diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 985ba70162..6e42201cbf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,67 +39,25 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'pull_request' && github.event.pull_request.merged == false steps: - - - name: Free up disk space - run: | - df -h - sudo rm -rf /opt/hostedtoolcache || true - sudo rm -rf /usr/share/dotnet || true - sudo rm -rf /usr/local/lib/android || true - docker system prune -af || true - df -h - - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v11 - with: - extra-conf: | - experimental-features = nix-command flakes - substituters = https://cache.nixos.org/ - trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= + uses: DeterminateSystems/nix-installer-action@main - - - name: Setup sccache - uses: mozilla-actions/sccache-action@v0.0.9 - - - name: Enable sccache + - name: Install Attic client run: | - echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV - echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV - echo "SCCACHE_CACHE_SIZE=5G" >> $GITHUB_ENV - - - name: Cache sccache - uses: actions/cache@v4 - with: - path: ~/.cache/sccache - key: sccache-${{ runner.os }}-${{ hashFiles('Cargo.lock') }} - restore-keys: | - sccache-${{ runner.os }}- + nix profile install nixpkgs#attic-client - - name: Cache cargo registry - uses: actions/cache@v4 - with: - path: | - ~/.cargo/registry - ~/.cargo/git - key: cargo-registry-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - cargo-registry-${{ runner.os }}- - - - name: Setup Rust cache - uses: Swatinem/rust-cache@v2 - with: - prefix-key: v1 - shared-key: global - cache-all-crates: true - cache-targets: true - cache-bin: true - cache-on-failure: true - workspaces: | - . + - name: Set up Attic cache + env: + ATTIC_ENDPOINT: ${{ secrets.ATTIC_ENDPOINT }} + ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + run: | + attic login --set-default admin "$ATTIC_ENDPOINT" "$ATTIC_TOKEN" + attic use "$ATTIC_CACHE" - name: Acquire AWS credentials uses: aws-actions/configure-aws-credentials@v4 @@ -113,40 +71,43 @@ jobs: registry: ${{ secrets.ECR_REGISTRY_SECRET }} - name: Formatting - run: nix develop --accept-flake-config -c bash -c "cargo fmt --check" + run: nix build .#checks.x86_64-linux.cargoFmt --print-build-logs + + - name: Test + run: nix build .#checks.x86_64-linux.cargoTest --print-build-logs - name: Build (Stable) - run: nix develop --accept-flake-config -c bash -c "cargo build --locked --release" + run: nix build .#partner-chains-demo-node --print-build-logs - - name: sccache stats - if: always() - run: sccache -s || true + - name: Push to Attic cache + env: + ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} + run: | + nix path-info -r .#checks.x86_64-linux.cargoFmt .#checks.x86_64-linux.cargoTest .#partner-chains-demo-node | attic push --stdin "$ATTIC_CACHE" - name: Build chain specs run: | - nix develop --accept-flake-config -c bash -c ' - source ./dev/envs/devnet/.envrc - target/release/partner-chains-demo-node build-spec --chain local --disable-default-bootnode > devnet_chain_spec.json + source ./dev/envs/devnet/.envrc + result/bin/partner-chains-demo-node build-spec --chain local --disable-default-bootnode > devnet_chain_spec.json - source ./dev/envs/ci-preview/.envrc - target/release/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > ci_preview_chain_spec.json + source ./dev/envs/ci-preview/.envrc + result/bin/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > ci_preview_chain_spec.json - source ./dev/envs/staging-preview/.envrc - target/release/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > staging_preview_chain_spec.json - ' + source ./dev/envs/staging-preview/.envrc + result/bin/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > staging_preview_chain_spec.json - name: Build and push docker image run: | - cp target/release/partner-chains-demo-node . - nix develop --accept-flake-config -c bash -c "patchelf --set-interpreter /lib64/ld-linux-x86-64.so.2 partner-chains-demo-node" - docker build -f dev/ci/Dockerfile -t ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ github.sha }} . + nix run .#oci-image.copyToDockerDaemon + SOURCE_IMAGE=$(docker images --filter "reference=partner-chains-demo-node" --format "{{.Repository}}:{{.Tag}}" | head -1) + docker tag "$SOURCE_IMAGE" ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ github.sha }} docker push ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ github.sha }} - name: Upload partner-chains-node artifact uses: actions/upload-artifact@v4 with: name: partner-chains-node-artifact - path: ./partner-chains-demo-node + path: result/bin/partner-chains-demo-node - name: Upload chain spec artifacts uses: actions/upload-artifact@v4 @@ -162,84 +123,40 @@ jobs: if: github.event_name == 'pull_request' && github.event.pull_request.merged == false steps: - - name: Free up disk space - run: | - df -h - sudo rm -rf /opt/hostedtoolcache || true - sudo rm -rf /usr/share/dotnet || true - sudo rm -rf /usr/local/lib/android || true - docker system prune -af || true - df -h - - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v11 - with: - extra-conf: | - experimental-features = nix-command flakes - substituters = https://cache.nixos.org/ - trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= + uses: DeterminateSystems/nix-installer-action@main - - - name: Setup sccache - uses: mozilla-actions/sccache-action@v0.0.9 - - - name: Enable sccache + - name: Install Attic client run: | - echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV - echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV - echo "SCCACHE_CACHE_SIZE=2G" >> $GITHUB_ENV - echo "CARGO_INCREMENTAL=0" >> $GITHUB_ENV - - - name: Cache sccache - uses: actions/cache@v4 - with: - path: ~/.cache/sccache - key: sccache-${{ runner.os }}-${{ hashFiles('Cargo.lock') }} - restore-keys: | - sccache-${{ runner.os }}- + nix profile install nixpkgs#attic-client - - name: Cache cargo registry - uses: actions/cache@v4 - with: - path: | - ~/.cargo/registry - ~/.cargo/git - key: cargo-registry-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - cargo-registry-${{ runner.os }}- - - - name: Setup Rust cache - uses: Swatinem/rust-cache@v2 - with: - prefix-key: v1-nightly - shared-key: global-nightly - cache-all-crates: true - cache-targets: true - cache-bin: true - cache-on-failure: true - workspaces: | - . + - name: Set up Attic cache + env: + ATTIC_ENDPOINT: ${{ secrets.ATTIC_ENDPOINT }} + ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + run: | + attic login --set-default admin "$ATTIC_ENDPOINT" "$ATTIC_TOKEN" + attic use "$ATTIC_CACHE" - name: Build (Nightly) - env: - WASM_BUILD_WORKSPACE_HINT: ${{ github.workspace }} - run: nix develop --accept-flake-config -c bash -c "RUSTUP_TOOLCHAIN=nightly cargo build --locked --release" + run: nix build .#partner-chains-demo-node-nightly --print-build-logs - name: Test (Nightly) - env: - WASM_BUILD_WORKSPACE_HINT: ${{ github.workspace }} - run: nix develop --accept-flake-config -c bash -c "RUSTUP_TOOLCHAIN=nightly cargo test --locked --release --all-features" + run: nix build .#checks.x86_64-linux.cargoTestNightly --print-build-logs - name: Lint (Nightly) - run: nix develop --accept-flake-config -c bash -c "RUSTUP_TOOLCHAIN=nightly RUSTFLAGS=-Dwarnings cargo clippy --locked --all-features" + run: nix build .#checks.x86_64-linux.cargoClippyNightly --print-build-logs - - name: sccache stats - if: always() - run: sccache -s || true + - name: Push to Attic cache + env: + ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} + run: | + nix path-info -r .#partner-chains-demo-node-nightly .#checks.x86_64-linux.cargoTestNightly .#checks.x86_64-linux.cargoClippyNightly | attic push --stdin "$ATTIC_CACHE" local-env: if: github.event_name == 'pull_request' && github.event.pull_request.merged == false @@ -343,52 +260,20 @@ jobs: run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v11 - with: - extra-conf: | - experimental-features = nix-command flakes - substituters = https://cache.nixos.org/ - trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= - + uses: DeterminateSystems/nix-installer-action@main - - name: Setup sccache - uses: mozilla-actions/sccache-action@v0.0.9 - - - name: Enable sccache + - name: Install Attic client run: | - echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV - echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV - echo "SCCACHE_CACHE_SIZE=5G" >> $GITHUB_ENV - - - name: Cache sccache - uses: actions/cache@v4 - with: - path: ~/.cache/sccache - key: sccache-${{ runner.os }}-${{ hashFiles('Cargo.lock') }} - restore-keys: | - sccache-${{ runner.os }}- + nix profile install nixpkgs#attic-client - - name: Cache cargo registry - uses: actions/cache@v4 - with: - path: | - ~/.cargo/registry - ~/.cargo/git - key: cargo-registry-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - cargo-registry-${{ runner.os }}- - - - name: Setup Rust cache - uses: Swatinem/rust-cache@v2 - with: - prefix-key: v1 - shared-key: global - cache-all-crates: true - cache-targets: true - cache-bin: true - cache-on-failure: true - workspaces: | - . + - name: Set up Attic cache + env: + ATTIC_ENDPOINT: ${{ secrets.ATTIC_ENDPOINT }} + ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + run: | + attic login --set-default admin "$ATTIC_ENDPOINT" "$ATTIC_TOKEN" + attic use "$ATTIC_CACHE" - name: Acquire AWS credentials uses: aws-actions/configure-aws-credentials@v4 @@ -409,39 +294,39 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build - run: nix develop --accept-flake-config -c bash -c "cargo build --locked --profile=release" + run: nix build .#partner-chains-demo-node --print-build-logs - - name: sccache stats - if: always() - run: sccache -s || true + - name: Push to Attic cache + env: + ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} + run: | + nix path-info -r .#partner-chains-demo-node | attic push --stdin "$ATTIC_CACHE" - name: Build chain specs run: | - nix develop --accept-flake-config -c bash -c ' - source ./dev/envs/devnet/.envrc - target/release/partner-chains-demo-node build-spec --chain local --disable-default-bootnode > devnet_chain_spec.json + source ./dev/envs/devnet/.envrc + result/bin/partner-chains-demo-node build-spec --chain local --disable-default-bootnode > devnet_chain_spec.json - source ./dev/envs/ci-preview/.envrc - target/release/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > ci_preview_chain_spec.json + source ./dev/envs/ci-preview/.envrc + result/bin/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > ci_preview_chain_spec.json - source ./dev/envs/staging-preview/.envrc - target/release/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > staging_preview_chain_spec.json - ' + source ./dev/envs/staging-preview/.envrc + result/bin/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > staging_preview_chain_spec.json - name: Build and push docker image run: | - cp target/release/partner-chains-demo-node . - nix develop --accept-flake-config -c bash -c "patchelf --set-interpreter /lib64/ld-linux-x86-64.so.2 partner-chains-demo-node" - docker build -f dev/ci/Dockerfile -t ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ steps.get_sha.outputs.sha }} . - docker tag ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ steps.get_sha.outputs.sha }} ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:latest - docker tag ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ steps.get_sha.outputs.sha }} ghcr.io/${{ github.repository }}/partner-chains-node-unstable:latest + nix run .#oci-image.copyToDockerDaemon + SOURCE_IMAGE=$(docker images --filter "reference=partner-chains-demo-node" --format "{{.Repository}}:{{.Tag}}" | head -1) + docker tag "$SOURCE_IMAGE" ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ steps.get_sha.outputs.sha }} + docker tag "$SOURCE_IMAGE" ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:latest + docker tag "$SOURCE_IMAGE" ghcr.io/${{ github.repository }}/partner-chains-node-unstable:latest docker push ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ steps.get_sha.outputs.sha }} docker push ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:latest docker push ghcr.io/${{ github.repository }}/partner-chains-node-unstable:latest - name: Rename artifact run: | - cp ./partner-chains-demo-node partner-chains-node-${{ steps.get_sha.outputs.sha }}-x86_64-linux + cp result/bin/partner-chains-demo-node partner-chains-node-${{ steps.get_sha.outputs.sha }}-x86_64-linux chmod +x ./partner-chains-node-${{ steps.get_sha.outputs.sha }}-x86_64-linux cp ./partner-chains-node-${{ steps.get_sha.outputs.sha }}-x86_64-linux partner-chains-node-binary @@ -623,52 +508,20 @@ jobs: ref: ${{ inputs.sha }} - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v11 - with: - extra-conf: | - experimental-features = nix-command flakes - substituters = https://cache.nixos.org/ - trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= + uses: DeterminateSystems/nix-installer-action@main - - - name: Setup sccache - uses: mozilla-actions/sccache-action@v0.0.9 - - - name: Enable sccache + - name: Install Attic client run: | - echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV - echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV - echo "SCCACHE_CACHE_SIZE=5G" >> $GITHUB_ENV - - - name: Cache sccache - uses: actions/cache@v4 - with: - path: ~/.cache/sccache - key: sccache-${{ runner.os }}-${{ hashFiles('Cargo.lock') }} - restore-keys: | - sccache-${{ runner.os }}- + nix profile install nixpkgs#attic-client - - name: Cache cargo registry - uses: actions/cache@v4 - with: - path: | - ~/.cargo/registry - ~/.cargo/git - key: cargo-registry-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - cargo-registry-${{ runner.os }}- - - - name: Setup Rust cache - uses: Swatinem/rust-cache@v2 - with: - prefix-key: v1 - shared-key: global - cache-all-crates: true - cache-targets: true - cache-bin: true - cache-on-failure: true - workspaces: | - . + - name: Set up Attic cache + env: + ATTIC_ENDPOINT: ${{ secrets.ATTIC_ENDPOINT }} + ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + run: | + attic login --set-default admin "$ATTIC_ENDPOINT" "$ATTIC_TOKEN" + attic use "$ATTIC_CACHE" - name: Acquire AWS credentials uses: aws-actions/configure-aws-credentials@v4 @@ -682,21 +535,23 @@ jobs: registry: ${{ secrets.ECR_REGISTRY_SECRET }} - name: Formatting - run: nix develop --accept-flake-config -c bash -c "cargo fmt --check" + run: nix build .#checks.x86_64-linux.cargoFmt --print-build-logs + + - name: Test + run: nix build .#checks.x86_64-linux.cargoTest --print-build-logs - name: Build - run: nix develop --accept-flake-config -c bash -c "cargo build --locked --release" + run: nix build .#partner-chains-demo-node --print-build-logs - - name: Test - run: nix develop --accept-flake-config -c bash -c "cargo test --locked --release --all-features" + - name: Push to Attic cache + env: + ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} + run: | + nix path-info -r .#checks.x86_64-linux.cargoFmt .#checks.x86_64-linux.cargoTest .#partner-chains-demo-node | attic push --stdin "$ATTIC_CACHE" - name: Lint run: nix develop --accept-flake-config -c bash -c "RUSTFLAGS=-Dwarnings cargo clippy --locked --release --all-features" - - name: sccache stats - if: always() - run: sccache -s || true - #- name: Run cargo-deny to check licenses # uses: EmbarkStudios/cargo-deny-action@v1 # with: @@ -704,28 +559,26 @@ jobs: - name: Build chain specs run: | - nix develop --accept-flake-config -c bash -c ' - source ./dev/envs/devnet/.envrc - target/release/partner-chains-demo-node build-spec --chain local --disable-default-bootnode > devnet_chain_spec.json + source ./dev/envs/devnet/.envrc + result/bin/partner-chains-demo-node build-spec --chain local --disable-default-bootnode > devnet_chain_spec.json - source ./dev/envs/ci-preview/.envrc - target/release/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > ci_preview_chain_spec.json + source ./dev/envs/ci-preview/.envrc + result/bin/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > ci_preview_chain_spec.json - source ./dev/envs/staging-preview/.envrc - target/release/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > staging_preview_chain_spec.json - ' + source ./dev/envs/staging-preview/.envrc + result/bin/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > staging_preview_chain_spec.json - name: Build and push docker image run: | - cp target/release/partner-chains-demo-node . - nix develop --accept-flake-config -c bash -c "patchelf --set-interpreter /lib64/ld-linux-x86-64.so.2 partner-chains-demo-node" - docker build -f dev/ci/Dockerfile -t ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ inputs.sha }} . + nix run .#oci-image.copyToDockerDaemon + SOURCE_IMAGE=$(docker images --filter "reference=partner-chains-demo-node" --format "{{.Repository}}:{{.Tag}}" | head -1) + docker tag "$SOURCE_IMAGE" ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ inputs.sha }} docker push ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ inputs.sha }} - name: Rename and prepare artifact for workflow dispatch run: | ARTIFACT_NAME="partner-chains-node-${{ inputs.sha }}-x86_64-linux" - cp ./partner-chains-demo-node "$ARTIFACT_NAME" + cp result/bin/partner-chains-demo-node "$ARTIFACT_NAME" chmod +x "$ARTIFACT_NAME" shell: bash diff --git a/demo/node/build.rs b/demo/node/build.rs index e3bfe3116b..3abc2a26ff 100644 --- a/demo/node/build.rs +++ b/demo/node/build.rs @@ -1,5 +1,5 @@ use substrate_build_script_utils::{generate_cargo_keys, rerun_if_git_head_changed}; - +// bump 2 fn main() { generate_cargo_keys(); diff --git a/flake.lock b/flake.lock index cbb431a1d8..c61b3105f3 100644 --- a/flake.lock +++ b/flake.lock @@ -1,19 +1,17 @@ { "nodes": { - "cardano-node": { - "flake": false, + "crane": { "locked": { - "lastModified": 1736202991, - "narHash": "sha256-Oys38YkpSpB48/H2NseP9kTWXm92a7kjAZtdnorcIEY=", - "owner": "IntersectMBO", - "repo": "cardano-node", - "rev": "1f63dbf2ab39e0b32bf6901dc203866d3e37de08", + "lastModified": 1752625801, + "narHash": "sha256-T1XWEFfw+iNrvlRczZS4BkaZJ5W3Z2Xp+31P2IShJj8=", + "owner": "ipetkov", + "repo": "crane", + "rev": "471f8cd756349f4e86784ea10fdc9ccb91711fca", "type": "github" }, "original": { - "owner": "IntersectMBO", - "ref": "10.1.4", - "repo": "cardano-node", + "owner": "ipetkov", + "repo": "crane", "type": "github" } }, @@ -25,11 +23,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1740378829, - "narHash": "sha256-cwmm7F73aQFJY6YN1roNibNKwxT6FlfXkG3MEbpSp7Q=", + "lastModified": 1763448288, + "narHash": "sha256-gW/dY5WRlAxyxgYuyrTdjLDgpXr4/Mdu+pQoZRpSTGo=", "owner": "nix-community", "repo": "fenix", - "rev": "92823f1b0c919d7e2d806956aaf98e90f3761ab7", + "rev": "da5cda85b3a63baab8018ff647fb2dbe5030a2d0", "type": "github" }, "original": { @@ -38,23 +36,6 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1647532380, - "narHash": "sha256-wswAxyO8AJTH7d5oU8VK82yBCpqwA+p6kLgpb1f1PAY=", - "owner": "input-output-hk", - "repo": "flake-compat", - "rev": "7da118186435255a30b5ffeabba9629c344c0bec", - "type": "github" - }, - "original": { - "owner": "input-output-hk", - "ref": "fixes", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -73,6 +54,26 @@ "type": "github" } }, + "n2c": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1761716996, + "narHash": "sha256-vdOuy2pid2/DasUgb08lDOswdPJkN5qjXfBYItVy/R4=", + "owner": "nlewo", + "repo": "nix2container", + "rev": "e5496ab66e9de9e3f67dc06f692dfbc471b6316e", + "type": "github" + }, + "original": { + "owner": "nlewo", + "repo": "nix2container", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1739866667, @@ -91,21 +92,21 @@ }, "root": { "inputs": { - "cardano-node": "cardano-node", + "crane": "crane", "fenix": "fenix", - "flake-compat": "flake-compat", "flake-utils": "flake-utils", + "n2c": "n2c", "nixpkgs": "nixpkgs" } }, "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1740329432, - "narHash": "sha256-eKQ7aBkNvF5AhUpyJ1cW450jxomZ4gTIaYir5qsNl7Y=", + "lastModified": 1762860488, + "narHash": "sha256-rMfWMCOo/pPefM2We0iMBLi2kLBAnYoB9thi4qS7uk4=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "6d68c475c7aaf7534251182662456a4bf4216dfe", + "rev": "2efc80078029894eec0699f62ec8d5c1a56af763", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5a06fab7f0..3f9ffebb8c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,8 +1,10 @@ { - description = "Your devShell environment using flake-utils"; + description = "Partner Chains - A Substrate-based blockchain with Cardano integration"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + + crane.url = "github:ipetkov/crane"; fenix = { url = "github:nix-community/fenix"; @@ -11,93 +13,248 @@ flake-utils.url = "github:numtide/flake-utils"; - cardano-node = { - url = "github:IntersectMBO/cardano-node/10.1.4"; - flake = false; - }; - - flake-compat = { - url = "github:input-output-hk/flake-compat/fixes"; - flake = false; + n2c = { + url = "github:nlewo/nix2container"; + inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = - { - nixpkgs, - fenix, - flake-utils, - ... - }: - flake-utils.lib.eachDefaultSystem ( - system: + outputs = { self, nixpkgs, crane, fenix, flake-utils, n2c, ... }: + flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; config.allowUnfree = true; }; + rustToolchain = fenix.packages.${system}.fromToolchainFile { + #dir = ./.; file = ./rust-toolchain.toml; sha256 = "SJwZ8g0zF2WrKDVmHrVG3pD2RGoQeo24MEXnNx5FyuI="; }; - isLinux = pkgs.stdenv.isLinux; - isDarwin = pkgs.stdenv.isDarwin; - in - { - devShells.default = pkgs.mkShell { - packages = - with pkgs; - [ - awscli2 - bashInteractive - cargo-edit - cargo-license - coreutils - docker-compose - earthly - gawk - gnumake - kubectl - libiconv - nixfmt-rfc-style - openssl - patchelf - pkg-config - protobuf - python312 - python312Packages.pip - python312Packages.virtualenv - rustToolchain - sops - xxd - ] - ++ (if isDarwin then [ pkgs.darwin.apple_sdk.frameworks.SystemConfiguration ] else [ pkgs.clang ]); - - shellHook = '' - export RUST_SRC_PATH="${rustToolchain}/lib/rustlib/src/rust/library" - export LIBCLANG_PATH="${pkgs.libclang.lib}/lib" - export LD_LIBRARY_PATH="${ - pkgs.lib.makeLibraryPath [ - rustToolchain - pkgs.libz - pkgs.stdenv.cc.cc - ] - }" - - export OPENSSL_NO_VENDOR=1 - export OPENSSL_DIR="${pkgs.openssl.dev}" - export OPENSSL_INCLUDE_DIR="${pkgs.openssl.dev}/include" - export OPENSSL_LIB_DIR="${pkgs.openssl.out}/lib" - - export PYTHONNOUSERSITE=1 - export CRATE_CC_NO_DEFAULTS=1 - ${if isLinux then "export CFLAGS=-DJEMALLOC_STRERROR_R_RETURNS_CHAR_WITH_GNU_SOURCE" else ""} - ''; + rustToolchainNightly = fenix.packages.${system}.combine [ + fenix.packages.${system}.complete.toolchain + fenix.packages.${system}.targets.wasm32-unknown-unknown.latest.rust-std + ]; + + craneLib = (crane.mkLib pkgs).overrideToolchain rustToolchain; + craneLibNightly = (crane.mkLib pkgs).overrideToolchain rustToolchainNightly; + + shellEnv = { + CC_ENABLE_DEBUG_OUTPUT = "1"; + CRATE_CC_NO_DEFAULTS = 1; + LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath [ + rustToolchain + pkgs.stdenv.cc.cc + pkgs.libz + pkgs.clang + ]; + + BINDGEN_EXTRA_CLANG_ARGS = if pkgs.lib.hasSuffix "linux" system + then "-I${pkgs.glibc.dev}/include -I${pkgs.clang.cc.lib}/lib/clang/19/include" + else ""; + LIBCLANG_PATH = "${pkgs.clang.cc.lib}/lib"; + + CFLAGS = if pkgs.lib.hasSuffix "linux" system then + "-DJEMALLOC_STRERROR_R_RETURNS_CHAR_WITH_GNU_SOURCE" + else + ""; + + PROTOC = "${pkgs.protobuf}/bin/protoc"; + #C_INCLUDE_PATH = "${pkgs.clang.cc.lib}/lib/clang/19/include"; + + OPENSSL_NO_VENDOR = 1; + OPENSSL_DIR = "${pkgs.openssl.dev}"; + OPENSSL_INCLUDE_DIR = "${pkgs.openssl.dev}/include"; + OPENSSL_LIB_DIR = "${pkgs.openssl.out}/lib"; + + RUSTFLAGS = pkgs.lib.optionalString pkgs.stdenv.hostPlatform.isDarwin + "--cfg unwinding_backport --cfg unwinding_apple"; + }; + + # Common build inputs for all targets + commonArgs = { + pname = "partner-chains-demo-node"; + # Clean the project directory so that the nix hash + # doesn't change when unrelated files to builds update + src = let + jsonFilter = path: _type: builtins.match ".*\\.json$" path != null; + combinedFilter = path: type: + (craneLib.filterCargoSources path type) || + (jsonFilter path type); + in pkgs.lib.cleanSourceWith { + src = self; + filter = combinedFilter; + name = "source"; + }; + + buildInputs = with pkgs; [ + openssl + libclang.lib + stdenv.cc.cc.lib + ] ++ pkgs.lib.optionals pkgs.stdenv.hostPlatform.isLinux [ + pkgs.rust-jemalloc-sys-unprefixed + ] ++ pkgs.lib.optionals pkgs.stdenv.hostPlatform.isDarwin [ + pkgs.darwin.apple_sdk.frameworks.SystemConfiguration + pkgs.darwin.apple_sdk.frameworks.Security + ]; + + nativeBuildInputs = with pkgs; [ + pkg-config + protobuf + llvmPackages.lld + autoPatchelfHook + ]; + + doCheck = false; + } // shellEnv; + + cargoVendorDir = craneLib.vendorCargoDeps { + inherit (commonArgs) src; + # Remove fixture and example directories from Polkadot SDK, don't want them vendored/checked + # https://github.com/paritytech/polkadot-sdk/blob/polkadot-stable2412-1/.github/workflows/checks-quick.yml#L91-L97 + overrideVendorGitCheckout = let + isPolkadotSdk = p: pkgs.lib.hasPrefix "git+https://github.com/paritytech/polkadot-sdk.git" p.source; + in ps: drv: + if pkgs.lib.any (p: isPolkadotSdk p) ps then + drv.overrideAttrs { + postPatch = '' + rm -rf substrate/frame/contracts/fixtures/build || true + rm -rf substrate/frame/contracts/fixtures/contracts/common || true + rm -rf substrate/primitives/state-machine/fuzz || true + ''; + } + else + drv; + }; + # Build the workspace dependencies separately + cargoArtifacts = craneLib.buildDepsOnly (commonArgs // { + inherit cargoVendorDir; + }); + + partner-chains-demo-node = craneLib.buildPackage (commonArgs // { + pname = "partner-chains-demo-node"; + version = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).workspace.package.version; + inherit cargoArtifacts; + + # Git commit hash for partner-chains CLI --version flag + SUBSTRATE_CLI_GIT_COMMIT_HASH = "dev"; # self.dirtyShortRev or self.shortRev; + }); + + cargoTest = craneLib.cargoTest (commonArgs // { + inherit cargoArtifacts; + }); + + cargoClippy = craneLib.cargoClippy (commonArgs // { + inherit cargoArtifacts; + }); + + cargoFmt = craneLib.cargoFmt { + inherit (commonArgs) pname src; + }; + + # Nightly builds + cargoVendorDirNightly = craneLibNightly.vendorCargoDeps { + inherit (commonArgs) src; + overrideVendorGitCheckout = let + isPolkadotSdk = p: pkgs.lib.hasPrefix "git+https://github.com/paritytech/polkadot-sdk.git" p.source; + in ps: drv: + if pkgs.lib.any (p: isPolkadotSdk p) ps then + drv.overrideAttrs { + postPatch = '' + rm -rf substrate/frame/contracts/fixtures/build || true + rm -rf substrate/frame/contracts/fixtures/contracts/common || true + rm -rf substrate/primitives/state-machine/fuzz || true + ''; + } + else + drv; }; + + cargoArtifactsNightly = craneLibNightly.buildDepsOnly (commonArgs // { + cargoVendorDir = cargoVendorDirNightly; + }); + + partner-chains-demo-node-nightly = craneLibNightly.buildPackage (commonArgs // { + pname = "partner-chains-demo-node-nightly"; + version = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).workspace.package.version; + cargoArtifacts = cargoArtifactsNightly; + SUBSTRATE_CLI_GIT_COMMIT_HASH = "dev"; + }); + + cargoTestNightly = craneLibNightly.cargoTest (commonArgs // { + cargoArtifacts = cargoArtifactsNightly; + }); + + cargoClippyNightly = craneLibNightly.cargoClippy (commonArgs // { + cargoArtifacts = cargoArtifactsNightly; + }); + + devShell = craneLib.devShell ({ + name = "partner-chains-demo-node-shell"; + # Inherit inputs from other build artifacts + inputsFrom = [ partner-chains-demo-node ]; + + # Extra packages for the dev shell + packages = with pkgs; [ + attic-client + awscli2 + bashInteractive + cargo-edit + cargo-license + coreutils + docker-compose + gawk + gnumake + kubectl + libiconv + nixfmt-rfc-style + openssl + patchelf + pkg-config + protobuf + python312 + python312Packages.pip + python312Packages.virtualenv + rustToolchain + sops + xxd + ] ++ (if pkgs.stdenv.hostPlatform.isDarwin then + [ pkgs.darwin.apple_sdk.frameworks.SystemConfiguration ] + else + [pkgs.clang]); + } // shellEnv); + + in { # Main flake outputs section + checks = { + # Build the crate as part of `nix flake check' + inherit partner-chains-demo-node cargoTest cargoFmt devShell; + inherit partner-chains-demo-node-nightly cargoTestNightly cargoClippyNightly; + }; + + packages = { + inherit partner-chains-demo-node partner-chains-demo-node-nightly; + default = partner-chains-demo-node; + oci-image = n2c.packages.${system}.nix2container.buildImage { + name = "partner-chains-demo-node"; + config = { + Entrypoint = [ "${partner-chains-demo-node}/bin/partner-chains-demo-node" ]; + Expose = [ + "30333/tcp" + "9615/tcp" + "9933/tcp" + "9944/tcp" + ]; + Volumes = { "/data" = {}; }; + }; + }; + }; + + devShells.default = devShell; + formatter = pkgs.nixfmt-rfc-style; - } - ); + }); nixConfig = { allow-import-from-derivation = true; @@ -105,12 +262,12 @@ extra-substituters = [ "https://nix-community.cachix.org" "https://cache.iog.io" - "https://cache.sc.iog.io" + "https://ci.sc.iog.io/partner-chains" ]; extra-trusted-public-keys = [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cache.sc.iog.io:b4YIcBabCEVKrLQgGW8Fylz4W8IvvfzRc+hy0idqrWU=" + "partner-chains:j9StpxUY/znqFqaevhQRxCH4Hi0F4rCGXDiUSjz+kew=" ]; }; }