diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a4560bf..8332f1c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,9 +18,6 @@ jobs: os: - ubuntu-latest - ubuntu-24.04-arm - - macos-latest # arm64 - - macos-13 # x86 - runs-on: ${{ matrix.os }} steps: @@ -28,7 +25,7 @@ jobs: run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Install Nix - uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 + uses: cachix/install-nix-action@v30 with: enable_kvm: true extra_nix_config: | @@ -38,26 +35,17 @@ jobs: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 + - name: Sync repository + uses: actions/checkout@v4 with: persist-credentials: false - - name: cache devshell - run: | - nix build .#devShells.$(nix eval --impure --raw --expr 'builtins.currentSystem').default - nix run \ - github:cything/nixcp -- push \ - --bucket nixcache \ - --signing-key ${{ runner.temp }}/cache-priv-key.pem \ - result - - - name: build - run: nix build -L . + - run: nix build -L . - name: cache run: | nix run \ - github:cything/nixcp -- push \ + github:cything/nixcp/test-in-ci -- push \ --bucket nixcache \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ result @@ -66,7 +54,7 @@ jobs: run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result - uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.os }}.tar path: result.tar diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml deleted file mode 100644 index 0b9ac66..0000000 --- a/.github/workflows/check.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: check -on: - workflow_dispatch: - push: - pull_request: - -jobs: - test: - runs-on: ubuntu-latest - - steps: - - name: Install Nix - uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 - with: - enable_kvm: true - extra_nix_config: | - show-trace = true - experimental-features = nix-command flakes - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 - with: - persist-credentials: false - - - name: Run checks - run: nix flake check -L diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index cc7fabc..12ef747 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Install Nix - uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 + uses: cachix/install-nix-action@v30 with: enable_kvm: true extra_nix_config: | @@ -22,9 +22,7 @@ jobs: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 - with: - persist-credentials: false + - uses: actions/checkout@v4 - name: Run tests run: nix develop -c cargo test --verbose diff --git a/README.md b/README.md index f9317c8..55fdaef 100644 --- a/README.md +++ b/README.md @@ -30,8 +30,8 @@ Options: If unspecified, will get it form AWS_DEFAULT_REGION envar or default to us-east-1 --endpoint If unspecifed, will get it from AWS_ENDPOINT envar e.g. https://s3.example.com - --no-default-upstream - Do not include cache.nixos.org as upstream + --skip-signature-check + -h, --help Print help ``` diff --git a/flake.nix b/flake.nix index 16b57e6..2d1191f 100644 --- a/flake.nix +++ b/flake.nix @@ -11,15 +11,8 @@ }; }; - outputs = - inputs@{ - nixpkgs, - flake-utils, - crane, - ... - }: - flake-utils.lib.eachDefaultSystem ( - system: + outputs = inputs@{ nixpkgs, flake-utils, crane, ... }: + flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; @@ -28,12 +21,13 @@ ]; }; toolchain = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; - craneLib = (crane.mkLib pkgs).overrideToolchain (_: toolchain); + craneLib = (crane.mkLib pkgs).overrideToolchain(_: toolchain); lib = pkgs.lib; # don't clean cpp files cppFilter = path: _type: builtins.match ".*(cpp|hpp)$" path != null; - cppOrCargo = path: type: (cppFilter path type) || (craneLib.filterCargoSources path type); + cppOrCargo = path: type: + (cppFilter path type) || (craneLib.filterCargoSources path type); src = lib.cleanSourceWith { src = ./.; filter = cppOrCargo; @@ -54,38 +48,16 @@ ]; # for cpp bindings to work NIX_INCLUDE_PATH = "${lib.getDev pkgs.nix}/include"; - # skip integration tests (they need a connection to the nix store) - cargoTestExtraArgs = "--bins"; + # skip integration tests (they need a connection to the nix store) + cargoTestExtraArgs = "--bins"; }; cargoArtifacts = craneLib.buildDepsOnly commonArgs; - nixcp = craneLib.buildPackage ( - commonArgs - // { - inherit cargoArtifacts; - } - ); + nixcp = craneLib.buildPackage (commonArgs // { + inherit cargoArtifacts; + }); in { - checks = { - # clippy with all warnings denied - clippy = craneLib.cargoClippy ( - commonArgs - // { - inherit cargoArtifacts; - cargoClippyExtraArgs = "--all-targets -- --deny warnings"; - } - ); - - # check formatting - cargoFmt = craneLib.cargoFmt { - inherit src; - }; - tomlFmt = craneLib.taploFmt { - src = lib.sources.sourceFilesBySuffices src [ ".toml" ]; - }; - }; - devShells.default = craneLib.devShell { inputsFrom = [ nixcp ]; @@ -96,12 +68,9 @@ packages = with pkgs; [ tokio-console cargo-udeps - cargo-audit ]; }; - formatter = pkgs.nixfmt-rfc-style; - packages.default = nixcp; } ); diff --git a/rust-toolchain.toml b/rust-toolchain.toml index c96aa24..eceaf24 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,4 +1,9 @@ [toolchain] channel = "nightly" profile = "minimal" -components = ["rust-src", "rust-analyzer", "rustfmt", "clippy"] +components = [ + "rust-src", + "rust-analyzer", + "rustfmt", + "clippy", +] \ No newline at end of file diff --git a/src/cli.rs b/src/cli.rs new file mode 100644 index 0000000..139597f --- /dev/null +++ b/src/cli.rs @@ -0,0 +1,2 @@ + + diff --git a/src/lib.rs b/src/lib.rs index 8b1fc18..dfbab4f 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -3,6 +3,7 @@ use std::path::PathBuf; use clap::{Args, Parser, Subcommand}; mod bindings; +mod cli; pub mod make_nar; pub mod path_info; pub mod push; @@ -54,9 +55,8 @@ pub struct PushArgs { #[arg(long)] endpoint: Option, - /// Do not include cache.nixos.org as upstream #[arg(long)] - no_default_upstream: bool, + skip_signature_check: bool, /// Path to upload /// e.g. ./result or /nix/store/y4qpcibkj767szhjb58i2sidmz8m24hb-hello-2.12.1 diff --git a/src/push.rs b/src/push.rs index 9fc043d..bf25ea1 100644 --- a/src/push.rs +++ b/src/push.rs @@ -1,6 +1,7 @@ use std::{ collections::HashSet, fs, + iter::once, path::PathBuf, sync::{ Arc, @@ -38,13 +39,11 @@ pub struct Push { impl Push { pub async fn new(cli: &PushArgs, store: Store) -> Result { let mut upstreams = Vec::with_capacity(cli.upstreams.len() + 1); - if !cli.no_default_upstream { - upstreams.push( - Url::parse("https://cache.nixos.org") - .expect("default upstream must be a valid url"), - ); - } - for upstream in &cli.upstreams { + for upstream in cli + .upstreams + .iter() + .chain(once(&"https://cache.nixos.org".to_string())) + { upstreams .push(Url::parse(upstream).context(format!("failed to parse {upstream} as url"))?); } @@ -133,7 +132,10 @@ impl Push { let inflight_permits = inflight_permits.clone(); tokio::spawn(async move { let _permit = inflight_permits.acquire().await.unwrap(); - if !path.check_upstream_hit(&self.upstream_caches).await { + if !path + .check_upstream_hit(self.upstream_caches.as_slice()) + .await + { if path.check_if_already_exists(&self.s3).await { debug!("skip {} (already exists)", path.absolute_path()); self.already_exists_count.fetch_add(1, Ordering::Relaxed);