From 5e77c972ddac81021d4cd1da1fb984bb987464ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20N=C3=BCtzi?= Date: Fri, 28 Jun 2024 18:16:33 +0200 Subject: [PATCH] feat: Add Nix packaging and more CI --- .github/workflows/pipeline.yaml | 28 ++++++++++- .gitignore | 9 +++- .gitlab/images/Containerfile | 8 ++++ justfile | 30 ++++++++++-- tools/nix/flake.lock | 21 ++++----- tools/nix/flake.nix | 18 ++------ tools/nix/pkgs/rdf-protect.nix | 82 +++++++++++---------------------- 7 files changed, 108 insertions(+), 88 deletions(-) diff --git a/.github/workflows/pipeline.yaml b/.github/workflows/pipeline.yaml index bf10d1b..462424f 100644 --- a/.github/workflows/pipeline.yaml +++ b/.github/workflows/pipeline.yaml @@ -1,4 +1,5 @@ # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +--- name: rdf-protect on: @@ -48,8 +49,31 @@ jobs: run: | source .gitlab/scripts/before-script.sh && just nix-develop-ci just build + # - name: 3.1 - tests + # run: | + # source .gitlab/scripts/before-script.sh && + # just nix-develop-ci just test - deploy: + test: runs-on: ubuntu-latest container: - image: ghcr.io/sdsc-ordes/rdf-protect:ci-build-1.0.0 + image: ghcr.io/sdsc-ordes/rdf-protect:ci-test-1.0.0 + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: 4 - test + run: | + source .gitlab/scripts/before-script.sh && + just nix-develop-ci just test + + package: + runs-on: ubuntu-latest + container: + image: ghcr.io/sdsc-ordes/rdf-protect:ci-package-1.0.0 + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: 5 - package (nix) + run: | + source .gitlab/scripts/before-script.sh && + just build-package diff --git a/.gitignore b/.gitignore index 2d5df85..1900fa5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,9 @@ -/target +# Tooling .direnv + +# Rust +/target + +# Nix +result +package diff --git a/.gitlab/images/Containerfile b/.gitlab/images/Containerfile index 1d60204..1336682 100644 --- a/.gitlab/images/Containerfile +++ b/.gitlab/images/Containerfile @@ -38,3 +38,11 @@ FROM ci-nix as ci-lint # Build image. # =============================================== FROM ci-nix as ci-build + +# Test image. +# =============================================== +FROM ci-nix as ci-test + +# Package image. +# =============================================== +FROM ci-nix as ci-package diff --git a/justfile b/justfile index 07a633b..cd28e5e 100644 --- a/justfile +++ b/justfile @@ -7,11 +7,15 @@ root_dir := `git rev-parse --show-toplevel` # You can chose either "podman" or "docker". container_mgr := "podman" +# Default recipe to list all recipes. +default: + just --list + # Enter a Nix development shell. nix-develop shell="zsh": cd "{{root_dir}}" && nix develop ./tools/nix#default --command zsh - +## Standard stuff ============================================================= # Build the executable. build *args: cd "{{root_dir}}" && cargo build "${@:1}" @@ -24,6 +28,10 @@ watch: run: cd "{{root_dir}}" && cargo run "${@:1}" +# Run the tests. +test: + cd "{{root_dir}}" && cargo test "${@:1}" + # Format the code. format *args: cd "{{comp_dir}}" && \ @@ -38,12 +46,24 @@ format-general *args: lint *args: cd "{{comp_dir}}" && \ "{{root_dir}}/tools/lint-rust.sh" {{args}} +## ============================================================================ -# Upload all images for CI. -upload-ci-images: - cd "{{root_dir}}" && \ - .gitlab/scripts/upload-images.sh +## CI stuff =================================================================== # Enter a Nix development shell for CI. nix-develop-ci: cd "{{root_dir}}" && nix develop ./tools/nix#default --command "$@" + +# Build the nix package into the folder `package` (first argument). +nix-package *args: + dir="${1:-package}" && \ + cd "{{root_dir}}" && \ + nix build "./tools/nix#rdf-protect" \ + --out-link "$dir" \ + "${@:2}" + +# Upload all images for CI. +upload-ci-images: + cd "{{root_dir}}" && \ + .gitlab/scripts/upload-images.sh +## ============================================================================ diff --git a/tools/nix/flake.lock b/tools/nix/flake.lock index bec525e..14cc310 100644 --- a/tools/nix/flake.lock +++ b/tools/nix/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1718318537, - "narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=", + "lastModified": 1719254875, + "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e9ee548d90ff586a6471b4ae80ae9cfcbceb3420", + "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", "type": "github" }, "original": { @@ -36,11 +36,11 @@ }, "nixpkgsStable": { "locked": { - "lastModified": 1718229064, - "narHash": "sha256-ZFav8A9zPNfjZg/wrxh1uZeMJHELRfRgFP+meq01XYk=", + "lastModified": 1719234068, + "narHash": "sha256-1AjSIedDC/aERt24KsCUftLpVppW61S7awfjGe7bMio=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5c2ec3a5c2ee9909904f860dadc19bc12cd9cc44", + "rev": "90bd1b26e23760742fdcb6152369919098f05417", "type": "github" }, "original": { @@ -60,19 +60,16 @@ }, "rust-overlay": { "inputs": { - "flake-utils": [ - "flake-utils" - ], "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1718590793, - "narHash": "sha256-92OO8XrQTvdvDtRi0BAkjTaoZXW5ORuvqdk677wW7ko=", + "lastModified": 1719541143, + "narHash": "sha256-YdHqW6EM5pXMwXHhC+KniBv3aquXuJrFar2XXaV7x+c=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "5265b8a1e1d2e370e8b45b557326b691aec7d163", + "rev": "ed12832f267ab223cd085b0bd6ee3432caa69067", "type": "github" }, "original": { diff --git a/tools/nix/flake.nix b/tools/nix/flake.nix index cab80f2..1208885 100644 --- a/tools/nix/flake.nix +++ b/tools/nix/flake.nix @@ -29,15 +29,6 @@ # The Rust overlay to include the latest toolchain. rust-overlay = { url = "github:oxalica/rust-overlay"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; - }; - }; - - # The library to build the rust package. - crane = { - url = "https://github.com/ipetkov/crane"; inputs = { nixpkgs.follows = "nixpkgs"; }; @@ -50,10 +41,9 @@ nixpkgsStable, flake-utils, rust-overlay, - crane, ... } @ inputs: let - rootDir = "./" + "../../"; + rootDir = ./. + "../../.."; in flake-utils.lib.eachDefaultSystem # Creates an attribute map `{ devShells..default = ...}` @@ -63,6 +53,7 @@ overlays = [(import rust-overlay)]; # Import nixpkgs and load it into pkgs. + # Overlay the rust toolchain pkgs = import nixpkgs { inherit system overlays; }; @@ -104,9 +95,8 @@ }; packages = { - rdf-protect = (import pkgs/rdf-protect) { - inherit crane; - inherit rootDir; + rdf-protect = (import ./pkgs/rdf-protect.nix) { + inherit rootDir rustToolchain pkgs lib; }; images = { diff --git a/tools/nix/pkgs/rdf-protect.nix b/tools/nix/pkgs/rdf-protect.nix index 6e5ca2a..99813e7 100644 --- a/tools/nix/pkgs/rdf-protect.nix +++ b/tools/nix/pkgs/rdf-protect.nix @@ -1,54 +1,28 @@ -{pkgs, lib, rustPlatform, rootDir}: - rustPlatform.buildRustPackage rec { - inherit buildInputs nativeBuildInputs; - - name = "rdf-protect"; - src = rootDir; - version = "1.0.0"; - - cargoLock = { - lockFile = "${rootDir}/Cargo.lock"; - allowBuiltinFetchGit = true; - }; - - preConfigure = '' - ''; - - postPatch = '' - ''; - - preFixup = lib.optionalString stdenv.isLinux '' - patchelf \ - --add-needed "${pkgs.libGL}/lib/libEGL.so.1" \ - --add-needed "${pkgs.vulkan-loader}/lib/libvulkan.so.1" \ - $out/bin/wezterm-gui - ''; - - postInstall = '' - mkdir -p $out/nix-support - echo "${passthru.terminfo}" >> $out/nix-support/propagated-user-env-packages - - install -Dm644 assets/icon/terminal.png $out/share/icons/hicolor/128x128/apps/org.wezfurlong.wezterm.png - install -Dm644 assets/wezterm.desktop $out/share/applications/org.wezfurlong.wezterm.desktop - install -Dm644 assets/wezterm.appdata.xml $out/share/metainfo/org.wezfurlong.wezterm.appdata.xml - - install -Dm644 assets/shell-integration/wezterm.sh -t $out/etc/profile.d - installShellCompletion --cmd wezterm \ - --bash assets/shell-completion/bash \ - --fish assets/shell-completion/fish \ - --zsh assets/shell-completion/zsh - - install -Dm644 assets/wezterm-nautilus.py -t $out/share/nautilus-python/extensions - ''; - - passthru = { - terminfo = - pkgs.runCommand "wezterm-terminfo" - { - nativeBuildInputs = [pkgs.ncurses]; - } '' - mkdir -p $out/share/terminfo $out/nix-support - tic -x -o $out/share/terminfo ${src}/termwiz/data/wezterm.terminfo - ''; - }; - }; +{ + pkgs, + lib, + rustToolchain, + rootDir, + ... +}: let + rustPlatform = pkgs.makeRustPlatform { + cargo = rustToolchain; + rustc = rustToolchain; + }; +in + rustPlatform.buildRustPackage { + name = "rdf-protect"; + src = rootDir; + version = "1.0.0"; + + cargoLock = { + lockFile = rootDir + "/Cargo.lock"; + }; + + meta = { + description = "A simple Rust CLI tool to protect sensitive values in RDF triples through pseudonymization"; + homepage = "https://github.com/sdsc-ordes/rdf-protect"; + license = lib.licenses.asl20; + maintainers = ["gabyx" "cmdoret"]; + }; + }