diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 818462e20..ed32b13a2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,8 +42,8 @@ jobs: run: nix develop --command check-clippy - name: Check Spelling run: nix develop --command check-spelling - - name: Check nixpkgs-fmt formatting - run: nix develop --command check-nixpkgs-fmt + - name: Check Nix formatting + run: nix develop --command check-nixfmt - name: Check EditorConfig conformance run: nix develop --command check-editorconfig - name: Shell check for nix-installer.sh diff --git a/flake.nix b/flake.nix index 61a02f1bf..f4e983fc9 100644 --- a/flake.nix +++ b/flake.nix @@ -26,33 +26,60 @@ }; outputs = - { self - , nixpkgs - , crane - , nix - , determinate - , ... - } @ inputs: + { + self, + nixpkgs, + crane, + nix, + determinate, + ... + }@inputs: let nix_tarball_url_prefix = "https://releases.nixos.org/nix/nix-2.33.1/nix-2.33.1-"; - supportedSystems = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ]; - systemsSupportedByDeterminateNixd = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ]; + supportedSystems = [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + ]; + systemsSupportedByDeterminateNixd = [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + ]; forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: (forSystem system f)); - forSystem = system: f: f rec { - inherit system; - pkgs = import nixpkgs { inherit system; overlays = [ self.overlays.default ]; }; - lib = pkgs.lib; - }; - - nixTarballs = forAllSystems ({ system, ... }: - inputs.nix.tarballs_direct.${system} - or "${inputs.nix.packages."${system}".binaryTarball}/nix-${inputs.nix.packages."${system}".default.version}-${system}.tar.xz"); - - optionalPathToDeterminateNixd = system: if builtins.elem system systemsSupportedByDeterminateNixd then "${inputs.determinate.packages.${system}.default}/bin/determinate-nixd" else null; + forSystem = + system: f: + f rec { + inherit system; + pkgs = import nixpkgs { + inherit system; + overlays = [ self.overlays.default ]; + }; + lib = pkgs.lib; + }; - installerPackage = { pkgs, stdenv, buildPackages }: + nixTarballs = forAllSystems ( + { system, ... }: + inputs.nix.tarballs_direct.${system} or "${inputs.nix.packages."${system}".binaryTarball}/nix-${ + inputs.nix.packages."${system}".default.version + }-${system}.tar.xz" + ); + + optionalPathToDeterminateNixd = + system: + if builtins.elem system systemsSupportedByDeterminateNixd then + "${inputs.determinate.packages.${system}.default}/bin/determinate-nixd" + else + null; + + installerPackage = + { + pkgs, + stdenv, + buildPackages, + }: let craneLib = crane.mkLib pkgs; sharedAttrs = { @@ -77,22 +104,25 @@ }; }; in - craneLib.buildPackage (sharedAttrs // { - cargoArtifacts = craneLib.buildDepsOnly sharedAttrs; - - cargoTestExtraArgs = "--all"; - - postInstall = '' - cp nix-installer.sh $out/bin/nix-installer.sh - ''; - - env = sharedAttrs.env // { - RUSTFLAGS = "--cfg tokio_unstable"; - NIX_TARBALL_URL = "${nix_tarball_url_prefix}${pkgs.stdenv.hostPlatform.system}.tar.xz"; - DETERMINATE_NIX_TARBALL_PATH = nixTarballs.${stdenv.hostPlatform.system}; - DETERMINATE_NIXD_BINARY_PATH = optionalPathToDeterminateNixd stdenv.hostPlatform.system; - }; - }); + craneLib.buildPackage ( + sharedAttrs + // { + cargoArtifacts = craneLib.buildDepsOnly sharedAttrs; + + cargoTestExtraArgs = "--all"; + + postInstall = '' + cp nix-installer.sh $out/bin/nix-installer.sh + ''; + + env = sharedAttrs.env // { + RUSTFLAGS = "--cfg tokio_unstable"; + NIX_TARBALL_URL = "${nix_tarball_url_prefix}${pkgs.stdenv.hostPlatform.system}.tar.xz"; + DETERMINATE_NIX_TARBALL_PATH = nixTarballs.${stdenv.hostPlatform.system}; + DETERMINATE_NIXD_BINARY_PATH = optionalPathToDeterminateNixd stdenv.hostPlatform.system; + }; + } + ); in { overlays.default = final: prev: { @@ -100,7 +130,8 @@ nix-installer-static = final.pkgsStatic.callPackage installerPackage { }; }; - devShells = forAllSystems ({ system, pkgs, ... }: + devShells = forAllSystems ( + { system, pkgs, ... }: let check = import ./nix/check.nix { inherit pkgs; }; in @@ -114,36 +145,44 @@ DETERMINATE_NIXD_BINARY_PATH = optionalPathToDeterminateNixd system; nativeBuildInputs = with pkgs; [ ]; - buildInputs = with pkgs; [ - rustc - cargo - clippy - rustfmt - shellcheck - rust-analyzer - cargo-outdated - cacert - # cargo-audit # NOTE(cole-h): build currently broken because of time dependency and Rust 1.80 - cargo-watch - nixpkgs-fmt - check.check-rustfmt - check.check-spelling - check.check-nixpkgs-fmt - check.check-editorconfig - check.check-semver - check.check-clippy - editorconfig-checker - toml-cli - ] - ++ lib.optionals (pkgs.stdenv.isLinux) (with pkgs; [ - checkpolicy - semodule-utils - /* users are expected to have a system docker, too */ - ]); + buildInputs = + with pkgs; + [ + rustc + cargo + clippy + rustfmt + shellcheck + rust-analyzer + cargo-outdated + cacert + # cargo-audit # NOTE(cole-h): build currently broken because of time dependency and Rust 1.80 + cargo-watch + check.check-rustfmt + check.check-spelling + check.check-nixfmt + check.check-editorconfig + check.check-semver + check.check-clippy + editorconfig-checker + toml-cli + + self.formatter.${system} + ] + ++ lib.optionals (pkgs.stdenv.isLinux) ( + with pkgs; + [ + checkpolicy + semodule-utils + # users are expected to have a system docker, too + ] + ); }; - }); + } + ); - checks = forAllSystems ({ system, pkgs, ... }: + checks = forAllSystems ( + { system, pkgs, ... }: let check = import ./nix/check.nix { inherit pkgs; }; in @@ -158,27 +197,41 @@ check-spelling touch $out ''; - check-nixpkgs-fmt = pkgs.runCommand "check-nixpkgs-fmt" { buildInputs = [ check.check-nixpkgs-fmt ]; } '' + check-nixfmt = pkgs.runCommand "check-nixfmt" { buildInputs = [ check.check-nixfmt ]; } '' cd ${./.} - check-nixpkgs-fmt + check-nixfmt touch $out ''; - check-editorconfig = pkgs.runCommand "check-editorconfig" { buildInputs = [ pkgs.git check.check-editorconfig ]; } '' - cd ${./.} - check-editorconfig - touch $out - ''; - }); - - packages = forAllSystems ({ system, pkgs, ... }: + check-editorconfig = + pkgs.runCommand "check-editorconfig" + { + buildInputs = [ + pkgs.git + check.check-editorconfig + ]; + } + '' + cd ${./.} + check-editorconfig + touch $out + ''; + } + ); + + formatter = forAllSystems ({ pkgs, ... }: pkgs.nixfmt); + + packages = forAllSystems ( + { system, pkgs, ... }: { inherit (pkgs) nix-installer nix-installer-static; default = pkgs.nix-installer-static; - } // nixpkgs.lib.optionalAttrs (pkgs.stdenv.isDarwin) { + } + // nixpkgs.lib.optionalAttrs (pkgs.stdenv.isDarwin) { determinate-nixd = pkgs.runCommand "determinate-nixd-link" { } '' ln -s ${optionalPathToDeterminateNixd system} $out ''; - }); + } + ); hydraJobs = { vm-test = import ./nix/tests/vm-test { diff --git a/nix/check.nix b/nix/check.nix index 54880a636..3be1defe6 100644 --- a/nix/check.nix +++ b/nix/check.nix @@ -6,57 +6,96 @@ in { # Format - check-rustfmt = (writeShellApplication { - name = "check-rustfmt"; - runtimeInputs = with pkgs; [ cargo rustfmt ]; - text = "cargo fmt --check"; - }); + check-rustfmt = ( + writeShellApplication { + name = "check-rustfmt"; + runtimeInputs = with pkgs; [ + cargo + rustfmt + ]; + text = "cargo fmt --check"; + } + ); # Spelling - check-spelling = (writeShellApplication { - name = "check-spelling"; - runtimeInputs = with pkgs; [ git codespell ]; - text = '' - codespell \ - --ignore-words-list="ba,sur,crate,pullrequest,pullrequests,ser,distroname" \ - --skip="./target,.git,./src/action/linux/selinux,*.lock" \ - . - ''; - }); - - # NixFormatting - check-nixpkgs-fmt = (writeShellApplication { - name = "check-nixpkgs-fmt"; - runtimeInputs = with pkgs; [ git nixpkgs-fmt findutils ]; - text = '' - nixpkgs-fmt --check . - ''; - }); + check-spelling = ( + writeShellApplication { + name = "check-spelling"; + runtimeInputs = with pkgs; [ + git + codespell + ]; + text = '' + codespell \ + --ignore-words-list="ba,sur,crate,pullrequest,pullrequests,ser,distroname" \ + --skip="./target,.git,./src/action/linux/selinux,*.lock" \ + . + ''; + } + ); + + # Check Nix formatting + check-nixfmt = ( + writeShellApplication { + name = "check-nixfmt"; + runtimeInputs = with pkgs; [ + git + nixfmt + ]; + text = '' + git ls-files '*.nix' | xargs nixfmt --check + ''; + } + ); + + # Format Nix + format-nix = ( + writeShellApplication { + name = "format-nix"; + runtimeInputs = with pkgs; [ + git + nixfmt + ]; + text = '' + git ls-files '*.nix' | xargs nix fmt + ''; + } + ); # EditorConfig - check-editorconfig = (writeShellApplication { - name = "check-editorconfig"; - runtimeInputs = with pkgs; [ editorconfig-checker ]; - text = '' - editorconfig-checker - ''; - }); + check-editorconfig = ( + writeShellApplication { + name = "check-editorconfig"; + runtimeInputs = with pkgs; [ editorconfig-checker ]; + text = '' + editorconfig-checker + ''; + } + ); # Semver - check-semver = (writeShellApplication { - name = "check-semver"; - runtimeInputs = with pkgs; [ cargo-semver-checks ]; - text = '' - cargo-semver-checks semver-checks check-release - ''; - }); + check-semver = ( + writeShellApplication { + name = "check-semver"; + runtimeInputs = with pkgs; [ cargo-semver-checks ]; + text = '' + cargo-semver-checks semver-checks check-release + ''; + } + ); # Clippy - check-clippy = (writeShellApplication { - name = "check-clippy"; - runtimeInputs = with pkgs; [ cargo clippy rustc ]; - text = '' - cargo clippy - ''; - }); + check-clippy = ( + writeShellApplication { + name = "check-clippy"; + runtimeInputs = with pkgs; [ + cargo + clippy + rustc + ]; + text = '' + cargo clippy + ''; + } + ); } diff --git a/nix/tests/container-test/default.nix b/nix/tests/container-test/default.nix index 6bfb4c43b..0dfd2e21e 100644 --- a/nix/tests/container-test/default.nix +++ b/nix/tests/container-test/default.nix @@ -36,33 +36,45 @@ let }; }; - makeTest = containerTool: imageName: - let image = images.${imageName}; in - with (forSystem image.system ({ system, pkgs, lib, ... }: pkgs)); - testers.nixosTest + makeTest = + containerTool: imageName: + let + image = images.${imageName}; + in + with (forSystem image.system ( { - name = "container-test-${imageName}"; - nodes = { - machine = - { config, pkgs, ... }: { - virtualisation.${containerTool}.enable = true; - virtualisation.diskSize = 4 * 1024; - }; - }; - testScript = '' - machine.start() - machine.copy_from_host("${image.tarball}", "/image") - machine.succeed("mkdir -p /test") - machine.copy_from_host("${image.tester}", "/test/Dockerfile") - machine.copy_from_host("${nix-installer-static}", "/test/nix-installer") - machine.copy_from_host("${binaryTarball.${system}}", "/test/binary-tarball") - machine.succeed("${containerTool} import /image default") - machine.succeed("${containerTool} build -t test /test") - ''; + system, + pkgs, + lib, + ... + }: + pkgs + )); + testers.nixosTest { + name = "container-test-${imageName}"; + nodes = { + machine = + { config, pkgs, ... }: + { + virtualisation.${containerTool}.enable = true; + virtualisation.diskSize = 4 * 1024; + }; }; + testScript = '' + machine.start() + machine.copy_from_host("${image.tarball}", "/image") + machine.succeed("mkdir -p /test") + machine.copy_from_host("${image.tester}", "/test/Dockerfile") + machine.copy_from_host("${nix-installer-static}", "/test/nix-installer") + machine.copy_from_host("${binaryTarball.${system}}", "/test/binary-tarball") + machine.succeed("${containerTool} import /image default") + machine.succeed("${containerTool} build -t test /test") + ''; + }; - container-tests = builtins.mapAttrs - (imageName: image: (with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); { + container-tests = builtins.mapAttrs ( + imageName: image: + (with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); { ${image.system} = rec { docker = makeTest "docker" imageName; podman = makeTest "podman" imageName; @@ -74,27 +86,36 @@ let ]; }; }; - })) - images; + }) + ) images; in -container-tests // { +container-tests +// { all."x86_64-linux" = rec { - all = (with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); pkgs.releaseTools.aggregate { - name = "all"; - constituents = [ - docker - podman - ]; - }); - docker = (with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); pkgs.releaseTools.aggregate { - name = "all"; - constituents = pkgs.lib.mapAttrsToList (name: value: value."x86_64-linux".docker) container-tests; - }); - podman = (with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); pkgs.releaseTools.aggregate { - name = "all"; - constituents = pkgs.lib.mapAttrsToList (name: value: value."x86_64-linux".podman) container-tests; - }); + all = ( + with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); + pkgs.releaseTools.aggregate { + name = "all"; + constituents = [ + docker + podman + ]; + } + ); + docker = ( + with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); + pkgs.releaseTools.aggregate { + name = "all"; + constituents = pkgs.lib.mapAttrsToList (name: value: value."x86_64-linux".docker) container-tests; + } + ); + podman = ( + with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); + pkgs.releaseTools.aggregate { + name = "all"; + constituents = pkgs.lib.mapAttrsToList (name: value: value."x86_64-linux".podman) container-tests; + } + ); }; } - diff --git a/nix/tests/vm-test/default.nix b/nix/tests/vm-test/default.nix index 630ca84c0..4d7c15e2c 100644 --- a/nix/tests/vm-test/default.nix +++ b/nix/tests/vm-test/default.nix @@ -1,5 +1,9 @@ # Largely derived from https://github.com/NixOS/nix/blob/14f7dae3e4eb0c34192d0077383a7f2a2d630129/tests/installer/default.nix -{ forSystem, binaryTarball, lib }: +{ + forSystem, + binaryTarball, + lib, +}: let nix-installer-install = '' @@ -220,7 +224,8 @@ let sudo journalctl -eu determinate-nixd.service exit 1 fi - '' + installCases.install-default.check; + '' + + installCases.install-default.check; uninstall = installCases.install-default.uninstall; uninstallCheck = installCases.install-default.uninstallCheck; }; @@ -502,13 +507,18 @@ let }; - makeTest = imageName: testName: test: - let image = images.${imageName}; in + makeTest = + imageName: testName: test: + let + image = images.${imageName}; + in with (forSystem image.system ({ system, pkgs, ... }: pkgs)); - runCommand - "installer-test-${imageName}-${testName}" + runCommand "installer-test-${imageName}-${testName}" { - buildInputs = [ qemu_kvm openssh ]; + buildInputs = [ + qemu_kvm + openssh + ]; image = image.image; postBoot = image.postBoot or ""; preinstallScript = test.preinstall or "echo \"Not Applicable\""; @@ -602,31 +612,27 @@ let touch $out ''; - makeTests = name: tests: builtins.mapAttrs - (imageName: image: + makeTests = + name: tests: + builtins.mapAttrs ( + imageName: image: let doTests = builtins.removeAttrs tests (image.skip or [ ]); in rec { - ${image.system} = (builtins.mapAttrs - (testName: test: - makeTest imageName testName test - ) - doTests) // { - "${name}" = (with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); pkgs.releaseTools.aggregate { - name = name; - constituents = ( - pkgs.lib.mapAttrsToList - (testName: test: - makeTest imageName testName test - ) - doTests + ${image.system} = + (builtins.mapAttrs (testName: test: makeTest imageName testName test) doTests) + // { + "${name}" = ( + with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); + pkgs.releaseTools.aggregate { + name = name; + constituents = (pkgs.lib.mapAttrsToList (testName: test: makeTest imageName testName test) doTests); + } ); - }); - }; + }; } - ) - images; + ) images; allCases = lib.recursiveUpdate (lib.recursiveUpdate installCases (lib.recursiveUpdate cureSelfCases cureScriptCases)) uninstallCases; @@ -638,27 +644,48 @@ let uninstall-tests = makeTests "uninstall" uninstallCases; - all-tests = builtins.mapAttrs - (imageName: image: { - "x86_64-linux".all = (with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); pkgs.releaseTools.aggregate { + all-tests = builtins.mapAttrs (imageName: image: { + "x86_64-linux".all = ( + with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); + pkgs.releaseTools.aggregate { name = "all"; constituents = [ install-tests."${imageName}"."x86_64-linux".install cure-self-tests."${imageName}"."x86_64-linux".cure-self uninstall-tests."${imageName}"."x86_64-linux".uninstall - ] ++ (lib.optional (image.upstreamScriptsWork or false) cure-script-tests."${imageName}"."x86_64-linux".cure-script); - }); - }) - images; + ] + ++ (lib.optional (image.upstreamScriptsWork or false) + cure-script-tests."${imageName}"."x86_64-linux".cure-script + ); + } + ); + }) images; joined-tests = lib.recursiveUpdate (lib.recursiveUpdate (lib.recursiveUpdate install-tests (lib.recursiveUpdate cure-self-tests cure-script-tests)) uninstall-tests) all-tests; in lib.recursiveUpdate joined-tests { - all."x86_64-linux" = (with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); pkgs.lib.mapAttrs (caseName: case: - pkgs.releaseTools.aggregate { - name = caseName; - constituents = pkgs.lib.mapAttrsToList (name: value: value."x86_64-linux"."${caseName}" or "") joined-tests; - } - )) (allCases // { "cure-self" = { }; "cure-script" = { }; "install" = { }; "uninstall" = { }; "all" = { }; }); + all."x86_64-linux" = + ( + with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); + pkgs.lib.mapAttrs ( + caseName: case: + pkgs.releaseTools.aggregate { + name = caseName; + constituents = pkgs.lib.mapAttrsToList ( + name: value: value."x86_64-linux"."${caseName}" or "" + ) joined-tests; + } + ) + ) + ( + allCases + // { + "cure-self" = { }; + "cure-script" = { }; + "install" = { }; + "uninstall" = { }; + "all" = { }; + } + ); }