From 0c41fd46a223b8da2f007f5de086f18840277a44 Mon Sep 17 00:00:00 2001 From: Sebastian Schmidt Date: Sun, 8 Oct 2023 14:23:59 +0300 Subject: [PATCH 1/9] Add nix lint workflow. --- .github/workflows/nix-lints.yml | 53 ++++++++++++++++++++++++++++++ .github/workflows/rvoc-backend.yml | 3 +- .github/workflows/web-api-ci.yml | 6 +--- 3 files changed, 55 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/nix-lints.yml diff --git a/.github/workflows/nix-lints.yml b/.github/workflows/nix-lints.yml new file mode 100644 index 0000000..65dbb08 --- /dev/null +++ b/.github/workflows/nix-lints.yml @@ -0,0 +1,53 @@ +name: Nix Lints + +on: + push: + paths: + # Run if workflow changes + - '.github/workflows/nix-lints.yml' + # Run on changed flake + - 'flake.nix' + - 'flake.lock' + branches: + - main + pull_request: + branches: main + # Run manually + workflow_dispatch: + +jobs: + nix_fmt: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install nix + uses: cachix/install-nix-action@v22 + + - name: Cache /nix/store + uses: actions/cache@v3 + with: + path: /nix/store + key: ${{ runner.os }}-${{ hashFiles('flake.*') }}-${{ hashFiles('.github/workflows/web-api-ci.yml') }} + + - name: Check nix formatting + run: nix fmt --accept-flake-config -- --check . + + nix_dead_code: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install nix + uses: cachix/install-nix-action@v22 + + - name: Cache /nix/store + uses: actions/cache@v3 + with: + path: /nix/store + key: ${{ runner.os }}-${{ hashFiles('flake.*') }}-${{ hashFiles('.github/workflows/web-api-ci.yml') }} + + - name: Check dead nix code + run: nix run github:astro/deadnix -- . \ No newline at end of file diff --git a/.github/workflows/rvoc-backend.yml b/.github/workflows/rvoc-backend.yml index 038426a..3862d69 100644 --- a/.github/workflows/rvoc-backend.yml +++ b/.github/workflows/rvoc-backend.yml @@ -16,8 +16,7 @@ on: branches: main pull_request: branches: main - # Sometimes the rules above don't match even though they should. - # This allows us to run the workflow manually anyways. + # Run manually workflow_dispatch: env: diff --git a/.github/workflows/web-api-ci.yml b/.github/workflows/web-api-ci.yml index 410b1b4..4d9ab4a 100644 --- a/.github/workflows/web-api-ci.yml +++ b/.github/workflows/web-api-ci.yml @@ -18,13 +18,9 @@ on: - 'flake.lock' branches: - main - # We are creating this workflow on this branch, hence we enable it here. - # This can be deleted once the branch is removed. - - 42-add-user-account-creation pull_request: branches: main - # Sometimes the rules above don't match even though they should. - # This allows us to run the workflow manually anyways. + # Run manually workflow_dispatch: jobs: From aba36a9d453e4873c9b41813e67fb1b03e515b9a Mon Sep 17 00:00:00 2001 From: Sebastian Schmidt Date: Sun, 8 Oct 2023 14:25:51 +0300 Subject: [PATCH 2/9] Add formatter to nix flake. --- flake.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/flake.nix b/flake.nix index 4ac2b51..d84889f 100644 --- a/flake.nix +++ b/flake.nix @@ -108,6 +108,9 @@ inherit binary debugBinary integrationTestsBinary dockerImage debugDockerImage; default = binary; }; + + formatter = pkgs.nixpkgs-fmt; + devShells.default = mkShell { inputsFrom = [binary]; buildInputs = with pkgs; [dive wget]; From 7e2d7c28b46582bc977e4da52c4a4210beba3ceb Mon Sep 17 00:00:00 2001 From: Sebastian Schmidt Date: Sun, 8 Oct 2023 14:31:50 +0300 Subject: [PATCH 3/9] Actually fail CI if there is dead nix code. --- .github/workflows/nix-lints.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nix-lints.yml b/.github/workflows/nix-lints.yml index 65dbb08..74b11f2 100644 --- a/.github/workflows/nix-lints.yml +++ b/.github/workflows/nix-lints.yml @@ -49,5 +49,5 @@ jobs: path: /nix/store key: ${{ runner.os }}-${{ hashFiles('flake.*') }}-${{ hashFiles('.github/workflows/web-api-ci.yml') }} - - name: Check dead nix code - run: nix run github:astro/deadnix -- . \ No newline at end of file + - name: Check for dead nix code + run: nix run github:astro/deadnix -- --fail . \ No newline at end of file From 7c439a209ddf0f981aa48e0f71ef42d814459b80 Mon Sep 17 00:00:00 2001 From: Sebastian Schmidt Date: Sun, 8 Oct 2023 14:26:35 +0300 Subject: [PATCH 4/9] Format flake.nix. --- flake.nix | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/flake.nix b/flake.nix index d84889f..6c2aba6 100644 --- a/flake.nix +++ b/flake.nix @@ -18,12 +18,12 @@ }; }; }; - outputs = {self, nixpkgs, flake-utils, rust-overlay, crane}: + outputs = { self, nixpkgs, flake-utils, rust-overlay, crane }: flake-utils.lib.eachDefaultSystem (system: let system = "x86_64-linux"; - overlays = [(import rust-overlay)]; + overlays = [ (import rust-overlay) ]; pkgs = import nixpkgs { inherit system overlays; }; @@ -39,47 +39,47 @@ (craneLib.filterCargoSources path type) ; }; - nativeBuildInputs = with pkgs; [rustToolchain pkg-config]; - buildInputs = with pkgs; [rustToolchain openssl postgresql_15.lib]; - developmentTools = with pkgs; [(diesel-cli.override {sqliteSupport = false; mysqlSupport = false;}) postgresql cargo]; + nativeBuildInputs = with pkgs; [ rustToolchain pkg-config ]; + buildInputs = with pkgs; [ rustToolchain openssl postgresql_15.lib ]; + developmentTools = with pkgs; [ (diesel-cli.override { sqliteSupport = false; mysqlSupport = false; }) postgresql cargo ]; commonArgs = { inherit src buildInputs nativeBuildInputs; installCargoArtifactsMode = "use-zstd"; strictDeps = true; }; - integrationTestsArtifacts = craneLib.buildDepsOnly(commonArgs // { + integrationTestsArtifacts = craneLib.buildDepsOnly (commonArgs // { cargoBuildCommand = "cargo build --profile dev"; cargoExtraArgs = "--bin integration-tests"; doCheck = false; pname = "integration-tests"; }); - integrationTestsBinary = craneLib.buildPackage(commonArgs // { + integrationTestsBinary = craneLib.buildPackage (commonArgs // { cargoArtifacts = integrationTestsArtifacts; cargoBuildCommand = "cargo build --profile dev"; cargoExtraArgs = "--bin integration-tests"; doCheck = false; pname = "integration-tests"; }); - cargoDebugArtifacts = craneLib.buildDepsOnly(commonArgs // { + cargoDebugArtifacts = craneLib.buildDepsOnly (commonArgs // { cargoBuildCommand = "cargo build --profile dev"; cargoExtraArgs = "--bin rvoc-backend"; doCheck = false; pname = "rvoc-backend"; }); - debugBinary = craneLib.buildPackage(commonArgs // { + debugBinary = craneLib.buildPackage (commonArgs // { cargoArtifacts = cargoDebugArtifacts; cargoBuildCommand = "cargo build --profile dev"; cargoExtraArgs = "--bin rvoc-backend"; doCheck = false; pname = "rvoc-backend"; }); - cargoArtifacts = craneLib.buildDepsOnly(commonArgs // { + cargoArtifacts = craneLib.buildDepsOnly (commonArgs // { cargoBuildCommand = "cargo build --profile release"; cargoExtraArgs = "--bin rvoc-backend"; doCheck = false; pname = "rvoc-backend"; }); - binary = craneLib.buildPackage(commonArgs // { + binary = craneLib.buildPackage (commonArgs // { cargoArtifacts = cargoArtifacts; cargoBuildCommand = "cargo build --profile release"; cargoExtraArgs = "--bin rvoc-backend"; @@ -88,17 +88,17 @@ dockerImage = pkgs.dockerTools.streamLayeredImage { name = "rvoc-backend"; tag = "latest"; - contents = [binary pkgs.cacert]; + contents = [ binary pkgs.cacert ]; config = { - Cmd = ["${binary}/bin/rvoc-backend"]; + Cmd = [ "${binary}/bin/rvoc-backend" ]; }; }; debugDockerImage = pkgs.dockerTools.streamLayeredImage { name = "rvoc-backend"; tag = "latest"; - contents = [debugBinary pkgs.cacert]; + contents = [ debugBinary pkgs.cacert ]; config = { - Cmd = ["${debugBinary}/bin/rvoc-backend"]; + Cmd = [ "${debugBinary}/bin/rvoc-backend" ]; }; }; in @@ -112,8 +112,8 @@ formatter = pkgs.nixpkgs-fmt; devShells.default = mkShell { - inputsFrom = [binary]; - buildInputs = with pkgs; [dive wget]; + inputsFrom = [ binary ]; + buildInputs = with pkgs; [ dive wget ]; packages = developmentTools; shellHook = '' export PGDATA=$PWD/backend/data/postgres_dev_data From 8143d257319af4b1a53df58fea641240603db73b Mon Sep 17 00:00:00 2001 From: Sebastian Schmidt Date: Sun, 8 Oct 2023 14:33:42 +0300 Subject: [PATCH 5/9] Remove dead nix code. --- flake.nix | 230 +++++++++++++++++++++++++++--------------------------- 1 file changed, 113 insertions(+), 117 deletions(-) diff --git a/flake.nix b/flake.nix index 6c2aba6..f164fce 100644 --- a/flake.nix +++ b/flake.nix @@ -18,123 +18,119 @@ }; }; }; - outputs = { self, nixpkgs, flake-utils, rust-overlay, crane }: - flake-utils.lib.eachDefaultSystem - (system: - let - system = "x86_64-linux"; - overlays = [ (import rust-overlay) ]; - pkgs = import nixpkgs { - inherit system overlays; - }; - inherit (pkgs) lib; - rustToolchain = pkgs.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; - craneLib = (crane.mkLib pkgs).overrideToolchain rustToolchain; - src = lib.cleanSourceWith { - src = ./.; # The original, unfiltered source - filter = path: type: - # Allow sql files for migrations - (lib.hasSuffix "\.sql" path) || - # Default filter from crane (allow .rs files) - (craneLib.filterCargoSources path type) - ; - }; - nativeBuildInputs = with pkgs; [ rustToolchain pkg-config ]; - buildInputs = with pkgs; [ rustToolchain openssl postgresql_15.lib ]; - developmentTools = with pkgs; [ (diesel-cli.override { sqliteSupport = false; mysqlSupport = false; }) postgresql cargo ]; - commonArgs = { - inherit src buildInputs nativeBuildInputs; - installCargoArtifactsMode = "use-zstd"; - strictDeps = true; - }; - integrationTestsArtifacts = craneLib.buildDepsOnly (commonArgs // { - cargoBuildCommand = "cargo build --profile dev"; - cargoExtraArgs = "--bin integration-tests"; - doCheck = false; - pname = "integration-tests"; - }); - integrationTestsBinary = craneLib.buildPackage (commonArgs // { - cargoArtifacts = integrationTestsArtifacts; - cargoBuildCommand = "cargo build --profile dev"; - cargoExtraArgs = "--bin integration-tests"; - doCheck = false; - pname = "integration-tests"; - }); - cargoDebugArtifacts = craneLib.buildDepsOnly (commonArgs // { - cargoBuildCommand = "cargo build --profile dev"; - cargoExtraArgs = "--bin rvoc-backend"; - doCheck = false; - pname = "rvoc-backend"; - }); - debugBinary = craneLib.buildPackage (commonArgs // { - cargoArtifacts = cargoDebugArtifacts; - cargoBuildCommand = "cargo build --profile dev"; - cargoExtraArgs = "--bin rvoc-backend"; - doCheck = false; - pname = "rvoc-backend"; - }); - cargoArtifacts = craneLib.buildDepsOnly (commonArgs // { - cargoBuildCommand = "cargo build --profile release"; - cargoExtraArgs = "--bin rvoc-backend"; - doCheck = false; - pname = "rvoc-backend"; - }); - binary = craneLib.buildPackage (commonArgs // { - cargoArtifacts = cargoArtifacts; - cargoBuildCommand = "cargo build --profile release"; - cargoExtraArgs = "--bin rvoc-backend"; - pname = "rvoc-backend"; - }); - dockerImage = pkgs.dockerTools.streamLayeredImage { - name = "rvoc-backend"; - tag = "latest"; - contents = [ binary pkgs.cacert ]; - config = { - Cmd = [ "${binary}/bin/rvoc-backend" ]; - }; - }; - debugDockerImage = pkgs.dockerTools.streamLayeredImage { - name = "rvoc-backend"; - tag = "latest"; - contents = [ debugBinary pkgs.cacert ]; - config = { - Cmd = [ "${debugBinary}/bin/rvoc-backend" ]; - }; - }; - in - with pkgs; - { - packages = { - inherit binary debugBinary integrationTestsBinary dockerImage debugDockerImage; - default = binary; - }; - - formatter = pkgs.nixpkgs-fmt; + outputs = { nixpkgs, flake-utils, rust-overlay, crane }: + let + system = "x86_64-linux"; + overlays = [ (import rust-overlay) ]; + pkgs = import nixpkgs { + inherit system overlays; + }; + inherit (pkgs) lib; + rustToolchain = pkgs.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; + craneLib = (crane.mkLib pkgs).overrideToolchain rustToolchain; + src = lib.cleanSourceWith { + src = ./.; # The original, unfiltered source + filter = path: type: + # Allow sql files for migrations + (lib.hasSuffix "\.sql" path) || + # Default filter from crane (allow .rs files) + (craneLib.filterCargoSources path type) + ; + }; + nativeBuildInputs = with pkgs; [ rustToolchain pkg-config ]; + buildInputs = with pkgs; [ rustToolchain openssl postgresql_15.lib ]; + developmentTools = with pkgs; [ (diesel-cli.override { sqliteSupport = false; mysqlSupport = false; }) postgresql cargo ]; + commonArgs = { + inherit src buildInputs nativeBuildInputs; + installCargoArtifactsMode = "use-zstd"; + strictDeps = true; + }; + integrationTestsArtifacts = craneLib.buildDepsOnly (commonArgs // { + cargoBuildCommand = "cargo build --profile dev"; + cargoExtraArgs = "--bin integration-tests"; + doCheck = false; + pname = "integration-tests"; + }); + integrationTestsBinary = craneLib.buildPackage (commonArgs // { + cargoArtifacts = integrationTestsArtifacts; + cargoBuildCommand = "cargo build --profile dev"; + cargoExtraArgs = "--bin integration-tests"; + doCheck = false; + pname = "integration-tests"; + }); + cargoDebugArtifacts = craneLib.buildDepsOnly (commonArgs // { + cargoBuildCommand = "cargo build --profile dev"; + cargoExtraArgs = "--bin rvoc-backend"; + doCheck = false; + pname = "rvoc-backend"; + }); + debugBinary = craneLib.buildPackage (commonArgs // { + cargoArtifacts = cargoDebugArtifacts; + cargoBuildCommand = "cargo build --profile dev"; + cargoExtraArgs = "--bin rvoc-backend"; + doCheck = false; + pname = "rvoc-backend"; + }); + cargoArtifacts = craneLib.buildDepsOnly (commonArgs // { + cargoBuildCommand = "cargo build --profile release"; + cargoExtraArgs = "--bin rvoc-backend"; + doCheck = false; + pname = "rvoc-backend"; + }); + binary = craneLib.buildPackage (commonArgs // { + cargoArtifacts = cargoArtifacts; + cargoBuildCommand = "cargo build --profile release"; + cargoExtraArgs = "--bin rvoc-backend"; + pname = "rvoc-backend"; + }); + dockerImage = pkgs.dockerTools.streamLayeredImage { + name = "rvoc-backend"; + tag = "latest"; + contents = [ binary pkgs.cacert ]; + config = { + Cmd = [ "${binary}/bin/rvoc-backend" ]; + }; + }; + debugDockerImage = pkgs.dockerTools.streamLayeredImage { + name = "rvoc-backend"; + tag = "latest"; + contents = [ debugBinary pkgs.cacert ]; + config = { + Cmd = [ "${debugBinary}/bin/rvoc-backend" ]; + }; + }; + in + with pkgs; + { + packages = { + inherit binary debugBinary integrationTestsBinary dockerImage debugDockerImage; + default = binary; + }; - devShells.default = mkShell { - inputsFrom = [ binary ]; - buildInputs = with pkgs; [ dive wget ]; - packages = developmentTools; - shellHook = '' - export PGDATA=$PWD/backend/data/postgres_dev_data - export PGHOST=$PWD/backend/data/postgres_dev - export LOG_PATH=$PWD/backend/data/postgres_dev/LOG - export PGDATABASE=rvoc_dev - export POSTGRES_RVOC_URL="postgresql://''${USER}@/''${PGDATABASE}?host=$PGHOST" - export DATABASE_URL=$POSTGRES_RVOC_URL - if [ ! -d $PGHOST ]; then - mkdir -p $PGHOST - fi - if [ ! -d $PGDATA ]; then - echo 'Initializing postgresql database...' - initdb $PGDATA --auth=trust >/dev/null - fi - echo "Starting postgres" - pg_ctl start -l $LOG_PATH -o "-c listen_addresses= -c unix_socket_directories=$PGHOST" - echo "Shell hook finished" - ''; - }; - } + formatter = pkgs.nixpkgs-fmt; - ); + devShells.default = mkShell { + inputsFrom = [ binary ]; + buildInputs = with pkgs; [ dive wget ]; + packages = developmentTools; + shellHook = '' + export PGDATA=$PWD/backend/data/postgres_dev_data + export PGHOST=$PWD/backend/data/postgres_dev + export LOG_PATH=$PWD/backend/data/postgres_dev/LOG + export PGDATABASE=rvoc_dev + export POSTGRES_RVOC_URL="postgresql://''${USER}@/''${PGDATABASE}?host=$PGHOST" + export DATABASE_URL=$POSTGRES_RVOC_URL + if [ ! -d $PGHOST ]; then + mkdir -p $PGHOST + fi + if [ ! -d $PGDATA ]; then + echo 'Initializing postgresql database...' + initdb $PGDATA --auth=trust >/dev/null + fi + echo "Starting postgres" + pg_ctl start -l $LOG_PATH -o "-c listen_addresses= -c unix_socket_directories=$PGHOST" + echo "Shell hook finished" + ''; + }; + } } From bbf6eefb90d7511ace34578fac37af8ed75533ab Mon Sep 17 00:00:00 2001 From: Sebastian Schmidt Date: Sun, 8 Oct 2023 14:39:09 +0300 Subject: [PATCH 6/9] Remove `--fail` from nix dead code check. The check does not seem to be very accurate, so it makes no sense to have it fail the CI. --- .github/workflows/nix-lints.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-lints.yml b/.github/workflows/nix-lints.yml index 74b11f2..24e8843 100644 --- a/.github/workflows/nix-lints.yml +++ b/.github/workflows/nix-lints.yml @@ -50,4 +50,4 @@ jobs: key: ${{ runner.os }}-${{ hashFiles('flake.*') }}-${{ hashFiles('.github/workflows/web-api-ci.yml') }} - name: Check for dead nix code - run: nix run github:astro/deadnix -- --fail . \ No newline at end of file + run: nix run github:astro/deadnix -- . \ No newline at end of file From b62e1299b7a10c02f42d60b30ca275718a57553a Mon Sep 17 00:00:00 2001 From: Sebastian Schmidt Date: Sun, 8 Oct 2023 14:39:37 +0300 Subject: [PATCH 7/9] Clean up flake. --- flake.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index f164fce..0b3aee7 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,7 @@ }; }; }; - outputs = { nixpkgs, flake-utils, rust-overlay, crane }: + outputs = { self, nixpkgs, flake-utils, rust-overlay, crane }: let system = "x86_64-linux"; overlays = [ (import rust-overlay) ]; @@ -107,9 +107,9 @@ default = binary; }; - formatter = pkgs.nixpkgs-fmt; + formatter.${system} = pkgs.nixpkgs-fmt; - devShells.default = mkShell { + devShells.${system}.default = mkShell { inputsFrom = [ binary ]; buildInputs = with pkgs; [ dive wget ]; packages = developmentTools; @@ -132,5 +132,5 @@ echo "Shell hook finished" ''; }; - } + }; } From afd904680eb6a765900b671bab16dc01379cafdc Mon Sep 17 00:00:00 2001 From: Sebastian Schmidt Date: Sun, 8 Oct 2023 14:43:37 +0300 Subject: [PATCH 8/9] Fix flake package definition. --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 0b3aee7..bc741ea 100644 --- a/flake.nix +++ b/flake.nix @@ -102,7 +102,7 @@ in with pkgs; { - packages = { + packages.${system} = { inherit binary debugBinary integrationTestsBinary dockerImage debugDockerImage; default = binary; }; From 3680627f0cd7b8c2ed6dead8192e2980d93d3bbc Mon Sep 17 00:00:00 2001 From: Sebastian Schmidt Date: Sun, 8 Oct 2023 14:55:59 +0300 Subject: [PATCH 9/9] Add names to CI jobs. --- .github/workflows/nix-lints.yml | 2 ++ .github/workflows/web-api-ci.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/nix-lints.yml b/.github/workflows/nix-lints.yml index 24e8843..613538a 100644 --- a/.github/workflows/nix-lints.yml +++ b/.github/workflows/nix-lints.yml @@ -17,6 +17,7 @@ on: jobs: nix_fmt: + name: Nix format runs-on: ubuntu-latest steps: - name: Checkout @@ -35,6 +36,7 @@ jobs: run: nix fmt --accept-flake-config -- --check . nix_dead_code: + name: Nix dead code runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/web-api-ci.yml b/.github/workflows/web-api-ci.yml index 4d9ab4a..f2e1ec3 100644 --- a/.github/workflows/web-api-ci.yml +++ b/.github/workflows/web-api-ci.yml @@ -25,6 +25,7 @@ on: jobs: run_integration_tests: + name: Backend integration tests runs-on: ubuntu-latest steps: - name: Checkout