Syzygial/New-Alan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New Deploy Architecture

Browse Source
This commit is contained in:
DavidCrompton1192@gmail.com
2023-03-09 21:59:09 -05:00
parent 06bb7962d2
commit fe9385ff2b
3 changed files with 79 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/flake.nix
View File

@@ -1,6 +1,6 @@
{ {
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
inputs.newalan.url = "../"; inputs.newalan.url = "https://git.syzygial.cc/Syzygial/New-Alan/archive/main.tar.gz";
outputs = { self, nixpkgs, newalan }: let outputs = { self, nixpkgs, newalan }: let
new_alan_overlay = (final: prev: { new_alan_overlay = (final: prev: {

155
flake.nix
View File

@@ -68,97 +68,92 @@
inherit cargoArtifacts; inherit cargoArtifacts;
}); });
in rec { in rec {
checks = pkgs.lib.optionalAttrs (system == "x86_64-linux") { checks = pkgs.lib.optionalAttrs (system == "x86_64-linux") {
# Build the crate as part of `nix flake check` for convenience # Build the crate as part of `nix flake check` for convenience
inherit newalan; inherit newalan;
# Run clippy (and deny all warnings) on the crate source, # Run clippy (and deny all warnings) on the crate source,
# again, resuing the dependency artifacts from above. # again, resuing the dependency artifacts from above.
# #
# Note that this is done as a separate derivation so that # Note that this is done as a separate derivation so that
# we can block the CI if there are issues here, but not # we can block the CI if there are issues here, but not
# prevent downstream consumers from building our crate by itself. # prevent downstream consumers from building our crate by itself.
newalan-clippy = craneLib.cargoClippy (commonArgs // { newalan-clippy = craneLib.cargoClippy (commonArgs // {
inherit cargoArtifacts; inherit cargoArtifacts;
cargoClippyExtraArgs = "--all-targets -- --deny warnings"; cargoClippyExtraArgs = "--all-targets -- --deny warnings";
}); });
newalan-doc = craneLib.cargoDoc (commonArgs // { newalan-doc = craneLib.cargoDoc (commonArgs // {
inherit cargoArtifacts; inherit cargoArtifacts;
}); });
# Check formatting # Check formatting
newalan-fmt = craneLib.cargoFmt { newalan-fmt = craneLib.cargoFmt {
inherit src; inherit src;
};
# Audit dependencies
newalan-audit = craneLib.cargoAudit {
inherit src advisory-db;
};
# Run tests with cargo-nextest
# Consider setting `doCheck = false` on `newalan` if you do not want
# the tests to run twice
newalan-nextest = craneLib.cargoNextest (commonArgs // {
inherit cargoArtifacts;
partitions = 1;
partitionType = "count";
});
} // lib.optionalAttrs (system == "x86_64-linux") {
# NB: cargo-tarpaulin only supports x86_64 systems
# Check code coverage (note: this will not upload coverage anywhere)
newalan-coverage = craneLib.cargoTarpaulin (commonArgs // {
inherit cargoArtifacts;
});
}; };
hydraJobs = checks // lib.optionalAttrs # Audit dependencies
(system == "x86_64-linux" ) { newalan-audit = craneLib.cargoAudit {
runCommandHook = { inherit src advisory-db;
newalan = pkgs.writeScript "run-me" '' };
#!${pkgs.runtimeShell}
export bd=$(mktemp -d)
chmod -R g=u $bd
cd $bd
echo Working in: $bd # Run tests with cargo-nextest
echo Downloading revision... # Consider setting `doCheck = false` on `newalan` if you do not want
${pkgs.wget}/bin/wget https://git.syzygial.cc/Syzygial/New-Alan/archive/${self.rev}.zip # the tests to run twice
newalan-nextest = craneLib.cargoNextest (commonArgs // {
${pkgs.unzip}/bin/unzip ${self.rev}.zip inherit cargoArtifacts;
rm ${self.rev}.zip partitions = 1;
cd * partitionType = "count";
export bd2=$(realpath .) });
ls } // lib.optionalAttrs (system == "x86_64-linux") {
PATH=${pkgs.nixos-container}/bin:$PATH # NB: cargo-tarpaulin only supports x86_64 systems
${pkgs.sops}/bin/sops -i -d secrets/deploy.sh # Check code coverage (note: this will not upload coverage anywhere)
chmod +x ./secrets/deploy.sh newalan-coverage = craneLib.cargoTarpaulin (commonArgs // {
${pkgs.runtimeShell} ./secrets/deploy.sh inherit cargoArtifacts;
cd });
rm -rf $bd };
hydraJobs = checks // lib.optionalAttrs
(system == "x86_64-linux" ) {
runCommandHook = let
deployFlake = pkgs.runCommand "deploy-flake" {} ''
substitute ${./deploy/flake.nix} $out \
--replace "main.tar.gz" "${self.rev}.tar.gz"
'';
in {
newalan = pkgs.runCommand {
nativeBuildInputs = [
newalan
checks.newalan-nextest
];
} ''
echo '#!${pkgs.runtimeShell}' >> $out
echo 'export flake=${deployFlake}' >> $out
echo Deploying $flake
echo '# ${pkgs.runtimeShell} ./secrets/deploy.sh' >> $out
chmod +x $out
''; '';
}; };
}; };
packages.default = newalan; packages.default = newalan;
apps.default = flake-utils.lib.mkApp {
drv = newalan;
};
apps.default = flake-utils.lib.mkApp { devShells.default = pkgs.mkShell {
drv = newalan; inputsFrom = builtins.attrValues self.checks.${system};
};
devShells.default = pkgs.mkShell { nativeBuildInputs = with pkgs; [
inputsFrom = builtins.attrValues self.checks.${system}; cargo
rustc
rust-analyzer
nativeBuildInputs = with pkgs; [ sops
cargo age
rustc ];
rust-analyzer };
}
sops
age
];
};
}
); );
} }

6
secrets/deploy.sh
View File

@@ -1,5 +1,5 @@
{ {
"data": "ENC[AES256_GCM,data:SZcrWUnPbxHhQ5NHGgYaVboy/jwxJn3qDJiXd0sb/NUe0Cx3RHV+/IEFvJz1tJOiChB064pPJhBcwe0YY64x4WJLPsF1eAJwB2dWMPFRmltdqQfVWQU0Vh8wB3ih+4IQrtQ+MugEYn8YYd2IMbUOCq5KIwG26YCIqC/9DIO6efs9zUd5lJ61DgXpFC9mqpDFrgP9OefssJ42KlZu,iv:nG6OtPFHbZAXZi08Vdf+WItarj77PQYeZ9yLeWaYar8=,tag:KXLdO4s8t1mL5F0/rCeKqQ==,type:str]", "data": "ENC[AES256_GCM,data:0Hzi3BuNQEZj+vKy9/zgF+Qyc2BWCoAjHa4YB0AEK1zJU8z8HcfnNBQbWgZ7Wjyl8qIDI2nRlBeELgErg5GeVCf/TEEFXy+sCyThmX0tbJK5WQN/vGGA+5nS4eZEFCFMeB2XmoYz1hB6gg==,iv:vJeFS0ErNAUnercb9MkO7CUyVpKwV9l3xIw/JGkxjrE=,tag:eEL16Ep/M0Ep93BZL2Sh5w==,type:str]",
"sops": { "sops": {
"kms": null, "kms": null,
"gcp_kms": null, "gcp_kms": null,
@@ -15,8 +15,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdUtHMERreXlZTGRGMWlM\nbldjMHFWWWRQZHRvZWx5QmhmVno0VmZQNmljCnFRUnZxT29iZkNxaExQbCtUNFFy\nMkttVkkrQkh0Ky91bnRxRmJ4VDk0N2MKLS0tIHhYREFwRUZ6a1BDM1FWZjlpcTJR\nVW5YSkwvZWQyMXNuaUdBTWpwa2Y1VWcKawzPRiMB/ruOBCylNssB/k+hITJDYX+6\nKpwHk9Avh6Pzhptm21yeY1zmVQkqEx6YU24aJiqs1RRmrQAvnWr3WQ==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdUtHMERreXlZTGRGMWlM\nbldjMHFWWWRQZHRvZWx5QmhmVno0VmZQNmljCnFRUnZxT29iZkNxaExQbCtUNFFy\nMkttVkkrQkh0Ky91bnRxRmJ4VDk0N2MKLS0tIHhYREFwRUZ6a1BDM1FWZjlpcTJR\nVW5YSkwvZWQyMXNuaUdBTWpwa2Y1VWcKawzPRiMB/ruOBCylNssB/k+hITJDYX+6\nKpwHk9Avh6Pzhptm21yeY1zmVQkqEx6YU24aJiqs1RRmrQAvnWr3WQ==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2023-03-10T01:38:34Z", "lastmodified": "2023-03-10T02:38:06Z",
"mac": "ENC[AES256_GCM,data:QNkqpBLYY45OVsENf7k/lrCZCKyvZBTY+XGc4aYC/t8LXfa8xGpaHcFb7OFqqetcBZw3azb2BL2y29bA+Lm69DjhUzIFX7wJal6qyAxi/HZC6sKzKr+D4Gr7/KRpG/2NaqoLkugsXoDHKWi0Y6mCrcJRPJqo5Nw0AFdWS9IJc0I=,iv:wQc/XZcXK/maSHtQx/Ut4SH0xrPalLVHTqBa2U3lMMY=,tag:y2T9Isxrhqy0J/WcaOCS+A==,type:str]", "mac": "ENC[AES256_GCM,data:9KPlaPXXdiK1XiApKoXxm9rs0heIAFQl1E2yBD7D7PjxPrKtspjcWU6sP3ETG9M9KQXJt/Gyrm5oopccy3Ay1APV/+gIZFNMTXiFLPLiEaPugXTR4F9Vqs8SRRFqPKh3PnIWyb6I2CLvkiq0iz0M9KjdpridsRteIBVTLEAwUJs=,iv:XnjHdXOuc6911zu+gV4bIpOX6tgfpiIcZ0nD7KHMzwo=,tag:+KbkfaOsvLsMnSlajGMbqw==,type:str]",
"pgp": null, "pgp": null,
"unencrypted_suffix": "_unencrypted", "unencrypted_suffix": "_unencrypted",
"version": "3.7.3" "version": "3.7.3"