From 0e97d1174503c33a40810dbec0922278867636fe Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 4 May 2025 01:48:13 -0400 Subject: [PATCH 01/19] skip integration tests in nix package These tests need a connection to the nix store and we can't have that in the nix build environment. --- flake.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flake.nix b/flake.nix index fb86d40..2d1191f 100644 --- a/flake.nix +++ b/flake.nix @@ -48,6 +48,8 @@ ]; # for cpp bindings to work NIX_INCLUDE_PATH = "${lib.getDev pkgs.nix}/include"; + # skip integration tests (they need a connection to the nix store) + cargoTestExtraArgs = "--bins"; }; cargoArtifacts = craneLib.buildDepsOnly commonArgs; From 14d6e9d29eca6fea2ef32f99ec452b68da208c77 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 4 May 2025 01:48:13 -0400 Subject: [PATCH 02/19] path_info: check for and resolve symlink --- Cargo.toml | 10 ++++++---- src/path_info.rs | 8 ++++++++ tests/path_info.rs | 19 +++++++++++++++++++ 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 272be3b..c1de8ac 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,15 +16,14 @@ futures = "0.3.31" nix-compat = { git = "https://github.com/tvlfyi/tvix.git", version = "0.1.0" } regex = "1.11.1" reqwest = "0.12.15" -serde = { version = "1.0.219", features = [ "derive" ]} +serde = { version = "1.0.219", features = ["derive"] } serde_json = "1.0.140" sha2 = "0.10.8" -tokio = { version = "1.44.1", features = [ "full", "tracing", "parking_lot" ]} +tokio = { version = "1.44.1", features = ["full", "tracing", "parking_lot"] } tracing = "0.1.41" -url = { version = "2.5.4", features = [ "serde" ]} +url = { version = "2.5.4", features = ["serde"] } cxx = "1.0" console-subscriber = "0.4.1" -tempfile = "3.19.1" tokio-util = { version = "0.7.15", features = ["io"] } bytes = "1.10.1" object_store = { version = "0.12.0", features = ["aws"] } @@ -35,3 +34,6 @@ humansize = "2.1.3" [build-dependencies] cxx-build = "1.0" pkg-config = "0.3.32" + +[dev-dependencies] +tempfile = "3.19.1" diff --git a/src/path_info.rs b/src/path_info.rs index 1e1282d..213fd1a 100644 --- a/src/path_info.rs +++ b/src/path_info.rs @@ -28,6 +28,14 @@ impl PathInfo { let derivation = match drv.extension() { Some(ext) if ext == "drv" => drv.as_os_str().as_encoded_bytes(), _ => { + let drv = { + // resolve symlink + if drv.is_symlink() { + &drv.canonicalize()? + } else { + drv + } + }; &Command::new("nix") .arg("path-info") .arg("--derivation") diff --git a/tests/path_info.rs b/tests/path_info.rs index 57738fd..0f9543b 100644 --- a/tests/path_info.rs +++ b/tests/path_info.rs @@ -1,6 +1,8 @@ use nixcp::path_info::PathInfo; use std::path::PathBuf; +use tempfile::TempDir; + use crate::common::{HELLO, HELLO_DRV, HELLO_PATH}; mod common; @@ -25,6 +27,23 @@ async fn path_info_from_path() { assert_eq!(path_info.path.to_string(), HELLO_DRV); } +#[tokio::test] +async fn path_info_symlink() { + let ctx = common::context(); + + let temp_path = TempDir::new().unwrap(); + let link_path = temp_path.path().join("result"); + + // symlink at ./result (like `nix build`) + std::os::unix::fs::symlink(HELLO_PATH, &link_path).unwrap(); + + // should resolve symlink + let path_info = PathInfo::from_derivation(&link_path, &ctx.store) + .await + .expect("get pathinfo from package"); + assert_eq!(path_info.path.to_string(), HELLO_DRV); +} + #[tokio::test] async fn closure() { let ctx = common::context(); From 9b0c6aece69147aeeaf300b1c8db8d7b131226db Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 4 May 2025 01:48:13 -0400 Subject: [PATCH 03/19] add .editorconfig --- .editorconfig | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..d17805f --- /dev/null +++ b/.editorconfig @@ -0,0 +1,3 @@ +[*.nix] +indent_size = 2 +indent_stype = space From 3c40776981d6d1a82a537c0fc6c026ef043b3111 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 4 May 2025 03:06:43 -0400 Subject: [PATCH 04/19] update readme --- README.md | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index ff71137..55fdaef 100644 --- a/README.md +++ b/README.md @@ -11,14 +11,13 @@ The signing key is generated with: nix-store --generate-binary-cache-key nixcache.cy7.sh cache-priv-key.pem cache-pub-key.pem ``` -`AWS_ACCESS_KEY_ID` and `AWS_ENDPOINT_URL` environment variables should be set with your s3 credentials. +`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables should be set with your s3 credentials. ``` -Usage: nixcp [OPTIONS] --bucket --signing-key +Usage: nixcp push [OPTIONS] --bucket --signing-key [PATH]... -Commands: - push - help Print this message or the help of the given subcommand(s) +Arguments: + [PATH]... Path to upload e.g. ./result or /nix/store/y4qpcibkj767szhjb58i2sidmz8m24hb-hello-2.12.1 Options: --bucket @@ -28,15 +27,13 @@ Options: --signing-key Path to the file containing signing key e.g. ~/cache-priv-key.pem --region - If unspecified, will get it form AWS_DEFAULT_REGION envar or the AWS default + If unspecified, will get it form AWS_DEFAULT_REGION envar or default to us-east-1 --endpoint - If unspecifed, will get it from AWS_ENDPOINT_URL envar or the AWS default e.g. https://s3.example.com - --profile - AWS profile to use + If unspecifed, will get it from AWS_ENDPOINT envar e.g. https://s3.example.com + --skip-signature-check + -h, --help Print help - -V, --version - Print version ``` ## Install with nix From d03058d125c2ef2bf056b99fff8e2990928a23de Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 4 May 2025 03:18:51 -0400 Subject: [PATCH 05/19] add build workflow --- .github/workflows/build.yml | 61 +++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..8332f1c --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,61 @@ +name: build +on: + workflow_dispatch: + push: + pull_request: + +env: + TERM: ansi + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + AWS_ENDPOINT: https://s3.cy7.sh + +jobs: + build-packages: + strategy: + fail-fast: false + matrix: + os: + - ubuntu-latest + - ubuntu-24.04-arm + runs-on: ${{ matrix.os }} + + steps: + - name: setup binary cache key + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + + - name: Install Nix + uses: cachix/install-nix-action@v30 + with: + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - run: nix build -L . + + - name: cache + run: | + nix run \ + github:cything/nixcp/test-in-ci -- push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ + result + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.os }}.tar + path: result.tar + if-no-files-found: error From 688fcd8706d5f9e456c61822ec0d279f1fb6eac9 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 4 May 2025 03:18:51 -0400 Subject: [PATCH 06/19] add test workflow --- .github/workflows/test.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..12ef747 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,28 @@ +name: test +on: + workflow_dispatch: + push: + pull_request: + +env: + CARGO_TERM_COLOR: always + +jobs: + test: + runs-on: ubuntu-latest + + steps: + - name: Install Nix + uses: cachix/install-nix-action@v30 + with: + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + + - uses: actions/checkout@v4 + + - name: Run tests + run: nix develop -c cargo test --verbose From 96ae0ca647474cb2012aa75108128f6fb2c3d668 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 4 May 2025 03:18:51 -0400 Subject: [PATCH 07/19] disable closure test Size of the closure is not deterministic at all. I guess it's because if the package was sourced from a cache, some dependencies may or may not exist in the local nix store. --- tests/path_info.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/path_info.rs b/tests/path_info.rs index 0f9543b..2558703 100644 --- a/tests/path_info.rs +++ b/tests/path_info.rs @@ -44,6 +44,7 @@ async fn path_info_symlink() { assert_eq!(path_info.path.to_string(), HELLO_DRV); } +/* #[tokio::test] async fn closure() { let ctx = common::context(); @@ -54,3 +55,4 @@ async fn closure() { let closure = path_info.get_closure(&ctx.store).await.unwrap(); assert_eq!(closure.len(), 472); } +*/ From 6cfe67af0e8da502702b31f34a941753e64d9561 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 4 May 2025 12:01:36 -0400 Subject: [PATCH 08/19] improve closure test We now compare against the output of `nix-store --query --requisites --include-outputs`. Our closure should include everything this command would output. --- tests/path_info.rs | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/tests/path_info.rs b/tests/path_info.rs index 2558703..f9c2ad2 100644 --- a/tests/path_info.rs +++ b/tests/path_info.rs @@ -1,5 +1,5 @@ use nixcp::path_info::PathInfo; -use std::path::PathBuf; +use std::{collections::HashSet, path::PathBuf, process::Command}; use tempfile::TempDir; @@ -44,15 +44,37 @@ async fn path_info_symlink() { assert_eq!(path_info.path.to_string(), HELLO_DRV); } -/* #[tokio::test] -async fn closure() { +async fn closure_includes_nix_store_requisites() { let ctx = common::context(); let path = PathBuf::from(HELLO); let path_info = PathInfo::from_derivation(&path, &ctx.store) .await .expect("get pathinfo from package"); - let closure = path_info.get_closure(&ctx.store).await.unwrap(); - assert_eq!(closure.len(), 472); + + // get what we think is the closure + let closure: HashSet = path_info + .get_closure(&ctx.store) + .await + .unwrap() + .iter() + .map(|x| x.path.to_absolute_path()) + .collect(); + + // get output of `nix-store --query --requisites --include-outputs` + let nix_store_out = Command::new("nix-store") + .arg("--query") + .arg("--requisites") + .arg("--include-outputs") + .arg(HELLO_PATH) + .output() + .unwrap() + .stdout; + let ref_closure = String::from_utf8_lossy(&nix_store_out); + let ref_closure = ref_closure.split_whitespace(); + + // check that we didn't miss anything nix-store would catch + for path in ref_closure { + assert!(closure.contains(path)); + } } -*/ From d9ca033a144d615f686d3ce55cdbce8a3149beeb Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 4 May 2025 13:01:36 -0400 Subject: [PATCH 09/19] add additional case in closure test and run nix-store against the derivation --- tests/common/mod.rs | 20 +++++++++++++------- tests/path_info.rs | 29 +++++++++++++++++++++++------ 2 files changed, 36 insertions(+), 13 deletions(-) diff --git a/tests/common/mod.rs b/tests/common/mod.rs index 3870a1d..4c2d932 100644 --- a/tests/common/mod.rs +++ b/tests/common/mod.rs @@ -6,8 +6,10 @@ use std::sync::Arc; use nixcp::store::Store; pub const HELLO: &str = "github:nixos/nixpkgs?ref=f771eb401a46846c1aebd20552521b233dd7e18b#hello"; -pub const HELLO_DRV: &str = "iqbwkm8mjjjlmw6x6ry9rhzin2cp9372-hello-2.12.1.drv"; +pub const HELLO_DRV: &str = "/nix/store/iqbwkm8mjjjlmw6x6ry9rhzin2cp9372-hello-2.12.1.drv"; pub const HELLO_PATH: &str = "/nix/store/9bwryidal9q3g91cjm6xschfn4ikd82q-hello-2.12.1"; +pub const NIXCP_PKG: &str = "github:cything/nixcp?ref=6cfe67af0e8da502702b31f34a941753e64d9561"; +pub const NIXCP_DRV: &str = "/nix/store/ldjvf9qjp980dyvka2hj99q4c0w6901x-nixcp-0.1.0.drv"; pub struct Context { pub store: Arc, @@ -16,12 +18,7 @@ pub struct Context { impl Context { fn new() -> Self { // hello must be in the store - Command::new("nix") - .arg("build") - .arg("--no-link") - .arg(HELLO) - .status() - .unwrap(); + ensure_exists(HELLO); let store = Arc::new(Store::connect().expect("connect to nix store")); Self { store } } @@ -30,3 +27,12 @@ impl Context { pub fn context() -> Context { Context::new() } + +pub fn ensure_exists(pkg: &str) { + Command::new("nix") + .arg("build") + .arg("--no-link") + .arg(pkg) + .status() + .unwrap(); +} diff --git a/tests/path_info.rs b/tests/path_info.rs index f9c2ad2..d71f9d6 100644 --- a/tests/path_info.rs +++ b/tests/path_info.rs @@ -3,7 +3,7 @@ use std::{collections::HashSet, path::PathBuf, process::Command}; use tempfile::TempDir; -use crate::common::{HELLO, HELLO_DRV, HELLO_PATH}; +use crate::common::{HELLO, HELLO_DRV, HELLO_PATH, NIXCP_DRV, NIXCP_PKG}; mod common; @@ -14,7 +14,7 @@ async fn path_info_from_package() { let path_info = PathInfo::from_derivation(&path, &ctx.store) .await .expect("get pathinfo from package"); - assert_eq!(path_info.path.to_string(), HELLO_DRV); + assert_eq!(path_info.path.to_absolute_path(), HELLO_DRV); } #[tokio::test] @@ -24,7 +24,7 @@ async fn path_info_from_path() { let path_info = PathInfo::from_derivation(&path, &ctx.store) .await .expect("get pathinfo from package"); - assert_eq!(path_info.path.to_string(), HELLO_DRV); + assert_eq!(path_info.path.to_absolute_path(), HELLO_DRV); } #[tokio::test] @@ -41,7 +41,7 @@ async fn path_info_symlink() { let path_info = PathInfo::from_derivation(&link_path, &ctx.store) .await .expect("get pathinfo from package"); - assert_eq!(path_info.path.to_string(), HELLO_DRV); + assert_eq!(path_info.path.to_absolute_path(), HELLO_DRV); } #[tokio::test] @@ -53,7 +53,7 @@ async fn closure_includes_nix_store_requisites() { .expect("get pathinfo from package"); // get what we think is the closure - let closure: HashSet = path_info + let mut closure: HashSet = path_info .get_closure(&ctx.store) .await .unwrap() @@ -61,15 +61,32 @@ async fn closure_includes_nix_store_requisites() { .map(|x| x.path.to_absolute_path()) .collect(); + // for a somewhat more complicated case + common::ensure_exists(NIXCP_PKG); + let path = PathBuf::from(NIXCP_PKG); + let path_info = PathInfo::from_derivation(&path, &ctx.store) + .await + .expect("get pathinfo from package"); + closure.extend( + path_info + .get_closure(&ctx.store) + .await + .unwrap() + .iter() + .map(|x| x.path.to_absolute_path()), + ); + // get output of `nix-store --query --requisites --include-outputs` let nix_store_out = Command::new("nix-store") .arg("--query") .arg("--requisites") .arg("--include-outputs") - .arg(HELLO_PATH) + .arg(HELLO_DRV) + .arg(NIXCP_DRV) .output() .unwrap() .stdout; + assert!(!nix_store_out.is_empty()); let ref_closure = String::from_utf8_lossy(&nix_store_out); let ref_closure = ref_closure.split_whitespace(); From 76e6c6c537a1ec1d126ef1afd41b00cc29459969 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 11 May 2025 00:02:08 -0400 Subject: [PATCH 10/19] add license --- LICENSE | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e886c24 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025 Cy + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. From 68df59ad25563b812829651e90ae1865bbeb42b0 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 7 May 2025 17:14:25 -0400 Subject: [PATCH 11/19] use & instead of as_slice() --- src/push.rs | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/push.rs b/src/push.rs index bf25ea1..7c23e39 100644 --- a/src/push.rs +++ b/src/push.rs @@ -132,10 +132,7 @@ impl Push { let inflight_permits = inflight_permits.clone(); tokio::spawn(async move { let _permit = inflight_permits.acquire().await.unwrap(); - if !path - .check_upstream_hit(self.upstream_caches.as_slice()) - .await - { + if !path.check_upstream_hit(&self.upstream_caches).await { if path.check_if_already_exists(&self.s3).await { debug!("skip {} (already exists)", path.absolute_path()); self.already_exists_count.fetch_add(1, Ordering::Relaxed); From ce0e70f95a5c45ad5082364bece63bb3883191dd Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 7 May 2025 17:14:25 -0400 Subject: [PATCH 12/19] add option to disable cache.nixos.org --- README.md | 4 ++-- src/lib.rs | 3 ++- src/push.rs | 13 +++++++------ 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 55fdaef..f9317c8 100644 --- a/README.md +++ b/README.md @@ -30,8 +30,8 @@ Options: If unspecified, will get it form AWS_DEFAULT_REGION envar or default to us-east-1 --endpoint If unspecifed, will get it from AWS_ENDPOINT envar e.g. https://s3.example.com - --skip-signature-check - + --no-default-upstream + Do not include cache.nixos.org as upstream -h, --help Print help ``` diff --git a/src/lib.rs b/src/lib.rs index dfbab4f..fa4a43d 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -55,8 +55,9 @@ pub struct PushArgs { #[arg(long)] endpoint: Option, + /// Do not include cache.nixos.org as upstream #[arg(long)] - skip_signature_check: bool, + no_default_upstream: bool, /// Path to upload /// e.g. ./result or /nix/store/y4qpcibkj767szhjb58i2sidmz8m24hb-hello-2.12.1 diff --git a/src/push.rs b/src/push.rs index 7c23e39..9fc043d 100644 --- a/src/push.rs +++ b/src/push.rs @@ -1,7 +1,6 @@ use std::{ collections::HashSet, fs, - iter::once, path::PathBuf, sync::{ Arc, @@ -39,11 +38,13 @@ pub struct Push { impl Push { pub async fn new(cli: &PushArgs, store: Store) -> Result { let mut upstreams = Vec::with_capacity(cli.upstreams.len() + 1); - for upstream in cli - .upstreams - .iter() - .chain(once(&"https://cache.nixos.org".to_string())) - { + if !cli.no_default_upstream { + upstreams.push( + Url::parse("https://cache.nixos.org") + .expect("default upstream must be a valid url"), + ); + } + for upstream in &cli.upstreams { upstreams .push(Url::parse(upstream).context(format!("failed to parse {upstream} as url"))?); } From 112654f4480596d9a22014d0fa6b2065ef4c7ea6 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 11 May 2025 00:32:41 -0400 Subject: [PATCH 13/19] add flake checks and formatter, run some formatters --- flake.nix | 50 ++++++++++++++++++++++++++++++++++++--------- rust-toolchain.toml | 7 +------ src/cli.rs | 2 -- src/lib.rs | 1 - 4 files changed, 41 insertions(+), 19 deletions(-) delete mode 100644 src/cli.rs diff --git a/flake.nix b/flake.nix index 2d1191f..6e1b9d6 100644 --- a/flake.nix +++ b/flake.nix @@ -11,8 +11,15 @@ }; }; - outputs = inputs@{ nixpkgs, flake-utils, crane, ... }: - flake-utils.lib.eachDefaultSystem (system: + outputs = + inputs@{ + nixpkgs, + flake-utils, + crane, + ... + }: + flake-utils.lib.eachDefaultSystem ( + system: let pkgs = import nixpkgs { inherit system; @@ -21,13 +28,12 @@ ]; }; toolchain = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; - craneLib = (crane.mkLib pkgs).overrideToolchain(_: toolchain); + craneLib = (crane.mkLib pkgs).overrideToolchain (_: toolchain); lib = pkgs.lib; # don't clean cpp files cppFilter = path: _type: builtins.match ".*(cpp|hpp)$" path != null; - cppOrCargo = path: type: - (cppFilter path type) || (craneLib.filterCargoSources path type); + cppOrCargo = path: type: (cppFilter path type) || (craneLib.filterCargoSources path type); src = lib.cleanSourceWith { src = ./.; filter = cppOrCargo; @@ -48,16 +54,38 @@ ]; # for cpp bindings to work NIX_INCLUDE_PATH = "${lib.getDev pkgs.nix}/include"; - # skip integration tests (they need a connection to the nix store) - cargoTestExtraArgs = "--bins"; + # skip integration tests (they need a connection to the nix store) + cargoTestExtraArgs = "--bins"; }; cargoArtifacts = craneLib.buildDepsOnly commonArgs; - nixcp = craneLib.buildPackage (commonArgs // { - inherit cargoArtifacts; - }); + nixcp = craneLib.buildPackage ( + commonArgs + // { + inherit cargoArtifacts; + } + ); in { + checks = { + # clippy with all warnings denied + clippy = craneLib.cargoClippy ( + commonArgs + // { + inherit cargoArtifacts; + cargoClippyExtraArgs = "--all-targets -- --deny warnings"; + } + ); + + # check formatting + cargoFmt = craneLib.cargoFmt { + inherit src; + }; + tomlFmt = craneLib.taploFmt { + src = lib.sources.sourceFilesBySuffices src [ ".toml" ]; + }; + }; + devShells.default = craneLib.devShell { inputsFrom = [ nixcp ]; @@ -71,6 +99,8 @@ ]; }; + formatter = pkgs.nixfmt-rfc-style; + packages.default = nixcp; } ); diff --git a/rust-toolchain.toml b/rust-toolchain.toml index eceaf24..c96aa24 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,9 +1,4 @@ [toolchain] channel = "nightly" profile = "minimal" -components = [ - "rust-src", - "rust-analyzer", - "rustfmt", - "clippy", -] \ No newline at end of file +components = ["rust-src", "rust-analyzer", "rustfmt", "clippy"] diff --git a/src/cli.rs b/src/cli.rs deleted file mode 100644 index 139597f..0000000 --- a/src/cli.rs +++ /dev/null @@ -1,2 +0,0 @@ - - diff --git a/src/lib.rs b/src/lib.rs index fa4a43d..8b1fc18 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -3,7 +3,6 @@ use std::path::PathBuf; use clap::{Args, Parser, Subcommand}; mod bindings; -mod cli; pub mod make_nar; pub mod path_info; pub mod push; From 2b52792959ab518b1ef097c71d97b1412138c3f3 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 11 May 2025 01:01:01 -0400 Subject: [PATCH 14/19] add flake check workflow --- .github/workflows/check.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/check.yml diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml new file mode 100644 index 0000000..896aad1 --- /dev/null +++ b/.github/workflows/check.yml @@ -0,0 +1,25 @@ +name: check +on: + workflow_dispatch: + push: + pull_request: + +jobs: + test: + runs-on: ubuntu-latest + + steps: + - name: Install Nix + uses: cachix/install-nix-action@v30 + with: + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + + - uses: actions/checkout@v4 + + - name: Run checks + run: nix flake check -L From a9957162128440ca41917054a413b8041230523b Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 11 May 2025 01:04:15 -0400 Subject: [PATCH 15/19] pin workflows by sha --- .github/workflows/build.yml | 7 +++---- .github/workflows/check.yml | 6 ++++-- .github/workflows/test.yml | 6 ++++-- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8332f1c..090eec8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,7 +25,7 @@ jobs: run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Install Nix - uses: cachix/install-nix-action@v30 + uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 with: enable_kvm: true extra_nix_config: | @@ -35,8 +35,7 @@ jobs: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - name: Sync repository - uses: actions/checkout@v4 + - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 with: persist-credentials: false @@ -54,7 +53,7 @@ jobs: run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47 with: name: ${{ matrix.os }}.tar path: result.tar diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 896aad1..0b9ac66 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -10,7 +10,7 @@ jobs: steps: - name: Install Nix - uses: cachix/install-nix-action@v30 + uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 with: enable_kvm: true extra_nix_config: | @@ -19,7 +19,9 @@ jobs: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - uses: actions/checkout@v4 + - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 + with: + persist-credentials: false - name: Run checks run: nix flake check -L diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 12ef747..cc7fabc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Install Nix - uses: cachix/install-nix-action@v30 + uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 with: enable_kvm: true extra_nix_config: | @@ -22,7 +22,9 @@ jobs: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - uses: actions/checkout@v4 + - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 + with: + persist-credentials: false - name: Run tests run: nix develop -c cargo test --verbose From ab1fcc820760b93dd87e74a4a5652c726d7d6566 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 11 May 2025 01:19:53 -0400 Subject: [PATCH 16/19] run builds on mac --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 090eec8..a9864f3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,6 +18,9 @@ jobs: os: - ubuntu-latest - ubuntu-24.04-arm + - macos-latest # arm64 + - macos-13 # x86 + runs-on: ${{ matrix.os }} steps: From 8ba2c6cc9bf7004eb812dafc971a321e108eef84 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 11 May 2025 01:22:03 -0400 Subject: [PATCH 17/19] cache devshell in ci --- .github/workflows/build.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a9864f3..b9be0e9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -42,7 +42,17 @@ jobs: with: persist-credentials: false - - run: nix build -L . + - name: cache devshell + run: | + nix build .#devShells.$(nix eval --impure --raw --expr 'builtins.currentSystem').default + nix run \ + github:cything/nixcp/test-in-ci -- push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ + result + + - name: build + run: nix build -L . - name: cache run: | From 139dcf2fe73c51b73158a6dbda132dcf5c2728d3 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 11 May 2025 01:22:51 -0400 Subject: [PATCH 18/19] use main branch in ci --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b9be0e9..a4560bf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -46,7 +46,7 @@ jobs: run: | nix build .#devShells.$(nix eval --impure --raw --expr 'builtins.currentSystem').default nix run \ - github:cything/nixcp/test-in-ci -- push \ + github:cything/nixcp -- push \ --bucket nixcache \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ result @@ -57,7 +57,7 @@ jobs: - name: cache run: | nix run \ - github:cything/nixcp/test-in-ci -- push \ + github:cything/nixcp -- push \ --bucket nixcache \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ result From 885a49701c8f0de204467fcbe0089b67a5cf1c09 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 11 May 2025 01:34:12 -0400 Subject: [PATCH 19/19] add cargo-audit to devshell --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 6e1b9d6..16b57e6 100644 --- a/flake.nix +++ b/flake.nix @@ -96,6 +96,7 @@ packages = with pkgs; [ tokio-console cargo-udeps + cargo-audit ]; };