Fix several problems with the nix setup. (#546)

rolfschr · web-flow · commit a0a733a302cc · 2021-09-11T10:34:01.000+05:30
* Fix several problems with the nix setup.

Signed-off-by: Rolf Schröder &lt;rolf.schr@gmail.com&gt;
diff --git a/etc/nix/flake.nix b/etc/nix/flake.nix
@@ -61,30 +61,40 @@
           pypiDataSha256 =
             "0499zl39aia74f0i7fkn5dsy8244dkmcw4vzd5nf4kai605j2jli";
         });
+      # This wrapper allows to setup both the production as well as the
+      # development Python environments in the same way (albeit having
+      # different requirements.txt).
+      getPythonEnv = system: requirements:
+        machnixFor.${system}.mkPython {
+          requirements = ''
+            ${requirements}
+          '';
+          # Fix an issue with an upstream dep of GitPython.
+          # https://github.com/DavHau/mach-nix/issues/287
+          # See https://github.com/DavHau/mach-nix/issues/318
+          _.gitpython.propagatedBuildInputs.mod = pySelf: self: oldVal:
+            oldVal ++ [ pySelf.typing-extensions ];
+        };
 
     in {
 
       # A Nixpkgs overlay.
       overlay = final: prev:
         with final.pkgs; {
 
-          pythonEnv = machnixFor.${system}.mkPython {
-            requirements = ''
-              ${requirements}
-            '';
-          };
+          pythonEnv = getPythonEnv system requirements;
 
           vulnerablecode = stdenv.mkDerivation {
             inherit version;
             name = "vulnerablecode-${version}";
             src = vulnerablecode-src;
-            dontConfigure = true; # do not use ./configure
+            dontBuild = true; # do not use Makefile
             propagatedBuildInputs = [ pythonEnv postgresql gitMinimal ];
 
             postPatch = ''
-              # Make sure the pycodestyle binary in $PATH is used.
-              substituteInPlace vulnerabilities/tests/test_basics.py \
-                --replace 'join(bin_dir, "pycodestyle")' '"pycodestyle"'
+              # Do not use absolute path.
+              substituteInPlace vulnerablecode/settings.py \
+                --replace 'STATIC_ROOT = "/var/vulnerablecode/static"' 'STATIC_ROOT = "./static"'
             '';
 
             installPhase = ''
@@ -117,12 +127,10 @@
       # Tests run by 'nix flake check' and by Hydra.
       checks = forAllSystems (system:
         let
-          pythonEnvDev = machnixFor.${system}.mkPython {
-            requirements = ''
-              ${requirements}
-              ${requirementsDev}
-            '';
-          };
+          pythonEnvDev = getPythonEnv system ''
+            ${requirements}
+            ${requirementsDev}
+          '';
 
         in {
           inherit (self.packages.${system}) vulnerablecode;
@@ -138,6 +146,8 @@
               buildPhase = ''
                 source ${libSh}
                 initPostgres $(pwd)
+                export SECRET_KEY=REALLY_SECRET
+                ${vulnerablecode}/manage.py collectstatic --no-input
                 ${vulnerablecode}/manage.py migrate
               '';
 
diff --git a/etc/nix/test-import-using-nix.sh b/etc/nix/test-import-using-nix.sh
@@ -10,6 +10,7 @@ THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 DEFAULT_INSTALL_DIR=$VULNERABLECODE_INSTALL_DIR # in the Nix store, see flake.nix
 INSTALL_DIR=${INSTALL_DIR:-$DEFAULT_INSTALL_DIR}
 ARGS=$(if [ $# -eq 0 ]; then echo "--all"; else echo "$@"; fi)
+export SECRET_KEY=REALLY_SECRET
 TEMPDIR=$(mktemp -d -p "$THIS_DIR")
 export TEMPDIR
 
@@ -25,4 +26,5 @@ trap cleanup EXIT
 initPostgres "$TEMPDIR"
 
 "$INSTALL_DIR/manage.py" migrate
+"$INSTALL_DIR/manage.py" collectstatic --no-input
 "$INSTALL_DIR/manage.py" import $ARGS
