New Deploy Architecture
This commit is contained in:
155
flake.nix
155
flake.nix
@@ -68,97 +68,92 @@
|
||||
inherit cargoArtifacts;
|
||||
});
|
||||
in rec {
|
||||
checks = pkgs.lib.optionalAttrs (system == "x86_64-linux") {
|
||||
# Build the crate as part of `nix flake check` for convenience
|
||||
inherit newalan;
|
||||
checks = pkgs.lib.optionalAttrs (system == "x86_64-linux") {
|
||||
# Build the crate as part of `nix flake check` for convenience
|
||||
inherit newalan;
|
||||
|
||||
# Run clippy (and deny all warnings) on the crate source,
|
||||
# again, resuing the dependency artifacts from above.
|
||||
#
|
||||
# Note that this is done as a separate derivation so that
|
||||
# we can block the CI if there are issues here, but not
|
||||
# prevent downstream consumers from building our crate by itself.
|
||||
newalan-clippy = craneLib.cargoClippy (commonArgs // {
|
||||
inherit cargoArtifacts;
|
||||
cargoClippyExtraArgs = "--all-targets -- --deny warnings";
|
||||
});
|
||||
# Run clippy (and deny all warnings) on the crate source,
|
||||
# again, resuing the dependency artifacts from above.
|
||||
#
|
||||
# Note that this is done as a separate derivation so that
|
||||
# we can block the CI if there are issues here, but not
|
||||
# prevent downstream consumers from building our crate by itself.
|
||||
newalan-clippy = craneLib.cargoClippy (commonArgs // {
|
||||
inherit cargoArtifacts;
|
||||
cargoClippyExtraArgs = "--all-targets -- --deny warnings";
|
||||
});
|
||||
|
||||
newalan-doc = craneLib.cargoDoc (commonArgs // {
|
||||
inherit cargoArtifacts;
|
||||
});
|
||||
newalan-doc = craneLib.cargoDoc (commonArgs // {
|
||||
inherit cargoArtifacts;
|
||||
});
|
||||
|
||||
# Check formatting
|
||||
newalan-fmt = craneLib.cargoFmt {
|
||||
inherit src;
|
||||
};
|
||||
|
||||
# Audit dependencies
|
||||
newalan-audit = craneLib.cargoAudit {
|
||||
inherit src advisory-db;
|
||||
};
|
||||
|
||||
# Run tests with cargo-nextest
|
||||
# Consider setting `doCheck = false` on `newalan` if you do not want
|
||||
# the tests to run twice
|
||||
newalan-nextest = craneLib.cargoNextest (commonArgs // {
|
||||
inherit cargoArtifacts;
|
||||
partitions = 1;
|
||||
partitionType = "count";
|
||||
});
|
||||
} // lib.optionalAttrs (system == "x86_64-linux") {
|
||||
# NB: cargo-tarpaulin only supports x86_64 systems
|
||||
# Check code coverage (note: this will not upload coverage anywhere)
|
||||
newalan-coverage = craneLib.cargoTarpaulin (commonArgs // {
|
||||
inherit cargoArtifacts;
|
||||
});
|
||||
# Check formatting
|
||||
newalan-fmt = craneLib.cargoFmt {
|
||||
inherit src;
|
||||
};
|
||||
|
||||
hydraJobs = checks // lib.optionalAttrs
|
||||
(system == "x86_64-linux" ) {
|
||||
runCommandHook = {
|
||||
newalan = pkgs.writeScript "run-me" ''
|
||||
#!${pkgs.runtimeShell}
|
||||
export bd=$(mktemp -d)
|
||||
chmod -R g=u $bd
|
||||
cd $bd
|
||||
# Audit dependencies
|
||||
newalan-audit = craneLib.cargoAudit {
|
||||
inherit src advisory-db;
|
||||
};
|
||||
|
||||
echo Working in: $bd
|
||||
echo Downloading revision...
|
||||
${pkgs.wget}/bin/wget https://git.syzygial.cc/Syzygial/New-Alan/archive/${self.rev}.zip
|
||||
|
||||
${pkgs.unzip}/bin/unzip ${self.rev}.zip
|
||||
rm ${self.rev}.zip
|
||||
cd *
|
||||
export bd2=$(realpath .)
|
||||
ls
|
||||
PATH=${pkgs.nixos-container}/bin:$PATH
|
||||
${pkgs.sops}/bin/sops -i -d secrets/deploy.sh
|
||||
chmod +x ./secrets/deploy.sh
|
||||
${pkgs.runtimeShell} ./secrets/deploy.sh
|
||||
cd
|
||||
rm -rf $bd
|
||||
# Run tests with cargo-nextest
|
||||
# Consider setting `doCheck = false` on `newalan` if you do not want
|
||||
# the tests to run twice
|
||||
newalan-nextest = craneLib.cargoNextest (commonArgs // {
|
||||
inherit cargoArtifacts;
|
||||
partitions = 1;
|
||||
partitionType = "count";
|
||||
});
|
||||
} // lib.optionalAttrs (system == "x86_64-linux") {
|
||||
# NB: cargo-tarpaulin only supports x86_64 systems
|
||||
# Check code coverage (note: this will not upload coverage anywhere)
|
||||
newalan-coverage = craneLib.cargoTarpaulin (commonArgs // {
|
||||
inherit cargoArtifacts;
|
||||
});
|
||||
};
|
||||
|
||||
hydraJobs = checks // lib.optionalAttrs
|
||||
(system == "x86_64-linux" ) {
|
||||
runCommandHook = let
|
||||
deployFlake = pkgs.runCommand "deploy-flake" {} ''
|
||||
substitute ${./deploy/flake.nix} $out \
|
||||
--replace "main.tar.gz" "${self.rev}.tar.gz"
|
||||
'';
|
||||
in {
|
||||
newalan = pkgs.runCommand {
|
||||
nativeBuildInputs = [
|
||||
newalan
|
||||
checks.newalan-nextest
|
||||
];
|
||||
} ''
|
||||
echo '#!${pkgs.runtimeShell}' >> $out
|
||||
echo 'export flake=${deployFlake}' >> $out
|
||||
echo Deploying $flake
|
||||
echo '# ${pkgs.runtimeShell} ./secrets/deploy.sh' >> $out
|
||||
chmod +x $out
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
packages.default = newalan;
|
||||
|
||||
packages.default = newalan;
|
||||
|
||||
apps.default = flake-utils.lib.mkApp {
|
||||
drv = newalan;
|
||||
};
|
||||
|
||||
apps.default = flake-utils.lib.mkApp {
|
||||
drv = newalan;
|
||||
};
|
||||
devShells.default = pkgs.mkShell {
|
||||
inputsFrom = builtins.attrValues self.checks.${system};
|
||||
|
||||
devShells.default = pkgs.mkShell {
|
||||
inputsFrom = builtins.attrValues self.checks.${system};
|
||||
nativeBuildInputs = with pkgs; [
|
||||
cargo
|
||||
rustc
|
||||
rust-analyzer
|
||||
|
||||
nativeBuildInputs = with pkgs; [
|
||||
cargo
|
||||
rustc
|
||||
rust-analyzer
|
||||
|
||||
sops
|
||||
age
|
||||
];
|
||||
};
|
||||
}
|
||||
sops
|
||||
age
|
||||
];
|
||||
};
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user