feat(tvix): run crate2nix generate in CI
This runs `crate2nix generate` in CI and then runs `depotfmt` on the result to ensure that our machine-generated code is really, really readable and pretty. Then it checks that the result of all that is identical to the committed Cargo.nix. A self-hashing FOD is used to allow network access. No magic hashes are involved. Co-Authored-By: Florian Klink <flokli@flokli.de> Change-Id: I68ec5003dbc6a40894a5a4d6e902f138c99f6719 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10194 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: Adam Joseph <adam@westernsemico.com> Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
This commit is contained in:
parent
23dae8ebc5
commit
0e2633048e
1 changed files with 57 additions and 5 deletions
|
@ -89,17 +89,68 @@ let
|
||||||
# The cleaned sources.
|
# The cleaned sources.
|
||||||
src = depot.third_party.gitignoreSource ./.;
|
src = depot.third_party.gitignoreSource ./.;
|
||||||
|
|
||||||
in
|
|
||||||
{
|
|
||||||
inherit crates;
|
|
||||||
|
|
||||||
# Run crate2nix generate in the current working directory, then
|
# Run crate2nix generate in the current working directory, then
|
||||||
# format the generated file with depotfmt.
|
# format the generated file with depotfmt.
|
||||||
crate2nixGenerate = pkgs.writeShellScriptBin "crate2nix-generate" ''
|
crate2nix-generate = pkgs.writeShellScriptBin "crate2nix-generate" ''
|
||||||
${pkgs.crate2nix}/bin/crate2nix generate --all-features
|
${pkgs.crate2nix}/bin/crate2nix generate --all-features
|
||||||
${depot.tools.depotfmt}/bin/depotfmt Cargo.nix
|
${depot.tools.depotfmt}/bin/depotfmt Cargo.nix
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
in
|
||||||
|
{
|
||||||
|
inherit crates crate2nix-generate;
|
||||||
|
|
||||||
|
# Run crate2nix generate, ensure the output doesn't differ afterwards
|
||||||
|
# (and doesn't fail).
|
||||||
|
#
|
||||||
|
# Currently this re-downloads every crate every time
|
||||||
|
# crate2nix-check (but not crate2nix) is built.
|
||||||
|
# TODO(amjoseph): be less wasteful with bandwidth.
|
||||||
|
#
|
||||||
|
crate2nix-check =
|
||||||
|
let
|
||||||
|
outputHashAlgo = "sha256";
|
||||||
|
in
|
||||||
|
pkgs.stdenv.mkDerivation {
|
||||||
|
inherit src;
|
||||||
|
|
||||||
|
# Important: we include the hash of the Cargo.lock file and
|
||||||
|
# Cargo.nix file in the derivation name. This forces the FOD
|
||||||
|
# to be rebuilt/reverified whenever either of them changes.
|
||||||
|
name = "tvix-crate2nix-check-" +
|
||||||
|
(builtins.substring 0 8 (builtins.hashFile "sha256" ./Cargo.lock)) +
|
||||||
|
"-" +
|
||||||
|
(builtins.substring 0 8 (builtins.hashFile "sha256" ./Cargo.nix));
|
||||||
|
|
||||||
|
nativeBuildInputs = with pkgs; [ git cacert cargo ];
|
||||||
|
buildPhase = ''
|
||||||
|
export CARGO_HOME=$(mktemp -d)
|
||||||
|
|
||||||
|
# The following command can be omitted, in which case
|
||||||
|
# crate2nix-generate will run it automatically, but won't show the
|
||||||
|
# output, which makes it look like the build is somehow "stuck" for a
|
||||||
|
# minute or two.
|
||||||
|
cargo metadata > /dev/null
|
||||||
|
|
||||||
|
# running this command counteracts depotfmt brokenness
|
||||||
|
git init
|
||||||
|
|
||||||
|
${crate2nix-generate}/bin/crate2nix-generate
|
||||||
|
|
||||||
|
# technically unnecessary, but provides more-helpful output in case of error
|
||||||
|
diff -ur Cargo.nix ${src}/Cargo.nix
|
||||||
|
|
||||||
|
# the FOD hash will check that the (re-)generated Cargo.nix matches the committed Cargo.nix
|
||||||
|
cp Cargo.nix $out
|
||||||
|
'';
|
||||||
|
|
||||||
|
# This is an FOD in order to allow `cargo` to perform network access.
|
||||||
|
outputHashMode = "flat";
|
||||||
|
inherit outputHashAlgo;
|
||||||
|
outputHash = builtins.hashFile outputHashAlgo ./Cargo.nix;
|
||||||
|
env.SSL_CERT_FILE = "${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
};
|
||||||
|
|
||||||
# Provide the Tvix logo in both .webp and .png format.
|
# Provide the Tvix logo in both .webp and .png format.
|
||||||
logo = pkgs.runCommand "logo"
|
logo = pkgs.runCommand "logo"
|
||||||
{
|
{
|
||||||
|
@ -167,6 +218,7 @@ in
|
||||||
|
|
||||||
meta.ci.targets = [
|
meta.ci.targets = [
|
||||||
"clippy"
|
"clippy"
|
||||||
|
"crate2nix-check"
|
||||||
"shell"
|
"shell"
|
||||||
"rust-docs"
|
"rust-docs"
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in a new issue