From 0f6c13b7cacbec50618c4e0633ba2418b43e9e6b Mon Sep 17 00:00:00 2001 From: Miguel Hervas Date: Mon, 8 Aug 2022 13:42:03 -0700 Subject: [PATCH] Wrap up Nix Build for Node Wrapper (#893) * wip: nix build * nix build * nix docker build * add install nix * use default system * tweaks tests * parallel docker build * parallel docker build * fix docker push * rm test branch * rm toolchain file * read params from file --- .github/workflows/build-nix.yml | 22 +++++ .github/workflows/docker-nix.yml | 31 +++++++ flake.lock | 103 +++++++++++++++++++++ flake.nix | 154 +++++++++++++++++++++++++++++++ rust-toolchain.toml | 5 + 5 files changed, 315 insertions(+) create mode 100644 .github/workflows/build-nix.yml create mode 100644 .github/workflows/docker-nix.yml create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 rust-toolchain.toml diff --git a/.github/workflows/build-nix.yml b/.github/workflows/build-nix.yml new file mode 100644 index 0000000000..629fee4532 --- /dev/null +++ b/.github/workflows/build-nix.yml @@ -0,0 +1,22 @@ +name: nix-build +on: + pull_request: + push: + branches: [parachain] +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + # Nix Flakes doesn't work on shallow clones + fetch-depth: 0 + - uses: cachix/install-nix-action@v16 + with: + install_url: https://releases.nixos.org/nix/nix-2.10.3/install + - uses: cachix/cachix-action@v10 + with: + name: centrifuge-chain + authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" + - name: Build centrifuge-chain + run: nix build --no-allow-dirty -L \ No newline at end of file diff --git a/.github/workflows/docker-nix.yml b/.github/workflows/docker-nix.yml new file mode 100644 index 0000000000..1ec88c91a5 --- /dev/null +++ b/.github/workflows/docker-nix.yml @@ -0,0 +1,31 @@ +name: docker +on: + push: + branches: [parachain] +jobs: + docker: + strategy: + matrix: + os: [ ubuntu-latest ] + target: [".#dockerImage", ".#dockerImageFastRuntime"] + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - uses: cachix/install-nix-action@v16 + with: + install_url: https://releases.nixos.org/nix/nix-2.10.3/install + - name: Build Docker image + run: | + nix build --no-allow-dirty -L ${{ matrix.target }} + docker load < result + - name: Login to Docker Hub + uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + - name: List images + run: docker images + - name: Push image to Docker Hub + run: docker push --all-tags --quiet centrifugeio/centrifuge-chain diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000000..02c6bdb3e1 --- /dev/null +++ b/flake.lock @@ -0,0 +1,103 @@ +{ + "nodes": { + "fenix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1659336065, + "narHash": "sha256-vjHzA2MRrw6seWzBGUA2dciObvf1Be4lA3SsAI5aufA=", + "owner": "nix-community", + "repo": "fenix", + "rev": "75a63f0868d8362aaa0ae2f9d5e77a65780fdd58", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658402513, + "narHash": "sha256-wk38v/mbLsOo6+IDmmH1H0ADR87iq9QTTD1BP9X2Ags=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "f2ea0f8ff1bce948ccb6b893d15d5ea3efaf1364", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1658346836, + "narHash": "sha256-c9BZZbi0tqCQ4j6CMVDlsut3Q3ET1Fezf+qIslCfkhs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a1fe662eb26ffc2a036b37c4670392ade632c413", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "fenix": "fenix", + "flake-utils": "flake-utils", + "gitignore": "gitignore", + "nixpkgs": "nixpkgs" + } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1659290320, + "narHash": "sha256-OUezy1BkIoqpkTE5wOtsjJ/Gy48Ql8EL1/t6MZzRkWw=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "2b472f6684bb1958274995d12b2c50310d88cc52", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000000..d7a0008c2d --- /dev/null +++ b/flake.nix @@ -0,0 +1,154 @@ +{ + description = "Nix package for centrifuge-chain"; + + inputs = { + nixpkgs.url = github:NixOS/nixpkgs/nixos-21.11; + flake-utils = { + url = github:numtide/flake-utils; + inputs.nixpkgs.follows = "nixpkgs"; + }; + gitignore = { + url = github:hercules-ci/gitignore.nix; + inputs.nixpkgs.follows = "nixpkgs"; + }; + fenix = { + url = github:nix-community/fenix; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs : + inputs.flake-utils.lib.eachDefaultSystem (system: + let + pkgs = inputs.nixpkgs.legacyPackages.${system}; + + cargoTOML = builtins.fromTOML (builtins.readFile ./Cargo.toml); + rustToolChainTOML = builtins.fromTOML (builtins.readFile ./rust-toolchain.toml); + + name = cargoTOML.package.name; + # This is the program version. + version = cargoTOML.package.version; + # This selects a nightly Rust version, based on the date. + nightly-date = pkgs.lib.strings.removePrefix "nightly-" rustToolChainTOML.toolchain.channel; + # This is the hash of the Rust toolchain at nightly-date, required for reproducibility. + nightly-sha256 = "sha256-CNMj0ouNwwJ4zwgc/gAeTYyDYe0botMoaj/BkeDTy4M="; + + + # This instantiates a new Rust version based on nightly-date. + nightlyRustPlatform = pkgs.makeRustPlatform { + inherit + (inputs.fenix.packages.${system}.toolchainOf { + channel = "nightly"; + date = nightly-date; + sha256 = nightly-sha256; + }) + cargo rustc; + }; + + # This is a mock git program, which just returns the commit-substr value. + # It is called when the build process calls git. Instead of the real git, + # it will find this one. + git-mock = + let + # This evaluates to the first 7 digits of the git hash of this repo's HEAD + # commit, or to "dirty" if there are uncommitted changes. + commit-substr = builtins.substring 0 7 (inputs.self.rev or "dirty"); + in + pkgs.writeShellScriptBin "git" '' + echo ${commit-substr} + ''; + + # srcFilter is used to keep out of the build non-source files, + # so that we only trigger a rebuild when necessary. + srcFilter = src: + let + isGitIgnored = inputs.gitignore.lib.gitignoreFilter src; + + ignoreList = [ + ".dockerignore" + ".envrc" + ".github" + ".travis.yml" + "CODE_OF_CONDUCT.md" + "README.md" + "ci" + "cloudbuild.yaml" + "codecov.yml" + "docker-compose.yml" + "rustfmt.toml" + ]; + in + path: type: + isGitIgnored path type + && builtins.all (name: builtins.baseNameOf path != name) ignoreList; + in + rec { + defaultPackage = nightlyRustPlatform.buildRustPackage { + pname = name; + inherit version; + + # This applies the srcFilter function to the current directory, so + # we don't include unnecessary files in the package. + src = pkgs.lib.cleanSourceWith { + src = ./.; + filter = srcFilter ./.; + name = "${name}-source"; + }; + + # This is a hash of all the Cargo dependencies, for reproducibility. + cargoSha256 = "sha256-hmXhJBjc4HuyKQbxtpiIIvaL/Kl/e70sMFgdNlw4E0o="; + + nativeBuildInputs = with pkgs; [ clang git-mock pkg-config ]; + buildInputs = with pkgs; [ openssl ] ++ ( + lib.optionals stdenv.isDarwin [ + darwin.apple_sdk.frameworks.Security + darwin.apple_sdk.frameworks.SystemConfiguration + ] + ); + + LIBCLANG_PATH = "${pkgs.llvmPackages.libclang.lib}/lib"; + PROTOC = "${pkgs.protobuf}/bin/protoc"; + SKIP_WASM_BUILD = 1; + + + doCheck = false; + }; + + packages.fastRuntime = defaultPackage.overrideAttrs (base: { + buildFeatures = [ "fast-runtime" ]; + }); + + # Docker image package doesn't work on Darwin Archs + packages.dockerImage = pkgs.dockerTools.buildLayeredImage { + name = "centrifugeio/${name}"; + tag = "${version}-nix-do-not-use"; # todo remove suffix once verified + # This uses the date of the last commit as the image creation date. + created = builtins.substring 0 8 inputs.self.lastModifiedDate; + + contents = [ + pkgs.busybox + inputs.self.defaultPackage.${system} + ]; + + config = { + ExposedPorts = { + "30333/tcp" = { }; + "9933/tcp" = { }; + "9944/tcp" = { }; + }; + Volumes = { + "/data" = { }; + }; + Entrypoint = [ "centrifuge-chain" ]; + }; + }; + + packages.dockerImageFastRuntime = packages.dockerImage.overrideAttrs (base: { + tag = "test-${version}-nix-do-not-use"; # todo remove suffix once verified + contents = [ + pkgs.busybox + packages.fastRuntime + ]; + }); + }); +} \ No newline at end of file diff --git a/rust-toolchain.toml b/rust-toolchain.toml new file mode 100644 index 0000000000..9063dca87e --- /dev/null +++ b/rust-toolchain.toml @@ -0,0 +1,5 @@ +[toolchain] +channel = "nightly-2022-05-09" +components = [ "rustfmt", "clippy" ] +targets = [ "wasm32-unknown-unknown" ] +profile = "minimal" \ No newline at end of file