Add Github Dev Containers

.devcontainer/Dockerfile

@@ -0,0 +1,66 @@
+# SPDX-FileCopyrightText: 2022 X-Truder <[email protected]>
+# SPDX-FileCopyrightText: 2022 Félix Robles <[email protected]>
+#
+# SPDX-License-Identifier: MIT
+
+# Reuse a base image made for devcontainers.
+FROM mcr.microsoft.com/vscode/devcontainers/base:bullseye
+
+# update and install base packages
+RUN apt update -y
+RUN apt -y install --no-install-recommends \
+    sudo \
+    ca-certificates \
+    psmisc \
+    procps \
+    less \
+    xz-utils \
+    vim-tiny \
+    nano \
+    curl \
+    git \
+    ssh \
+    direnv \
+    gnupg2 \
+    iproute2 \
+    inetutils-ping \
+    rsync \
+    lsb-release \
+    dialog \
+    locales \
+    man-db \
+    bash-completion
+
+# create at least locae for en_US.UTF-8
+RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen
+
+# create non-root user and group and add it sudoers
+ARG USERNAME=vscode
+RUN echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/devcontainer && \
+    chmod 0440 /etc/sudoers.d/devcontainer
+
+# copy nix configuration
+COPY etc/nix.conf /etc/nix/nix.conf
+
+# install nix
+ARG NIX_INSTALL_SCRIPT=https://nixos.org/nix/install
+RUN curl -L ${NIX_INSTALL_SCRIPT} | sudo -u ${USERNAME} NIX_INSTALLER_NO_MODIFY_PROFILE=1 sh
+
+# install devcontainer extra profile that loads nix and has vscode user env probe
+COPY etc/devcontainer.sh /etc/profile.d/devcontainer.sh
+
+# install bash config
+COPY etc/bash.bashrc /etc/bash.bashrc
+
+# set env for non interactve shell to load nix
+COPY etc/envrc /etc/envrc
+ENV ENV="/etc/envrc" BASH_ENV="/etc/envrc"
+
+# copy direnv config and set conig path
+COPY etc/direnv.toml /etc
+ENV DIRENV_CONFIG=/etc
+
+USER ${USERNAME}
+
+# cache /nix
+VOLUME /nix

.devcontainer/devcontainer.json

@@ -0,0 +1,26 @@
+// For format details, see https://aka.ms/vscode-remote/devcontainer.json or the definition README at
+// https://github.com/microsoft/vscode-dev-containers/tree/master/containers/docker-existing-dockerfile
+{
+	"name": "strand-project",
+	"dockerFile": "Dockerfile",
+	"containerEnv": {
+		"PROJECT_DIR": "${containerWorkspaceFolder}"
+	},
+
+	"userEnvProbe": "loginShell",
+	//"updateRemoteUserUID": false,
+
+	// build development environment on creation
+	"onCreateCommand": "nix develop --command bash -c 'echo done building nix dev environment'",
+
+	// Add the IDs of extensions you want installed when the container is created.
+	"extensions": [
+	  // select nix environment
+	  "arrterian.nix-env-selector",
+	  // extra extensions
+	  "jnoortheen.nix-ide",
+	  "rust-lang.rust",
+	  "yzhang.markdown-all-in-one",
+	  "bungcip.better-toml"
+	]
+  }

.devcontainer/devcontainer.json.license

@@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2022 X-Truder <[email protected]>
+SPDX-FileCopyrightText: 2022 Felix Robles <[email protected]>
+
+SPDX-License-Identifier: MIT

.devcontainer/etc/bash.bashrc

@@ -0,0 +1,34 @@
+# SPDX-FileCopyrightText: 2022 X-Truder <[email protected]>
+# SPDX-FileCopyrightText: 2022 Félix Robles <[email protected]>
+#
+# SPDX-License-Identifier: MIT
+
+# System-wide .bashrc file for interactive bash(1) shells.
+
+# To enable the settings / commands in this file for login shells as well,
+# this file has to be sourced in /etc/profile.
+
+[[ $ENVRC_RUN != yes ]] && source /etc/envrc
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, overwrite the one in /etc/profile)
+# but only if not SUDOing and have SUDO_PS1 set; then assume smart user.
+if ! [ -n "${SUDO_USER}" -a -n "${SUDO_PS1}" ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+
+# load direnv hook if not running as root
+if ! [ $(id -u) = 0 ]; then
+    eval "$(direnv hook bash)"
+fi

.devcontainer/etc/devcontainer.sh

@@ -0,0 +1,4 @@
+
+#!/bin/bash
+
+[[ $ENVRC_RUN != yes ]] && source /etc/envrc

.devcontainer/etc/devcontainer.sh.license

@@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2022 X-Truder <[email protected]>
+SPDX-FileCopyrightText: 2022 Felix Robles <[email protected]>
+
+SPDX-License-Identifier: MIT

.devcontainer/etc/direnv.toml

@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2022 X-Truder <[email protected]>
+# SPDX-FileCopyrightText: 2022 Félix Robles <[email protected]>
+#
+# SPDX-License-Identifier: MIT
+
+# direnv global config
+
+[global]
+
+# increase warn timeout to 30 minutes, as it can take
+# long time to load all nix dependencies
+warn_timeout = "30m"
+
+bash_path = "/bin/bash"
+
+# whitelist all paths, since we are running in container
+[whitelist]
+prefix = [ "/" ]

.devcontainer/etc/envrc

@@ -0,0 +1,19 @@
+# SPDX-FileCopyrightText: 2022 X-Truder <[email protected]>
+# SPDX-FileCopyrightText: 2022 Félix Robles <[email protected]>
+#
+# SPDX-License-Identifier: MIT
+USER=$(whoami)
+
+# load nix into environment
+if [ -e $HOME/.nix-profile/etc/profile.d/nix.sh ] ; then
+    . $HOME/.nix-profile/etc/profile.d/nix.sh
+fi
+
+# add $HOME/.nix-profile/share to XDG_DATA_DIRS, so completions for packages
+# installed with nix work
+if [ -e $HOME/.nix-profile ] ; then
+    XDG_DATA_DIRS="$XDG_DATA_DIRS:$HOME/.nix-profile/share"
+fi
+XDG_DATA_DIRS="$XDG_DATA_DIRS:/usr/share"
+
+ENVRC_RUN=yes

.devcontainer/etc/nix.conf

@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: 2022 X-Truder <[email protected]>
+# SPDX-FileCopyrightText: 2022 Félix Robles <[email protected]>
+#
+# SPDX-License-Identifier: MIT
+sandbox = false
+experimental-features = nix-command flakes

.envrc

@@ -0,0 +1,4 @@
+# SPDX-FileCopyrightText: 2022 Felix Robles <[email protected]>
+#
+# SPDX-License-Identifier: AGPL-3.0-only
+use_nix

.github/workflows/ci.yml

@@ -38,24 +38,30 @@ jobs:
 
   check:
     name: 'Static Analysis: cargo check'
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
-
-      - name: Install stable toolchain
-        uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: stable
-          override: true
+    - uses: actions/[email protected]
+    - uses: cachix/install-nix-action@v17
+      with:
+        install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.10.0pre20220629_b7eb4ac/install
+        nix_path: nixpkgs=channel:nixos-22.05
+        extra_nix_config: |
+          experimental-features = nix-command flakes
 
-      - uses: Swatinem/rust-cache@v1
+    - uses: cachix/cachix-action@v10
+      with:
+        name: sequentech
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
 
-      - name: Run cargo check
-        uses: actions-rs/cargo@v1
-        with:
-          command: check
+    - name: Run cargo check
+      run: |
+        nix \
+          --extra-experimental-features "nix-command flakes" \
+          develop \
+          --command bash -c "cargo check"
 
   lints:
     name: 'Static Analysis: cargo fmt & clippy'
@@ -150,20 +156,30 @@ jobs:
 
   license_reuse:
     name: Code License
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
     steps:
-    - name: Checkout Repository
-      uses: actions/checkout@v2
+    - uses: actions/[email protected]
+    - uses: cachix/install-nix-action@v17
+      with:
+        install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.10.0pre20220629_b7eb4ac/install
+        nix_path: nixpkgs=channel:nixos-22.05
+        extra_nix_config: |
+          experimental-features = nix-command flakes
 
-    - name: Setup Python
-      uses: actions/setup-python@v2
+    - uses: cachix/cachix-action@v10
       with:
-        python-version: 3.8
+        name: sequentech
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
 
     - name: Check files license compliance with REUSE
       run: |
-        pip install --user reuse
-        ~/.local/bin/reuse lint
+        nix \
+          --extra-experimental-features "nix-command flakes" \
+          develop \
+          --command bash -c "reuse lint"
 
   benchmark:
     name: Benchmark

.gitignore

@@ -22,3 +22,4 @@ rust-toolchain
 # generated by nix
 result
 pkg
+.env

LICENSES/MIT.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) X-Truder. All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE

README.md

@@ -62,7 +62,7 @@ issues that appear.
 the information (in master branch) to [codecov].
 6. **License compliance**: Check using [REUSE] for license compliance within
 the project, verifying that every file is REUSE-compliant and thus has a 
-copyright notice header.
+copyright notice header. Try fixing it with `reuse lint`.
 7. **Dependencies scan**: Audit dependencies for security vulnerabilities in the
 [RustSec Advisory Database], unmaintained dependencies, incompatible licenses
 and banned packages using [cargo-deny]. Use `cargo deny fix` or
@@ -79,9 +79,22 @@ on the `browserstack` folder to try it locally. You'll need to configure the env
 
 ## Development environment
 
+Strand uses [Github dev containers] to facilitate development. To start developing strand,
+clone the github repo locally, and open the folder in Visual Studio Code in a container. This
+will configure the same environment that strand developers use, including installing required
+packages and VS Code plugins.
+
+We've tested this dev container for Linux x86_64 and Mac Os arch64 architectures. Unfortunately
+at the moment it doesn't work with Github Codespaces as nix doesn't work on Github Codespaces yet.
+Also the current dev container configuration for strand doesn't allow commiting to the git repo
+from the dev container, you should use git on a local terminal.
+
+## Nix reproducible builds
+
 strand uses the [Nix Package Manager] as its package
 builder. To build strand, **first [install Nix]** correctly
-in your system.
+in your system. If you're running the project on a dev container,
+you shouldn't need to install it.
 
 After you have installed Nix, enter the development environment with:
 
@@ -161,6 +174,7 @@ See [here](https://github.com/sequentech/strand/tree/main/benches).
 [Crypto.getRandomValues]: https://www.w3.org/TR/WebCryptoAPI/#Crypto-method-getRandomValues
 [Nix Package Manager]: https://nixos.org/
 [install Nix]: https://nixos.org/
+[Github dev containers]: https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/introduction-to-dev-containers
 
 [slack-badge]: https://img.shields.io/badge/Join_us_on_Slack!-sequent--talk-blue.svg?longCache=true&logo=slack
 [slack-link]: https://join.slack.com/t/sequentech/shared_invite/zt-1bve9z0px-IF4Je04NJM8AEkCAcdBVWg