From 8917287633bc232d9e1d1069fa693019a521c0ec Mon Sep 17 00:00:00 2001 From: Philippe Loctaux Date: Fri, 17 Nov 2023 01:16:26 +0100 Subject: [PATCH] nix: build, clippy, docker image WIP --- .gitignore | 3 ++ flake.lock | 106 +++++++++++++++++++++++++++++++++++++++++++ flake.nix | 130 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 239 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/.gitignore b/.gitignore index f1ef1ea..3cd1350 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,6 @@ # os .DS_Store + +# nix docker +/result \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..6482b92 --- /dev/null +++ b/flake.lock @@ -0,0 +1,106 @@ +{ + "nodes": { + "crane": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1699548976, + "narHash": "sha256-xnpxms0koM8mQpxIup9JnT0F7GrKdvv0QvtxvRuOYR4=", + "owner": "ipetkov", + "repo": "crane", + "rev": "6849911446e18e520970cc6b7a691e64ee90d649", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1700108881, + "narHash": "sha256-+Lqybl8kj0+nD/IlAWPPG/RDTa47gff9nbei0u7BntE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7414e9ee0b3e9903c24d3379f577a417f0aae5f1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "crane": "crane", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700100993, + "narHash": "sha256-Zc//DbR3eMGajG09iQUMTO/Tc/fdUYmTAzXYdxx5MKw=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "b7a041430733fccaa1ffc3724bb9454289d0f701", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..adb240c --- /dev/null +++ b/flake.nix @@ -0,0 +1,130 @@ +{ + description = "easy identity and access management"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + + crane = { + url = "github:ipetkov/crane"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + flake-utils.url = "github:numtide/flake-utils"; + + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-utils.follows = "flake-utils"; + }; + }; + }; + + outputs = { self, nixpkgs, crane, flake-utils, rust-overlay, ... }: + flake-utils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ (import rust-overlay) ]; + }; + + inherit (pkgs) lib; + + craneLib = crane.lib.${system}; + + # Get metadata from Cargo.toml + metadata = craneLib.crateNameFromCargoToml { cargoToml = ./crates/ezidam/Cargo.toml; }; + + # Common derivation arguments used for all builds + commonArgs = { + src = lib.cleanSourceWith { + src = craneLib.path ./.; # The original, unfiltered source + filter = path: type: + # SQL queries and migrations + (lib.hasSuffix ".sql" path) || + # Offline queries + (lib.hasInfix "/.sqlx/" path) || + # Default Logo + (lib.hasInfix "/logo/logo.png" path) || + # Test assets + (lib.hasInfix "/tests/" path) || + # Tera Templates + (lib.hasInfix "/templates/" path) || + # Static assets + (lib.hasInfix "/static/" path) || + # Default filter from crane (allow .rs files) + (craneLib.filterCargoSources path type) + ; + }; + + strictDeps = true; + + buildInputs = with pkgs; [ + # Add additional build inputs here + sqlite + ] ++ lib.optionals pkgs.stdenv.isDarwin [ + # Additional darwin specific inputs can be set here + ]; + + nativeBuildInputs = with pkgs; [ + # Add extra native build inputs here, etc. + pkg-config + ]; + + } // metadata; + + # Build *just* the cargo dependencies + cargoArtifacts = craneLib.buildDepsOnly commonArgs; + + # Clippy + ezidamClippy = craneLib.cargoClippy (commonArgs // { + inherit cargoArtifacts; + # Again we apply some extra arguments only to this derivation + # and not every where else. In this case we add some clippy flags + # cargoClippyExtraArgs = "--all-targets -- --deny warnings"; + }); + + # Build crate + ezidam = craneLib.buildPackage (commonArgs // { + cargoArtifacts = ezidamClippy; + }); + + # Docker image + dockerImage = pkgs.dockerTools.buildLayeredImage { + # Meta + name = metadata.pname; + tag = metadata.version; + created = builtins.substring 0 8 self.lastModifiedDate; + + # Content of image + contents = pkgs.buildEnv { + name = "image-root"; + paths = [ + ezidam + ]; + + pathsToLink = [ "/bin" ]; + }; + + + # Container config + config = { + Cmd = [ "${ezidam}/bin/ezidam" ]; + }; + }; + in + { + packages = { + inherit ezidam dockerImage; + default = ezidam; + }; + + checks = { + inherit + # Build the crate as part of `nix flake check` for convenience + ezidam + ezidamClippy; + }; + + }); +}