-
-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathflake.nix
More file actions
265 lines (250 loc) · 9.25 KB
/
flake.nix
File metadata and controls
265 lines (250 loc) · 9.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils";
flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
# TODO: see extract_require_bats branch
# bats-require = {
# url = "github:abathur/bats-require";
# inputs.nixpkgs.follows = "nixpkgs";
# inputs.flake-utils.follows = "flake-utils";
# inputs.flake-compat.follows = "flake-compat";
# };
# obtuse name to avoid package/flake clash
wwurst = {
url = "github:abathur/wordswurst";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
inputs.flake-compat.follows = "flake-compat";
};
binlore = {
url = "github:abathur/binlore";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
inputs.flake-compat.follows = "flake-compat";
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
description = "Resolve external shell-script dependencies";
outputs =
{
self,
nixpkgs,
flake-utils,
flake-compat,
# bats-require,
wwurst,
binlore,
treefmt-nix,
}:
{
# TODO:
# - document if I need nixpkgs.lib.composeExtensions wwurst.overlays.default or not. TL;DR: make sure you aren't holding this wrong or cargo culting
# - update other flakes based on this?
overlays.default = (
final: prev: {
inherit
(prev.callPackage ./nixpkgs {
version = prev.resholve.version + "-" + (self.shortRev or "dirty");
rSrc = final.lib.cleanSource self;
})
resholve
;
}
);
nixpkgs_source = nixpkgs.outPath;
}
// flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [
# bats-require.overlays.default
wwurst.overlays.default
binlore.overlays.default
self.overlays.default
];
};
treefmtEval = (treefmt-nix.lib.evalModule pkgs ./treefmt.nix);
in
{
# only ~exporting these for resholve-with-packages shenanigans
_pkgs = pkgs;
packages = {
inherit (pkgs) resholve;
default = pkgs.resholve;
# support quick DIY resholving of a script from a set of nixpkgs
# nix run .#resholve-with-packages -- <script-file> [<package>...]
resholve-with-packages = (
pkgs.writeScriptBin "resholve-with-packages" ''
#!${pkgs.bash}/bin/bash
if [ "$#" -lt 2 ]; then
echo "usage: resholve-with-packages <script-file> [package…]" 1>&2
exit 64
fi
readonly script="$1"
shift
dep_lore(){
${pkgs.nix}/bin/nix build --impure --print-out-paths -f -
} <<EOF
with (builtins.getFlake "${self}")._pkgs."${system}"; (binlore.collect { drvs = [ $@ ]; })
EOF
dep_path(){
${pkgs.nix}/bin/nix eval --impure --raw -f -
} <<EOF
with (builtins.getFlake "${self}")._pkgs."${system}"; (lib.makeBinPath [ $@ ])
EOF
export RESHOLVE_LORE="$(dep_lore "$@")"
export RESHOLVE_PATH="$(dep_path "$@")"
${pkgs.resholve}/bin/resholve --interpreter ${pkgs.bash}/bin/bash < "$script"
''
);
ci =
let
inherit
(pkgs.resholve.tests.override (prev: {
runDemo = true;
}))
module1
module2
module3
cli
resholvedScript
resholvedScriptBin
resholvedScriptBinNone
;
in
pkgs.runCommand "resholve-ci" { } ''
diff ${resholvedScript} ${resholvedScriptBin}/bin/resholved-script-bin
bash ${resholvedScriptBinNone}/bin/resholved-script-bin
mkdir $out
printf "\033[33m============================= resholve Nix demo ===============================\033[0m\n"
env -i ${module3}/bin/conjure.sh |& tee nix-demo.ansi
${pkgs.bat}/bin/bat --paging=never --color=always ${module3}/bin/conjure.sh ${module2}/bin/openssl.sh ${module1}/bin/libressl.sh |& tee -a nix-demo.ansi
${pkgs.ansifilter}/bin/ansifilter -o $out/test.txt --text ${cli}/test.ansi
${pkgs.ansifilter}/bin/ansifilter -o $out/demo.txt --text ${cli}/demo.ansi
${pkgs.ansifilter}/bin/ansifilter -o $out/nix-demo.txt --text nix-demo.ansi
'';
};
checks =
pkgs.callPackages nixpkgs/test.nix {
inherit (pkgs) resholve;
rSrc = pkgs.lib.cleanSource self;
}
// {
formatting = treefmtEval.config.build.check self;
}
//
pkgs.lib.optionalAttrs
(
!(builtins.elem system [
"aarch64-darwin"
"x86_64-darwin"
])
)
{
# ongoing effort to avoid regressing cross (updated nov 9 2025)
#
# previously used lesspipe but it's failing (probably not our fault)
# changing to wgnord which passes somewhat quickly
# other currently passing candidates: arch-install-scripts, dgoss, wsl-vpnkit, zxfer
# other currently failing candidates: unix-prevesc-check
aarch64-cross-test_wgnord = pkgs.pkgsCross.aarch64-multiplatform.wgnord.override (old: {
inherit (pkgs.pkgsCross.aarch64-multiplatform) resholve;
});
aarch64-cross-test_writeScriptBin =
pkgs.pkgsCross.aarch64-multiplatform.resholve.writeScriptBin "resholved-script-bin"
{
inputs = [ ];
interpreter = "${pkgs.pkgsCross.aarch64-multiplatform.bash}/bin/bash";
}
''
echo "Hello"
'';
};
devShells =
let
resolveTimeDeps = [
pkgs.bash
pkgs.coreutils
pkgs.file
pkgs.findutils
pkgs.gettext
];
in
{
default = pkgs.mkShell {
buildInputs = [
pkgs.bash
pkgs.resholve
pkgs.bats
pkgs.man
];
RESHOLVE_PATH = "${pkgs.lib.makeBinPath resolveTimeDeps}";
RESHOLVE_LORE = "${pkgs.binlore.collect { drvs = resolveTimeDeps; }}";
INTERP = "${pkgs.bash}/bin/bash";
shellHook = ''
demo()(
cd ${pkgs.lib.cleanSource self}
./demo
)
echo "
This shell session is preconfigured with some environment variables
needed to run resholve's CLI demo. This will be less magical if you
see them first:
$(declare -p RESHOLVE_PATH RESHOLVE_LORE)
resholve enacts an explicit-is-better-than-implicit philosophy, so
it makes you specify dependencies via arguments or environment vars.
RESHOLVE_PATH includes packages used in the demo: bash, coreutils,
file, find, and gettext. If you use this shell to resolve scripts
with those utilities, it'll appear to automatically pick them up.
If you use commands not in those packages, it'll complain.
RESHOLVE_LORE specifies a directory with static analysis resholve
uses to decide which commands are most likely to execute other
commands passed to them as arguments. In this case, the analysis
has been precomputed for the same packages in RESHOLVE_PATH.
Test files used in the demo are in:
${pkgs.lib.cleanSource self}/tests
Enter \`demo\` to run it, and \`man resholve\` for documentation.
"
'';
};
make = pkgs.mkShell {
makeInputs =
with pkgs;
lib.makeBinPath [
git
bash
nix
coreutils
gnused
groff
ansifilter
wordswurst
sassc
# TODO: lint/format stuff? or do you want this in a dev shell once you convert to flake?
# nixpkgs-fmt
# scss-lint
];
};
};
formatter = treefmtEval.config.build.wrapper;
formatterx = (
pkgs.treefmt.withConfig {
runtimeInputs = [ pkgs.nixfmt-rfc-style ];
settings.formatter.nixfmt = {
command = "nixfmt";
includes = [ "*.nix" ];
};
}
);
}
);
}