From ef56c8e3eab8958d7c89a5590e3c1c2ce2903ba8 Mon Sep 17 00:00:00 2001 From: Pavel Shirshov Date: Sat, 26 Oct 2024 21:43:13 +0100 Subject: [PATCH] wip: nixify --- .build.sh | 155 ------------------ .github/workflows/build.yml | 39 ++--- build.sh | 27 +++ devops/.env.sh | 23 +++ devops/coverage.sh | 8 + devops/gen.sh | 6 + devops/publish-alien.sh | 18 ++ devops/publish-scala.sh | 21 +++ flake.nix | 53 ++++++ .../src/main/nuget/publish.sh | 4 +- 10 files changed, 176 insertions(+), 178 deletions(-) delete mode 100644 .build.sh create mode 100755 build.sh create mode 100644 devops/.env.sh create mode 100644 devops/coverage.sh create mode 100644 devops/gen.sh create mode 100644 devops/publish-alien.sh create mode 100644 devops/publish-scala.sh create mode 100644 flake.nix diff --git a/.build.sh b/.build.sh deleted file mode 100644 index 79d04828..00000000 --- a/.build.sh +++ /dev/null @@ -1,155 +0,0 @@ -#!/usr/bin/env bash -set -xe - -# `++ 2.13.0 compile` has a different semantic than `;++2.13.0;compile` -# Strict aggregation applies ONLY to former, and ONLY if crossScalaVersions := Nil in root project -# see https://github.com/sbt/sbt/issues/3698#issuecomment-475955454 -# and https://github.com/sbt/sbt/pull/3995/files -# TL;DR strict aggregation in sbt is broken; this is a workaround - -SONATYPE_SECRET=.secrets/credentials.sonatype-nexus.properties - -function scala3 { - echo "Using Scala 3..." - VERSION_COMMAND="++ $SCALA3" -} - -function scala213 { - echo "Using Scala 2.13..." - VERSION_COMMAND="++ $SCALA213" -} - -function scala212 { - echo "Using Scala 2.12..." - VERSION_COMMAND="++ $SCALA212" -} - -function csbt { - COMMAND="time sbt -batch -no-colors -v $*" - eval $COMMAND -} - -function coverage { - csbt clean coverage "'$VERSION_COMMAND test'" "'$VERSION_COMMAND coverageReport'" || exit 1 -} - -function publishIDL { - #copypaste - if [[ "$CI_PULL_REQUEST" != "false" ]] ; then - return 0 - fi - - if [[ ! ("$CI_BRANCH" == "develop" || "$CI_BRANCH_TAG" =~ ^v.*$ ) ]] ; then - return 0 - fi - #copypaste - - if [[ -z "$NPM_TOKEN" ]] ; then - return 0 - fi - - if [[ -z "$NUGET_TOKEN" ]] ; then - return 0 - fi - - echo "PUBLISH IDL RUNTIMES..." - - echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc - npm whoami - - ./idealingua-v1/idealingua-v1-runtime-rpc-typescript/src/npmjs/publish.sh || exit 1 - ./idealingua-v1/idealingua-v1-runtime-rpc-csharp/src/main/nuget/publish.sh || exit 1 -} - -function publishScala { - #copypaste - if [[ "$CI_PULL_REQUEST" != "false" ]] ; then - return 0 - fi - - if [[ ! -f .secrets/credentials.sonatype-nexus.properties ]] ; then - return 0 - fi - - if [[ ! ("$CI_BRANCH" == "develop" || "$CI_BRANCH_TAG" =~ ^v.*$ ) ]] ; then - return 0 - fi - - echo "PUBLISH SCALA LIBRARIES..." - - if [[ "$CI_BRANCH" == "develop" ]] ; then - csbt "'$VERSION_COMMAND clean'" "'$VERSION_COMMAND package'" "'$VERSION_COMMAND publishSigned'" || exit 1 - else - csbt "'$VERSION_COMMAND clean'" "'$VERSION_COMMAND package'" "'$VERSION_COMMAND publishSigned'" sonatypeBundleRelease || exit 1 - fi -} - -function init { - export NPM_TOKEN=${TOKEN_NPM} - export NUGET_TOKEN=${TOKEN_NUGET} - - export IZUMI_VERSION=$(cat version.sbt | sed -r 's/.*\"(.*)\".**/\1/' | sed -E "s/SNAPSHOT/build."${CI_BUILD_UNIQ_SUFFIX}"/") - export SCALA212=$(cat project/Deps.sc | grep 'val scala212 ' | sed -r 's/.*\"(.*)\".**/\1/') - export SCALA213=$(cat project/Deps.sc | grep 'val scala213 ' | sed -r 's/.*\"(.*)\".**/\1/') - export SCALA3=$(cat project/Deps.sc | grep 'val scala300 ' | sed -r 's/.*\"(.*)\".**/\1/') - - printenv -} - -function secrets { - if [[ "$CI_PULL_REQUEST" == "false" ]] ; then - mkdir .secrets - echo "$SONATYPE_CREDENTIALS_FILE" > "$SONATYPE_SECRET" - openssl aes-256-cbc -K ${OPENSSL_KEY} -iv ${OPENSSL_IV} -in secrets.tar.enc -out secrets.tar -d - tar xvf secrets.tar - fi -} - -init - - -for i in "$@" -do -case $i in - nothing) - echo "Doing nothing..." - ;; - - 2.13) - scala213 - ;; - - 2.12) - scala212 - ;; - - 3*) - scala3 - ;; - - coverage) - coverage - ;; - - publishIDL) - publishIDL - ;; - - publishScala) - publishScala - ;; - - sonatypeRelease) - sonatypeRelease - ;; - - secrets) - secrets - ;; - - *) - echo "Unknown option: ${i}" - exit 1 - ;; -esac -done diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 463692f8..e6c7bc2e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,22 +25,13 @@ jobs: needs: [ 'checksecret' ] strategy: matrix: - java: [ '11' ] scala: [ '2.12', '2.13', '3' ] steps: - - uses: 7mind/github-env@main - with: - java-version: ${{ matrix.java }} -# - uses: actions/setup-go@v5 -# with: -# go-version: '1.21.4' # The Go version to download (if necessary) and use. - - uses: actions/setup-dotnet@v4 - with: - dotnet-version: 6.x + - uses: 7mind/github-env@minimal - name: Build and Test - run: | - bash sbtgen.sc --js - bash .build.sh ${{ matrix.scala }} coverage + env: + SCALA_VERSION: ${{ matrix.scala }} + run: ./build.sh nix gen coverage - uses: bitwarden/sm-action@v2 if: needs.checksecret.outputs.HAVE_SECRETS == 'true' with: @@ -57,14 +48,13 @@ jobs: # TODO: do we need scoverage.xml? If so files: may be just omitted # files: cobertura.xml,scoverage.xml # flags: unittests + publish-alien: runs-on: ubuntu-latest needs: [ 'checksecret' ] if: needs.checksecret.outputs.HAVE_SECRETS == 'true' steps: - - uses: 7mind/github-env@main - with: - java-version: 11 + - uses: 7mind/github-env@minimal - uses: bitwarden/sm-action@v2 with: access_token: ${{ secrets.TOKEN_BITWARDEN_SM }} @@ -72,15 +62,14 @@ jobs: 637c5cad-a680-4ea3-ac8b-b193010bee40 > TOKEN_NUGET aa0a790c-4030-4126-bc77-b193010a0f04 > TOKEN_NPM - name: Publish alien artifacts - run: | - bash .build.sh 2.12 publishIDL + run: ./build.sh nix publish-alien + publish-artifacts: runs-on: ubuntu-latest needs: [ 'build', 'checksecret' ] if: needs.checksecret.outputs.HAVE_SECRETS == 'true' strategy: matrix: - java: [ '11' ] scala: [ '2.12', '2.13', '3' ] steps: - uses: 7mind/github-env@main @@ -94,9 +83,17 @@ jobs: 749f4227-9f11-4ceb-9121-b1930110c3a9 > OPENSSL_KEY a2fe5b5b-5f3f-47f8-961c-b1930110cea7 > OPENSSL_IV - name: Build and Publish to Sonatype + env: + SONATYPE_SECRET: .secrets/credentials.sonatype-nexus.properties run: | - bash sbtgen.sc --js - bash .build.sh ${{ matrix.scala }} secrets publishScala + if [[ "$CI_PULL_REQUEST" == "false" ]] ; then + mkdir .secrets + echo "$SONATYPE_CREDENTIALS_FILE" > "$SONATYPE_SECRET" + openssl aes-256-cbc -K ${OPENSSL_KEY} -iv ${OPENSSL_IV} -in secrets.tar.enc -out secrets.tar -d + tar xvf secrets.tar + fi + ./build.sh nix gen publish-scala + all-good: if: always() runs-on: ubuntu-latest diff --git a/build.sh b/build.sh new file mode 100755 index 00000000..4912775c --- /dev/null +++ b/build.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +set -e + +self="$(realpath "$0")" +path="$(dirname "$self")" + +(for e in "$@"; do [[ "$e" == "nix" ]] && exit 0; done) && NIXIFY=1 || NIXIFY=0 + +if [[ "$NIXIFY" == 1 && -z "${IN_NIX_SHELL+x}" ]]; then + echo "Restarting in Nix..." + set -x + nix flake lock + nix flake metadata + exec nix develop --command bash "$self" "$@" +fi + +set -x +cd "$path" + +for i in "$@" +do +case $i in + nix) ;; + *) "./devops/$i.sh" ;; +esac +done diff --git a/devops/.env.sh b/devops/.env.sh new file mode 100644 index 00000000..89069da8 --- /dev/null +++ b/devops/.env.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +set -e +set -x + +export IZUMI_VERSION=$(cat version.sbt | sed -r 's/.*\"(.*)\".**/\1/' | sed -E "s/SNAPSHOT/build."${CI_BUILD_UNIQ_SUFFIX}"/") +export SCALA212=$(cat project/Deps.sc | grep 'val scala212 ' | sed -r 's/.*\"(.*)\".**/\1/') +export SCALA213=$(cat project/Deps.sc | grep 'val scala213 ' | sed -r 's/.*\"(.*)\".**/\1/') +export SCALA3=$(cat project/Deps.sc | grep 'val scala300 ' | sed -r 's/.*\"(.*)\".**/\1/') + +[[ -z "$SCALA_VERSION" ]] && exit 1 + +case $SCALA_VERSION in + 2.12) SCALA_VERSION="$SCALA212" ;; + 2.13) SCALA_VERSION="$SCALA213" ;; + 3) SCALA_VERSION="$SCALA3" ;; + *) exit 1 ;; +esac + +export SCALA_VERSION="$SCALA_VERSION" +export VERSION_COMMAND="++ $SCALA_VERSION" + +printenv \ No newline at end of file diff --git a/devops/coverage.sh b/devops/coverage.sh new file mode 100644 index 00000000..3122b951 --- /dev/null +++ b/devops/coverage.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +set -e +set -x + +source ./devops/env.sh + +sbt -batch -no-colors -v clean coverage "'$VERSION_COMMAND test'" "'$VERSION_COMMAND coverageReport'" \ No newline at end of file diff --git a/devops/gen.sh b/devops/gen.sh new file mode 100644 index 00000000..50d3f35a --- /dev/null +++ b/devops/gen.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +set -e +set -x + +bash sbtgen.sc --js \ No newline at end of file diff --git a/devops/publish-alien.sh b/devops/publish-alien.sh new file mode 100644 index 00000000..a05f8440 --- /dev/null +++ b/devops/publish-alien.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +set -e +set -x + +[[ "$CI_PULL_REQUEST" != "false" ]] && exit 0 +[[ -z "$TOKEN_NUGET" ]] && exit 0 +[[ -z "$TOKEN_NPM" ]] && exit 0 +[[ ! ("$CI_BRANCH" == "develop" || "$CI_BRANCH_TAG" =~ ^v.*$ ) ]] && exit 0 + + +echo "PUBLISH IDL RUNTIMES..." + +echo "//registry.npmjs.org/:_authToken=${TOKEN_NPM}" > ~/.npmrc +npm whoami + +./idealingua-v1/idealingua-v1-runtime-rpc-typescript/src/npmjs/publish.sh || exit 1 +./idealingua-v1/idealingua-v1-runtime-rpc-csharp/src/main/nuget/publish.sh || exit 1 \ No newline at end of file diff --git a/devops/publish-scala.sh b/devops/publish-scala.sh new file mode 100644 index 00000000..f7a8e35d --- /dev/null +++ b/devops/publish-scala.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +set -e +set -x + +source ./devops/env.sh + +[[ "$CI_PULL_REQUEST" != "false" ]] && exit 0 +[[ -z "$TOKEN_NUGET" ]] && exit 0 +[[ -z "$TOKEN_NPM" ]] && exit 0 +[[ ! ("$CI_BRANCH" == "develop" || "$CI_BRANCH_TAG" =~ ^v.*$ ) ]] && exit 0 +[[ -f "$SONATYPE_SECRET"]] && exit 0 + + +echo "PUBLISH SCALA LIBRARIES..." + +if [[ "$CI_BRANCH" == "develop" ]] ; then + sbt -batch -no-colors -v "'$VERSION_COMMAND clean'" "'$VERSION_COMMAND package'" "'$VERSION_COMMAND publishSigned'" +else + sbt -batch -no-colors -v "'$VERSION_COMMAND clean'" "'$VERSION_COMMAND package'" "'$VERSION_COMMAND publishSigned'" sonatypeBundleRelease || exit 1 +fi diff --git a/flake.nix b/flake.nix new file mode 100644 index 00000000..127530f5 --- /dev/null +++ b/flake.nix @@ -0,0 +1,53 @@ +{ + description = "baboon build environment"; + + inputs.nixpkgs.url = "github:NixOS/nixpkgs/24.05"; + + inputs.flake-utils.url = "github:numtide/flake-utils"; + + outputs = + { + self, + nixpkgs, + flake-utils, + }: + flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + in + { + devShells.default = pkgs.mkShell { + nativeBuildInputs = with pkgs.buildPackages; [ + ncurses + #graalvm-ce + + # https://github.com/NixOS/nixpkgs/issues/350909 + (graalvm-ce.overrideDerivation (oldAttrs: { + + postInstall = + let + darwinArgs = pkgs.lib.optionals stdenv.hostPlatform.isDarwin [ + "-ENIX_BINTOOLS" + "-ENIX_CC" + "-ENIX_CFLAGS_COMPILE" + "-ENIX_LDFLAGS" + "-ENIX_CC_WRAPPER_TARGET_HOST_${pkgs.stdenv.cc.suffixSalt}" + "-ENIX_BINTOOLS_WRAPPER_TARGET_HOST_${pkgs.stdenv.cc.suffixSalt}" + ]; + + darwinFlags = (map (f: "--add-flags '${f}'") darwinArgs); + in + + pkgs.lib.replaceStrings [ "/bin/native-image" ] [ + "/bin/native-image ${toString (darwinFlags)}" + ] oldAttrs.postInstall; + })) + + sbt + dotnet-sdk_6 + ]; + }; + } + ); +} diff --git a/idealingua-v1/idealingua-v1-runtime-rpc-csharp/src/main/nuget/publish.sh b/idealingua-v1/idealingua-v1-runtime-rpc-csharp/src/main/nuget/publish.sh index 10fc0bea..33a79611 100755 --- a/idealingua-v1/idealingua-v1-runtime-rpc-csharp/src/main/nuget/publish.sh +++ b/idealingua-v1/idealingua-v1-runtime-rpc-csharp/src/main/nuget/publish.sh @@ -14,11 +14,11 @@ cat $NUSPEC nuget pack $NUSPEC rm $NUSPEC -#nuget setapikey $NUGET_TOKEN +#nuget setapikey $TOKEN_NUGET for TRG in $(find . -name '*.nupkg' -type f -print) do - dotnet nuget push $TRG -k $NUGET_TOKEN --source https://api.nuget.org/v3/index.json || exit 1 + dotnet nuget push $TRG -k $TOKEN_NUGET --source https://api.nuget.org/v3/index.json || exit 1 done popd