forked from Deuxfleurs/garage
Run clippy in nix, leveraging nix caching ability
This commit is contained in:
parent
71d4cf42f1
commit
40a140bd20
6 changed files with 200 additions and 112 deletions
32
.drone.yml
32
.drone.yml
|
@ -16,7 +16,7 @@ environment:
|
|||
HOME: /drone/garage
|
||||
|
||||
steps:
|
||||
- name: nix maintainance
|
||||
- name: nix maintenance
|
||||
image: nixpkgs/nix:nixos-22.05
|
||||
volumes:
|
||||
- name: nix_store
|
||||
|
@ -28,17 +28,7 @@ steps:
|
|||
- "[ -d /mnt/var/ ] || cp -r /nix/var /mnt/"
|
||||
- cp nix/nix.conf /etc/nix/nix.conf
|
||||
|
||||
- name: warmup cache
|
||||
image: nixpkgs/nix:nixos-22.05
|
||||
volumes:
|
||||
- name: nix_store
|
||||
path: /nix
|
||||
- name: nix_config
|
||||
path: /etc/nix
|
||||
commands:
|
||||
- nix-build --no-build-output --no-out-link shell.nix -A rust.inputDerivation -A integration.inputDerivation
|
||||
|
||||
- name: code quality
|
||||
- name: check formatting
|
||||
image: nixpkgs/nix:nixos-22.05
|
||||
volumes:
|
||||
- name: nix_store
|
||||
|
@ -47,7 +37,6 @@ steps:
|
|||
path: /etc/nix
|
||||
commands:
|
||||
- nix-shell --attr rust --run "cargo fmt -- --check"
|
||||
- nix-shell --attr rust --run "cargo clippy -- --deny warnings"
|
||||
|
||||
- name: build
|
||||
image: nixpkgs/nix:nixos-22.05
|
||||
|
@ -57,8 +46,7 @@ steps:
|
|||
- name: nix_config
|
||||
path: /etc/nix
|
||||
commands:
|
||||
- nix-build --no-build-output --attr pkgs.amd64.debug --argstr git_version $DRONE_COMMIT
|
||||
- nix-shell --attr rust --run "./script/not-dynamic.sh result/bin/garage"
|
||||
- nix-build --no-build-output --attr clippy.amd64 --argstr git_version $DRONE_COMMIT
|
||||
|
||||
- name: unit + func tests
|
||||
image: nixpkgs/nix:nixos-22.05
|
||||
|
@ -80,7 +68,7 @@ steps:
|
|||
- ./result/bin/garage-*
|
||||
- ./result/bin/integration-*
|
||||
|
||||
- name: smoke-test
|
||||
- name: integration tests
|
||||
image: nixpkgs/nix:nixos-22.05
|
||||
volumes:
|
||||
- name: nix_store
|
||||
|
@ -88,7 +76,7 @@ steps:
|
|||
- name: nix_config
|
||||
path: /etc/nix
|
||||
commands:
|
||||
- nix-build --no-build-output --attr pkgs.amd64.debug --argstr git_version $DRONE_COMMIT
|
||||
- nix-build --no-build-output --attr clippy.amd64 --argstr git_version $DRONE_COMMIT
|
||||
- nix-shell --attr integration --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
|
||||
|
||||
trigger:
|
||||
|
@ -112,7 +100,7 @@ volumes:
|
|||
temp: {}
|
||||
|
||||
steps:
|
||||
- name: nix maintainance
|
||||
- name: nix maintenance
|
||||
image: nixpkgs/nix:nixos-22.05
|
||||
volumes:
|
||||
- name: nix_store
|
||||
|
@ -198,7 +186,7 @@ volumes:
|
|||
temp: {}
|
||||
|
||||
steps:
|
||||
- name: nix maintainance
|
||||
- name: nix maintenance
|
||||
image: nixpkgs/nix:nixos-22.05
|
||||
volumes:
|
||||
- name: nix_store
|
||||
|
@ -283,7 +271,7 @@ volumes:
|
|||
temp: {}
|
||||
|
||||
steps:
|
||||
- name: nix maintainance
|
||||
- name: nix maintenance
|
||||
image: nixpkgs/nix:nixos-22.05
|
||||
volumes:
|
||||
- name: nix_store
|
||||
|
@ -358,7 +346,7 @@ volumes:
|
|||
temp: {}
|
||||
|
||||
steps:
|
||||
- name: nix maintainance
|
||||
- name: nix maintenance
|
||||
image: nixpkgs/nix:nixos-22.05
|
||||
volumes:
|
||||
- name: nix_store
|
||||
|
@ -458,6 +446,6 @@ trigger:
|
|||
|
||||
---
|
||||
kind: signature
|
||||
hmac: 9789d5fd470fc4273adcfd05946833268d1e466462c5f36abeb8f607d62fdb4b
|
||||
hmac: 0a72ff9a422018b7b06754bd5b9561d3f4bb0d5af28a20ec365c719ee263378a
|
||||
|
||||
...
|
||||
|
|
17
default.nix
17
default.nix
|
@ -6,11 +6,16 @@
|
|||
with import ./nix/common.nix;
|
||||
|
||||
let
|
||||
pkgs = import pkgsSrc { };
|
||||
compile = import ./nix/compile.nix;
|
||||
build_debug_and_release = (target: {
|
||||
debug = (compile { inherit target; release = false; }).workspace.garage { compileMode = "build"; };
|
||||
release = (compile { inherit target; release = true; }).workspace.garage { compileMode = "build"; };
|
||||
});
|
||||
test = (rustPkgs: pkgs.symlinkJoin {
|
||||
name ="garage-tests";
|
||||
paths = builtins.map (key: rustPkgs.workspace.${key} { compileMode = "test"; }) (builtins.attrNames rustPkgs.workspace);
|
||||
});
|
||||
|
||||
in {
|
||||
pkgs = {
|
||||
|
@ -20,13 +25,9 @@ in {
|
|||
arm = build_debug_and_release "armv6l-unknown-linux-musleabihf";
|
||||
};
|
||||
test = {
|
||||
amd64 = let
|
||||
pkgs = import pkgsSrc { };
|
||||
rustPkgs = compile { target = "x86_64-unknown-linux-musl"; };
|
||||
in
|
||||
pkgs.symlinkJoin {
|
||||
name ="garage-tests";
|
||||
paths = builtins.map (key: rustPkgs.workspace.${key} { compileMode = "test"; }) (builtins.attrNames rustPkgs.workspace);
|
||||
};
|
||||
amd64 = test (compile { target = "x86_64-unknown-linux-musl"; });
|
||||
};
|
||||
clippy = {
|
||||
amd64 = (compile { compiler = "clippy"; }).workspace.garage { compileMode = "build"; } ;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -4,18 +4,16 @@ rec {
|
|||
*/
|
||||
pkgsSrc = fetchTarball {
|
||||
# As of 2021-10-04
|
||||
url ="https://github.com/NixOS/nixpkgs/archive/b27d18a412b071f5d7991d1648cfe78ee7afe68a.tar.gz";
|
||||
url = "https://github.com/NixOS/nixpkgs/archive/b27d18a412b071f5d7991d1648cfe78ee7afe68a.tar.gz";
|
||||
sha256 = "1xy9zpypqfxs5gcq5dcla4bfkhxmh5nzn9dyqkr03lqycm9wg5cr";
|
||||
};
|
||||
cargo2nixSrc = fetchGit {
|
||||
# As of 2022-03-17
|
||||
url = "https://github.com/superboum/cargo2nix";
|
||||
ref = "main";
|
||||
rev = "bcbf3ba99e9e01a61eb83a24624419c2dd9dec64";
|
||||
ref = "dedup_propagate";
|
||||
rev = "486675c67249e735dd7eb68e1b9feac9db102be7";
|
||||
};
|
||||
|
||||
|
||||
|
||||
/*
|
||||
* Shared objects
|
||||
*/
|
||||
|
|
149
nix/compile.nix
149
nix/compile.nix
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
system ? builtins.currentSystem,
|
||||
target ? "x86_64-unknown-linux-musl",
|
||||
target ? null,
|
||||
compiler ? "rustc",
|
||||
release ? false,
|
||||
git_version ? null,
|
||||
}:
|
||||
|
@ -8,16 +9,14 @@
|
|||
with import ./common.nix;
|
||||
|
||||
let
|
||||
crossSystem = { config = target; };
|
||||
|
||||
log = v: builtins.trace v v;
|
||||
|
||||
pkgs = import pkgsSrc {
|
||||
inherit system crossSystem;
|
||||
inherit system;
|
||||
${ if target == null then null else "crossSystem" } = { config = target; };
|
||||
overlays = [ cargo2nixOverlay ];
|
||||
};
|
||||
|
||||
|
||||
/*
|
||||
Rust and Nix triples are not the same. Cargo2nix has a dedicated library
|
||||
to convert Nix triples to Rust ones. We need this conversion as we want to
|
||||
|
@ -38,13 +37,58 @@ let
|
|||
In practise, rustOverlay ships rustc+cargo in a single derivation while
|
||||
NixOS ships them in separate ones. We reunite them with symlinkJoin.
|
||||
*/
|
||||
rustChannel = pkgs.symlinkJoin {
|
||||
name ="rust-channel";
|
||||
paths = [
|
||||
pkgs.rustPlatform.rust.rustc
|
||||
pkgs.rustPlatform.rust.cargo
|
||||
];
|
||||
};
|
||||
rustChannel = {
|
||||
rustc = pkgs.symlinkJoin {
|
||||
name = "rust-channel";
|
||||
paths = [
|
||||
pkgs.rustPlatform.rust.cargo
|
||||
pkgs.rustPlatform.rust.rustc
|
||||
];
|
||||
};
|
||||
clippy = pkgs.symlinkJoin {
|
||||
name = "clippy-channel";
|
||||
paths = [
|
||||
pkgs.rustPlatform.rust.cargo
|
||||
pkgs.rustPlatform.rust.rustc
|
||||
pkgs.clippy
|
||||
];
|
||||
};
|
||||
}.${compiler};
|
||||
|
||||
clippyBuilder = pkgs.writeScriptBin "clippy" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
. ${cargo2nixSrc + "/overlay/utils.sh"}
|
||||
isBuildScript=
|
||||
args=("$@")
|
||||
for i in "''${!args[@]}"; do
|
||||
if [ "xmetadata=" = "x''${args[$i]::9}" ]; then
|
||||
args[$i]=metadata=$NIX_RUST_METADATA
|
||||
elif [ "x--crate-name" = "x''${args[$i]}" ] && [ "xbuild_script_" = "x''${args[$i+1]::13}" ]; then
|
||||
isBuildScript=1
|
||||
fi
|
||||
done
|
||||
if [ "$isBuildScript" ]; then
|
||||
args+=($NIX_RUST_BUILD_LINK_FLAGS)
|
||||
else
|
||||
args+=($NIX_RUST_LINK_FLAGS)
|
||||
fi
|
||||
touch invoke.log
|
||||
echo "''${args[@]}" >>invoke.log
|
||||
|
||||
exec ${rustChannel}/bin/clippy-driver --deny warnings "''${args[@]}"
|
||||
'';
|
||||
|
||||
buildEnv = (drv: {
|
||||
rustc = drv.setBuildEnv;
|
||||
clippy = ''
|
||||
${drv.setBuildEnv or "" }
|
||||
echo
|
||||
echo --- BUILDING WITH CLIPPY ---
|
||||
echo
|
||||
|
||||
export RUSTC=${clippyBuilder}/bin/clippy
|
||||
'';
|
||||
}.${compiler});
|
||||
|
||||
/*
|
||||
Cargo2nix provides many overrides by default, you can take inspiration from them:
|
||||
|
@ -55,47 +99,90 @@ let
|
|||
*/
|
||||
overrides = pkgs.rustBuilder.overrides.all ++ [
|
||||
/*
|
||||
[1] We need to alter Nix hardening to make static binaries: PIE,
|
||||
[1] We add some logic to compile our crates with clippy, it provides us many additional lints
|
||||
|
||||
[2] We need to alter Nix hardening to make static binaries: PIE,
|
||||
Position Independent Executables seems to be supported only on amd64. Having
|
||||
this flag set either 1. make our executables crash or 2. compile as dynamic on some platforms.
|
||||
Here, we deactivate it. Later (find `codegenOpts`), we reactivate it for supported targets
|
||||
(only amd64 curently) through the `-static-pie` flag.
|
||||
PIE is a feature used by ASLR, which helps mitigate security issues.
|
||||
Learn more about Nix Hardening at: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/cc-wrapper/add-hardening.sh
|
||||
|
||||
[3] We want to inject the git version while keeping the build deterministic.
|
||||
As we do not want to consider the .git folder as part of the input source,
|
||||
we ask the user (the CI often) to pass the value to Nix.
|
||||
|
||||
[4] We ship some parts of the code disabled by default by putting them behind a flag.
|
||||
It speeds up the compilation (when the feature is not required) and released crates have less dependency by default (less attack surface, disk space, etc.).
|
||||
But we want to ship these additional features when we release Garage.
|
||||
In the end, we chose to exclude all features from debug builds while putting (all of) them in the release builds.
|
||||
Currently, the only feature of Garage is kubernetes-discovery from the garage_rpc crate.
|
||||
*/
|
||||
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||
name = "garage";
|
||||
overrideAttrs = drv: { hardeningDisable = [ "pie" ]; };
|
||||
overrideAttrs = drv: {
|
||||
/* [1] */ setBuildEnv = (buildEnv drv);
|
||||
/* [2] */ hardeningDisable = [ "pie" ];
|
||||
};
|
||||
})
|
||||
|
||||
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||
name = "garage_rpc";
|
||||
|
||||
/*
|
||||
[2] We want to inject the git version while keeping the build deterministic.
|
||||
As we do not want to consider the .git folder as part of the input source,
|
||||
we ask the user (the CI often) to pass the value to Nix.
|
||||
*/
|
||||
overrideAttrs = drv:
|
||||
(if git_version != null then {
|
||||
preConfigure = ''
|
||||
/* [3] */ preConfigure = ''
|
||||
${drv.preConfigure or ""}
|
||||
export GIT_VERSION="${git_version}"
|
||||
'';
|
||||
} else {});
|
||||
|
||||
/*
|
||||
[3] We ship some parts of the code disabled by default by putting them behind a flag.
|
||||
It speeds up the compilation (when the feature is not required) and released crates have less dependency by default (less attack surface, disk space, etc.).
|
||||
But we want to ship these additional features when we release Garage.
|
||||
In the end, we chose to exclude all features from debug builds while putting (all of) them in the release builds.
|
||||
Currently, the only feature of Garage is kubernetes-discovery from the garage_rpc crate.
|
||||
*/
|
||||
} else {})
|
||||
// {
|
||||
/* [1] */ setBuildEnv = (buildEnv drv);
|
||||
};
|
||||
overrideArgs = old: {
|
||||
features = if release then [ "kubernetes-discovery" ] else [];
|
||||
/* [4] */ features = if release then [ "kubernetes-discovery" ] else [];
|
||||
};
|
||||
})
|
||||
|
||||
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||
name = "garage_db";
|
||||
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
|
||||
})
|
||||
|
||||
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||
name = "garage_util";
|
||||
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
|
||||
})
|
||||
|
||||
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||
name = "garage_table";
|
||||
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
|
||||
})
|
||||
|
||||
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||
name = "garage_block";
|
||||
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
|
||||
})
|
||||
|
||||
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||
name = "garage_model";
|
||||
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
|
||||
})
|
||||
|
||||
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||
name = "garage_api";
|
||||
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
|
||||
})
|
||||
|
||||
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||
name = "garage_web";
|
||||
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
|
||||
})
|
||||
|
||||
(pkgs.rustBuilder.rustLib.makeOverride {
|
||||
name = "k2v-client";
|
||||
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
|
||||
})
|
||||
];
|
||||
|
||||
packageFun = import ../Cargo.nix;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
substituters = https://cache.nixos.org https://nix.web.deuxfleurs.fr
|
||||
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=
|
||||
max-jobs = auto
|
||||
cores = 4
|
||||
cores = 0
|
||||
log-lines = 200
|
||||
filter-syscalls = false
|
||||
sandbox = false
|
||||
|
|
104
shell.nix
104
shell.nix
|
@ -1,8 +1,5 @@
|
|||
{
|
||||
system ? builtins.currentSystem,
|
||||
rust ? true,
|
||||
integration ? true,
|
||||
release ? true,
|
||||
}:
|
||||
|
||||
with import ./nix/common.nix;
|
||||
|
@ -16,9 +13,59 @@ let
|
|||
winscp = (import ./nix/winscp.nix) pkgs;
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
pkgs.mkShell {
|
||||
shellHook = ''
|
||||
/* --- Rust Shell ---
|
||||
* Use it to compile Garage
|
||||
*/
|
||||
rust = pkgs.mkShell {
|
||||
shellHook = ''
|
||||
function refresh_toolchain {
|
||||
nix copy \
|
||||
--to 's3://nix?endpoint=garage.deuxfleurs.fr®ion=garage&secret-key=/etc/nix/signing-key.sec' \
|
||||
$(nix-store -qR \
|
||||
$(nix-build --quiet --no-build-output --no-out-link nix/toolchain.nix))
|
||||
}
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
#pkgs.rustPlatform.rust.rustc
|
||||
pkgs.rustPlatform.rust.cargo
|
||||
#pkgs.clippy
|
||||
pkgs.rustfmt
|
||||
#pkgs.perl
|
||||
#pkgs.protobuf
|
||||
#pkgs.pkg-config
|
||||
#pkgs.openssl
|
||||
pkgs.file
|
||||
#cargo2nix.packages.x86_64-linux.cargo2nix
|
||||
];
|
||||
};
|
||||
|
||||
/* --- Integration shell ---
|
||||
* Use it to test Garage with common S3 clients
|
||||
*/
|
||||
integration = pkgs.mkShell {
|
||||
nativeBuildInputs = [
|
||||
winscp
|
||||
pkgs.s3cmd
|
||||
pkgs.awscli2
|
||||
pkgs.minio-client
|
||||
pkgs.rclone
|
||||
pkgs.socat
|
||||
pkgs.psmisc
|
||||
pkgs.which
|
||||
pkgs.openssl
|
||||
pkgs.curl
|
||||
pkgs.jq
|
||||
];
|
||||
};
|
||||
|
||||
/* --- Release shell ---
|
||||
* A shell built to make releasing easier
|
||||
*/
|
||||
release = pkgs.mkShell {
|
||||
shellHook = ''
|
||||
function to_s3 {
|
||||
aws \
|
||||
--endpoint-url https://garage.deuxfleurs.fr \
|
||||
|
@ -62,45 +109,12 @@ function refresh_index {
|
|||
result/share/_releases.html \
|
||||
s3://garagehq.deuxfleurs.fr/
|
||||
}
|
||||
'';
|
||||
nativeBuildInputs = [
|
||||
pkgs.awscli2
|
||||
kaniko
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
function refresh_toolchain {
|
||||
nix copy \
|
||||
--to 's3://nix?endpoint=garage.deuxfleurs.fr®ion=garage&secret-key=/etc/nix/signing-key.sec' \
|
||||
$(nix-store -qR \
|
||||
$(nix-build --quiet --no-build-output --no-out-link nix/toolchain.nix))
|
||||
}
|
||||
'';
|
||||
|
||||
nativeBuildInputs =
|
||||
(if rust then [
|
||||
pkgs.rustPlatform.rust.rustc
|
||||
pkgs.rustPlatform.rust.cargo
|
||||
pkgs.clippy
|
||||
pkgs.rustfmt
|
||||
pkgs.perl
|
||||
pkgs.protobuf
|
||||
pkgs.pkg-config
|
||||
pkgs.openssl
|
||||
cargo2nix.packages.x86_64-linux.cargo2nix
|
||||
] else [])
|
||||
++
|
||||
(if integration then [
|
||||
winscp
|
||||
pkgs.s3cmd
|
||||
pkgs.awscli2
|
||||
pkgs.minio-client
|
||||
pkgs.rclone
|
||||
pkgs.socat
|
||||
pkgs.psmisc
|
||||
pkgs.which
|
||||
pkgs.openssl
|
||||
pkgs.curl
|
||||
pkgs.jq
|
||||
] else [])
|
||||
++
|
||||
(if release then [
|
||||
pkgs.awscli2
|
||||
kaniko
|
||||
] else [])
|
||||
;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue