From a43f83d8346f82a0d704fdd38c86b2ebda799dc7 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Thu, 15 Feb 2024 10:57:05 +0100 Subject: [PATCH] chore: use snowfall lib for nix flake Signed-off-by: Harald Hoyer --- .github/workflows/nix.yml | 2 +- flake.lock | 91 +++++++++++++++++-- flake.nix | 78 +++++----------- packages/container-vault-auth-tee/default.nix | 25 +++++ packages/vault-auth-tee/default.nix | 26 ++++++ shells/vault-auth-tee/default.nix | 7 ++ 6 files changed, 165 insertions(+), 64 deletions(-) create mode 100644 packages/container-vault-auth-tee/default.nix create mode 100644 packages/vault-auth-tee/default.nix create mode 100644 shells/vault-auth-tee/default.nix diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 8a3c721..e8bfae2 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -49,7 +49,7 @@ jobs: run: nix run nixpkgs#nixci - name: nix docker image run: | - nix build .#dockerImage + nix build .#container-vault-auth-tee docker load -i result - name: Log in to Docker Hub uses: docker/login-action@v3 diff --git a/flake.lock b/flake.lock index 33f84e3..1d5cfcc 100644 --- a/flake.lock +++ b/flake.lock @@ -16,6 +16,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -52,18 +68,39 @@ "type": "github" } }, - "nix-filter": { + "flake-utils-plus_2": { + "inputs": { + "flake-utils": "flake-utils_2" + }, "locked": { - "lastModified": 1705332318, - "narHash": "sha256-kcw1yFeJe9N4PjQji9ZeX47jg0p9A0DuU4djKvg1a7I=", + "lastModified": 1696331477, + "narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", - "repo": "nix-filter", - "rev": "3449dc925982ad46246cfc36469baf66e1b64f17", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { "owner": "numtide", - "repo": "nix-filter", + "repo": "flake-utils", "type": "github" } }, @@ -106,9 +143,9 @@ }, "root": { "inputs": { - "nix-filter": "nix-filter", "nixpkgs": "nixpkgs", - "nixsgx-flake": "nixsgx-flake" + "nixsgx-flake": "nixsgx-flake", + "snowfall-lib": "snowfall-lib_2" } }, "snowfall-lib": { @@ -134,6 +171,29 @@ "type": "github" } }, + "snowfall-lib_2": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils-plus": "flake-utils-plus_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1696432959, + "narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=", + "owner": "snowfallorg", + "repo": "lib", + "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6", + "type": "github" + }, + "original": { + "owner": "snowfallorg", + "repo": "lib", + "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -148,6 +208,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 006e3e1..18d0117 100644 --- a/flake.nix +++ b/flake.nix @@ -4,71 +4,39 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; - nix-filter.url = "github:numtide/nix-filter"; - nixsgx-flake = { url = "github:matter-labs/nixsgx"; inputs.nixpkgs.follows = "nixpkgs"; }; + + snowfall-lib = { + url = "github:snowfallorg/lib?rev=92803a029b5314d4436a8d9311d8707b71d9f0b6"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; - outputs = { self, nixpkgs, nixsgx-flake, nix-filter, ... }: - let - system = "x86_64-linux"; - filter = nix-filter.lib; - pkgs = import nixpkgs { inherit system; overlays = [ nixsgx-flake.overlays.default ]; }; - bin = pkgs.buildGoModule { - buildInputs = with pkgs; [ - nixsgx.sgx-sdk - nixsgx.sgx-dcap - nixsgx.sgx-dcap.quote_verify - ]; + outputs = inputs: + inputs.snowfall-lib.mkFlake { + inherit inputs; + src = ./.; - name = "vault-auth-tee"; - src = filter { - root = ./.; - include = [ - ./go.mod - ./go.sum - "cmd" - "test-fixtures" - (filter.matchExt "go") - ]; + package-namespace = "vat"; + + overlays = with inputs; [ + nixsgx-flake.overlays.default + ]; + + alias = { + packages = { + default = "vault-auth-tee"; }; - - vendorHash = "sha256-t59C0yzJzFAXNXYOFbta2g5CYlkfvlukq42cxCwLaGY="; - }; - - dockerImage = pkgs.dockerTools.buildLayeredImage { - name = "vault-auth-tee"; - tag = "test"; - - config.Entrypoint = [ "/bin/sh" ]; - - contents = pkgs.buildEnv { - name = "image-root"; - - paths = with pkgs.dockerTools; [ - bin - pkgs.vault - usrBinEnv - binSh - caCertificates - fakeNss - ]; - pathsToLink = [ "/bin" "/etc" ]; + shells = { + default = "vault-auth-tee"; }; }; - in - with pkgs; { - formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; - packages.x86_64-linux = { - inherit bin dockerImage; - default = bin; - }; - devShells.x86_64-linux.default = mkShell { - inputsFrom = [ bin ]; - nativeBuildInputs = with pkgs; [ dive go_1_21 ]; + + outputs-builder = channels: { + formatter = channels.nixpkgs.nixpkgs-fmt; }; }; } diff --git a/packages/container-vault-auth-tee/default.nix b/packages/container-vault-auth-tee/default.nix new file mode 100644 index 0000000..d3c172f --- /dev/null +++ b/packages/container-vault-auth-tee/default.nix @@ -0,0 +1,25 @@ +{ pkgs +, vat +, vault +, ... +}: +pkgs.dockerTools.buildLayeredImage { + name = "vault-auth-tee"; + tag = "test"; + + config.Entrypoint = [ "/bin/sh" ]; + + contents = pkgs.buildEnv { + name = "image-root"; + + paths = with pkgs.dockerTools; [ + vat.vault-auth-tee + vault + usrBinEnv + binSh + caCertificates + fakeNss + ]; + pathsToLink = [ "/bin" "/etc" ]; + }; +} diff --git a/packages/vault-auth-tee/default.nix b/packages/vault-auth-tee/default.nix new file mode 100644 index 0000000..f4dbdba --- /dev/null +++ b/packages/vault-auth-tee/default.nix @@ -0,0 +1,26 @@ +{ lib +, pkgs +, ... +}: + +pkgs.buildGoModule { + buildInputs = with pkgs; [ + nixsgx.sgx-sdk + nixsgx.sgx-dcap + nixsgx.sgx-dcap.quote_verify + ]; + + name = "vault-auth-tee"; + src = with lib.fileset; toSource { + root = ./../..; + fileset = unions [ + ../../go.mod + ../../go.sum + ../../cmd + ../../test-fixtures + (fileFilter (file: file.hasExt "go") ./../..) + ]; + }; + + vendorHash = "sha256-t59C0yzJzFAXNXYOFbta2g5CYlkfvlukq42cxCwLaGY="; +} diff --git a/shells/vault-auth-tee/default.nix b/shells/vault-auth-tee/default.nix new file mode 100644 index 0000000..fa75975 --- /dev/null +++ b/shells/vault-auth-tee/default.nix @@ -0,0 +1,7 @@ +{ lib +, pkgs +, ... +}: +pkgs.mkShell { + inputsFrom = [ pkgs.vat.vault-auth-tee ]; +}