Run clippy in nix, leveraging nix caching ability

This commit is contained in:
Quentin Dufour 2022-07-25 18:10:34 +02:00
parent 5fb8584247
commit fcb04843f7
No known key found for this signature in database
GPG Key ID: E9602264D639FF68
6 changed files with 148 additions and 74 deletions

View File

@ -16,7 +16,7 @@ environment:
HOME: /drone/garage
steps:
- name: nix maintainance
- name: nix maintenance
image: nixpkgs/nix:nixos-22.05
volumes:
- name: nix_store
@ -28,17 +28,7 @@ steps:
- "[ -d /mnt/var/ ] || cp -r /nix/var /mnt/"
- cp nix/nix.conf /etc/nix/nix.conf
- name: warmup cache
image: nixpkgs/nix:nixos-22.05
volumes:
- name: nix_store
path: /nix
- name: nix_config
path: /etc/nix
commands:
- nix-build --no-build-output --no-out-link shell.nix -A rust.inputDerivation -A integration.inputDerivation
- name: code quality
- name: check formatting
image: nixpkgs/nix:nixos-22.05
volumes:
- name: nix_store
@ -47,7 +37,6 @@ steps:
path: /etc/nix
commands:
- nix-shell --attr rust --run "cargo fmt -- --check"
- nix-shell --attr rust --run "cargo clippy -- --deny warnings"
- name: build
image: nixpkgs/nix:nixos-22.05
@ -57,8 +46,7 @@ steps:
- name: nix_config
path: /etc/nix
commands:
- nix-build --no-build-output --attr pkgs.amd64.debug --argstr git_version $DRONE_COMMIT
- nix-shell --attr rust --run "./script/not-dynamic.sh result/bin/garage"
- nix-build --no-build-output --attr clippy.amd64 --argstr git_version $DRONE_COMMIT
- name: unit + func tests
image: nixpkgs/nix:nixos-22.05
@ -80,7 +68,7 @@ steps:
- ./result/bin/garage-*
- ./result/bin/integration-*
- name: smoke-test
- name: integration tests
image: nixpkgs/nix:nixos-22.05
volumes:
- name: nix_store
@ -88,7 +76,7 @@ steps:
- name: nix_config
path: /etc/nix
commands:
- nix-build --no-build-output --attr pkgs.amd64.debug --argstr git_version $DRONE_COMMIT
- nix-build --no-build-output --attr clippy.amd64 --argstr git_version $DRONE_COMMIT
- nix-shell --attr integration --run ./script/test-smoke.sh || (cat /tmp/garage.log; false)
trigger:
@ -112,7 +100,7 @@ volumes:
temp: {}
steps:
- name: nix maintainance
- name: nix maintenance
image: nixpkgs/nix:nixos-22.05
volumes:
- name: nix_store
@ -198,7 +186,7 @@ volumes:
temp: {}
steps:
- name: nix maintainance
- name: nix maintenance
image: nixpkgs/nix:nixos-22.05
volumes:
- name: nix_store
@ -283,7 +271,7 @@ volumes:
temp: {}
steps:
- name: nix maintainance
- name: nix maintenance
image: nixpkgs/nix:nixos-22.05
volumes:
- name: nix_store
@ -358,7 +346,7 @@ volumes:
temp: {}
steps:
- name: nix maintainance
- name: nix maintenance
image: nixpkgs/nix:nixos-22.05
volumes:
- name: nix_store
@ -458,6 +446,6 @@ trigger:
---
kind: signature
hmac: 9789d5fd470fc4273adcfd05946833268d1e466462c5f36abeb8f607d62fdb4b
hmac: 0a72ff9a422018b7b06754bd5b9561d3f4bb0d5af28a20ec365c719ee263378a
...

View File

@ -6,11 +6,16 @@
with import ./nix/common.nix;
let
pkgs = import pkgsSrc { };
compile = import ./nix/compile.nix;
build_debug_and_release = (target: {
debug = (compile { inherit target; release = false; }).workspace.garage { compileMode = "build"; };
release = (compile { inherit target; release = true; }).workspace.garage { compileMode = "build"; };
});
test = (rustPkgs: pkgs.symlinkJoin {
name ="garage-tests";
paths = builtins.map (key: rustPkgs.workspace.${key} { compileMode = "test"; }) (builtins.attrNames rustPkgs.workspace);
});
in {
pkgs = {
@ -20,13 +25,9 @@ in {
arm = build_debug_and_release "armv6l-unknown-linux-musleabihf";
};
test = {
amd64 = let
pkgs = import pkgsSrc { };
rustPkgs = compile { target = "x86_64-unknown-linux-musl"; };
in
pkgs.symlinkJoin {
name ="garage-tests";
paths = builtins.map (key: rustPkgs.workspace.${key} { compileMode = "test"; }) (builtins.attrNames rustPkgs.workspace);
};
amd64 = test (compile { target = "x86_64-unknown-linux-musl"; });
};
clippy = {
amd64 = (compile { compiler = "clippy"; }).workspace.garage { compileMode = "build"; } ;
};
}

View File

@ -4,18 +4,16 @@ rec {
*/
pkgsSrc = fetchTarball {
# As of 2021-10-04
url ="https://github.com/NixOS/nixpkgs/archive/b27d18a412b071f5d7991d1648cfe78ee7afe68a.tar.gz";
url = "https://github.com/NixOS/nixpkgs/archive/b27d18a412b071f5d7991d1648cfe78ee7afe68a.tar.gz";
sha256 = "1xy9zpypqfxs5gcq5dcla4bfkhxmh5nzn9dyqkr03lqycm9wg5cr";
};
cargo2nixSrc = fetchGit {
# As of 2022-03-17
url = "https://github.com/superboum/cargo2nix";
ref = "main";
rev = "bcbf3ba99e9e01a61eb83a24624419c2dd9dec64";
ref = "dedup_propagate";
rev = "486675c67249e735dd7eb68e1b9feac9db102be7";
};
/*
* Shared objects
*/

View File

@ -1,6 +1,7 @@
{
system ? builtins.currentSystem,
target ? "x86_64-unknown-linux-musl",
target ? null,
compiler ? "rustc",
release ? false,
git_version ? null,
}:
@ -8,16 +9,14 @@
with import ./common.nix;
let
crossSystem = { config = target; };
log = v: builtins.trace v v;
pkgs = import pkgsSrc {
inherit system crossSystem;
inherit system;
${ if target == null then null else "crossSystem" } = { config = target; };
overlays = [ cargo2nixOverlay ];
};
/*
Rust and Nix triples are not the same. Cargo2nix has a dedicated library
to convert Nix triples to Rust ones. We need this conversion as we want to
@ -38,13 +37,58 @@ let
In practise, rustOverlay ships rustc+cargo in a single derivation while
NixOS ships them in separate ones. We reunite them with symlinkJoin.
*/
rustChannel = pkgs.symlinkJoin {
name ="rust-channel";
paths = [
pkgs.rustPlatform.rust.rustc
pkgs.rustPlatform.rust.cargo
];
};
rustChannel = {
rustc = pkgs.symlinkJoin {
name = "rust-channel";
paths = [
pkgs.rustPlatform.rust.cargo
pkgs.rustPlatform.rust.rustc
];
};
clippy = pkgs.symlinkJoin {
name = "clippy-channel";
paths = [
pkgs.rustPlatform.rust.cargo
pkgs.rustPlatform.rust.rustc
pkgs.clippy
];
};
}.${compiler};
clippyBuilder = pkgs.writeScriptBin "clippy" ''
#!${pkgs.stdenv.shell}
. ${cargo2nixSrc + "/overlay/utils.sh"}
isBuildScript=
args=("$@")
for i in "''${!args[@]}"; do
if [ "xmetadata=" = "x''${args[$i]::9}" ]; then
args[$i]=metadata=$NIX_RUST_METADATA
elif [ "x--crate-name" = "x''${args[$i]}" ] && [ "xbuild_script_" = "x''${args[$i+1]::13}" ]; then
isBuildScript=1
fi
done
if [ "$isBuildScript" ]; then
args+=($NIX_RUST_BUILD_LINK_FLAGS)
else
args+=($NIX_RUST_LINK_FLAGS)
fi
touch invoke.log
echo "''${args[@]}" >>invoke.log
exec ${rustChannel}/bin/clippy-driver --deny warnings "''${args[@]}"
'';
buildEnv = (drv: {
rustc = drv.setBuildEnv;
clippy = ''
${drv.setBuildEnv or "" }
echo
echo --- BUILDING WITH CLIPPY ---
echo
export RUSTC=${clippyBuilder}/bin/clippy
'';
}.${compiler});
/*
Cargo2nix provides many overrides by default, you can take inspiration from them:
@ -55,47 +99,90 @@ let
*/
overrides = pkgs.rustBuilder.overrides.all ++ [
/*
[1] We need to alter Nix hardening to make static binaries: PIE,
[1] We add some logic to compile our crates with clippy, it provides us many additional lints
[2] We need to alter Nix hardening to make static binaries: PIE,
Position Independent Executables seems to be supported only on amd64. Having
this flag set either 1. make our executables crash or 2. compile as dynamic on some platforms.
Here, we deactivate it. Later (find `codegenOpts`), we reactivate it for supported targets
(only amd64 curently) through the `-static-pie` flag.
PIE is a feature used by ASLR, which helps mitigate security issues.
Learn more about Nix Hardening at: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/cc-wrapper/add-hardening.sh
[3] We want to inject the git version while keeping the build deterministic.
As we do not want to consider the .git folder as part of the input source,
we ask the user (the CI often) to pass the value to Nix.
[4] We ship some parts of the code disabled by default by putting them behind a flag.
It speeds up the compilation (when the feature is not required) and released crates have less dependency by default (less attack surface, disk space, etc.).
But we want to ship these additional features when we release Garage.
In the end, we chose to exclude all features from debug builds while putting (all of) them in the release builds.
Currently, the only feature of Garage is kubernetes-discovery from the garage_rpc crate.
*/
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage";
overrideAttrs = drv: { hardeningDisable = [ "pie" ]; };
overrideAttrs = drv: {
/* [1] */ setBuildEnv = (buildEnv drv);
/* [2] */ hardeningDisable = [ "pie" ];
};
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_rpc";
/*
[2] We want to inject the git version while keeping the build deterministic.
As we do not want to consider the .git folder as part of the input source,
we ask the user (the CI often) to pass the value to Nix.
*/
overrideAttrs = drv:
(if git_version != null then {
preConfigure = ''
/* [3] */ preConfigure = ''
${drv.preConfigure or ""}
export GIT_VERSION="${git_version}"
'';
} else {});
/*
[3] We ship some parts of the code disabled by default by putting them behind a flag.
It speeds up the compilation (when the feature is not required) and released crates have less dependency by default (less attack surface, disk space, etc.).
But we want to ship these additional features when we release Garage.
In the end, we chose to exclude all features from debug builds while putting (all of) them in the release builds.
Currently, the only feature of Garage is kubernetes-discovery from the garage_rpc crate.
*/
} else {})
// {
/* [1] */ setBuildEnv = (buildEnv drv);
};
overrideArgs = old: {
features = if release then [ "kubernetes-discovery" ] else [];
/* [4] */ features = if release then [ "kubernetes-discovery" ] else [];
};
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_db";
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_util";
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_table";
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_block";
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_model";
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_api";
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "garage_web";
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
})
(pkgs.rustBuilder.rustLib.makeOverride {
name = "k2v-client";
overrideAttrs = drv: { /* [1] */ setBuildEnv = (buildEnv drv); };
})
];
packageFun = import ../Cargo.nix;

View File

@ -1,7 +1,7 @@
substituters = https://cache.nixos.org https://nix.web.deuxfleurs.fr
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=
max-jobs = auto
cores = 4
cores = 0
log-lines = 200
filter-syscalls = false
sandbox = false

View File

@ -29,16 +29,16 @@ function refresh_toolchain {
'';
nativeBuildInputs = [
pkgs.rustPlatform.rust.rustc
#pkgs.rustPlatform.rust.rustc
pkgs.rustPlatform.rust.cargo
pkgs.clippy
#pkgs.clippy
pkgs.rustfmt
pkgs.perl
pkgs.protobuf
pkgs.pkg-config
pkgs.openssl
#pkgs.perl
#pkgs.protobuf
#pkgs.pkg-config
#pkgs.openssl
pkgs.file
cargo2nix.packages.x86_64-linux.cargo2nix
#cargo2nix.packages.x86_64-linux.cargo2nix
];
};