diff --git a/.envrc b/.envrc index 3499d942..3550a30f 100644 --- a/.envrc +++ b/.envrc @@ -1 +1 @@ -use flake -Lv --fallback +use flake diff --git a/.github/workflows/nix-check.yml b/.github/workflows/nix-check.yml new file mode 100644 index 00000000..0c39cab4 --- /dev/null +++ b/.github/workflows/nix-check.yml @@ -0,0 +1,19 @@ +name: "libsodium hs nix check" +on: + pull_request: + push: + branches: ["main"] +jobs: + tests: + runs-on: ubuntu-latest + continue-on-error: true + steps: + - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v25 + with: + github_access_token: ${{ secrets.GITHUB_TOKEN }} + - uses: cachix/cachix-action@v14 + with: + name: libsodium-hs + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + - run: nix flake check -Lv --allow-import-from-derivation --fallback diff --git a/flake.lock b/flake.lock new file mode 100644 index 00000000..68a40de7 --- /dev/null +++ b/flake.lock @@ -0,0 +1,179 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1713010524, + "narHash": "sha256-ZhZIQcTtN1gn3XQTCj2Upap0wEtjTVSVC9whphx3xYg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "70850f72a07194b8071b6f839846f4d636d0b43f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": [ + "flake-utils" + ], + "gitignore": "gitignore_2", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1712897695, + "narHash": "sha256-nMirxrGteNAl9sWiOhoN5tIHyjBbVi5e2tgZUgZlK3Y=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "40e6053ecb65fcbf12863338a6dcefb3f55f1bf8", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "gitignore": "gitignore", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 00000000..5a8ce909 --- /dev/null +++ b/flake.nix @@ -0,0 +1,124 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11-small"; + flake-utils.url = "github:numtide/flake-utils"; + flake-compat = { + url = "github:edolstra/flake-compat"; + flake = false; + }; + pre-commit-hooks = { + url = "github:cachix/pre-commit-hooks.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; + gitignore = { + url = "github:hercules-ci/gitignore.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + nixConfig = { + extra-substituters = [ + "https://libsodium-hs.cachix.org" + ]; + extra-trusted-public-keys = [ + "libsodium-hs.cachix.org-1:u/v4XdWrbl+G/fDUoEwB1yvMdlxdKM4al2odCNsrqkg=" + ]; + allow-import-from-derivation = true; + }; + + outputs = inputs@{ nixpkgs, ... }: + let + # this is to allow running `nix flake check` by using `--impure` + systems = + if builtins.hasAttr "currentSystem" builtins + then [ builtins.currentSystem ] + else nixpkgs.lib.systems.flakeExposed; + in + inputs.flake-utils.lib.eachSystem systems (system: + let + inherit (inputs.gitignore.lib) gitignoreSource; + + pkgs = import nixpkgs { + inherit system; + config.allowBroken = true; + }; + + pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { + src = ./.; + hooks = { + # nix checks + nixpkgs-fmt.enable = true; + deadnix.enable = true; + statix.enable = true; + + # Haskell checks + fourmolu.enable = true; + cabal-fmt.enable = true; + hlint.enable = true; + }; + }; + + hsPkgs = pkgs.haskellPackages.override (_old: { + overrides = with pkgs.haskell.lib.compose; hself: hsuper: + let + commonOverrides = overrideCabal (_drv: { + doInstallIntermediates = true; + enableSeparateIntermediatesOutput = true; + pkg-configDepends = [ + pkgs.libsodium + ]; + }); + in + { + libsodium-bindings = commonOverrides (hself.callCabal2nix "libsodium-bindings" (gitignoreSource ./libsodium-bindings) { }); + sel = + commonOverrides (hself.callCabal2nix "sel" (gitignoreSource ./sel) { + base16 = hsuper.base16_1_0; + hedgehog = hsuper.hedgehog_1_4; + tasty = hsuper.tasty_1_5; + }); + # text-display = markUnbroken hsuper.text-display; + }; + }); + + hsShell = hsPkgs.shellFor { + shellHook = '' + ${pre-commit-check.shellHook} + set -x + export LD_LIBRARY_PATH="${pkgs.libsodium}/lib" + set +x + ''; + + packages = ps: with ps; [ + libsodium-bindings + sel + ]; + + buildInputs = with hsPkgs; [ + pkgs.pkg-config + pkgs.libsodium.dev + cabal-install + haskell-language-server + hlint + cabal-fmt + fourmolu + ]; + }; + + in + { + checks = { + inherit (hsPkgs) libsodium-bindings sel; + shell = hsShell; + formatting = pre-commit-check; + }; + + packages = { + inherit (hsPkgs) libsodium-bindings sel; + }; + + devShells.default = hsShell; + } + ); +}