From 3c572a0846eaef6d9b7af878f98f3f39cceba9c9 Mon Sep 17 00:00:00 2001 From: seth Date: Mon, 19 Aug 2024 05:41:39 -0400 Subject: [PATCH 1/4] nix: drop flake-utils --- flake.lock | 34 ----------- flake.nix | 171 +++++++++++++++++++++++++++++++---------------------- 2 files changed, 99 insertions(+), 106 deletions(-) diff --git a/flake.lock b/flake.lock index f66d019..2b1d16c 100644 --- a/flake.lock +++ b/flake.lock @@ -1,23 +1,5 @@ { "nodes": { - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1723603349, @@ -36,7 +18,6 @@ }, "root": { "inputs": { - "flake-utils": "flake-utils", "nixpkgs": "nixpkgs", "rust-overlay": "rust-overlay" } @@ -60,21 +41,6 @@ "repo": "rust-overlay", "type": "github" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 857d701..5a470d7 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,6 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - flake-utils.url = "github:numtide/flake-utils"; rust-overlay = { url = "github:oxalica/rust-overlay"; @@ -20,46 +19,58 @@ { self, nixpkgs, - flake-utils, - ... - }@inputs: - flake-utils.lib.eachDefaultSystem ( - system: - let - pkgs = import nixpkgs { + rust-overlay, + }: + let + inherit (nixpkgs) lib; + systems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" + ]; + + forAllSystems = lib.genAttrs systems; + nixpkgsFor = forAllSystems ( + system: + import nixpkgs { inherit system; config = { }; overlays = [ - inputs.rust-overlay.overlays.default + rust-overlay.overlays.default self.overlays.default ]; - }; - - inherit (pkgs) lib; - - mkFlakeCheck = - { - name, - nativeBuildInputs ? [ ], - command, - }: - pkgs.stdenv.mkDerivation { - name = "check-${name}"; - inherit nativeBuildInputs; - inherit (self.packages.${system}.nrr) src cargoDeps; - - buildPhase = '' - ${command} - touch "$out" - ''; - - doCheck = false; - dontInstall = true; - dontFixup = true; - }; - in - { - checks = { + } + ); + in + { + checks = forAllSystems ( + system: + let + pkgs = nixpkgsFor.${system}; + + mkFlakeCheck = + { + name, + nativeBuildInputs ? [ ], + command, + }: + pkgs.stdenv.mkDerivation { + name = "check-${name}"; + inherit nativeBuildInputs; + inherit (self.packages.${system}.nrr) src cargoDeps; + + buildPhase = '' + ${command} + touch "$out" + ''; + + doCheck = false; + dontInstall = true; + dontFixup = true; + }; + in + { nixfmt = mkFlakeCheck { name = "nixfmt"; nativeBuildInputs = with pkgs; [ nixfmt-rfc-style ]; @@ -68,15 +79,18 @@ rustfmt = mkFlakeCheck { name = "rustfmt"; + nativeBuildInputs = with pkgs; [ cargo rustfmt ]; + command = "cargo fmt --check"; }; clippy = mkFlakeCheck { name = "clippy"; + nativeBuildInputs = with pkgs; [ rustPlatform.cargoSetupHook cargo @@ -85,54 +99,67 @@ clippy-sarif sarif-fmt ]; + command = '' cargo clippy --all-features --all-targets --tests \ --offline --message-format=json \ | clippy-sarif | tee $out | sarif-fmt ''; }; - }; + } + ); + + devShells = forAllSystems ( + system: + let + pkgs = nixpkgsFor.${system}; + in + { + default = pkgs.mkShell { + packages = with pkgs; [ + rustfmt + clippy + rust-analyzer - devShells.default = pkgs.mkShell { - packages = with pkgs; [ - rustc - cargo - rustfmt - clippy - rust-analyzer + git-cliff # changelog generator + taplo # TOML toolkit - git-cliff # changelog generator - taplo # TOML toolkit + cargo-audit + cargo-bloat + cargo-expand - cargo-audit - cargo-bloat - cargo-expand + libiconv + ]; - libiconv - ]; + inputsFrom = [ self.packages.${system}.nrr ]; - __structuredAttrs = true; - env = { - RUST_BACKTRACE = 1; - RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; + __structuredAttrs = true; + env = { + RUST_BACKTRACE = 1; + RUST_SRC_PATH = toString pkgs.rustPlatform.rustLibSrc; + }; }; - }; - - packages = - { - inherit (pkgs) nrr; - default = pkgs.nrr; - } - // (lib.attrsets.mapAttrs' ( - name: value: lib.nameValuePair "check-${name}" value - ) self.checks.${system}); - - legacyPackages = import ./nix/static.nix pkgs; - - formatter = pkgs.nixfmt-rfc-style; - } - ) - // { + } + ); + + packages = forAllSystems ( + system: + let + pkgs = nixpkgsFor.${system}; + in + { + inherit (pkgs) nrr; + default = pkgs.nrr; + } + // (lib.attrsets.mapAttrs' ( + name: value: lib.nameValuePair "check-${name}" value + ) self.checks.${system}) + ); + + legacyPackages = forAllSystems (system: import ./nix/static.nix nixpkgsFor.${system}); + + formatter = forAllSystems (system: nixpkgsFor.${system}.nixfmt-rfc-style); + overlays.default = _: prev: { nrr = prev.callPackage ./nix/package.nix { }; }; }; } From 181a3f810ee2e330f069a15cacca7ad031c9ee95 Mon Sep 17 00:00:00 2001 From: seth Date: Mon, 19 Aug 2024 05:55:49 -0400 Subject: [PATCH 2/4] nix: drop rust-overlay --- .github/workflows/build.yml | 10 +++++----- flake.lock | 23 +--------------------- flake.nix | 22 ++++----------------- nix/static.nix | 39 ++++++++----------------------------- 4 files changed, 18 insertions(+), 76 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d2cbcc1..46ed53d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -80,9 +80,9 @@ jobs: strategy: matrix: - arch: - - x86_64 - - aarch64 + target: + - "x86_64-unknown-linux-musl" + - "aarch64-unknown-linux-musl" runs-on: ubuntu-latest @@ -97,7 +97,7 @@ jobs: uses: DeterminateSystems/magic-nix-cache-action@main - name: Build - run: nix build --fallback --print-build-logs '.#nrr-static-${{ matrix.arch }}' + run: nix build --fallback --print-build-logs '.#nrr-static-${{ matrix.target }}' - name: Generate build provenance attestations uses: actions/attest-build-provenance@v1 @@ -109,5 +109,5 @@ jobs: uses: actions/upload-artifact@v4 with: if-no-files-found: "error" - name: nrr-${{ matrix.arch }}-unknown-linux-musl + name: nrr-${{ matrix.target }} path: ./result/bin/nrr diff --git a/flake.lock b/flake.lock index 2b1d16c..514f69c 100644 --- a/flake.lock +++ b/flake.lock @@ -18,28 +18,7 @@ }, "root": { "inputs": { - "nixpkgs": "nixpkgs", - "rust-overlay": "rust-overlay" - } - }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1723602049, - "narHash": "sha256-Z/noCSn9WPkv7O77dWKLcBxe4Ub4bWyNzsL5JhjaQfw=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "ea0bf33a11a26a62c60123c49d96011da396602c", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" + "nixpkgs": "nixpkgs" } } }, diff --git a/flake.nix b/flake.nix index 5a470d7..df70bc5 100644 --- a/flake.nix +++ b/flake.nix @@ -6,21 +6,10 @@ extra-trusted-public-keys = [ "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" ]; }; - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - - rust-overlay = { - url = "github:oxalica/rust-overlay"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; outputs = - { - self, - nixpkgs, - rust-overlay, - }: + { self, nixpkgs }: let inherit (nixpkgs) lib; systems = [ @@ -36,10 +25,7 @@ import nixpkgs { inherit system; config = { }; - overlays = [ - rust-overlay.overlays.default - self.overlays.default - ]; + overlays = [ self.overlays.default ]; } ); in @@ -156,7 +142,7 @@ ) self.checks.${system}) ); - legacyPackages = forAllSystems (system: import ./nix/static.nix nixpkgsFor.${system}); + legacyPackages = forAllSystems (system: nixpkgsFor.${system}.callPackage ./nix/static.nix { }); formatter = forAllSystems (system: nixpkgsFor.${system}.nixfmt-rfc-style); diff --git a/nix/static.nix b/nix/static.nix index 7b6dc23..ea7fa49 100644 --- a/nix/static.nix +++ b/nix/static.nix @@ -1,33 +1,10 @@ -{ - lib, - pkgsCross, - rust-bin, - nrr, - ... -}: +{ lib, pkgsCross }: let - targets = { - x86_64 = pkgsCross.musl64.pkgsStatic; - aarch64 = pkgsCross.aarch64-multiplatform.pkgsStatic; - }; - - toolchain = rust-bin.stable.latest.minimal.override { - extensions = [ "rust-std" ]; - targets = map (pkgs: pkgs.stdenv.hostPlatform.config) (lib.attrValues targets); - }; - - rustPlatforms = lib.mapAttrs (lib.const ( - pkgs: - pkgs.makeRustPlatform ( - lib.genAttrs [ - "cargo" - "rustc" - ] (lib.const toolchain) - ) - )) targets; - - mkPackageWith = rustPlatform: nrr.override { inherit rustPlatform; }; + crossTargets = [ + pkgsCross.musl64.pkgsStatic + pkgsCross.aarch64-multiplatform.pkgsStatic + ]; in -lib.mapAttrs' ( - target: rustPlatform: lib.nameValuePair "nrr-static-${target}" (mkPackageWith rustPlatform) -) rustPlatforms +builtins.listToAttrs ( + map (pkgs: lib.nameValuePair (builtins.parseDrvName pkgs.nrr.name).name pkgs.nrr) crossTargets +) From 5146345c5687a85aceaf715cad8863729f3190de Mon Sep 17 00:00:00 2001 From: seth Date: Mon, 19 Aug 2024 05:58:24 -0400 Subject: [PATCH 3/4] nix: don't re-instantiate nixpkgs Previously, applying the overlay to our instance of nixpkgs added about ~100mb of memory to each evaluation, along with a few extra secnds to evaluate https://zimbatm.com/notes/1000-instances-of-nixpkgs --- flake.nix | 16 ++++++---------- nix/static.nix | 8 +++++++- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/flake.nix b/flake.nix index df70bc5..0e74f81 100644 --- a/flake.nix +++ b/flake.nix @@ -20,14 +20,7 @@ ]; forAllSystems = lib.genAttrs systems; - nixpkgsFor = forAllSystems ( - system: - import nixpkgs { - inherit system; - config = { }; - overlays = [ self.overlays.default ]; - } - ); + nixpkgsFor = forAllSystems (system: nixpkgs.legacyPackages.${system}); in { checks = forAllSystems ( @@ -132,10 +125,13 @@ system: let pkgs = nixpkgsFor.${system}; + + # re-use our overlay to call packages + packages = self.overlays.default null pkgs; in { - inherit (pkgs) nrr; - default = pkgs.nrr; + inherit (packages) nrr; + default = packages.nrr; } // (lib.attrsets.mapAttrs' ( name: value: lib.nameValuePair "check-${name}" value diff --git a/nix/static.nix b/nix/static.nix index ea7fa49..2e694da 100644 --- a/nix/static.nix +++ b/nix/static.nix @@ -6,5 +6,11 @@ let ]; in builtins.listToAttrs ( - map (pkgs: lib.nameValuePair (builtins.parseDrvName pkgs.nrr.name).name pkgs.nrr) crossTargets + map ( + pkgs: + let + package = pkgs.callPackage ./package.nix { }; + in + lib.nameValuePair (builtins.parseDrvName package.name).name package + ) crossTargets ) From d948c79f3bed2e4216e3b5ba4a6ee3fb42e0bc2e Mon Sep 17 00:00:00 2001 From: seth Date: Mon, 19 Aug 2024 06:08:01 -0400 Subject: [PATCH 4/4] nix: use nix-filter to filter source Avoids nix#9428 (path coercion like `"${./.}"` causes files to be added to the store twice) --- flake.lock | 16 ++++++++++++++++ flake.nix | 19 +++++++++++++++---- nix/package.nix | 17 ++++++++++------- nix/static.nix | 10 ++++++++-- 4 files changed, 49 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 514f69c..acf1eb9 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,20 @@ { "nodes": { + "nix-filter": { + "locked": { + "lastModified": 1710156097, + "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "3342559a24e85fc164b295c3444e8a139924675b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-filter", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1723603349, @@ -18,6 +33,7 @@ }, "root": { "inputs": { + "nix-filter": "nix-filter", "nixpkgs": "nixpkgs" } } diff --git a/flake.nix b/flake.nix index 0e74f81..c07598d 100644 --- a/flake.nix +++ b/flake.nix @@ -6,10 +6,17 @@ extra-trusted-public-keys = [ "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" ]; }; - inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + nix-filter.url = "github:numtide/nix-filter"; + }; outputs = - { self, nixpkgs }: + { + self, + nixpkgs, + nix-filter, + }: let inherit (nixpkgs) lib; systems = [ @@ -138,10 +145,14 @@ ) self.checks.${system}) ); - legacyPackages = forAllSystems (system: nixpkgsFor.${system}.callPackage ./nix/static.nix { }); + legacyPackages = forAllSystems ( + system: nixpkgsFor.${system}.callPackage ./nix/static.nix { inherit nix-filter self; } + ); formatter = forAllSystems (system: nixpkgsFor.${system}.nixfmt-rfc-style); - overlays.default = _: prev: { nrr = prev.callPackage ./nix/package.nix { }; }; + overlays.default = _: prev: { + nrr = prev.callPackage ./nix/package.nix { inherit nix-filter self; }; + }; }; } diff --git a/nix/package.nix b/nix/package.nix index 6603412..abe7359 100644 --- a/nix/package.nix +++ b/nix/package.nix @@ -3,11 +3,14 @@ stdenv, rustPlatform, darwin, + nix-filter, pkg-config, + self, enableLTO ? true, enableOptimizeSize ? false, nrxAlias ? true, }: + rustPlatform.buildRustPackage rec { pname = passthru.cargoToml.package.name; inherit (passthru.cargoToml.package) version; @@ -15,13 +18,13 @@ rustPlatform.buildRustPackage rec { __structuredAttrs = true; strictDeps = true; - src = lib.fileset.toSource { - root = ../.; - fileset = lib.fileset.unions [ - ../src - ../tests - ../Cargo.lock - ../Cargo.toml + src = nix-filter.lib.filter { + root = self; + include = [ + "src" + "tests" + "Cargo.lock" + "Cargo.toml" ]; }; diff --git a/nix/static.nix b/nix/static.nix index 2e694da..80fbfe3 100644 --- a/nix/static.nix +++ b/nix/static.nix @@ -1,4 +1,10 @@ -{ lib, pkgsCross }: +{ + lib, + pkgsCross, + nix-filter, + self, +}: + let crossTargets = [ pkgsCross.musl64.pkgsStatic @@ -9,7 +15,7 @@ builtins.listToAttrs ( map ( pkgs: let - package = pkgs.callPackage ./package.nix { }; + package = pkgs.callPackage ./package.nix { inherit nix-filter self; }; in lib.nameValuePair (builtins.parseDrvName package.name).name package ) crossTargets