diff --git a/updater/.envrc b/updater/.envrc new file mode 100644 index 0000000..261d630 --- /dev/null +++ b/updater/.envrc @@ -0,0 +1,5 @@ +# reload when these files change +watch_file flake.nix +watch_file flake.lock +# load the flake devShell +eval "$(nix print-dev-env)" diff --git a/updater/flake.lock b/updater/flake.lock new file mode 100644 index 0000000..acf54c0 --- /dev/null +++ b/updater/flake.lock @@ -0,0 +1,135 @@ +{ + "nodes": { + "advisory-db": { + "flake": false, + "locked": { + "lastModified": 1669556130, + "narHash": "sha256-6qRQVSgpw+Tw17TroiUg8nAte9/KVDH+v30MOOd+pQU=", + "owner": "RustSec", + "repo": "advisory-db", + "rev": "a66a3049c98395410a2afadf0382882b0a04d8b1", + "type": "github" + }, + "original": { + "owner": "RustSec", + "repo": "advisory-db", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "naersk": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1662220400, + "narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=", + "owner": "nix-community", + "repo": "naersk", + "rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "naersk", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1669597967, + "narHash": "sha256-R+2NaDkXsYkOpFOhmVR8jBZ77Pq55Z6ilaqwFLLn000=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "be9e3762e719211368d186f547f847737baad720", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "advisory-db": "advisory-db", + "flake-compat": "flake-compat", + "naersk": "naersk", + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay", + "utils": "utils" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1669689198, + "narHash": "sha256-YsWu3C9IGbH3+xguTzEDyQorFe/igr6FGZ+Q5T2ocxE=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "4e093ce661a63aca4bcbace33695225eae4ef4e4", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/updater/flake.nix b/updater/flake.nix new file mode 100644 index 0000000..a4977bc --- /dev/null +++ b/updater/flake.nix @@ -0,0 +1,188 @@ +{ + description = "updater"; + + nixConfig = { + extra-substituters = [ "https://nix-cache.mccarty.io/" ]; + extra-trusted-public-keys = + [ "nathan-nix-cache:R5/0GiItBM64sNgoFC/aSWuAopOAsObLcb/mwDf335A=" ]; + }; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + utils.url = "github:numtide/flake-utils"; + flake-compat = { + url = "github:edolstra/flake-compat"; + flake = false; + }; + naersk = { + url = "github:nix-community/naersk"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # Used for rust compiler + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # Advisory db from rust-sec + advisory-db = { + url = "github:RustSec/advisory-db"; + flake = false; + }; + }; + + outputs = + { self, nixpkgs, flake-compat, utils, naersk, rust-overlay, advisory-db }: + utils.lib.eachDefaultSystem (system: + let + crateName = "updater"; + pkgs = import nixpkgs { + inherit system; + overlays = [ (import rust-overlay) ]; + + }; + rust = pkgs.rust-bin.stable.latest.default.override { + extensions = [ "llvm-tools-preview" ]; + }; + naersk-lib = naersk.lib."${system}".override { + rustc = rust; + cargo = rust; + }; + cargo-llvm-cov = naersk-lib.buildPackage { + pname = "cargo-llvm-cov"; + src = pkgs.fetchzip { + url = + "https://crates.io/api/v1/crates/cargo-llvm-cov/0.5.0/download"; + extension = ".tar.gz"; + sha256 = "sha256-ifnwiOuFnpryYxLgescpxN8CzgFzSZlY+RlbyW7ND6g="; + }; + }; + cargo-nextest = naersk-lib.buildPackage { + pname = "cargo-nextest"; + src = pkgs.fetchzip { + url = + "https://crates.io/api/v1/crates/cargo-nextest/0.9.37/download"; + extension = ".tar.gz"; + sha256 = "sha256-1tEEZipJ8GqQqESKD9664Pax4evIp+G2tOpZuh6xN3U="; + }; + }; + devBase = with pkgs; [ + # Build tools + openssl + pkg-config + rust-analyzer + cmake + gnuplot + # git tooling + gitFull + pre-commit + git-lfs + git-cliff + # Cargo addons + cargo-llvm-cov + cargo-nextest + cargo-release + cargo-udeps + cargo-audit + # Formatters + nixpkgs-fmt + python39Packages.mdformat + # for ci reasons + bash + cacert + # Sourcehut + hut + ]; + sharedDeps = with pkgs; + [ + + ]; + sharedNativeDeps = with pkgs; + [ + + ]; + in rec { + # Main binary + packages.${crateName} = naersk-lib.buildPackage { + pname = "${crateName}"; + buildInputs = sharedDeps; + nativeBuildInputs = sharedNativeDeps; + root = ./.; + }; + # binary + tests + packages.tests.${crateName} = naersk-lib.buildPackage { + pname = "${crateName}"; + buildInputs = sharedDeps; + nativeBuildInputs = sharedNativeDeps; + root = ./.; + doCheck = true; + }; + + packages.docs.${crateName} = naersk-lib.buildPackage { + pname = "${crateName}"; + buildInputs = sharedDeps; + nativeBuildInputs = sharedNativeDeps; + root = ./.; + dontBuild = true; + doDoc = true; + doDocFail = true; + }; + + defaultPackage = packages.${crateName}; + + # Make some things eaiser to do in CI + packages.lints = { + # lint formatting + format.${crateName} = with import nixpkgs { inherit system; }; + stdenv.mkDerivation { + name = "format lint"; + src = self; + nativeBuildInputs = with pkgs; + [ rust-bin.stable.latest.default ] ++ sharedNativeDeps; + buildInputs = sharedDeps; + buildPhase = "cargo fmt -- --check"; + installPhase = "mkdir -p $out; echo 'done'"; + }; + # audit against stored advisory db + audit.${crateName} = with import nixpkgs { inherit system; }; + stdenv.mkDerivation { + name = "format lint"; + src = self; + nativeBuildInputs = with pkgs; + [ rust-bin.stable.latest.default cargo-audit ] + ++ sharedNativeDeps; + buildInputs = sharedDeps; + buildPhase = '' + export HOME=$TMP + mkdir -p ~/.cargo + cp -r ${advisory-db} ~/.cargo/advisory-db + cargo audit -n + ''; + installPhase = "mkdir -p $out; echo 'done'"; + }; + # Clippy + clippy.${crateName} = naersk-lib.buildPackage { + pname = "${crateName}"; + root = ./.; + buildInputs = sharedDeps; + nativeBuildInputs = sharedNativeDeps; + cargoTestCommands = (old: [ "cargo $cargo_options clippy" ]); + doCheck = true; + dontBuild = true; + }; + }; + + devShell = pkgs.mkShell { + inputsFrom = builtins.attrValues self.packages.${system}; + buildInputs = [ rust ] ++ devBase ++ sharedDeps ++ sharedNativeDeps; + }; + + packages.nightlyRustShell = pkgs.mkShell { + buildInputs = [ + (pkgs.rust-bin.selectLatestNightlyWith (toolchain: + toolchain.default.override { + extensions = [ "rust-src" "clippy" "llvm-tools-preview" ]; + })) + ] ++ devBase ++ sharedDeps ++ sharedNativeDeps; + }; + }); +}