Last one of the year! С наступающим)
Fixes:
* users/wpcarro: remove use-package from emacs packages (it has been built-in
for a while now)
* users/sterni: the same thing
* users/aspen: remove `coz`, forwardport `gdmap` from stable
* users/flokli: dropped corneish_zen firmware from CI
This firmware depends on a non-reproducible FOD which, when updated, causes
build failures. We have worked around this repeatedly, but it needs to be
fixed properly.
* tvix: regenerate Go protobufs
* tvix: address new clippy lints
* tvix/{castore,store,build}-go: update grpc/protobuf libraries
* tvix/eval: formatting fixes
* 3p/overlays/tvl: work around GCC 14 -Werrors
Change-Id: Ice5948ca7780192fb7d2abc6a48971fb875f03c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12933
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Update all 3p/sources as we do normally except
- agenix which is still pinned to 0.15.0
- nixpkgs (unstable) which we bump to the HEAD of the staging-next
branch. This branch includes the downgrade of xz from 5.6.1 to
5.4.6 (https://github.com/nixos/nixpkgs/commit/d6dc19adbd). It
also includes the second haskell-updates rotation with GHC 9.6.4
which contains a few build fixes that seem to be required to get
our Haskell targets to work.
Note that this only reverts xz to a version that doesn't contain the now
known backdoor (CVE-2024-3094) which may or may not actually affect
NixOS. Additionally reverting to a version before the malicious
contributor's involvement may be difficult, but prudent:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024
Changes required by the updates:
- //3p/overlays/haskell:
- Update ihp-hsx to latest master to fix build with Stackage LTS 22.
- Update tmp-postgres to latest master to work around failure with
ansi-wl-pprint >= 1.
- Patch punycode for mtl >= 2.3.
- //users/Profpatsch:
- Clean up some warnings, mostly about unused dependencies
- my-prelude: Fix build with ghc-boot-9.6.4
- cas-serve: Use crypton over unmaintained cryptonite
- ical-smolify: skip in ci, iCalendar would require heavy patching to
work with Stackage LTS 22.
- //users/{wpcarro,aspen,flokli}:
Disable home-manager / nixos configuration builds that seem to have
transient failures that should disappear as we move away from
staging-next and closer to an actual channel release.
Change-Id: I5cca48e101041c3aedc1d9932dbca2cac885fcc1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11289
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
This allows cross-compiling depot targets to other architectures, so
`nix-build --argstr crossSystem aarch64-linux -A tvix.nar-bridge`
will emit a cross-compiled aarch64-linux binary.
There's still some other cross-related issues in crate2nix to sort out
for crate2nix builds, but this CL can already land.
Co-Authored-By: raitobezarius <tvl@lahfa.xyz>
Change-Id: I467d49d125dd707a4142bfde18eea4a1c3afaf70
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9755
Reviewed-by: raitobezarius <tvl@lahfa.xyz>
Tested-by: BuildkiteCI
Included changes:
* tvix/eval: enable some lang tests on nix_latest
Nix 2.16 contains some breaking language changes which Tvix does
not yet implement, but the existing tests for them are now passed by
Nix 2.16 (but not yet by Tvix).
* tvix/eval: disable a lang test on nix_latest
In Nix 2.17, the identifier formatting test fails because some
behaviour changed. We have not investigated further yet.
* 3p/overlays: use version of ihp-hsx that works with GHC 9.4
Originally from the separate cl/9185.
* top-level: introduce a mechanism to exclude build targets from CI in
the top level. This fixes b/296.
* users/grfn: disable builds of xanthous (and dependents) until the
CLs fixing its build are submitted
* 3p/overlays: build nixos-option against Nix 2.15, the only version
with which it builds
* 3p/overlays: bump tdlib to 1.8.16
Change-Id: Ia377f39dbdb08ac45ff830a615e64babc091e5ee
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9125
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Considers `note.meta.broken` in addition to `node.meta.ci.skip`,
because people might be inheriting this from something, or using an
extremely complicated package mechanism in which setting their own
meta attributes is ugly/non-trivial.
Change-Id: Ia93cfbba6af545e370a7c7dbd51f24e1df68bbf7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9270
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
This just creates a text file (similar to the propagated deps file)
which lists the outpaths of all targets.
It's unclear why the previous fix didn't work, but it was done solely
based on docs not on reading code. In general we don't really need a
setup hook though and nobody remembers why that was the solution we
used anyways, so lets remove it.
Change-Id: I2a945925f4fa56b272aa44c29229b6a1aefa80e6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8228
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
We've been seeing CI failures after a recent nixpkgs bump which only
occur on canon *after* a CL has been merged. In these CI failures, the
`ci.gcroot` attribute is built to "anchor" the latest canon build, but
fails because it tries to execute random non-executable files (e.g.
the sqlite database produced by //corp/russian/data-import).
From what I can tell, there has been a recent change in nixpkgs where
makeSetupHooks' arguments were restructured. What was previously
`deps` is now `propagatedBuildInputs`, and
`depsTargetTargetPropagated`.
The latter is supposed to be used for non-executable targets,
according to the docs.
This commit changes the entire set to use that flag, as we don't
actually want any executable setup hook - just a gcroot.
Change-Id: Ib258c4f3b09d746c3d000d1c7480d2b4101ab75e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8227
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Since cl/7260 has eliminated all uses of builtins.currentSystem
in the main evaluation path of depot, we can ensure that we use
localSystem consistently in the future by making it impossible
to access the value of builtins.currentSystem in readTree nodes.
Change-Id: I6ded54021c42fcf31a80268149179f95f22bad88
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7261
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This has come up a couple of times. This way system is passed to all
derivations. Maybe we can do something useful with it.
Change-Id: Ia7dfcffbc82abbd3128342a8971a3861865be713
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5832
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
The `or` statement is a *single* expression, leading to an incorrect
negation.
Change-Id: I46fa85c22cf145b9204bf26b85b963494b069d06
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5013
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
We need 'meta.ci' to be an attribute set for new CI features.
Change-Id: I83d04e2d74e42e49fe739b049ee4ba799f6d5d86
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5007
Tested-by: BuildkiteCI
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Reviewed-by: wpcarro <wpcarro@gmail.com>
This changes the logic for build pipeline generation to inspect
an (optional) parentTargetMap attribute which contains the derivation
map of a target commit.
Targets that existed in a parent commit with the same drv hash will be
skipped, as they are not considered to have changed.
This does not yet wire up any logic for retrieving the target map from
storage, meaning that at this commit all targets are always built.
The intention is that we will have logic to fetch the target
map (initially from Buildkite artefact storage), which we then pass to
the depot via externalArgs when actually generating the pipeline.
Change-Id: I3373c60aaf4b56b94c6ab64e2e5eef68dea9287c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4946
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Turns the anchor derivation into something that can actually be
built (a call creating a propagated build inputs file), and builds it.
This should fix the anchoring logic we have on canon.
Change-Id: If6a7662b82e2e396388980f65e332cf67a45b46e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4763
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
It is a reasonable enough assumption that depot.path will have the store
path name "depot". In the past this used to be the case, since most
people would checkout the repository as "depot" (funnily enough in the
past, you wouldn't have been able to substitute some things if you used
a different name). When we started to use cleanSource for depot.path the
default name "source" would be assigned, breaking e. g. the assumptions
of //web/todolist. We now set to "depot" statically.
Fixes: b/162
Change-Id: I72fdb488e045bdaee80d1df0334b026060dcd116
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4381
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: grfn <grfn@gws.fyi>
This is often used when bootstrapping a repository with readTree,
before lib is available. Having this definition in readTree is more
convenient than copy&pasting it around to callsites.
Change-Id: I6d5d27ed142bea704843fe289ad2674be8c4d360
This is generally useful for readTree users and should be part of
readTree itself.
This is a move towards exposing several readTree-related features from
the library itself, in the future also including logic like 'gather'.
Note that this has a small functional change: In error messages of the
function, the notation for accessing Nix attributes is now used rather
than the Perforce-style `//` notation common in TVL.
For example, an error at `//web/tvl/logo` will produce `web.tvl.logo`
in the error message (which corresponds to the readTree attribute
itself).
This makes more sense for non-TVL consumers of readTree, as the
Perforce-style notation is custom to us specifically.
Change-Id: I8e199e473843c40db40b404c20d2c71f48a0f658
This folder is used for some TVL corp stuff, like the website and
maybe some documents and future projects, that are not under the same
license as the rest of depot.
To avoid accidental licensing issues, access to it is restricted to
other stuff within //corp.
In general, TVL corp projects *should* also be free software and live
outside of //corp - the folder is primarily intended for stuff that is
relevant to the company operations (also for the sake of
transparency).
Change-Id: I15e7e72e82d8ac1c875899f16becd731f64f6b3a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3875
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Since the filters return 'args', this makes nesting of filters more
readable.
Change-Id: I775252460e3e077cc6db2fab6f3948414a95ecbf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3873
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This refactors the readTree filter which disallows access to //users
from outside of //users into a reusable function.
The only change in functionality is that the error message has changed
slightly. I thought it is useful to keep the message consistent (i.e.
always including a path), thus only a part of the error is templated
in (describing the reason for why a specific sub path is unavailable).
Change-Id: I30ad38b2677be5aa502c753c8c71e7ba3efc87be
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3872
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This imports a copy of the depot as `depot.path` without including the
.git directory and other stuff that isn't tracked in the tree.
Significantly reduces thie amount of data copied into the store.
Change-Id: I567c0f969d1cea81d121588548f6db627c8f3432
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3601
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This change adds a new attribute to readTree nodes, `__readTreeChildren`
which is a list of attribute names added to this node by readTree.
This is then used by `gather` for `ci.targets` to avoid evaluating
attributes unnecessarily. Especially since Nix is not as lazy as we'd
like when determining types (i. e. child ? __readTree needs to force
`child` even when it's not an attribute set), evaluating attributes
unnecessarily is sometimes problematic.
Change-Id: I0a98691d41f987e23ee7e9ba21fbe465da5fe402
Since //web/bubblegum depends on nint, we need to move it to a non user
directory to conform with the policy established via cl/3434.
Note that this likely doesn't mean greater stability (which isn't
really implied in depot anyways), since I still would like to use a more
elaborate calling convention to allow for additional useful features.
Change-Id: I616f905d8df13e3363674aab69a797b0d39fdd79
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3506
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Instead of having a mix of depot-passed args (for the filter) and args
to the readTree function itself, make everything a single attribute
set of arguments passed to the function.
This also makes it a bit easier to extend this in the future.
Change-Id: I633c1fc96026d137b451bb604ef92be32571a0f5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3498
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
As pointed out by sterni, we don't need lib for this.
Change-Id: Ide9719641098f770a098a938d047afa0dcb5dc6d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3439
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Code under this depot path is essentially unstable and potentially
unreviewed - this is a good thing (people can play around with cursed
stuff all they want), but we should not make the rest of the
repository depend on any of it.
Any cursed things that are required outside of users can be moved to a
different depot path if people agree with that.
Change-Id: I46a34a0e9662069c01b43d9a653e5545e325e587
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3434
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Instead of having two ways of accessing the path to the depot (one of
which was stuttering, depot.depotPath) we settle on only one:
depot.path.
This was mostly used for NixOS module imports.
Co-Authored-By: Florian Klink <flokli@flokli.de>
Change-Id: I2c0db23383fc34f6ca76baaad4cc4af2d9dfae15
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2962
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Plumbs an additional internal argument through readTree that indicates
whether the top-level of a tree is being read, and avoids recursing
into itself in that case. This changes the externally visible
behaviour of readTree (it is now expected to be called a level higher
than previously).
This allows us to reduce the amount of boilerplate needed to bootstrap
the TVL repository (by not having to specify the individual folders
that need to be read).
For reasons related to an infinite recursion we could not (be bothered
to) debug, the top-level `config` key (which held the attribute set
passed on by readTree) has been removed. This is not needed, as it is
already passed on by readTree ...
Co-Authored-By: Florian Klink <flokli@flokli.de>
Change-Id: Id6e39b57b2f5b3473c4b695a72dd1d01fcfb7a66
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2961
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Adds a conditional build step that only runs on the canon branch, and
only if 🦆 (the status reporting step) succeeds, which creates a
new Nix GC root for all depot targets named `depot-canon`.
In practice this might be a bit racey, as canon builds are not
guaranteed to succeed in order (though it is likely). This shouldn't
matter much in practice: We only want to prevent rebuilds of the whole
world.
This fixes b/102
Change-Id: Id3d0bf4158bffcb1ed6929888a29d31609b6ece1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2904
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This lets the import of the depot root accept an additional argument
called `externalArgs`, which can be used to pass additional arguments
into a depot package set.
This is used in //third_party/nixpkgs for replacing the source of the
nixos-unstable channel with a path. With this we can bisect the
nixpkgs used in third_party easily.
Change-Id: I4f65eb3d6b521ed9f437649b7b068f1e6ab8210f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2925
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Please read b/108 to make sense of this.
This gets rid of the explicit list of exposed packages from nixpkgs,
and instead makes the entire package set available at
`third_party.nixpkgs`.
To accommodate this, a LOT of things have to be very slightly shuffled
around. Some of this was done in already submitted CLs, but this
change is unfortunately still quite noisy.
Pay extra attention to:
* overlay-like functionality that was partially moved to actual
overlays (partially as in, the minimum required to get a green
build)
* modified uses of the package set path, esp. in NixOS systems
Special notes:
* xanthous has been disabled in CI because of issues with the Haskell
overlay
* //third_party/nix has been disabled because of other unclear
dependency issues
Both of these will be tackled in a followup CL.
Change-Id: I2f9c60a4d275fdb5209264be0addfd7e06c53118
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2910
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This mechanism wasn't actually used for anything other than a minor
external compatibility thing for buildGo.nix, which can also be solved
with a function parameter.
This breaks //fun/gemma because it means that the elmPackages used to
build it are no longer reachable from depot. We'll sort this out later.
Change-Id: I1bf2240435e869cdc4e99bdd1a138fdd2e76f96e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2646
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
The ciBuilds attribute seems to no longer exist and it breaks the
evaluation of the config attribute. It's only appearance was in
besadii which doesn't actually use the attribute.
Removing the ciBuilds inherit fixes these issues.
Change-Id: Ibbf3413ba6efe10ad868cf57cf0711d574860f97
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2487
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
We have naturally evolved a distinction between logical and physical
targets.
Physical targets are those which correspond directly to a tree
location on disk and can be built with `-A path.to.files`, while
logical targets are those that are exported from within an expression
but do not have a corresponding file on disk.
This change adds support for exporting logical targets from any tree
location by adding a `meta.targets` attribute containing keys into
itself, which will be consumed by the CI target gathering logic and
included in the generated pipeline.
Note that the labels for subtargets are syntactically different to
emphasise that they do not correspond to a file location. For example,
this change enables 'ops.nixos.whitbySystem' as a subtarget, which is
labeled in CI as `ops/nixos:whitbySystem`.
Change-Id: Ied09647a62c2ba98e3914548e3742ad422c63ecf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1893
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Create the pipeline by outputting a file that contains nix-build
invocations for each target's *derivation path*.
Each invocation has a generated Nix expression passed to it with `-E`
which fetches the correct target from the tree while correctly
handling targets with strange characters (such as in Go-packages).
This makes it possible to run target-level granular pipelines. We're
getting somewhere!
Change-Id: Ia6946e389dafd1d4926130bb8891446d6e17133b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1855
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Automatically walk the entire depot tree and pick out things that are
"buildable", then include them in the attribute `ci.targets` (which is
now also the target for CI builds).
A long time ago, in a land far away, we (well, I, at the time) had a
prototype of this which ran into constant issues with infinite
recursions while trying to walk the tree. In fact, this is why
readTree originally gained the `__readTree`-attribute which marks
things that were imported automatically.
Based on some code edef whipped up earlier (with the breakthrough
being that we also add the attribute to top-level folders, which
suddenly resolves a whole bunch of problems), I've now implemented
this actually working version.
At the moment all builds still happen as one big bag of builds, but at
some point we will granularise this.
Change-Id: I86f12ce7f63dae98e7e5c6646a4e9d220de783f2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1854
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: glittershark <grfn@gws.fyi>
This folder doesn't exist, it's part of my user folder now. We didn't
notice because nothing is walking the tree.
Change-Id: Idc6f20a8e4806a158c598fd63d381ab07934be1e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1843
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
This removes almost all of the GCP-infrastructure leftovers from my
previous setup.
The DNS configuration is retained, but moves to my user folder
instead.
Change-Id: I1867acd379443882f11a3c645846c9902eadd5b0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/782
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
Reviewed-by: isomer <isomer@tvl.fyi>
These categories separate CI targets, which hopefully avoids the
out-of-space errors we have been seeing on Sourcehut.
The sets of CI build targets are made available in the depot itself so
that besadii can be updated to create a new build for each target
group.
For convenience, 'ciBuilds' contains an '__allTargets' attribute which
combines the contents of each target batch - this makes it possible to
still invoke a build for everything by using:
nix-build -A ciBuilds.__allTargets
Note: Some targets that were previously built in CI aren't anymore,
most importantly my NixOS systems which don't fit on Sourcehut.
Change-Id: Ia15ed7b743c8add51ae08ce0827a0ddfacd637e2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/570
Reviewed-by: lukegb <lukegb@tvl.fyi>
NixOS modules move one level up because it's unlikely that //ops/nixos
will contain actual systems at this point (they're user-specific).
This is the first users folder, so it is also added to the root
readTree invocation for the repository.
Change-Id: I546c701145fa204b7ba7518a8a56a783588629e0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/244
Reviewed-by: tazjin <mail@tazj.in>
This is useful for things like including NixOS modules in
configurations without creating long and error-prone relative paths.
Change-Id: I4a5ebb1a0e5adf90b6bc50e884db453e12461001
Reviewed-on: https://cl.tvl.fyi/c/depot/+/243
Reviewed-by: lukegb <lukegb@tvl.fyi>