From 11e5afeb1599c07da453d953c8a6436c3ff6407e Mon Sep 17 00:00:00 2001 From: Dan Nixon Date: Wed, 15 Nov 2023 11:27:07 +0000 Subject: [PATCH] Move to Nix tooling --- .envrc | 1 + .github/workflows/ci.yml | 76 ++++++++++++------------- .gitignore | 1 + Containerfile | 34 ----------- flake.lock | 120 +++++++++++++++++++++++++++++++++++++++ flake.nix | 113 ++++++++++++++++++++++++++++++++++++ treefmt.toml | 8 +++ 7 files changed, 278 insertions(+), 75 deletions(-) create mode 100644 .envrc delete mode 100644 Containerfile create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 treefmt.toml diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e22633f..010dd3b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,61 +16,55 @@ jobs: steps: - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v22 - - name: Setup - run: rustup component add clippy rustfmt + # Evaluate the devshell here so that the time reported for subsequent + # steps that use it reflect what is actually done there. + - name: Evaluate devshell + run: nix develop - name: Format - run: cargo fmt -- --check + run: nix develop --command treefmt --fail-on-change - name: Clippy - run: cargo clippy -- -Dwarnings + run: nix develop --command cargo clippy --all-targets - build-and-test: - name: Build and Test - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - name: Build and Test - run: cargo test + - name: Test + run: nix build -L --no-sandbox .#test - container-image: - name: Build and push container image - if: ${{ github.ref_name == 'main' || github.ref_type == 'tag' }} + build: + name: Build needs: - - build-and-test - formatting-and-quality runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v22 + + - name: Build + run: nix build -L .#default - - name: Derive tags + - name: Build and push container image + if: ${{ github.ref_name == 'main' || github.ref_type == 'tag' }} run: | - echo 'tags<> $GITHUB_ENV + set -x + + # Build image via Nix and take the resulting path as the local container registry + local_cr="docker-archive://$(nix build .#container-image --no-link --print-out-paths)" + + # The container registry to push images to (GHCR) + remote_cr="docker://ghcr.io/dannixon/matrix-remote-closedown" + remote_cr_creds="${{ github.repository_owner }}:${{ github.token }}" + + # Push image using the Git ref name as the image tag (i.e. "main" or the tag name) + skopeo copy --dest-creds="$remote_cr_creds" "$local_cr" "$remote_cr:${{ github.ref_name }}" + + # Push image using the Git SHA as the image tag + skopeo copy --dest-creds="$remote_cr_creds" "$local_cr" "$remote_cr:${{ github.sha }}" + + # If the trigger was a tag (i.e. a release) if [[ "${{ github.ref_type }}" == 'tag' ]]; then - echo "latest ${{ github.ref_name }} ${{ github.sha }}" >> $GITHUB_ENV - else - echo "${{ github.ref_name }} ${{ github.sha }}" >> $GITHUB_ENV + # Push image using the "latest" tag + skopeo copy --dest-creds="$remote_cr_creds" "$local_cr" "$remote_cr:latest" fi - echo 'EOF' >> $GITHUB_ENV - - - name: Build container image - id: build-image - uses: redhat-actions/buildah-build@v2 - with: - image: matrix-remote-closedown - tags: "${{ env.tags }}" - containerfiles: ./Containerfile - oci: true - - - name: Push image to GHCR - uses: redhat-actions/push-to-registry@v2 - with: - image: ${{ steps.build-image.outputs.image }} - tags: ${{ steps.build-image.outputs.tags }} - registry: ghcr.io/dannixon - username: ${{ github.repository_owner }} - password: ${{ github.token }} diff --git a/.gitignore b/.gitignore index ea8c4bf..07c12f2 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /target +result diff --git a/Containerfile b/Containerfile deleted file mode 100644 index eecff3b..0000000 --- a/Containerfile +++ /dev/null @@ -1,34 +0,0 @@ -FROM docker.io/library/rust:alpine3.18 as builder - -RUN apk add \ - cmake \ - g++ \ - libc-dev \ - make \ - openssl-dev - -ADD Cargo.toml Cargo.lock . -ADD src ./src -RUN RUSTFLAGS=-Ctarget-feature=-crt-static cargo install \ - --path . \ - --root /usr/local - -FROM docker.io/library/alpine:3.18 - -RUN apk add \ - tini \ - libgcc \ - libstdc++ - -COPY --from=builder \ - /usr/local/bin/matrix-remote-closedown \ - /usr/local/bin/matrix-remote-closedown - -ENV MATRIX_STORAGE /data/matrix -RUN mkdir /data -VOLUME /data - -ENV OBSERVABILITY_ADDRESS "0.0.0.0:9090" -EXPOSE 9090 - -ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/matrix-remote-closedown"] diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..a8bbcc9 --- /dev/null +++ b/flake.lock @@ -0,0 +1,120 @@ +{ + "nodes": { + "fenix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1700029366, + "narHash": "sha256-0URFgoMK5M+xs2hHEGRJN/04Qy/nXrDgftZ7KTx0kA8=", + "owner": "nix-community", + "repo": "fenix", + "rev": "092bd452904e749efa39907aa4a20a42678ac31e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "naersk": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1698420672, + "narHash": "sha256-/TdeHMPRjjdJub7p7+w55vyABrsJlt5QkznPYy55vKA=", + "owner": "nix-community", + "repo": "naersk", + "rev": "aeb58d5e8faead8980a807c840232697982d47b9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "naersk", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1700064624, + "narHash": "sha256-D7EBb/zmh2YnG/TtgpupjroYtvGR0Hnaar+ixPbhtzY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "059727c23d9da7e02e00da5d24ba4eaf722725aa", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "fenix": "fenix", + "flake-utils": "flake-utils", + "naersk": "naersk", + "nixpkgs": "nixpkgs" + } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1699996283, + "narHash": "sha256-oj9l5vjhZTUGp8J+6bRfzMIRGsMZvdRQ+hBc6ksZtRU=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "c1e65aa58866cb80849a8d9d1705b537be62db2f", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..80c6c23 --- /dev/null +++ b/flake.nix @@ -0,0 +1,113 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs"; + + flake-utils.url = "github:numtide/flake-utils"; + + fenix = { + url = "github:nix-community/fenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + naersk = { + url = "github:nix-community/naersk"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { + self, + nixpkgs, + flake-utils, + fenix, + naersk, + }: + flake-utils.lib.eachDefaultSystem ( + system: let + pkgs = (import nixpkgs) { + inherit system; + }; + + toolchain = fenix.packages.${system}.toolchainOf { + channel = "1.72"; + date = "2023-09-19"; + sha256 = "dxE7lmCFWlq0nl/wKcmYvpP9zqQbBitAQgZ1zx9Ooik="; + }; + + naersk' = pkgs.callPackage naersk { + cargo = toolchain.rust; + rustc = toolchain.rust; + }; + + cargo = builtins.fromTOML (builtins.readFile ./Cargo.toml); + name = cargo.package.name; + version = cargo.package.version; + + nativeBuildInputs = with pkgs; [cmake pkg-config]; + buildInputs = with pkgs; [openssl]; + + lintingRustFlags = "-D unused-crate-dependencies"; + in { + devShell = pkgs.mkShell { + packages = with pkgs; [ + # Rust toolchain + toolchain.toolchain + + # Code formatting tools + alejandra + treefmt + + # Container image management + skopeo + ]; + + nativeBuildInputs = nativeBuildInputs; + buildInputs = buildInputs; + + RUSTFLAGS = lintingRustFlags; + }; + + packages = rec { + default = naersk'.buildPackage { + name = name; + version = version; + + src = ./.; + + nativeBuildInputs = nativeBuildInputs; + buildInputs = buildInputs; + }; + + container-image = pkgs.dockerTools.buildImage { + name = "matrix-remote-closedown"; + tag = "latest"; + created = "now"; + + copyToRoot = pkgs.buildEnv { + name = "image-root"; + paths = [pkgs.bashInteractive pkgs.coreutils]; + pathsToLink = ["/bin"]; + }; + + config = { + Entrypoint = ["${pkgs.tini}/bin/tini" "--" "${default}/bin/matrix-remote-closedown"]; + Env = [ + "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" + ]; + }; + }; + + test = naersk'.buildPackage { + mode = "test"; + src = ./.; + + nativeBuildInputs = nativeBuildInputs; + buildInputs = buildInputs; + + # Ensure detailed test output appears in nix build log + cargoTestOptions = x: x ++ ["1>&2"]; + }; + }; + } + ); +} diff --git a/treefmt.toml b/treefmt.toml new file mode 100644 index 0000000..02adff3 --- /dev/null +++ b/treefmt.toml @@ -0,0 +1,8 @@ +[formatter.nix] +command = "alejandra" +includes = [ "*.nix" ] + +[formatter.rust] +command = "rustfmt" +options = ["--edition", "2021"] +includes = [ "*.rs" ]