From 8bda026be50194ab5665b33d40754c02307e8875 Mon Sep 17 00:00:00 2001 From: Daniel Salazar Date: Fri, 31 Mar 2023 15:25:31 -0500 Subject: [PATCH] feat(build): #1064 arm64 container - Add arm64 container job - Add amd64 container job - Modularize arch on container build - Temporarily disable doas as it is broken on cross compilation Signed-off-by: Daniel Salazar --- .github/workflows/prod.yml | 815 +------------------ default.nix | 2 - makes.lock.nix | 3 + makes.nix | 32 +- makes/cli/env/runtime/main.nix | 40 +- makes/cli/env/runtime/pypi/main.nix | 5 - makes/cli/env/runtime/pypi/pypi-deps.yaml | 2 - makes/cli/env/runtime/pypi/pypi-sources.yaml | 31 - makes/container-image/amd64/main.nix | 14 + makes/container-image/arm64/main.nix | 14 + makes/container-image/default.nix | 157 ++++ makes/container-image/main.nix | 162 ---- makes/main.nix | 19 +- src/args/agnostic.nix | 1 + src/nix/sources.json | 36 +- 15 files changed, 280 insertions(+), 1053 deletions(-) create mode 100644 makes.lock.nix delete mode 100644 makes/cli/env/runtime/pypi/main.nix delete mode 100644 makes/cli/env/runtime/pypi/pypi-deps.yaml delete mode 100644 makes/cli/env/runtime/pypi/pypi-sources.yaml create mode 100644 makes/container-image/amd64/main.nix create mode 100644 makes/container-image/arm64/main.nix create mode 100644 makes/container-image/default.nix delete mode 100644 makes/container-image/main.nix diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml index 6889cf2f..e2dc1bb1 100644 --- a/.github/workflows/prod.yml +++ b/.github/workflows/prod.yml @@ -2,8 +2,7 @@ concurrency: cancel-in-progress: true group: ${{ github.actor }} jobs: - deployContainerImage_makesLatest: - if: ${{ github.repository == 'fluidattacks/makes' }} + deployContainerImage_makesLatest_amd64: runs-on: ubuntu-latest permissions: packages: write @@ -16,9 +15,8 @@ jobs: GITHUB_TOKEN: ${{ github.token }} with: set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /deployContainerImage/makesLatest" - deployContainerImage_makesPinned: - if: ${{ github.repository == 'fluidattacks/makes' }} + args: sh -c "nix-env -if . && m . /deployContainerImage/makesLatestAmd64" + deployContainerImage_makesLatest_arm64: runs-on: ubuntu-latest permissions: packages: write @@ -31,812 +29,7 @@ jobs: GITHUB_TOKEN: ${{ github.token }} with: set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /deployContainerImage/makesPinned" - releaseGitHub: - if: ${{ github.repository == 'fluidattacks/makes' }} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: richardsimko/update-tag@5bd0e05b035e02d5da3768dbdcfc4e5e0908623e - with: - tag_name: "latest" - env: - GITHUB_TOKEN: ${{ github.token }} - - uses: johnwbyrd/update-release@1d5ec4791e40507e5eca3b4dbf90f0b27e7e4979 - with: - files: README.md - release: "latest" - prerelease: true - tag: "latest" - token: ${{ github.token }} - - uses: richardsimko/update-tag@5bd0e05b035e02d5da3768dbdcfc4e5e0908623e - with: - tag_name: "23.04" - env: - GITHUB_TOKEN: ${{ github.token }} - - uses: johnwbyrd/update-release@1d5ec4791e40507e5eca3b4dbf90f0b27e7e4979 - with: - files: README.md - release: "23.04" - prerelease: true - tag: "23.04" - token: ${{ github.token }} - linux_all: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: __all__ - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . __all__" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - mac_all: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: __all__ - run: nix-env -if . && m . __all__ - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_calculatescorecard: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /calculateScorecard - env: - GITHUB_TOKEN: ${{ github.token }} - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /calculateScorecard" - macos_calculatescorecard: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /calculateScorecard - env: - GITHUB_TOKEN: ${{ github.token }} - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - run: nix-env -if . && m . /calculateScorecard - - linux_deployTerraform_module: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /deployTerraform/module - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /deployTerraform/module" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_deployTerraform_module: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /deployTerraform/module - run: nix-env -if . && m . /deployTerraform/module - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_dev_cliMain: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /dev/cliMain - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /dev/cliMain" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_dev_cliMain: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /dev/cliMain - run: nix-env -if . && m . /dev/cliMain - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_dev_example: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /dev/example - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /dev/example" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_dev_example: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /dev/example - run: nix-env -if . && m . /dev/example - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_docs_deploy: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /docs/deploy - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /docs/deploy prod" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_envVars_example: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /envVars/example - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /envVars/example" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_envVars_example: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /envVars/example - run: nix-env -if . && m . /envVars/example - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_formatBash: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /formatBash - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /formatBash" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_formatBash: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /formatBash - run: nix-env -if . && m . /formatBash - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_formatNix: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /formatNix - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /formatNix" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_formatNix: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /formatNix - run: nix-env -if . && m . /formatNix - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_formatPython: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /formatPython - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /formatPython" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_formatPython: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /formatPython - run: nix-env -if . && m . /formatPython - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_formatTerraform: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /formatTerraform - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /formatTerraform" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_formatTerraform: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /formatTerraform - run: nix-env -if . && m . /formatTerraform - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_formatYaml: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /formatYaml - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /formatYaml" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_formatYaml: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /formatYaml - run: nix-env -if . && m . /formatYaml - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_helloWorld: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /helloWorld - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /helloWorld" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_helloWorld: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /helloWorld - run: nix-env -if . && m . /helloWorld - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_license: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /license - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /license" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_license: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /license - run: nix-env -if . && m . /license - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintBash: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintBash - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintBash" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_lintBash: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /lintBash - run: nix-env -if . && m . /lintBash - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintClojure_test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintClojure/test - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintClojure/test" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_lintClojure_test: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /lintClojure - run: nix-env -if . && m . /lintClojure/test - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintGitCommitMsg: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - with: - fetch-depth: 0 - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintGitCommitMsg - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintGitCommitMsg" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintGitMailMap: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - with: - fetch-depth: 0 - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintGitMailMap - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintGitMailMap" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_lintGitMailMap: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /lintGitMailMap - run: nix-env -if . && m . /lintGitMailMap - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintMarkdown_all: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintMarkdown/all - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintMarkdown/all" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_lintMarkdown_all: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /lintMarkdown/all - run: nix-env -if . && m . /lintMarkdown/all - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintNix: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintNix - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintNix" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_lintNix: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /lintNix - run: nix-env -if . && m . /lintNix - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintPython_dirOfModules_makes: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintPython/dirOfModules/makes - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintPython/dirOfModules/makes" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_lintPython_dirOfModules_makes: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /lintPython/dirOfModules/makes - run: nix-env -if . && m . /lintPython/dirOfModules/makes - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintPython_dirOfModules_makes_main: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintPython/dirOfModules/makes/main - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintPython/dirOfModules/makes/main" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_lintPython_dirOfModules_makes_main: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /lintPython/dirOfModules/makes/main - run: nix-env -if . && m . /lintPython/dirOfModules/makes/main - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintPython_imports_makes: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintPython/imports/makes - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintPython/imports/makes" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_lintPython_imports_makes: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /lintPython/imports/makes - run: nix-env -if . && m . /lintPython/imports/makes - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintPython_module_cliMain: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintPython/module/cliMain - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintPython/module/cliMain" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_lintPython_module_cliMain: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /lintPython/module/cliMain - run: nix-env -if . && m . /lintPython/module/cliMain - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintTerraform_module: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintTerraform/module - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintTerraform/module" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_lintTerraform_module: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /lintTerraform/module - run: nix-env -if . && m . /lintTerraform/module - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintWithAjv_test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintWithAjv/test - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintWithAjv/test" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_lintWithLizard_all: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /lintWithLizard/all - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /lintWithLizard/all" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_lintWithLizard_all: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /lintWithLizard/all - run: nix-env -if . && m . /lintWithLizard/all - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_secretsForEnvFromSops_example: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /secretsForEnvFromSops/example - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /secretsForEnvFromSops/example" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_secretsForEnvFromSops_example: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /secretsForEnvFromSops/example - run: nix-env -if . && m . /secretsForEnvFromSops/example - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_secretsForGpgFromEnv_example: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /secretsForGpgFromEnv/example - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /secretsForGpgFromEnv/example" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_secretsForGpgFromEnv_example: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /secretsForGpgFromEnv/example - run: nix-env -if . && m . /secretsForGpgFromEnv/example - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_securePythonWithBandit_cli: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /securePythonWithBandit/cli - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /securePythonWithBandit/cli" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_securePythonWithBandit_cli: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /securePythonWithBandit/cli - run: nix-env -if . && m . /securePythonWithBandit/cli - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_taintTerraform_module: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /taintTerraform/module - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /taintTerraform/module" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_taintTerraform_module: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /taintTerraform/module - run: nix-env -if . && m . /taintTerraform/module - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_testPython_example: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /testPython/example - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /testPython/example" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_testPython_example: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /testPython/example - run: nix-env -if . && m . /testPython/example - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_tests_calculateCvss3: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /tests/calculateCvss3 - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /tests/calculateCvss3" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_tests_calculateCvss3: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /tests/calculateCvss3 - run: nix-env -if . && m . /tests/calculateCvss3 - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_tests_makeSearchPaths: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /tests/makeSearchPaths - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /tests/makeSearchPaths" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_tests_makeSearchPaths: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@v15 - - name: /tests/makeSearchPaths - run: nix-env -if . && m . /tests/makeSearchPaths - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_tests_makeTemplate: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /tests/makeTemplate - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /tests/makeTemplate" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_tests_makeTemplate: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@v15 - - name: /tests/makeTemplate - run: nix-env -if . && m . /tests/makeTemplate - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_tests_scriptWithHelp: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /tests/scriptWithHelp - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /tests/scriptWithHelp" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_tests_scriptWithHelp: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@v15 - - name: /tests/scriptWithHelp - run: nix-env -if . && m . /tests/scriptWithHelp - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_tests_secretsForGpgFromEnv: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /tests/secretsForGpgFromEnv - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /tests/secretsForGpgFromEnv" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_tests_secretsForGpgFromEnv: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /tests/secretsForGpgFromEnv - run: nix-env -if . && m . /tests/secretsForGpgFromEnv - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - - linux_testTerraform_module: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: docker://docker.io/nixos/nix@sha256:1d13ae379fb8caf3f859c5ce7ec6002643d60cf8b7b6147b949cc34880c93bac - name: /testTerraform/module - with: - set-safe-directory: /github/workspace - args: sh -c "nix-env -if . && m . /testTerraform/module" - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - macos_testTerraform_module: - runs-on: macos-latest - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: cachix/install-nix-action@451e61183802597c1febd6ca3cf18aa163f93a06 - - name: /testTerraform/module - run: nix-env -if . && m . /testTerraform/module - env: - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} + args: sh -c "nix-env -if . && m . /deployContainerImage/makesLatestArm64" name: prod on: push: diff --git a/default.nix b/default.nix index 6b0fd38e..e8ab29a6 100644 --- a/default.nix +++ b/default.nix @@ -6,8 +6,6 @@ // { outputs."/cli/env/runtime" = import ./makes/cli/env/runtime/main.nix args; - outputs."/cli/env/runtime/pypi" = - import ./makes/cli/env/runtime/pypi/main.nix args; projectPath = import ./src/args/project-path args; projectSrc = ./.; }; diff --git a/makes.lock.nix b/makes.lock.nix new file mode 100644 index 00000000..5605e74e --- /dev/null +++ b/makes.lock.nix @@ -0,0 +1,3 @@ +{ + makesSrc = ./.; +} diff --git a/makes.nix b/makes.nix index 4bb6e897..08e2b4f9 100644 --- a/makes.nix +++ b/makes.nix @@ -1,5 +1,6 @@ { __nixpkgs__, + __nixpkgsCli__, fetchNixpkgs, inputs, outputs, @@ -26,16 +27,27 @@ }; deployContainerImage = { images = { - makesLatest = { + makesLatestAmd64 = { attempts = 3; credentials = { token = "GITHUB_TOKEN"; user = "GITHUB_ACTOR"; }; registry = "ghcr.io"; - src = outputs."/container-image"; + src = outputs."/container-image/amd64"; + sign = true; + tag = "dsalaza4/makes/amd64:latest"; + }; + makesLatestArm64 = { + attempts = 3; + credentials = { + token = "GITHUB_TOKEN"; + user = "GITHUB_ACTOR"; + }; + registry = "ghcr.io"; + src = outputs."/container-image/arm64"; sign = true; - tag = "fluidattacks/makes:latest"; + tag = "dsalaza4/makes/arm64:latest"; }; makesPinned = { attempts = 3; @@ -114,8 +126,18 @@ }; inputs = { nixpkgs = fetchNixpkgs { - rev = "f88fc7a04249cf230377dd11e04bf125d45e9abe"; - sha256 = "1dkwcsgwyi76s1dqbrxll83a232h9ljwn4cps88w9fam68rf8qv3"; + rev = "126f49a01de5b7e35a43fd43f891ecf6d3a51459"; + sha256 = "sha256-T3o6NcQPwXjxJMn2shz86Chch4ljXgZn746c2caGxd8="; + }; + architectures = { + native = { + pkgs = __nixpkgs__; + pkgsCli = __nixpkgsCli__; + }; + arm64 = { + pkgs = __nixpkgs__.pkgsCross.armv7l-hf-multiplatform; + pkgsCli = __nixpkgsCli__.pkgsCross.armv7l-hf-multiplatform; + }; }; }; lintBash = { diff --git a/makes/cli/env/runtime/main.nix b/makes/cli/env/runtime/main.nix index c791fa78..88704b1b 100644 --- a/makes/cli/env/runtime/main.nix +++ b/makes/cli/env/runtime/main.nix @@ -1,19 +1,27 @@ { - __nixpkgs__, + arch ? "native", + inputs, makeSearchPaths, - outputs, ... -}: -makeSearchPaths { - bin = [ - __nixpkgs__.cachix - __nixpkgs__.git - __nixpkgs__.gnutar - __nixpkgs__.gzip - __nixpkgs__.nixStable - __nixpkgs__.openssh - ]; - source = [ - outputs."/cli/env/runtime/pypi" - ]; -} +}: let + pkgs = inputs.architectures.${arch}.pkgs; + pkgsCli = inputs.architectures.${arch}.pkgsCli; +in + makeSearchPaths { + bin = [ + #pkgs.cachix + pkgs.git + pkgs.gnutar + pkgs.gzip + pkgs.nixStable + pkgs.openssh + ( + pkgsCli.python310.withPackages ( + ps: [ + ps.rich + ps.textual + ] + ) + ) + ]; + } diff --git a/makes/cli/env/runtime/pypi/main.nix b/makes/cli/env/runtime/pypi/main.nix deleted file mode 100644 index 1438970b..00000000 --- a/makes/cli/env/runtime/pypi/main.nix +++ /dev/null @@ -1,5 +0,0 @@ -{makePythonPypiEnvironment, ...}: -makePythonPypiEnvironment { - name = "cli-env-runtime-pypi"; - sourcesYaml = ./pypi-sources.yaml; -} diff --git a/makes/cli/env/runtime/pypi/pypi-deps.yaml b/makes/cli/env/runtime/pypi/pypi-deps.yaml deleted file mode 100644 index e93413f7..00000000 --- a/makes/cli/env/runtime/pypi/pypi-deps.yaml +++ /dev/null @@ -1,2 +0,0 @@ -rich: "*" -textual: "*" diff --git a/makes/cli/env/runtime/pypi/pypi-sources.yaml b/makes/cli/env/runtime/pypi/pypi-sources.yaml deleted file mode 100644 index 8ef41919..00000000 --- a/makes/cli/env/runtime/pypi/pypi-sources.yaml +++ /dev/null @@ -1,31 +0,0 @@ -closure: - commonmark: 0.9.1 - pygments: 2.13.0 - rich: 12.6.0 - textual: 0.1.18 -links: - - name: commonmark-0.9.1-py2.py3-none-any.whl - sha256: 1nbgsvb73ad93cjzjdggkpp4zizvxay3q6ms23j3vy4h4p4khbys - url: https://files.pythonhosted.org/packages/b1/92/dfd892312d822f36c55366118b95d914e5f16de11044a27cf10a7d71bbbf/commonmark-0.9.1-py2.py3-none-any.whl - - name: commonmark-0.9.1.tar.gz - sha256: 0q7d39lm8kcingpmykk5r959hrwwj6v2icyw3mihczxyb749sbs5 - url: https://files.pythonhosted.org/packages/60/48/a60f593447e8f0894ebb7f6e6c1f25dafc5e89c5879fdc9360ae93ff83f0/commonmark-0.9.1.tar.gz - - name: Pygments-2.13.0-py3-none-any.whl - sha256: 0hjcs4h4fmx0k7gfykng2zqr8vmwvaif8bi1i6fkrfjpmcqz6hzn - url: https://files.pythonhosted.org/packages/4f/82/672cd382e5b39ab1cd422a672382f08a1fb3d08d9e0c0f3707f33a52063b/Pygments-2.13.0-py3-none-any.whl - - name: Pygments-2.13.0.tar.gz - sha256: 1ha0pqk3f27zlb2h4gmlb3w8lz9zmvjnnfprpnwy562zx6551a2n - url: https://files.pythonhosted.org/packages/e0/ef/5905cd3642f2337d44143529c941cc3a02e5af16f0f65f81cbef7af452bb/Pygments-2.13.0.tar.gz - - name: rich-12.6.0-py3-none-any.whl - sha256: 0pmvh5xhk8pkkg6h85lzv0liw2q15b9p6z51v6dmi0ic9x42dsx4 - url: https://files.pythonhosted.org/packages/32/60/81ac2e7d1e3b861ab478a72e3b20fc91c4302acd2274822e493758941829/rich-12.6.0-py3-none-any.whl - - name: rich-12.6.0.tar.gz - sha256: 1l1zr5g2k7qyl5bqcsdhrv2nbzgl2v0z4h8ischw41a1jxskffms - url: https://files.pythonhosted.org/packages/11/23/814edf09ec6470d52022b9e95c23c1bef77f0bc451761e1504ebd09606d3/rich-12.6.0.tar.gz - - name: textual-0.1.18-py3-none-any.whl - sha256: 13k3i7mkcpn49xsac759a6fvbmcsg7bdyvl7a0f7qncc84shj4ar - url: https://files.pythonhosted.org/packages/28/f7/4b9d17a2b53a46a95781106ffe29a7414dc8760d542bd430196d201d1a91/textual-0.1.18-py3-none-any.whl - - name: textual-0.1.18.tar.gz - sha256: 08yg5a51hz1axfj5hx28hx31gq5apcj6vpkkmawmiplisa73z25j - url: https://files.pythonhosted.org/packages/8c/d1/c228993e8a21e24bb43a0376b2901b6f3f2033dae13e7f76d1103bb9b8a3/textual-0.1.18.tar.gz -python: "3.10" diff --git a/makes/container-image/amd64/main.nix b/makes/container-image/amd64/main.nix new file mode 100644 index 00000000..cc44c5a8 --- /dev/null +++ b/makes/container-image/amd64/main.nix @@ -0,0 +1,14 @@ +{ + inputs, + makeScript, + makeSearchPaths, + projectPath, + ... +}: +import (projectPath "/makes/container-image") { + arch = "native"; + inherit inputs; + inherit makeScript; + inherit makeSearchPaths; + inherit projectPath; +} diff --git a/makes/container-image/arm64/main.nix b/makes/container-image/arm64/main.nix new file mode 100644 index 00000000..e8b51d79 --- /dev/null +++ b/makes/container-image/arm64/main.nix @@ -0,0 +1,14 @@ +{ + inputs, + makeScript, + makeSearchPaths, + projectPath, + ... +}: +import (projectPath "/makes/container-image") { + arch = "arm64"; + inherit inputs; + inherit makeScript; + inherit makeSearchPaths; + inherit projectPath; +} diff --git a/makes/container-image/default.nix b/makes/container-image/default.nix new file mode 100644 index 00000000..38f3812c --- /dev/null +++ b/makes/container-image/default.nix @@ -0,0 +1,157 @@ +{ + arch ? "native", + inputs, + makeScript, + makeSearchPaths, + projectPath, +}: let + pkgs = inputs.architectures.${arch}.pkgs; + makes = import (projectPath "/makes/main.nix") { + inherit arch; + inherit inputs; + inherit makeScript; + inherit makeSearchPaths; + inherit projectPath; + }; +in + pkgs.dockerTools.buildImage { + config = { + Env = [ + "HOME=/home/root" + "PATH=/bin:/nix/var/nix/profiles/default/bin" + "USER=root" + + # Certificate authorities + "GIT_SSL_CAINFO=/etc/ssl/certs/ca-bundle.crt" + "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" + "SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" + "SYSTEM_CERTIFICATE_PATH=/etc/ssl/certs/ca-bundle.crt" + ]; + User = "root:root"; + WorkingDir = "/working-dir"; + }; + name = "container-image"; + tag = "latest"; + copyToRoot = pkgs.buildEnv { + name = "root-file-system"; + ignoreCollisions = true; + paths = [ + # Basic dependencies + pkgs.bashInteractive + pkgs.cacert + pkgs.coreutils + pkgs.git + pkgs.gnugrep + pkgs.gnutar + pkgs.gzip + pkgs.nix + + # Add /usr/bin/env pointing to /bin/env + (pkgs.runCommand "user-bin-env" {} '' + mkdir -p $out/usr/bin + ln -s $(command -v env) $out/usr/bin/env + '') + + # Create home directories + (pkgs.runCommand "home" {} '' + mkdir -p $out/home/makes + mkdir -p $out/home/root + '') + # Create empty temporary directories + (pkgs.runCommand "tmp" {} '' + mkdir -p $out/tmp + mkdir -p $out/var/tmp + '') + # Create the working directory + (pkgs.runCommand "working-directory" {} '' + mkdir -p $out/working-dir + '') + + # Configure Nix + (pkgs.writeTextDir "home/makes/.config/nix/nix.conf" '' + build-users-group = + '') + (pkgs.writeTextDir "home/root/.config/nix/nix.conf" '' + build-users-group = + '') + (pkgs.writeTextDir "etc/nix/nix.conf" '' + build-users-group = + '') + + # Configure SSH + (pkgs.writeTextDir "home/makes/.ssh/config" '' + Host * + StrictHostKeyChecking no + '') + (pkgs.writeTextDir "home/root/.ssh/config" '' + Host * + StrictHostKeyChecking no + '') + + # Configure doas + (pkgs.writeTextDir "etc/doas.conf" '' + permit nopass keepenv root as makes + '') + + # Add 3 groups + (pkgs.writeTextDir "etc/group" '' + root:x:0: + makes:x:48: + nobody:x:65534: + '') + (pkgs.writeTextDir "etc/gshadow" '' + root:*:: + makes:*:: + nobody:*:: + '') + + # Add 3 users, mapped to groups with their own name + (pkgs.writeTextDir "etc/passwd" '' + root:x:0:0:root:/home/root:/bin/bash + makes:x:48:48:makes:/home/makes:/bin/bash + nobody:x:65534:65534:nobody:/homeless:/bin/false + '') + (pkgs.writeTextDir "etc/shadow" '' + root:!x::::::: + makes:!x::::::: + nobody:!x::::::: + '') + + # Miscelaneous configurations + (pkgs.writeTextDir "etc/login.defs" "") + (pkgs.writeTextDir "etc/nsswitch.conf" '' + hosts: dns files + '') + (pkgs.writeTextDir "etc/pam.d/other" '' + account sufficient pam_unix.so + auth sufficient pam_rootok.so + password requisite pam_unix.so nullok sha512 + session required pam_unix.so + '') + + # Add Makes: + # - By default, it runs as root (uid 0). + # - If `MAKES_NON_ROOT` is in the environment and non-empty, + # makes will run as the makes user (uid > 0). + (pkgs.writeShellScriptBin "m" '' + if test -z "''${MAKES_NON_ROOT:-}"; then + ${makes}/bin/m "$@" + else + echo Using feature flag: MAKES_NON_ROOT + + set -x + mkdir -p /nix/var/nix + chmod u+w /nix/store + chown makes:makes --recursive /nix + chown root:root $(realpath /etc/doas.conf) + + chmod u+w /home/makes /tmp /working-dir + chown makes:makes /home/makes /tmp /working-dir + chown makes:makes --recursive "$PWD" + + ${pkgs.doas}/bin/doas -u makes ${makes}/bin/m "$@" + fi + '') + ]; + }; + } diff --git a/makes/container-image/main.nix b/makes/container-image/main.nix deleted file mode 100644 index b66dd9dc..00000000 --- a/makes/container-image/main.nix +++ /dev/null @@ -1,162 +0,0 @@ -{ - inputs, - outputs, - ... -}: -inputs.nixpkgs.dockerTools.buildImage { - config = { - Env = [ - "HOME=/home/root" - "PATH=/bin:/nix/var/nix/profiles/default/bin" - "USER=root" - - # Certificate authorities - "GIT_SSL_CAINFO=/etc/ssl/certs/ca-bundle.crt" - "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" - "SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" - "SYSTEM_CERTIFICATE_PATH=/etc/ssl/certs/ca-bundle.crt" - ]; - User = "root:root"; - WorkingDir = "/working-dir"; - }; - name = "container-image"; - tag = "latest"; - contents = [ - (inputs.nixpkgs.buildEnv { - name = "root-file-system"; - ignoreCollisions = true; - paths = [ - # Basic dependencies - inputs.nixpkgs.bashInteractive - inputs.nixpkgs.cacert - inputs.nixpkgs.coreutils - inputs.nixpkgs.git - inputs.nixpkgs.gnugrep - inputs.nixpkgs.gnutar - inputs.nixpkgs.gzip - inputs.nixpkgs.nix - - # Add /usr/bin/env pointing to /bin/env - (inputs.nixpkgs.runCommand "user-bin-env" {} '' - mkdir -p $out/usr/bin - ln -s $(command -v env) $out/usr/bin/env - '') - - # Create home directories - (inputs.nixpkgs.runCommand "home" {} '' - mkdir -p $out/home/makes - mkdir -p $out/home/root - '') - # Create empty temporary directories - (inputs.nixpkgs.runCommand "tmp" {} '' - mkdir -p $out/tmp - mkdir -p $out/var/tmp - '') - # Create the working directory - (inputs.nixpkgs.runCommand "working-directory" {} '' - mkdir -p $out/working-dir - '') - - # Configure Nix - (inputs.nixpkgs.writeTextDir "home/makes/.config/nix/nix.conf" '' - build-users-group = - '') - (inputs.nixpkgs.writeTextDir "home/root/.config/nix/nix.conf" '' - build-users-group = - '') - (inputs.nixpkgs.writeTextDir "etc/nix/nix.conf" '' - build-users-group = - '') - - # Configure SSH - (inputs.nixpkgs.writeTextFile { - name = "home-makes-ssh-config"; - destination = "/home/makes/.ssh/config"; - text = '' - Host * - StrictHostKeyChecking no - ''; - checkPhase = '' - chmod 400 $out$destination - ''; - }) - (inputs.nixpkgs.writeTextFile { - name = "home-root-ssh-config"; - destination = "/home/root/.ssh/config"; - text = '' - Host * - StrictHostKeyChecking no - ''; - checkPhase = '' - chmod 400 $out$destination - ''; - }) - - # Configure doas - (inputs.nixpkgs.writeTextDir "etc/doas.conf" '' - permit nopass keepenv root as makes - '') - - # Add 3 groups - (inputs.nixpkgs.writeTextDir "etc/group" '' - root:x:0: - makes:x:48: - nobody:x:65534: - '') - (inputs.nixpkgs.writeTextDir "etc/gshadow" '' - root:*:: - makes:*:: - nobody:*:: - '') - - # Add 3 users, mapped to groups with their own name - (inputs.nixpkgs.writeTextDir "etc/passwd" '' - root:x:0:0:root:/home/root:/bin/bash - makes:x:48:48:makes:/home/makes:/bin/bash - nobody:x:65534:65534:nobody:/homeless:/bin/false - '') - (inputs.nixpkgs.writeTextDir "etc/shadow" '' - root:!x::::::: - makes:!x::::::: - nobody:!x::::::: - '') - - # Miscelaneous configurations - (inputs.nixpkgs.writeTextDir "etc/login.defs" "") - (inputs.nixpkgs.writeTextDir "etc/nsswitch.conf" '' - hosts: dns files - '') - (inputs.nixpkgs.writeTextDir "etc/pam.d/other" '' - account sufficient pam_unix.so - auth sufficient pam_rootok.so - password requisite pam_unix.so nullok sha512 - session required pam_unix.so - '') - - # Add Makes: - # - By default, it runs as root (uid 0). - # - If `MAKES_NON_ROOT` is in the environment and non-empty, - # makes will run as the makes user (uid > 0). - (inputs.nixpkgs.writeShellScriptBin "m" '' - if test -z "''${MAKES_NON_ROOT:-}"; then - ${outputs."/"}/bin/m "$@" - else - echo Using feature flag: MAKES_NON_ROOT - - set -x - mkdir -p /nix/var/nix - chmod u+w /nix/store - chown makes:makes --recursive /nix - chown root:root $(realpath /etc/doas.conf) - - chmod u+w /home/makes /tmp /working-dir - chown makes:makes /home/makes /tmp /working-dir - chown makes:makes --recursive "$PWD" - - ${inputs.nixpkgs.doas}/bin/doas -u makes ${outputs."/"}/bin/m "$@" - fi - '') - ]; - }) - ]; -} diff --git a/makes/main.nix b/makes/main.nix index b9877abd..ea853b26 100644 --- a/makes/main.nix +++ b/makes/main.nix @@ -1,11 +1,18 @@ { - __nixpkgs__, + arch ? "native", + inputs, makeScript, - outputs, + makeSearchPaths, projectPath, ... }: let makesVersion = "23.04"; + pkgs = inputs.architectures.${arch}.pkgs; + runtime = import (projectPath "/makes/cli/env/runtime/main.nix") { + inherit arch; + inherit inputs; + inherit makeSearchPaths; + }; in makeScript { aliases = [ @@ -15,8 +22,8 @@ in ]; replace = { __argMakesSrc__ = projectPath "/"; - __argNixStable__ = __nixpkgs__.nixStable; - __argNixUnstable__ = __nixpkgs__.nixUnstable; + __argNixStable__ = pkgs.nixStable; + __argNixUnstable__ = pkgs.nixUnstable; }; entrypoint = '' __MAKES_SRC__=__argMakesSrc__ \ @@ -24,8 +31,6 @@ in __NIX_UNSTABLE__=__argNixUnstable__ \ python -u __argMakesSrc__/src/cli/main/__main__.py "$@" ''; - searchPaths.source = [ - outputs."/cli/env/runtime" - ]; + searchPaths.source = [runtime]; name = "m"; } diff --git a/src/args/agnostic.nix b/src/args/agnostic.nix index e0e90cfe..f58b6a72 100644 --- a/src/args/agnostic.nix +++ b/src/args/agnostic.nix @@ -11,6 +11,7 @@ args = fix' (self: { __nixpkgs__ = import sources.nixpkgs {inherit system;}; + __nixpkgsCli__ = import sources.nixpkgsCli {inherit system;}; __nixpkgsSrc__ = sources.nixpkgs; __shellCommands__ = ./shell-commands/template.sh; __shellOptions__ = ./shell-options/template.sh; diff --git a/src/nix/sources.json b/src/nix/sources.json index 549a5e23..005bf14c 100644 --- a/src/nix/sources.json +++ b/src/nix/sources.json @@ -1,14 +1,26 @@ { - "nixpkgs": { - "branch": "nixpkgs-unstable", - "description": "Nix Packages collection", - "homepage": "", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "126f49a01de5b7e35a43fd43f891ecf6d3a51459", - "sha256": "1py5hv3dk74fxxkhcpk3i63mqa78zhfb5xn94kqpih8gqhsklyjg", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/126f49a01de5b7e35a43fd43f891ecf6d3a51459.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - } + "nixpkgs": { + "branch": "nixpkgs-unstable", + "description": "Nix Packages collection", + "homepage": "", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b01f185e4866de7c5b5a82f833ca9ea3c3f72fc4", + "sha256": "02sdwkxa3gw582lykfvvki2gk501kda7vqy4q3mcrk8k5ppbk1b3", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/b01f185e4866de7c5b5a82f833ca9ea3c3f72fc4.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + }, + "nixpkgsCli": { + "branch": "nixpkgs-unstable", + "description": "Nix Packages collection", + "homepage": "", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3f87b172c76112c8674333c0f0f4680ca80bc787", + "sha256": "0kcw7vii35rnwskgwrn7fwragxhmf5zi8zr3bqdwb0igcarawyzy", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/3f87b172c76112c8674333c0f0f4680ca80bc787.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + } }