMrvxV1Gnsc=", - "pname": "cargo-release", - "version": "0.24.10" - }, "cargo-udeps": { "hash": "sha256-jvEhE/fngzEzRinA4iZYJbBfcl2CGbTwQB52h5laVf8=", "pname": "cargo-udeps",