add nix flake with dev shells and limited crane based checks#455
add nix flake with dev shells and limited crane based checks#455DanGould merged 8 commits intopayjoin:masterfrom
Conversation
an .envrc file that uses the flake is provided for convenience also includes nix formatting using alejandra, and a flake check that enforces formatting of nix code
- rust-analyzer - cargo watch - cargo nextest - cargo edit
Pull Request Test Coverage Report for Build 12600527187Details
💛 - Coveralls |
the checks are limited, nextest only runs the unit tests without --all-features, because the integration tests require bitcoind and redis. unfortunately redis is made available via a docker container, and running docker in the nix sandbox is not possible
- NIGHTLY and UNSTABLE were unused, presumably intended to be exported as environment variables - quoting of interpolated variable (not strictly necessary for crate names)
| msrv = stable.${msrv}.default; | ||
| stable = stable.latest.default; | ||
| nightly = nightly.latest.default; |
There was a problem hiding this comment.
How do we document how to run these devShells? nix develop .#$VERSION was not intuitive to me
There was a problem hiding this comment.
not sure if it makes sense in README or some sort of dev documentation, but either or should contain some examples and discuss direnv, the devshells, and the checks
There was a problem hiding this comment.
This definitely fixes the problem of having the right toolchain for testing so I ask that that gets documented in README and just that. Everything else is neat but doesn't exactly solve a particular problem we've experienced yet afaict
There was a problem hiding this comment.
I regret to inform you running nix flake check --print-build-logs is not intuitive. Is it supposed to be for the nixpilled? IDK what crane does or what any of these changes do
There was a problem hiding this comment.
crane parses cargo packages and produces nix package derivation for them
it works in stages:
- first it builds all of the dependencies of the workspace
- then it builds individual crate packages, with access to the previously built deps
- finally it provides various lints and test derivations, exposed here via
nix flake check, some of which reuse the outputs of steps 1 or 2
the checks can be done individually or separately, and are quite costly since they build everything both with nightly and msrv, but should be faster to run after minor code changes due to the caching of the workspace dependencies (caching also works in CI potentially)
the main advantage over shell scripts is that nix can provide a lockfile (flake.lock) for all of the various unix dependencies (anything packaged in nixpkgs), in this case shfmt and shellcheck for example, ensuring that we can use that stuff without dealing with github's bloated and brittle ubuntu images.
There was a problem hiding this comment.
Seems like some interesting and convenient tooling to tinker with and make our dev environments and CI more reliable, AND most importantly giving new devs a path to easily get started contributing. But perhaps it's not the glaring priority of other broken parts preventing more integrations from implementing a maintainable payjoin stack?
| shfmt = simpleCheck rec { | ||
| name = "shell-checks"; | ||
| src = pkgs.lib.sources.sourceFilesBySuffices ./. [".sh"]; | ||
| nativeBuildInputs = [pkgs.shfmt]; | ||
| checkPhase = '' | ||
| shfmt -d -s -i 4 -ci ${src} | ||
| ''; | ||
| }; |
There was a problem hiding this comment.
If this is an option it needs to be a CI check (part of ./contrib/lint.sh?) otherwise we're gonna get fat diffs with lots of formatting changes between diffs that don't run shfmt
There was a problem hiding this comment.
./contrib/lint.sh would be tricky without nix since installing shfmt is less standard
|
RE: "some open questions:"
IMO the question is must this be run in CI? Or when must this be run in CI and the answer is when building depends on it, e.g. our test/lint checks in CI depend on nix instead of .sh scripts. When we get there, yes. Until we make the swap, no.
What happens if the flake is not updated? If it's not a critical bug I think we can leave it manual until the test infra is nixpilled.
Readme please. A demo on how to allow and run individual devShells seems to be the main contribution devs want to know about. A 1-sentence explainer of
when must we build docker images using nix? When doing so can be done without adding a bunch of new nix tooling and it's time to update the Dockerfiles.
Yes .envrc by default. Give Grug sane defaults and let the tinkerers tinker. .envrc.default is a local minimum where both Grug and Tinker still have to make edits to get things working, and there's no real working default for Tinker by definition, so give Grug the default. |
This only explains how to obtain different rust toolchains using direnv or `nix develop`, since flake checks are currently limited by redis/docker issue.
The only thing is the shellcheck & shell formatting stuff. We can run only those lints without building the crane packages in CI,
The main issue is that the specific instance of rust nightly is locked in the flake.lock.
Pushed a simple change to README
For now let's hold off on this distraction, the caveat of not running any of the valuable tests yet makes it more of a distraction IMO
Not sure that'll ever be a "must". The main disadvantage of the dockerfiles in their current form is that "rust:1.75-slim" is not a stable reference, and adding hashes to dockerfiles to ensure they are reproducible introduces churn & potential for errors. If we want to support running the directory in a container then knowing exactly what goes into the container, and not having it depend on when |
3 participants
usage:
developer shell:
nix developfor nightly,nix develop .#msrvfor msrv,nix flake showwill list available dev shells.checks:
nix flake check --print-build-logswill run various lints and a limited range of unit tests, due to limitations of running docker in the nix sandbox and the current state of our integration testsnix code is formatted with alejandra, a rust based formatter
followup issues and PRs with additional checks will be added after resolving some blocking problems, e.g.
cargo auditorcargo denycomplaints, shell script formatting, etc. i will open draft PRs for this additional stuff shortly.some open questions: