Merge pull request #2 from dpc/dpc/dev

feat(ci): basic CI
rustshop · Sep 18, 2023 · 5f51143 · 5f51143
2 parents b3e3595 + 787942c
commit 5f51143
Show file tree

Hide file tree

Showing 3 changed files with 114 additions and 16 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,82 @@
+name: "CI"
+
+on:
+  push:
+    branches: [ "master" ]
+    tags:
+      - 'v*'
+  pull_request:
+    branches: [ "master" ]
+  merge_group:
+    branches: [ "master" ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  lint:
+    name: "Lint"
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v23
+        with:
+          nix_path: nixpkgs=channel:nixos-23.05
+      - uses: cachix/cachix-action@v12
+        with:
+          name: htmx-sorta
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+        continue-on-error: true
+
+      # caching ~/.cargo to avoid downloading all (especially git) deps in pre-commit's `cargo update --lock` check
+      - name: Cache ~/.cargo
+        uses: actions/cache@v3
+        with:
+          path: ~/.cargo
+          key: ${{ runner.os }}-${{ hashFiles('Cargo.lock') }}
+
+      # run the same check that git `pre-commit` hook would
+      - name: Commit check
+        run: nix develop --ignore-environment .#lint --command ./misc/git-hooks/pre-commit
+
+  dev-shell:
+    name: "Dev Shell"
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: cachix/install-nix-action@v23
+        with:
+          nix_path: nixpkgs=channel:nixos-22.05
+      - uses: cachix/cachix-action@v12
+        with:
+          name: htmx-sorta
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+        continue-on-error: true
+
+      - name: Build
+        run: nix build -L .#devShells.x86_64-linux.default
+
+  build:
+    name: "Build"
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: cachix/install-nix-action@v23
+        with:
+          nix_path: nixpkgs=channel:nixos-22.05
+      - uses: cachix/cachix-action@v12
+        with:
+          name: htmx-sorta
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+        continue-on-error: true
+
+      - name: Build
+        run: nix build -L .#
diff --git a/flake.nix b/flake.nix
@@ -23,6 +23,10 @@
         lib = pkgs.lib;
         extLib = import ./nix/lib.nix { inherit lib; };
 
+        # `moreutils/bin/parallel` and `parallel/bin/parallel` conflict, so just use
+        # the binary we need from `moreutils`
+        moreutils-ts = pkgs.writeShellScriptBin "ts" "exec ${pkgs.moreutils}/bin/ts \"$@\"";
+
         fenixChannel = fenix.packages.${system}.stable;
         fenixChannelNightly = fenix.packages.${system}.latest;
 
@@ -34,6 +38,11 @@
           "rust-src"
         ]);
 
+        fenixToolchainNightly = (fenixChannelNightly.withComponents [
+          "rustfmt"
+          "cargo"
+        ]);
+
         fenixToolchainRustfmt = (fenixChannelNightly.withComponents [
           "rustfmt"
         ]);
@@ -108,6 +117,21 @@
               >&2 echo "💡 Run 'just' for a list of available 'just ...' helper recipes"
             '';
           };
+
+          lint = pkgs.mkShell {
+            nativeBuildInputs = with pkgs; [
+              fenixToolchainNightly
+              nixpkgs-fmt
+              shellcheck
+              git
+              parallel
+              typos
+              moreutils-ts
+              nix
+            ] ++ lib.optionals (!pkgs.stdenv.isDarwin) [
+              semgrep
+            ];
+          };
         };
       }
     );

diff --git a/misc/git-hooks/pre-commit b/misc/git-hooks/pre-commit
@@ -76,31 +76,24 @@ function check_dbg() {
 }
 export -f check_dbg
 
-function check_semgrep_log() {
+function check_semgrep() {
   set -eo pipefail
 
   if ! command -v semgrep > /dev/null ; then
-    >&2 echo "Skipping semgrep check"
+    >&2 echo "Skipping semgrep check (no binary)"
     return 0
   fi
 
-  env SEMGREP_ENABLE_VERSION_CHECK=0 \
-    semgrep -q --error --config .semgrep.log.yaml fedimint-server/ fedimint-core/
-}
-export -f check_semgrep_log
-
-function check_semgrep_all() {
-  set -eo pipefail
-
-  if ! command -v semgrep > /dev/null ; then
-    >&2 echo "Skipping semgrep check"
+  if [ ! -f .semgrep.yaml ]; then 
+    >&2 echo "Skipping semgrep check (no .semgrep.yaml)"
     return 0
   fi
 
+
   env SEMGREP_ENABLE_VERSION_CHECK=0 \
-    semgrep -q --error --config .semgrep.all.yaml
+    semgrep -q --error --config .semgrep.yaml
 }
-export -f check_semgrep_all
+export -f check_semgrep
 
 function check_shellcheck() {
   set -eo pipefail
@@ -170,8 +163,7 @@ function check_typos() {
 export -f check_typos
 
 parallel ::: \
-  check_semgrep_all \
-  check_semgrep_log \
+  check_semgrep \
   check_nix \
   check_cargo_fmt \
   check_dbg \