Skip to content

The Nix pipelines #1573

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

The Nix pipelines #1573

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
8c71204
crane: init
Sk7Str1p3 May 4, 2025
7928e44
direnv: init
Sk7Str1p3 May 4, 2025
0211e90
workflow: attempt on automatic flake update
Sk7Str1p3 May 4, 2025
77afd70
flake: fixes
Sk7Str1p3 May 4, 2025
f2b9f7b
flake: binary caches
Sk7Str1p3 May 4, 2025
b7d3fe6
crane: additionals init
Sk7Str1p3 May 4, 2025
7d29e15
flake: fmt, comments, renames
Sk7Str1p3 Jun 2, 2025
5eda373
flake: fix packages
Sk7Str1p3 Jun 2, 2025
575e04c
onefetch-image: make clippy happy
Sk7Str1p3 Jun 2, 2025
6f6e2a3
onefetch-image: make clippy unhappy again((
Sk7Str1p3 Jun 3, 2025
8241a02
taplo: detailed configuration
Sk7Str1p3 Jun 3, 2025
c2ae2b3
taplo: disable CRLF
Sk7Str1p3 Jun 4, 2025
5586b14
flake: sources filter
Sk7Str1p3 Jun 4, 2025
2827fe6
flake: set default CARGO_PROFILE to "dev"
Sk7Str1p3 Jun 4, 2025
7607154
taplo: remove odd comment
Sk7Str1p3 Jun 5, 2025
5c33e8a
nix: treefmt formatter
Sk7Str1p3 Jun 5, 2025
15759b6
toml: fmt
Sk7Str1p3 Jun 5, 2025
ac320ca
flake update
Sk7Str1p3 Jun 5, 2025
1a6f4d9
workflow: implement flake.lock automatic update
Sk7Str1p3 Jun 6, 2025
e32a721
Merge branch 'main' into feat/crane
Sk7Str1p3 Jun 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .cargo/audit.toml
View file
Open in desktop
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't work in the sandbox

What happens in the sandbox? Does it fail to send HTTP requests to crates.io?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did not checked (this is crane generated defaults) but I suppose yes it fails

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it. Makes sense if this file was generated by some tool.

But I don't think we'd want to disable audits for yanked crates just because a dev tool doesn't work well with it.

Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Doesn't work in the sandbox
[yanked]
enabled = false # Warn for yanked crates in Cargo.lock (default: true)
update_index = false # Auto-update the crates.io index (default: true)
1 change: 1 addition & 0 deletions .envrc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
use flake
24 changes: 24 additions & 0 deletions .github/flake.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: update-flake-lock

on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '0 0 * * 0' # runs weekly on Sunday at 00:00

jobs:
lockfile:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Determinate Nix
uses: DeterminateSystems/nix-installer-action@main
with:
determinate: true
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@main
with:
pr-title: "Update flake.lock" # Title of PR to be created
pr-labels: | # Labels to be set on the PR
dependencies
automated
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
/stage
/parts
/prime
.direnv
.gitignore.swp
.DS_Store
result
Expand Down
2 changes: 2 additions & 0 deletions deny.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
[licenses]
allow = ["MIT"]
94 changes: 94 additions & 0 deletions flake.lock
View file
Open in desktop
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll have to research flake later, but could you discuss the pros of tracking the lock file in the repository?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same pros of tracking cargo.lock in repository - to be sure the shell will be SAME, and to be sure it is going to behave same way anywhere.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose the question is: do we need that amount of consistency? Or can we trust that the requirements and constraints in flake.nix are most likely good enough?

Continuing with the comparison to Cargo.lock, there are many times where you don't commit that lock file, because you don't need to use exact versions. This is common when authoring libraries, for example.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not including it would null most of nix's benefits. I have yet to find a single nix flake without its respective lockfile attached.

Just my 2cts here. :)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, that makes sense. But I believe having to regularly update the lock file was part of the reason that the initial attempt was reverted (#1549 (comment)).

I'm guessing that these benefits are being able to create a reproducible environment? IMO that's not always the highest priority -- our devcontainer config isn't that strict, for example (actually I think it's a bit too strict right now). Sometimes ease of setup, with the assumption that a well-functioning environment will be built, is enough.

Copy link
Contributor Author

@Sk7Str1p3 Sk7Str1p3 Jun 5, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's why I added workflow updating flake.lock regularly (exactly, once in a week).

Although now I realized I didn't check it yet and don't really know how do I do that 😅.

I'm doing some research right now.

Also, (I didn't checked yet, but) I believe nix would refuse to work with flake.lock in .gitignore

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

170 changes: 170 additions & 0 deletions flake.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,170 @@
{
description = ''
Git repository summary on your terminal
'';

inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
crane.url = "github:ipetkov/crane";
flake-utils.url = "github:numtide/flake-utils";

advisory-db = {
url = "github:rustsec/advisory-db";
flake = false;
};
};

outputs =
{
self,
nixpkgs,
crane,
flake-utils,
advisory-db,
...
}:
flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = nixpkgs.legacyPackages.${system};

inherit (pkgs) lib;

craneLib = crane.mkLib pkgs;
src = ./.;

# Common arguments can be set here to avoid repeating them later
common = {
inherit src;
strictDeps = true;

# Bunch of libraries required for package proper work
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# Bunch of libraries required for package proper work
# Bunch of libraries required for package to properly work

buildInputs =
with pkgs;
[
# package dependencies
zstd
]
++ lib.optionals pkgs.stdenv.isDarwin (
with pkgs;
[
# additional dependencies on Darwin systems
CoreFoundation
libresolv
Security
]
);
# Software required for project build
nativeBuildInputs = with pkgs; [
cmake
pkg-config
];
# Tools required for checks
nativeCheckInputs = with pkgs; [ git ];

# Additional environment variables can be set directly
# MY_CUSTOM_VAR = "some value";
};

# Build dependencies only, so we will be able to reuse them further
cargoArtifacts = craneLib.buildDepsOnly common;

# Build the actual crate itself, reusing the dependency
# artifacts from above.
build = craneLib.buildPackage (common // { inherit cargoArtifacts; });
in
{
checks = {
# Build the crate as part of `nix flake check` for convenience
inherit build;

# Run clippy (and deny all warnings) on the crate source,
# again, reusing the dependency artifacts from above.
clippy = craneLib.cargoClippy (
common
// {
inherit cargoArtifacts;
cargoClippyExtraArgs = "--all-targets -- --deny warnings";
}
);

doc = craneLib.cargoDoc (common // { inherit cargoArtifacts; });

# Check formatting
fmt = craneLib.cargoFmt { inherit src; };

tomlFmt = craneLib.taploFmt {
src = pkgs.lib.sources.sourceFilesBySuffices src [ ".toml" ];
# taplo arguments can be further customized below as needed
# taploExtraArgs = "--config ./taplo.toml";
Copy link
Preview

Copilot AI Jul 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The commented taplo configuration line references './taplo.toml' but the actual taplo.toml file exists at the project root. This should be uncommented and the path corrected to just 'taplo.toml' or removed if not needed.

Suggested change
# taploExtraArgs = "--config ./taplo.toml";
taploExtraArgs = "--config taplo.toml";

Copilot uses AI. Check for mistakes.

};

# Audit dependencies
audit = craneLib.cargoAudit { inherit src advisory-db; };

# Audit licenses
deny = craneLib.cargoDeny { inherit src; };

# Run tests with cargo-nextest
# Consider setting `doCheck = false` on `my-crate` if you do not want
# the tests to run twice
nextest = craneLib.cargoNextest (
common
// {
inherit cargoArtifacts;
partitions = 1;
partitionType = "count";
cargoNextestPartitionsExtraArgs = "--no-tests=pass";
}
);
};

packages = rec {
onefetch-debug = craneLib.buildPackage (
common
// {
inherit cargoArtifacts;
doCheck = false;
CARGO_PROFILE = "dev";
}
);
onefetch = craneLib.buildPackage (
common
// {
inherit cargoArtifacts;
doCheck = false;
}
);
default = onefetch-debug;
};

apps.default = flake-utils.lib.mkApp { drv = build; };

devShells.default = craneLib.devShell {
# Inherit inputs from checks.
checks = self.checks.${system};

# Additional dev-shell environment variables can be set directly
# MY_CUSTOM_DEVELOPMENT_VAR = "something else";

# Extra inputs can be added here; cargo and rustc are provided by default.
packages = with pkgs; [
# pkgs.ripgrep
nixd
nixfmt-rfc-style
];
};
}
);
# Sets substituters to avoid locally building something already built
nixConfig = {
extra-substituters = [
"https://crane.cachix.org"
"https://cache.garnix.io"
];
extra-trusted-public-keys = [
"crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
];
};
}
24 changes: 24 additions & 0 deletions taplo.toml
View file
Open in desktop
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting up TOML formatting sounds good to me, but TBH I think this can go in a separate PR. That way we can get TOML formatting merged in faster while we still discuss flake.

Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Sorts `Cargo.toml` dependencies. All other `.toml` files are formatted with the default config.
#
# https://taplo.tamasfe.dev/configuration/file.html#configuration-file

[formatting]
align_comments = true
align_entries = true
#
array_auto_collapse = false
array_auto_expand = true
array_trailing_comma = true
#
compact_arrays = false
compact_entries = false
compact_inline_tables = false
#
indent_entries = true
indent_tables = true
#
reorder_arrays = true
reorder_inline_tables = true
reorder_keys = true
#
crlf = true
Copy link
Collaborator

@spenserblack spenserblack Jun 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Definitely not CRLF for formatting.

We do try to alphabetize, so that makes sense. Other than that, I'll leave preferences up to @o2sh to decide.

I'll probably cherry-pick the taplo configuration, since it's not dependent on any sort of Nix configuration.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Btw @o2sh this is formatted Cargo.toml

[workspace.package]
  authors    = [ "o2sh <[email protected]>" ]
  edition    = "2021"
  license    = "MIT"
  repository = "https://github.com/o2sh/onefetch"
  version    = "2.23.1"

[workspace]
  members = [ "ascii", "image", "manifest" ]
  [workspace.dependencies]
    anyhow = "1.0"
    clap = { version = "4.5.26", features = [ "derive" ] }
    image = { version = "0.25.5", default-features = false, features = [
      "color_quant",
      "jpeg",
      "png",
      "webp",
    ] }
    owo-colors = "4.1.0"
    strum = { version = "0.26.3", features = [ "derive" ] }

[package]
  authors.workspace    = true
  categories           = [ "command-line-utilities" ]
  description          = "Command-line Git information tool"
  edition.workspace    = true
  exclude              = [ "docs/vercel/*" ]
  homepage             = "https://onefetch.dev"
  keywords             = [ "cli", "git", "terminal" ]
  license.workspace    = true
  name                 = "onefetch"
  repository.workspace = true
  rust-version         = "1.81.0"
  version.workspace    = true

[dependencies]
  anyhow.workspace  = true
  askalono          = "0.5.0"
  byte-unit         = "5.1.6"
  clap.workspace    = true
  clap_complete     = "4.5.42"
  crossbeam-channel = "0.5.14"
  #
  gix = { version = "0.70.0", default-features = false, features = [
    "blob-diff",
    "index",
    "mailmap",
    "max-performance-safe",
    "status",
  ] }
  #
  gix-features         = { version = "0.40.0", features = [ "zlib-ng" ] }
  globset              = "0.4.15"
  human-panic          = "2.0.2"
  image.workspace      = true
  num-format           = "0.4.4"
  onefetch-ascii       = { path = "ascii", version = "2.19.0" }
  onefetch-image       = { path = "image", version = "2.19.0" }
  onefetch-manifest    = { path = "manifest", version = "2.19.0" }
  owo-colors.workspace = true
  regex                = "1.11.1"
  serde                = "1.0"
  serde_json           = "1.0"
  serde_yaml           = "0.9.34"
  # TODO With the new value parsers, we're really close to being able to eliminate
  # the strum dependency
  strum.workspace = true
  time            = { version = "0.3.37", features = [ "formatting" ] }
  time-humanize   = { version = "0.1.3", features = [ "time" ] }
  tokei           = "13.0.0-alpha.8"
  typetag         = "0.2"

[dev-dependencies]
  criterion     = "0.5.1"
  gix-testtools = "0.15.0"
  insta         = { version = "1.42.1", features = [ "json", "redactions" ] }
  rstest        = "0.24.0"

[[bench]]
  harness = false
  name    = "repo"

[build-dependencies]
  lazy_static = "1"
  regex       = "1"
  serde_json  = "1"
  serde_yaml  = "0.9"
  tera        = { version = "1", default-features = false }

[target.'cfg(windows)'.build-dependencies]
  winres = "0.1"

[target.'cfg(windows)'.dependencies]
  enable-ansi-support = "0.2.1"

[features]
  fail-on-deprecated = [  ]