ci: use crane flake to build with nix

This enables to add cargo `fmt`, `clippy` and `deny` to nix, using cached results.

Move the `teepot` crate to the `crates` subdir to make the life easier for
the `crane` flake.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>

packages/cargoClippy/default.nix

@@ -0,0 +1,21 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2024 Matter Labs
+{ lib
+, inputs
+, makeRustPlatform
+, nixsgx
+, pkg-config
+, rust-bin
+, pkgs
+, callPackage
+, ...
+}@args:
+let
+  teepotCrate = import ../teepot/teepot.nix args;
+in
+teepotCrate.craneLib.cargoClippy (
+  teepotCrate.commonArgs // {
+    pname = "teepot";
+    inherit (teepotCrate) cargoArtifacts NIX_OUTPATH_USED_AS_RANDOM_SEED;
+  }
+)

packages/cargoDeny/default.nix

@@ -0,0 +1,20 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2024 Matter Labs
+{ lib
+, inputs
+, makeRustPlatform
+, nixsgx
+, pkg-config
+, rust-bin
+, pkgs
+, callPackage
+, ...
+}@args:
+let
+  teepotCrate = import ../teepot/teepot.nix args;
+in
+teepotCrate.craneLib.cargoDeny (
+  teepotCrate.commonArgs // {
+    pname = "teepot";
+  }
+)

packages/cargoFmt/default.nix

@@ -0,0 +1,20 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2024 Matter Labs
+{ lib
+, inputs
+, makeRustPlatform
+, nixsgx
+, pkg-config
+, rust-bin
+, pkgs
+, callPackage
+, ...
+}@args:
+let
+  teepotCrate = import ../teepot/teepot.nix args;
+in
+teepotCrate.craneLib.cargoFmt (
+  teepotCrate.commonArgs // {
+    pname = "teepot";
+  }
+)

packages/teepot/default.nix

@@ -1,77 +1,58 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) 2024 Matter Labs
 { lib
+, inputs
 , makeRustPlatform
 , nixsgx
 , pkg-config
 , rust-bin
-}:
+, pkgs
+, ...
+}@args:
 let
-  cargoToml = builtins.fromTOML (builtins.readFile ../../Cargo.toml);
-  rustVersion = rust-bin.fromRustupToolchainFile ../../rust-toolchain.toml;
-  rustPlatform = makeRustPlatform {
-    cargo = rustVersion;
-    rustc = rustVersion;
-  };
+  teepotCrate = import ./teepot.nix args;
 in
-rustPlatform.buildRustPackage {
-  pname = cargoToml.package.name;
-  inherit (cargoToml.workspace.package) version;
+teepotCrate.craneLib.buildPackage (
+  teepotCrate.commonArgs // {
+    pname = "teepot";
+    inherit (teepotCrate) cargoArtifacts
+      NIX_OUTPATH_USED_AS_RANDOM_SEED;
 
-  nativeBuildInputs = [
-    pkg-config
-    rustPlatform.bindgenHook
-  ];
 
-  buildInputs = [
-    nixsgx.sgx-sdk
-    nixsgx.sgx-dcap
-    nixsgx.sgx-dcap.quote_verify
-  ];
+    passthru = {
+      inherit (teepotCrate) rustPlatform
+        rustVersion
+        commonArgs
+        craneLib
+        cargoArtifacts;
+      NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa";
+    };
 
-  src = with lib.fileset; toSource {
-    root = ./../..;
-    fileset = unions [
-      ../../Cargo.lock
-      ../../Cargo.toml
-      ../../bin
-      ../../crates
-      ../../rust-toolchain.toml
-      ../../src
-      ../../tests
+    outputs = [
+      "out"
+      "tee_key_preexec"
+      "tee_ratls_preexec"
+      "tee_self_attestation_test"
+      "tee_stress_client"
+      "tee_vault_admin"
+      "tee_vault_unseal"
+      "teepot_read"
+      "teepot_write"
+      "vault_admin"
+      "vault_unseal"
+      "verify_attestation"
     ];
-  };
 
-  RUSTFLAGS = "--cfg mio_unsupported_force_waker_pipe";
-  cargoBuildFlags = "--all";
-  checkType = "debug";
-  cargoLock = {
-    lockFile = ../../Cargo.lock;
-  };
+    postInstall = ''
+      mkdir -p $out/nix-support
+      for i in $outputs; do
+        [[ $i == "out" ]] && continue
+        mkdir -p "''${!i}/bin"
+        echo "''${!i}" >> $out/nix-support/propagated-user-env-packages
+        binname=''${i//_/-}
+        mv "$out/bin/$binname" "''${!i}/bin/"
+      done
+    '';
+  }
+)
 
-  outputs = [
-    "out"
-    "tee_key_preexec"
-    "tee_ratls_preexec"
-    "tee_self_attestation_test"
-    "tee_stress_client"
-    "tee_vault_admin"
-    "tee_vault_unseal"
-    "teepot_read"
-    "teepot_write"
-    "vault_admin"
-    "vault_unseal"
-    "verify_attestation"
-  ];
-
-  postInstall = ''
-    mkdir -p $out/nix-support
-    for i in $outputs; do
-      [[ $i == "out" ]] && continue
-      mkdir -p "''${!i}/bin"
-      echo "''${!i}" >> $out/nix-support/propagated-user-env-packages
-      binname=''${i//_/-}
-      mv "$out/bin/$binname" "''${!i}/bin/"
-    done
-  '';
-}

packages/teepot/teepot.nix

@@ -0,0 +1,61 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2024 Matter Labs
+{ lib
+, inputs
+, makeRustPlatform
+, nixsgx
+, pkg-config
+, rust-bin
+, pkgs
+, ...
+}:
+let
+  rustVersion = rust-bin.fromRustupToolchainFile ../../rust-toolchain.toml;
+  rustPlatform = makeRustPlatform {
+    cargo = rustVersion;
+    rustc = rustVersion;
+  };
+  craneLib = (inputs.crane.mkLib pkgs).overrideToolchain rustVersion;
+  commonArgs = {
+    nativeBuildInputs = [
+      pkg-config
+      rustPlatform.bindgenHook
+    ];
+
+    buildInputs = [
+      nixsgx.sgx-sdk
+      nixsgx.sgx-dcap
+      nixsgx.sgx-dcap.quote_verify
+    ];
+
+    strictDeps = true;
+    src = with lib.fileset; toSource {
+      root = ../../.;
+      fileset = unions [
+        ../../Cargo.lock
+        ../../Cargo.toml
+        ../../bin
+        ../../crates
+        ../../rust-toolchain.toml
+        ../../deny.toml
+        ../../taplo.toml
+      ];
+    };
+
+    RUSTFLAGS = "--cfg mio_unsupported_force_waker_pipe";
+    checkType = "debug";
+  };
+  cargoArtifacts = craneLib.buildDepsOnly (commonArgs // {
+    pname = "teepot-workspace";
+    inherit NIX_OUTPATH_USED_AS_RANDOM_SEED;
+  });
+  NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa";
+in
+{
+  inherit rustPlatform
+    rustVersion
+    commonArgs
+    craneLib
+    cargoArtifacts;
+  NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa";
+}