demostf/sync-rs
1
0
Fork 0
mirror of https://codeberg.org/demostf/sync.git synced 2026-06-03 16:44:07 +02:00
Code Issues Releases Wiki Activity

nix based setup

Browse source
This commit is contained in:
Robin Appelman 2024-03-17 19:58:12 +01:00
commit 82e79ef01d
12 changed files with 300 additions and 123 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake

19
.github/workflows/audit.yaml vendored
View file

@ -1,19 +0,0 @@
name: Security audit
on:
schedule:
- cron: '0 0 * * 0'
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
pull_request:
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}

96
.github/workflows/ci.yaml vendored
View file

@ -1,64 +1,68 @@
on: [push, pull_request] on: [push, pull_request]
name: Continuous integration name: CI
jobs: jobs:
check: build:
name: Check
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy:
matrix:
machine:
- platform: x86_64-linux
- platform: aarch64-linux
steps: steps:
- uses: actions/checkout@v1 - uses: actions/checkout@v4
- uses: actions-rs/toolchain@v1 - if: matrix.machine.platform != 'x86_64-linux'
uses: docker/setup-qemu-action@v3
- uses: cachix/install-nix-action@v26
with: with:
profile: minimal extra_nix_config: |
toolchain: stable extra-platforms = aarch64-linux
override: true - uses: icewind1991/attic-action@v1
- uses: actions-rs/cargo@v1
with: with:
command: check name: ci
instance: https://cache.icewind.me
authToken: '${{ secrets.ATTIC_TOKEN }}'
- run: nix build --option system ${{ matrix.machine.platform }}
test:
name: Test Suite
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- uses: actions-rs/cargo@v1
with:
command: test
fmt: build-docker:
name: Rustfmt
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: build
strategy:
matrix:
machine:
- platform: x86_64-linux
- platform: aarch64-linux
steps: steps:
- uses: actions/checkout@v1 - uses: actions/checkout@v4
- uses: actions-rs/toolchain@v1 - if: matrix.machine.platform != 'x86_64-linux'
uses: docker/setup-qemu-action@v3
- uses: cachix/install-nix-action@v26
with: with:
profile: minimal extra_nix_config: |
toolchain: stable extra-platforms = aarch64-linux
override: true - uses: icewind1991/attic-action@v1
- run: rustup component add rustfmt
- uses: actions-rs/cargo@v1
with: with:
command: fmt name: ci
args: --all -- --check instance: https://cache.icewind.me
authToken: '${{ secrets.ATTIC_TOKEN }}'
- run: nix build --option system ${{ matrix.machine.platform }} .#docker
clippy: docker:
name: Clippy
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [build-docker]
steps: steps:
- uses: actions/checkout@v1 - name: Checkout code
- uses: actions-rs/toolchain@v1 uses: actions/checkout@v4
- uses: cachix/install-nix-action@v26
- uses: icewind1991/attic-action@v1
with: with:
profile: minimal name: ci
toolchain: stable instance: https://cache.icewind.me
override: true - run: nix run .#dockerManifest
- run: rustup component add clippy if: github.ref == 'refs/heads/master'
- uses: actions-rs/cargo@v1 env:
with: VERSION: "1.0.0"
command: clippy DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
args: -- -D warnings DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

29
.github/workflows/docker.yaml vendored
View file

@ -1,29 +0,0 @@
name: docker-build
on:
push:
branches:
- 'master'
- 'main'
repository_dispatch:
types: [ build ]
jobs:
docker:
runs-on: ubuntu-20.04
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
push: true
tags: demostf/sync:latest
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}

2
.gitignore vendored
View file

@ -1,2 +1,4 @@
.idea .idea
target target
result
.direnv

22
Dockerfile
View file

@ -1,22 +0,0 @@
FROM ekidd/rust-musl-builder AS build
COPY Cargo.toml Cargo.lock ./
# Build with a dummy main to pre-build dependencies
RUN mkdir src && \
sudo chown -R rust:rust . && \
echo "fn main(){}" > src/main.rs && \
cargo build --release && \
rm -r src
COPY src/ ./src/
RUN sudo chown -R rust:rust . && touch src/main.rs
RUN cargo build --release
FROM scratch
COPY --from=build /home/rust/src/target/x86_64-unknown-linux-musl/release/sync /
EXPOSE 80
CMD ["/sync"]

7
Makefile
View file

@ -1,7 +0,0 @@
all: target/x86_64-unknown-linux-musl/release/sync
target/x86_64-unknown-linux-musl/release/sync: Cargo.toml src/main.rs
docker run --rm -it -v "$(CURDIR):/home/rust/src" ekidd/rust-musl-builder cargo build --release
docker: target/x86_64-unknown-linux-musl/release/sync Dockerfile
docker build --no-cache -t demostf/sync-rs .

19
docker.nix Normal file
View file

@ -0,0 +1,19 @@
{
dockerTools,
demostf-sync,
}:
dockerTools.buildLayeredImage {
name = "demostf/sync";
tag = "latest";
maxLayers = 5;
contents = [
demostf-sync
dockerTools.caCertificates
];
config = {
Cmd = ["sync"];
ExposedPorts = {
"80/tcp" = {};
};
};
}

135
flake.lock generated Normal file
View file

@ -0,0 +1,135 @@
{
"nodes": {
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flocken": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1704105102,
"narHash": "sha256-c4VWO9plhINjQzYPHSKURWgQ2D2q24aI3OIN0MTPjz0=",
"owner": "mirkolenz",
"repo": "flocken",
"rev": "3a846dfca17f989805d9f4177de85c96dc0f8542",
"type": "github"
},
"original": {
"owner": "mirkolenz",
"ref": "v2",
"repo": "flocken",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "release-23.11",
"type": "indirect"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1701253981,
"narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flocken": "flocken",
"nixpkgs": "nixpkgs",
"utils": "utils"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

64
flake.nix Normal file
View file

@ -0,0 +1,64 @@
{
inputs = {
utils.url = "github:numtide/flake-utils";
nixpkgs.url = "nixpkgs/release-23.11";
flocken = {
url = "github:mirkolenz/flocken/v2";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
utils,
flocken,
}:
utils.lib.eachDefaultSystem (system: let
overlays = [
(import ./overlay.nix)
];
pkgs = (import nixpkgs) {
inherit system overlays;
};
inherit (flocken.legacyPackages.${system}) mkDockerManifest;
inherit (builtins) fromTOML readFile;
version = (fromTOML (readFile ./Cargo.toml)).package.version;
in rec {
packages = rec {
sync = pkgs.demostf-sync;
docker = pkgs.demostf-sync-docker;
default = sync;
dockerManifest = mkDockerManifest {
tags = ["latest"];
registries = {
"docker.io" = {
enable = true;
repo = "demostf/sync";
username = "$DOCKERHUB_USERNAME";
password = "$DOCKERHUB_TOKEN";
};
};
inherit version;
images = with self.packages; [x86_64-linux.docker aarch64-linux.docker];
};
};
devShells.default = pkgs.mkShell {
OPENSSL_NO_VENDOR = 1;
nativeBuildInputs = with pkgs; [
cargo
rustc
bacon
cargo-edit
cargo-outdated
clippy
cargo-audit
cargo-watch
pkg-config
openssl
];
};
});
}

4
overlay.nix Normal file
View file

@ -0,0 +1,4 @@
prev: final: {
demostf-sync = final.callPackage ./package.nix {};
demostf-sync-docker = final.callPackage ./docker.nix {};
}

25
package.nix Normal file
View file

@ -0,0 +1,25 @@
{
stdenv,
rustPlatform,
lib,
pkg-config,
openssl,
}: let
inherit (lib.sources) sourceByRegex;
inherit (builtins) fromTOML readFile;
src = sourceByRegex ./. ["Cargo.*" "(src|build|images|script|style|.sqlx)(/.*)?"];
version = (fromTOML (readFile ./Cargo.toml)).package.version;
in
rustPlatform.buildRustPackage rec {
pname = "demostf-sync";
inherit src version;
buildInputs = [openssl];
nativeBuildInputs = [pkg-config];
cargoLock = {
lockFile = ./Cargo.lock;
};
}