|
7 | 7 | inputs.nixpkgs.follows = "nixpkgs"; |
8 | 8 | }; |
9 | 9 | crane.url = "github:ipetkov/crane"; |
| 10 | + advisory-db = { |
| 11 | + url = "github:rustsec/advisory-db"; |
| 12 | + flake = false; |
| 13 | + }; |
10 | 14 | treefmt-nix = { |
11 | 15 | url = "github:numtide/treefmt-nix"; |
12 | 16 | inputs.nixpkgs.follows = "nixpkgs"; |
|
20 | 24 | flake-utils, |
21 | 25 | rust-overlay, |
22 | 26 | crane, |
| 27 | + advisory-db, |
23 | 28 | treefmt-nix, |
24 | 29 | ... |
25 | 30 | }: |
|
41 | 46 | buildInputs = with pkgs; [ openssl ]; |
42 | 47 | nativeBuildInputs = with pkgs; [ pkg-config ]; |
43 | 48 | }; |
| 49 | + cargoArtifacts = craneLib.buildDepsOnly commonArgs; |
| 50 | + commonArgsWithDeps = commonArgs // { |
| 51 | + inherit cargoArtifacts; |
| 52 | + }; |
44 | 53 | cranePackage = craneLib.buildPackage ( |
45 | | - commonArgs |
| 54 | + commonArgsWithDeps |
46 | 55 | // { |
47 | | - cargoArtifacts = craneLib.buildDepsOnly commonArgs; |
48 | 56 | meta = { |
49 | 57 | mainProgram = "backend"; |
50 | 58 | license = lib.licenses.gpl3Plus; |
|
61 | 69 | backend = cranePackage; |
62 | 70 | }; |
63 | 71 | formatter = treefmtEval.config.build.wrapper; |
64 | | - checks.formatting = treefmtEval.config.build.check self; |
| 72 | + checks = { |
| 73 | + formatting = treefmtEval.config.build.check self; |
| 74 | + clippy = craneLib.cargoClippy ( |
| 75 | + commonArgsWithDeps // { cargoClippyExtraArgs = "--all-targets -- --deny warnings"; } |
| 76 | + ); |
| 77 | + deny = |
| 78 | + let |
| 79 | + git = ''HOME="$GIT_HOME" git''; |
| 80 | + gitInit = '' |
| 81 | + ${git} config --global init.defaultBranch "main" |
| 82 | + ${git} config --global user.email "example@example.com" |
| 83 | + ${git} config --global user.name "John Doe" |
| 84 | + ${git} init |
| 85 | + ${git} add -A |
| 86 | + ${git} commit -m "init" |
| 87 | + ''; |
| 88 | + in |
| 89 | + craneLib.cargoDeny ( |
| 90 | + commonArgs |
| 91 | + // { |
| 92 | + cargoDenyChecks = "--disable-fetch all"; |
| 93 | + nativeBuildInputs = [ pkgs.git ]; |
| 94 | + configurePhase = '' |
| 95 | + runHook preConfigure |
| 96 | +
|
| 97 | + DB_PATH="$CARGO_HOME"/advisory-dbs/advisory-db-3157b0e258782691 |
| 98 | + mkdir -p "$DB_PATH" |
| 99 | +
|
| 100 | + pushd "$DB_PATH" |
| 101 | +
|
| 102 | + ln -s ${advisory-db}/{*,.*} . |
| 103 | + GIT_HOME="$(mktemp -d)" |
| 104 | + ${gitInit} # Cargo-deny complains if it isn't a real repo |
| 105 | +
|
| 106 | + popd |
| 107 | +
|
| 108 | + runHook postConfigure |
| 109 | + ''; |
| 110 | + } |
| 111 | + ); |
| 112 | + udeps = craneLib.mkCargoDerivation ( |
| 113 | + commonArgsWithDeps |
| 114 | + // { |
| 115 | + nativeBuildInputs = [ pkgs.cargo-udeps ]; |
| 116 | + pnameSuffix = "-udeps"; |
| 117 | + buildPhaseCargoCommand = '' |
| 118 | + cargo --offline \ |
| 119 | + udeps \ |
| 120 | + --all-targets \ |
| 121 | + --all-features |
| 122 | + ''; |
| 123 | + } |
| 124 | + ); |
| 125 | + }; |
65 | 126 | devShells.default = craneLib.devShell { |
66 | 127 | # Add all build-time dependencies to the environment |
67 | 128 | packages = |
68 | 129 | cranePackage.buildInputs |
69 | 130 | ++ cranePackage.nativeBuildInputs |
70 | 131 | ++ (with pkgs; [ |
71 | 132 | cargo-deny |
| 133 | + cargo-udeps |
72 | 134 | evcxr |
73 | 135 | lldb |
74 | 136 | self.formatter.${system} |
|
0 commit comments