-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathflake.nix
More file actions
232 lines (197 loc) · 5.98 KB
/
flake.nix
File metadata and controls
232 lines (197 loc) · 5.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
{
description = "Protection for your Rust web application";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
crane.url = "github:ipetkov/crane";
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-analyzer-src.follows = "";
};
flake-utils.url = "github:numtide/flake-utils";
advisory-db = {
url = "github:rustsec/advisory-db";
flake = false;
};
};
outputs =
{
self,
nixpkgs,
crane,
fenix,
flake-utils,
advisory-db,
...
}:
flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
inherit (pkgs) lib;
# Use stable Rust toolchain
rustToolchain = fenix.packages.${system}.stable.toolchain;
craneLib = (crane.mkLib pkgs).overrideToolchain rustToolchain;
src = lib.cleanSourceWith {
src = ./.;
filter =
path: type:
(lib.hasSuffix "\.rs" path)
|| (lib.hasSuffix "\.toml" path)
|| (lib.hasSuffix "\.lock" path)
|| (lib.hasSuffix "\.md" path)
|| (type == "directory");
};
# Common arguments can be set here to avoid repeating them later
# For workspace projects, explicitly set metadata to avoid warnings
commonArgs = {
inherit src;
pname = "webgates";
version = "0.1.0-dev";
strictDeps = true;
nativeBuildInputs = with pkgs; [
pkg-config
];
buildInputs =
with pkgs;
[
openssl
]
++ lib.optionals pkgs.stdenv.isDarwin [
libiconv
];
# Set environment variables for OpenSSL
OPENSSL_NO_VENDOR = 1;
OPENSSL_LIB_DIR = "${pkgs.openssl.out}/lib";
OPENSSL_INCLUDE_DIR = "${pkgs.openssl.dev}/include";
};
# Toolchain with LLVM tools for coverage
craneLibLLvmTools = craneLib.overrideToolchain (
fenix.packages.${system}.stable.withComponents [
"cargo"
"llvm-tools"
"rustc"
]
);
# Build cargo dependencies
cargoArtifacts = craneLib.buildDepsOnly commonArgs;
# Build the library
webgates = craneLib.buildPackage (
commonArgs
// {
inherit cargoArtifacts;
doCheck = false; # Tests run separately in checks
}
);
in
{
checks = {
# Build the package as part of `nix flake check`
inherit webgates;
# Run clippy with all warnings denied
webgates-clippy = craneLib.cargoClippy (
commonArgs
// {
inherit cargoArtifacts;
cargoClippyExtraArgs = "--all-targets -- --deny warnings";
}
);
# Generate documentation
webgates-doc = craneLib.cargoDoc (
commonArgs
// {
inherit cargoArtifacts;
}
);
# Check code formatting
webgates-fmt = craneLib.cargoFmt {
inherit src;
pname = "webgates";
};
# Check TOML formatting
webgates-toml-fmt = craneLib.taploFmt {
src = pkgs.lib.sources.sourceFilesBySuffices src [ ".toml" ];
pname = "webgates";
taploExtraArgs = "--config ./taplo.toml";
};
# Security audit
webgates-audit = craneLib.cargoAudit {
inherit src advisory-db;
pname = "webgates";
};
# License and dependency checks
webgates-deny = craneLib.cargoDeny {
inherit src;
pname = "webgates";
};
# Run tests with cargo-nextest
webgates-nextest = craneLib.cargoNextest (
commonArgs
// {
inherit cargoArtifacts;
partitions = 1;
partitionType = "count";
}
);
};
packages = {
default = webgates;
}
// lib.optionalAttrs (!pkgs.stdenv.isDarwin) {
# LLVM coverage only on non-Darwin systems
webgates-llvm-coverage = craneLibLLvmTools.cargoLlvmCov (
commonArgs
// {
inherit cargoArtifacts;
}
);
};
# No apps needed for a library crate
devShells.default = craneLib.devShell {
name = "webgates-dev";
# Inherit inputs from checks
checks = self.checks.${system};
# Development packages for library development
packages =
with pkgs;
[
# Rust development tools
rust-analyzer
rustfmt
clippy
# Build tools
pkg-config
# Python tooling for repository scripts
python3
python3Packages.toml
# Nix tools
nil
nixfmt
# TOML formatting
taplo
# Library development tools
cargo-audit
cargo-deny
cargo-nextest
cargo-watch
cargo-sort
cargo-expand # For macro debugging
cargo-machete # For unused dependency detection
# Database tools for examples
sqlite
]
++ lib.optionals (!pkgs.stdenv.isDarwin) [
cargo-llvm-cov
cargo-tarpaulin
];
# Environment variables
RUST_SRC_PATH = "${rustToolchain}/lib/rustlib/src/rust/library";
OPENSSL_NO_VENDOR = 1;
OPENSSL_LIB_DIR = "${pkgs.openssl.out}/lib";
OPENSSL_INCLUDE_DIR = "${pkgs.openssl.dev}/include";
};
# Formatter for the flake itself
formatter = pkgs.nixfmt-rfc-style;
}
);
}