From fe9385ff2b8d93e135bcc0f1e0823c9a16b3e94f Mon Sep 17 00:00:00 2001 From: "DavidCrompton1192@gmail.com" Date: Thu, 9 Mar 2023 21:59:09 -0500 Subject: [PATCH] New Deploy Architecture --- deploy/flake.nix | 2 +- flake.nix | 155 ++++++++++++++++++++++------------------------ secrets/deploy.sh | 6 +- 3 files changed, 79 insertions(+), 84 deletions(-) diff --git a/deploy/flake.nix b/deploy/flake.nix index a4515f1..41b86d7 100644 --- a/deploy/flake.nix +++ b/deploy/flake.nix @@ -1,6 +1,6 @@ { inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - inputs.newalan.url = "../"; + inputs.newalan.url = "https://git.syzygial.cc/Syzygial/New-Alan/archive/main.tar.gz"; outputs = { self, nixpkgs, newalan }: let new_alan_overlay = (final: prev: { diff --git a/flake.nix b/flake.nix index 15cd3e3..7696fa9 100644 --- a/flake.nix +++ b/flake.nix @@ -68,97 +68,92 @@ inherit cargoArtifacts; }); in rec { - checks = pkgs.lib.optionalAttrs (system == "x86_64-linux") { - # Build the crate as part of `nix flake check` for convenience - inherit newalan; + checks = pkgs.lib.optionalAttrs (system == "x86_64-linux") { + # Build the crate as part of `nix flake check` for convenience + inherit newalan; - # Run clippy (and deny all warnings) on the crate source, - # again, resuing the dependency artifacts from above. - # - # Note that this is done as a separate derivation so that - # we can block the CI if there are issues here, but not - # prevent downstream consumers from building our crate by itself. - newalan-clippy = craneLib.cargoClippy (commonArgs // { - inherit cargoArtifacts; - cargoClippyExtraArgs = "--all-targets -- --deny warnings"; - }); + # Run clippy (and deny all warnings) on the crate source, + # again, resuing the dependency artifacts from above. + # + # Note that this is done as a separate derivation so that + # we can block the CI if there are issues here, but not + # prevent downstream consumers from building our crate by itself. + newalan-clippy = craneLib.cargoClippy (commonArgs // { + inherit cargoArtifacts; + cargoClippyExtraArgs = "--all-targets -- --deny warnings"; + }); - newalan-doc = craneLib.cargoDoc (commonArgs // { - inherit cargoArtifacts; - }); + newalan-doc = craneLib.cargoDoc (commonArgs // { + inherit cargoArtifacts; + }); - # Check formatting - newalan-fmt = craneLib.cargoFmt { - inherit src; - }; - - # Audit dependencies - newalan-audit = craneLib.cargoAudit { - inherit src advisory-db; - }; - - # Run tests with cargo-nextest - # Consider setting `doCheck = false` on `newalan` if you do not want - # the tests to run twice - newalan-nextest = craneLib.cargoNextest (commonArgs // { - inherit cargoArtifacts; - partitions = 1; - partitionType = "count"; - }); - } // lib.optionalAttrs (system == "x86_64-linux") { - # NB: cargo-tarpaulin only supports x86_64 systems - # Check code coverage (note: this will not upload coverage anywhere) - newalan-coverage = craneLib.cargoTarpaulin (commonArgs // { - inherit cargoArtifacts; - }); + # Check formatting + newalan-fmt = craneLib.cargoFmt { + inherit src; }; - hydraJobs = checks // lib.optionalAttrs - (system == "x86_64-linux" ) { - runCommandHook = { - newalan = pkgs.writeScript "run-me" '' - #!${pkgs.runtimeShell} - export bd=$(mktemp -d) - chmod -R g=u $bd - cd $bd + # Audit dependencies + newalan-audit = craneLib.cargoAudit { + inherit src advisory-db; + }; - echo Working in: $bd - echo Downloading revision... - ${pkgs.wget}/bin/wget https://git.syzygial.cc/Syzygial/New-Alan/archive/${self.rev}.zip - - ${pkgs.unzip}/bin/unzip ${self.rev}.zip - rm ${self.rev}.zip - cd * - export bd2=$(realpath .) - ls - PATH=${pkgs.nixos-container}/bin:$PATH - ${pkgs.sops}/bin/sops -i -d secrets/deploy.sh - chmod +x ./secrets/deploy.sh - ${pkgs.runtimeShell} ./secrets/deploy.sh - cd - rm -rf $bd + # Run tests with cargo-nextest + # Consider setting `doCheck = false` on `newalan` if you do not want + # the tests to run twice + newalan-nextest = craneLib.cargoNextest (commonArgs // { + inherit cargoArtifacts; + partitions = 1; + partitionType = "count"; + }); + } // lib.optionalAttrs (system == "x86_64-linux") { + # NB: cargo-tarpaulin only supports x86_64 systems + # Check code coverage (note: this will not upload coverage anywhere) + newalan-coverage = craneLib.cargoTarpaulin (commonArgs // { + inherit cargoArtifacts; + }); + }; + + hydraJobs = checks // lib.optionalAttrs + (system == "x86_64-linux" ) { + runCommandHook = let + deployFlake = pkgs.runCommand "deploy-flake" {} '' + substitute ${./deploy/flake.nix} $out \ + --replace "main.tar.gz" "${self.rev}.tar.gz" + ''; + in { + newalan = pkgs.runCommand { + nativeBuildInputs = [ + newalan + checks.newalan-nextest + ]; + } '' + echo '#!${pkgs.runtimeShell}' >> $out + echo 'export flake=${deployFlake}' >> $out + echo Deploying $flake + echo '# ${pkgs.runtimeShell} ./secrets/deploy.sh' >> $out + chmod +x $out ''; }; }; - - packages.default = newalan; + + packages.default = newalan; + + apps.default = flake-utils.lib.mkApp { + drv = newalan; + }; - apps.default = flake-utils.lib.mkApp { - drv = newalan; - }; + devShells.default = pkgs.mkShell { + inputsFrom = builtins.attrValues self.checks.${system}; - devShells.default = pkgs.mkShell { - inputsFrom = builtins.attrValues self.checks.${system}; + nativeBuildInputs = with pkgs; [ + cargo + rustc + rust-analyzer - nativeBuildInputs = with pkgs; [ - cargo - rustc - rust-analyzer - - sops - age - ]; - }; - } + sops + age + ]; + }; + } ); } diff --git a/secrets/deploy.sh b/secrets/deploy.sh index 8a436e5..482d1c4 100644 --- a/secrets/deploy.sh +++ b/secrets/deploy.sh @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:SZcrWUnPbxHhQ5NHGgYaVboy/jwxJn3qDJiXd0sb/NUe0Cx3RHV+/IEFvJz1tJOiChB064pPJhBcwe0YY64x4WJLPsF1eAJwB2dWMPFRmltdqQfVWQU0Vh8wB3ih+4IQrtQ+MugEYn8YYd2IMbUOCq5KIwG26YCIqC/9DIO6efs9zUd5lJ61DgXpFC9mqpDFrgP9OefssJ42KlZu,iv:nG6OtPFHbZAXZi08Vdf+WItarj77PQYeZ9yLeWaYar8=,tag:KXLdO4s8t1mL5F0/rCeKqQ==,type:str]", + "data": "ENC[AES256_GCM,data:0Hzi3BuNQEZj+vKy9/zgF+Qyc2BWCoAjHa4YB0AEK1zJU8z8HcfnNBQbWgZ7Wjyl8qIDI2nRlBeELgErg5GeVCf/TEEFXy+sCyThmX0tbJK5WQN/vGGA+5nS4eZEFCFMeB2XmoYz1hB6gg==,iv:vJeFS0ErNAUnercb9MkO7CUyVpKwV9l3xIw/JGkxjrE=,tag:eEL16Ep/M0Ep93BZL2Sh5w==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -15,8 +15,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdUtHMERreXlZTGRGMWlM\nbldjMHFWWWRQZHRvZWx5QmhmVno0VmZQNmljCnFRUnZxT29iZkNxaExQbCtUNFFy\nMkttVkkrQkh0Ky91bnRxRmJ4VDk0N2MKLS0tIHhYREFwRUZ6a1BDM1FWZjlpcTJR\nVW5YSkwvZWQyMXNuaUdBTWpwa2Y1VWcKawzPRiMB/ruOBCylNssB/k+hITJDYX+6\nKpwHk9Avh6Pzhptm21yeY1zmVQkqEx6YU24aJiqs1RRmrQAvnWr3WQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2023-03-10T01:38:34Z", - "mac": "ENC[AES256_GCM,data:QNkqpBLYY45OVsENf7k/lrCZCKyvZBTY+XGc4aYC/t8LXfa8xGpaHcFb7OFqqetcBZw3azb2BL2y29bA+Lm69DjhUzIFX7wJal6qyAxi/HZC6sKzKr+D4Gr7/KRpG/2NaqoLkugsXoDHKWi0Y6mCrcJRPJqo5Nw0AFdWS9IJc0I=,iv:wQc/XZcXK/maSHtQx/Ut4SH0xrPalLVHTqBa2U3lMMY=,tag:y2T9Isxrhqy0J/WcaOCS+A==,type:str]", + "lastmodified": "2023-03-10T02:38:06Z", + "mac": "ENC[AES256_GCM,data:9KPlaPXXdiK1XiApKoXxm9rs0heIAFQl1E2yBD7D7PjxPrKtspjcWU6sP3ETG9M9KQXJt/Gyrm5oopccy3Ay1APV/+gIZFNMTXiFLPLiEaPugXTR4F9Vqs8SRRFqPKh3PnIWyb6I2CLvkiq0iz0M9KjdpridsRteIBVTLEAwUJs=,iv:XnjHdXOuc6911zu+gV4bIpOX6tgfpiIcZ0nD7KHMzwo=,tag:+KbkfaOsvLsMnSlajGMbqw==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.7.3"