difftreelog
ci post results as a comment
in: master
2 files changed
flake.nixdiffbeforeafterboth1{2 description = "Jrsonnet";3 inputs = {4 nixpkgs.url = "github:nixos/nixpkgs/release-25.11";5 fenix = {6 url = "github:CertainLach/fenix/fix/libatomic";7 inputs.nixpkgs.follows = "nixpkgs";8 };9 flake-parts = {10 url = "github:hercules-ci/flake-parts";11 inputs.nixpkgs-lib.follows = "nixpkgs";12 };13 hercules-ci-effects = {14 url = "github:hercules-ci/hercules-ci-effects";15 inputs.flake-parts.follows = "flake-parts";16 inputs.nixpkgs.follows = "nixpkgs";17 };18 treefmt-nix = {19 url = "github:numtide/treefmt-nix";20 inputs.nixpkgs.follows = "nixpkgs";21 };22 crane.url = "github:ipetkov/crane";23 shelly.url = "github:CertainLach/shelly";2425 cpp-jsonnet-for-tests = {26 url = "github:google/jsonnet";27 flake = false;28 };29 go-jsonnet-for-tests = {30 url = "github:google/go-jsonnet";31 flake = false;32 };33 };34 outputs =35 inputs:36 let37 inherit (inputs.nixpkgs.lib)38 mkIf39 mkForce40 optionals41 optionalAttrs42 concatMapStringsSep43 ;44 rel = system: inputs.self.legacyPackages.${system}.release;45 releaseSections = [46 {47 name = "Linux (glibc)";48 artifacts = [49 {50 label = "jrsonnet-x86_64-linux-glibc";51 drv = (rel "x86_64-linux").jrsonnet-linux-glibc;52 }53 {54 label = "jrsonnet-experimental-x86_64-linux-glibc";55 drv = (rel "x86_64-linux").jrsonnet-experimental-linux-glibc;56 }57 {58 label = "jrsonnet-aarch64-linux-glibc";59 drv = (rel "aarch64-linux").jrsonnet-linux-glibc;60 }61 {62 label = "jrsonnet-experimental-aarch64-linux-glibc";63 drv = (rel "aarch64-linux").jrsonnet-experimental-linux-glibc;64 }65 {66 label = "jrsonnet-i686-linux-glibc";67 drv = (rel "i686-linux").jrsonnet-linux-glibc;68 }69 {70 label = "jrsonnet-experimental-i686-linux-glibc";71 drv = (rel "i686-linux").jrsonnet-experimental-linux-glibc;72 }73 {74 label = "jrsonnet-armv7l-linux-glibc";75 drv = (rel "armv7l-linux").jrsonnet-linux-glibc;76 }77 {78 label = "jrsonnet-experimental-armv7l-linux-glibc";79 drv = (rel "armv7l-linux").jrsonnet-experimental-linux-glibc;80 }81 ];82 }83 {84 name = "Linux (musl)";85 artifacts = [86 {87 label = "jrsonnet-x86_64-linux-musl";88 drv = (rel "x86_64-linux").jrsonnet-linux-musl;89 }90 {91 label = "jrsonnet-experimental-x86_64-linux-musl";92 drv = (rel "x86_64-linux").jrsonnet-experimental-linux-musl;93 }94 {95 label = "jrsonnet-aarch64-linux-musl";96 drv = (rel "aarch64-linux").jrsonnet-linux-musl;97 }98 {99 label = "jrsonnet-experimental-aarch64-linux-musl";100 drv = (rel "aarch64-linux").jrsonnet-experimental-linux-musl;101 }102 ];103 }104 {105 name = "macOS";106 artifacts = [107 {108 label = "jrsonnet-aarch64-darwin";109 drv = (rel "aarch64-linux").jrsonnet-darwin;110 }111 {112 label = "jrsonnet-experimental-aarch64-darwin";113 drv = (rel "aarch64-linux").jrsonnet-experimental-darwin;114 }115 ];116 }117 {118 name = "Windows";119 artifacts = [120 {121 label = "jrsonnet-x86_64-windows";122 drv = (rel "x86_64-linux").jrsonnet-windows;123 windows = true;124 }125 {126 label = "jrsonnet-experimental-x86_64-windows";127 drv = (rel "x86_64-linux").jrsonnet-experimental-windows;128 windows = true;129 }130 ];131 }132 ];133 releaseArtifacts = builtins.concatMap (s: s.artifacts) releaseSections;134 in135 inputs.flake-parts.lib.mkFlake { inherit inputs; } {136 imports = [137 inputs.shelly.flakeModule138 inputs.hercules-ci-effects.flakeModule139 ./nix/post-comment.nix140 ];141 systems = [142 "x86_64-linux"143 "i686-linux"144 "aarch64-linux"145 "armv7l-linux"146 "aarch64-darwin"147 ];148 perSystem =149 {150 config,151 self',152 system,153 ...154 }:155 let156 pkgs = import inputs.nixpkgs {157 inherit system;158 overlays = [ inputs.fenix.overlays.default ];159 config.allowUnsupportedSystem = true;160 config.allowUnfreePredicate = pkg: pkg.name == "Xcode.app";161 };162 targetArch = pkgs.stdenv.hostPlatform.parsed.cpu.name;163 rustfmt = (pkgs.fenix.complete or pkgs.fenix.stable).rustfmt;164 toolchain = pkgs.fenix.combine [165 (pkgs.fenix.stable.withComponents [166 "cargo"167 "clippy"168 "rustc"169 "rustfmt"170 ])171 pkgs.fenix.targets.wasm32-unknown-unknown.stable.rust-std172 ];173 devToolchain = pkgs.fenix.combine [174 ((pkgs.fenix.complete or pkgs.fenix.stable).withComponents [175 "cargo"176 "clippy"177 "rustc"178 "rust-src"179 "rustfmt"180 "rust-analyzer"181 ])182 pkgs.fenix.targets.wasm32-unknown-unknown.latest.rust-std183 ];184 craneLib = (inputs.crane.mkLib pkgs).overrideToolchain toolchain;185 craneLibDev = (inputs.crane.mkLib pkgs).overrideToolchain devToolchain;186 treefmt =187 (inputs.treefmt-nix.lib.evalModule pkgs (import ./treefmt.nix { inherit rustfmt; })).config.build;188189 # Cross-compilation toolchains190 crossToolchain = pkgs.fenix.combine [191 (pkgs.fenix.stable.withComponents [192 "cargo"193 "rustc"194 ])195 pkgs.fenix.targets."${targetArch}-unknown-linux-musl".stable.rust-std196 pkgs.fenix.targets."${targetArch}-apple-darwin".stable.rust-std197 ];198 craneLibCross = (inputs.crane.mkLib pkgs).overrideToolchain crossToolchain;199200 # Windows cross-compilation201 pkgsWindows = import inputs.nixpkgs {202 overlays = [ inputs.fenix.overlays.default ];203 localSystem = system;204 crossSystem = {205 config = "${targetArch}-w64-mingw32";206 libc = "msvcrt";207 };208 };209 windowsToolchain = pkgs.fenix.combine [210 (pkgs.fenix.stable.withComponents [211 "cargo"212 "rustc"213 ])214 pkgs.fenix.targets."${targetArch}-pc-windows-gnu".stable.rust-std215 ];216 craneLibWindows = (inputs.crane.mkLib pkgsWindows).overrideToolchain (_: windowsToolchain);217218 in219 {220 legacyPackages = {221 release = optionalAttrs pkgs.stdenv.hostPlatform.isLinux (222 {223 jrsonnet-linux-glibc = self'.packages.jrsonnet;224 jrsonnet-experimental-linux-glibc = self'.packages.jrsonnet-experimental;225 }226 // optionalAttrs pkgs.stdenv.hostPlatform.is64bit rec {227 jrsonnet-linux-musl = pkgs.callPackage ./nix/jrsonnet-cross-musl.nix {228 craneLib = craneLibCross;229 targetTriple = "${targetArch}-unknown-linux-musl";230 muslCC = pkgs.pkgsMusl.stdenv.cc;231 };232 jrsonnet-experimental-linux-musl = jrsonnet-linux-musl.override {233 withExperimentalFeatures = true;234 };235 }236 // optionalAttrs (targetArch == "aarch64") rec {237 jrsonnet-darwin = pkgs.callPackage ./nix/jrsonnet-cross-darwin.nix {238 craneLib = craneLibCross;239 targetTriple = "${targetArch}-apple-darwin";240 };241 jrsonnet-experimental-darwin = jrsonnet-darwin.override {242 withExperimentalFeatures = true;243 };244 }245 // optionalAttrs (targetArch == "x86_64") rec {246 jrsonnet-windows = pkgsWindows.callPackage ./nix/jrsonnet-cross-windows.nix {247 craneLib = craneLibWindows;248 targetTriple = "${targetArch}-pc-windows-gnu";249 };250 jrsonnet-experimental-windows = jrsonnet-windows.override {251 withExperimentalFeatures = true;252 };253 }254 );255 benchmarks = optionalAttrs (system == "x86_64-linux" || system == "aarch64-linux") {256 default = pkgs.callPackage ./nix/benchmarks.nix {257 inherit (config.legacyPackages.jsonnetImpls)258 go-jsonnet259 sjsonnet260 cpp-jsonnet261 rsjsonnet262 ;263 jrsonnetVariants = [264 {265 drv = self'.packages.jrsonnet.override { forBenchmarks = true; };266 name = "";267 }268 ];269 };270 quick = pkgs.callPackage ./nix/benchmarks.nix {271 inherit (config.legacyPackages.jsonnetImpls)272 go-jsonnet273 sjsonnet274 cpp-jsonnet275 rsjsonnet276 ;277 quick = true;278 jrsonnetVariants = [279 {280 drv = self'.packages.jrsonnet.override { forBenchmarks = true; };281 name = "";282 }283 ];284 };285 against-release = pkgs.callPackage ./nix/benchmarks.nix {286 inherit (config.legacyPackages.jsonnetImpls)287 go-jsonnet288 sjsonnet289 cpp-jsonnet290 rsjsonnet291 ;292 jrsonnetVariants = [293 {294 drv = self'.packages.jrsonnet.override { forBenchmarks = true; };295 name = "current";296 }297 {298 drv = self'.packages.jrsonnet-experimental.override { forBenchmarks = true; };299 name = "current-experimental";300 }301 {302 drv = self'.legacyPackages.jsonnetImpls.jrsonnet-release.override { forBenchmarks = true; };303 name = "release";304 }305 ];306 };307 quick-against-release = pkgs.callPackage ./nix/benchmarks.nix {308 inherit (config.legacyPackages.jsonnetImpls)309 go-jsonnet310 sjsonnet311 cpp-jsonnet312 rsjsonnet313 ;314 quick = true;315 jrsonnetVariants = [316 {317 drv = self'.packages.jrsonnet.override { forBenchmarks = true; };318 name = "current";319 }320 {321 drv = self'.packages.jrsonnet-experimental.override { forBenchmarks = true; };322 name = "current-experimental";323 }324 {325 drv = self'.legacyPackages.jsonnetImpls.jrsonnet-release.override { forBenchmarks = true; };326 name = "release";327 }328 ];329 };330 };331 jsonnetImpls = {332 go-jsonnet = pkgs.callPackage ./nix/go-jsonnet.nix { };333 sjsonnet = pkgs.callPackage ./nix/sjsonnet.nix { };334 cpp-jsonnet = pkgs.callPackage ./nix/cpp-jsonnet.nix { };335 # I didn't managed to build it, and nixpkgs version is marked as broken336 # haskell-jsonnet = pkgs.callPackage ./nix/haskell-jsonnet.nix { };337 rsjsonnet = pkgs.callPackage ./nix/rsjsonnet.nix { };338 # Older released version of jrsonnet itself, for benchmarking purposes339 jrsonnet-release = pkgs.callPackage ./nix/jrsonnet-release.nix {340 rustPlatform = pkgs.makeRustPlatform {341 rustc = toolchain;342 cargo = toolchain;343 };344 };345 };346 };347 packages =348 let349 jrsonnet = pkgs.callPackage ./nix/jrsonnet.nix {350 inherit craneLib;351 inherit (inputs) cpp-jsonnet-for-tests go-jsonnet-for-tests;352 };353 jrsonnet-experimental = pkgs.callPackage ./nix/jrsonnet.nix {354 inherit craneLib;355 inherit (inputs) cpp-jsonnet-for-tests go-jsonnet-for-tests;356 withExperimentalFeatures = true;357 };358 in359 {360 default = jrsonnet;361 inherit jrsonnet jrsonnet-experimental;362 };363 checks = optionalAttrs (system != "armv7l-linux") {364 formatting = treefmt.check inputs.self;365 };366 formatter = mkIf (system != "armv7l-linux") treefmt.wrapper;367 shelly.shells.default = {368 factory = craneLibDev.devShell;369 packages =370 with pkgs;371 [372 cargo-edit373 cargo-outdated374 cargo-watch375 cargo-insta376 cargo-hack377 cargo-show-asm378 lld379 hyperfine380 graphviz381 ]382 ++ optionals (!stdenv.isDarwin) [383 valgrind384 kdePackages.kcachegrind385 samply386 ];387 environment = {388 CPP_JSONNET_FOR_TESTS = inputs.cpp-jsonnet-for-tests;389 GO_JSONNET_FOR_TESTS = inputs.go-jsonnet-for-tests;390 };391 };392 shelly.shells.impls = {393 packages =394 (with self'.legacyPackages.jsonnetImpls; [395 cpp-jsonnet396 go-jsonnet397 rsjsonnet398 sjsonnet399 ])400 ++ (with self'.packages; [401 jrsonnet402 ]);403 };404 };405 hercules-ci.github-releases.files = map (a: {406 label = a.label + (if a.windows or false then ".exe" else "");407 path = "${a.drv}/bin/jrsonnet${ifa.windowsorfalsethen".exe"else""}";408 }) releaseArtifacts;409 hercules-ci.cargo-publish = {410 enable = true;411 secretName = "crates-io";412 extraPublishArgs = [ "--workspace" ];413 assertVersions = true;414 };415 hercules-ci.flake-update = {416 enable = true;417 baseMerge.enable = true;418 baseMerge.method = "fast-forward";419 when = {420 dayOfWeek = [ "Sat" ];421 };422 };423 hercules-ci.post-comment = {424 enable = true;425 caches = [ "jrsonnet.cachix.org" ];426 script =427 let428 benchmarks = inputs.self.legacyPackages.x86_64-linux.benchmarks.default;429 renderSection = s: ''430 echo431 echo "### ${s.name}"432 echo433 ${concatMapStringsSep"\n"(a''echo "- [${a.label}]($(nixTar ${a.drv}))"'')s.artifacts}434 '';435 in436 ''437 {438 echo "## Benchmark results"439 echo440 echo "[View rendered]($(nixRender ${benchmarks}))"441 echo442 echo "## Downloads"443 ${concatMapStringsSep"\n"renderSectionreleaseSections}444 } > $out445 '';446 };447 herculesCI =448 { lib, config, ... }:449 {450 ciSystems = [451 "x86_64-linux"452 "i686-linux"453 "aarch64-linux"454 "armv7l-linux"455 # TODO: add workers for these platforms456 # "aarch64-darwin"457 ];458 onPush.default.outputs = {459 benchmarks.x86_64-linux = inputs.self.legacyPackages.x86_64-linux.benchmarks.default;460461 # Cross: musl/mingw/darwin-zigbuild462 release.x86_64-linux = inputs.self.legacyPackages.x86_64-linux.release;463 release.aarch64-linux = inputs.self.legacyPackages.aarch64-linux.release;464 release.armv7l-linux = inputs.self.legacyPackages.armv7l-linux.release;465 release.i686-linux = inputs.self.legacyPackages.i686-linux.release;466467 # Too much to build for CI purposes468 devShells = mkForce { };469 formatter = mkForce { };470471 # No need to run them on different arch, pretty large derivations and might try to compile GHC472 checks.i686-linux.formatting = mkForce { };473 checks.aarch64-linux.formatting = mkForce { };474 };475 };476 };477}nix/post-comment.nixdiffbeforeafterboth--- /dev/null
+++ b/nix/post-comment.nix
@@ -0,0 +1,150 @@
+{
+ config,
+ lib,
+ withSystem,
+ ...
+}:
+let
+ inherit (lib)
+ mkOption
+ mkIf
+ types
+ concatStringsSep
+ ;
+ cfg = config.hercules-ci.post-comment;
+in
+{
+ options.hercules-ci.post-comment = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Whether to post a GitHub commit comment for every commit Hercules CI runs on.
+ '';
+ };
+ script = mkOption {
+ type = types.lines;
+ description = ''
+ Bash snippet that writes the comment body to `$out`. Runs as part of the effect
+ (after secrets are loaded), so the helpers below are in scope:
+
+ - `nixTar <store-path>` — prints a signed deltarocks URL that streams the path
+ as a tar.zst, realised through the configured caches.
+ - `nixRender <store-path>` — prints a signed deltarocks URL that renders the
+ path's AsciiDoc content as HTML.
+ '';
+ example = lib.literalExpression ''
+ '''
+ {
+ echo "Render: $(nixRender ''${benchmarks})"
+ echo "Tar: $(nixTar ''${binary})"
+ } > $out
+ '''
+ '';
+ };
+ system = mkOption {
+ type = types.str;
+ default = "x86_64-linux";
+ description = ''
+ System on which the effect runs.
+ '';
+ };
+ baseUrl = mkOption {
+ type = types.str;
+ default = "https://delta.rocks";
+ description = ''
+ Base URL of the deltarocks signing service.
+ '';
+ };
+ caches = mkOption {
+ type = types.listOf types.str;
+ default = [ ];
+ example = [ "jrsonnet.cachix.org" ];
+ description = ''
+ Cache hosts the signing service should use as substituters when realising the
+ signed store path.
+ '';
+ };
+ signSecret = mkOption {
+ type = types.str;
+ default = "deltarocks-nix-sign";
+ description = ''
+ Name of the Hercules CI agent secret that holds the deltarocks signing key.
+ Its `data` must have a field named `ogSecret`.
+ '';
+ };
+ };
+
+ config = mkIf cfg.enable {
+ herculesCI =
+ { config, ... }:
+ {
+ onPush.default.outputs.effects.post-comment = withSystem cfg.system (
+ { pkgs, hci-effects, ... }:
+ hci-effects.mkEffect {
+ name = "post-comment";
+ inputs = [ pkgs.openssl ];
+ secretsMap = {
+ token = {
+ type = "GitToken";
+ };
+ ogSecret = cfg.signSecret;
+ };
+ owner = config.repo.owner;
+ repoName = config.repo.name;
+ rev = config.repo.rev;
+ baseUrl = cfg.baseUrl;
+ caches = concatStringsSep " " cfg.caches;
+ effectScript = ''
+ set -euo pipefail
+
+ token=$(readSecretString token .token)
+ ogSecret=$(readSecretString ogSecret .ogSecret)
+ read -ra cacheArr <<<"$caches"
+ if [[ ''${#cacheArr[@]} -eq 0 ]]; then
+ echo "hercules-ci.post-comment: at least one cache host is required" >&2
+ exit 1
+ fi
+ sortedCaches=$(printf '%s\n' "''${cacheArr[@]}" | LC_ALL=C sort | paste -sd,)
+
+ _hmacHex() {
+ printf '%s' "$1" \
+ | openssl dgst -sha256 -hmac "$ogSecret" -hex \
+ | sed 's/^.*= //'
+ }
+
+ _uri() {
+ jq -nj --arg s "$1" '$s|@uri'
+ }
+
+ _signedUrl() {
+ local endpoint=$1 drv=$2
+ local sig
+ sig=$(_hmacHex "''${endpoint}:''${sortedCaches}:''${drv}")
+ local query=""
+ for c in "''${cacheArr[@]}"; do
+ query+="cache=$(_uri "$c")&"
+ done
+ query+="drv=$(_uri "$drv")&sig=''${sig}"
+ printf '%s/%s?%s' "$baseUrl" "$endpoint" "$query"
+ }
+
+ nixTar() { _signedUrl nixTar "$1"; }
+ nixRender() { _signedUrl nixRender "$1"; }
+
+ out=$(mktemp)
+ ${cfg.script}
+
+ jq -n --rawfile content "$out" '{body: $content}' \
+ | curl -fsSL -X POST \
+ -H "Authorization: Bearer $token" \
+ -H "Accept: application/vnd.github+json" \
+ -H "X-GitHub-Api-Version: 2022-11-28" \
+ --data-binary @- \
+ "https://api.github.com/repos/$owner/$repoName/commits/$rev/comments"
+ '';
+ }
+ );
+ };
+ };
+}