-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: behold the power of Nix #1412
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks awesome! ❤️ 💚 💙 💛 💜 Thanks for taking the time to implement this.
I need more time to wrap my head around the nix script (language?!). I have already commented on a couple of things.
I have some doubts about this approach. However, I'm open to accepting this for locally reproducible CI actions. On the one hand, I'm open to learning a new language instead of googling to do x in make every time, but on the other hand, shell scripts and makefiles are simple and familiar to everybody. A shim Makefile might be more welcoming initially.
On thing I'm sure of is we shouldn't vendor
the go dependencies to the repo. Unless we need to modify the vendored packages, we shouldn't vendor. Or we shouldn't check them in the version control system. Go modules already give us reproducible builds as the go. mod file records the exact versions and commits hashes of your dependencies, which the go tool will respect and follow. vendoring
bloats the repo and it makes changesets unreadable (as we can see in this PR). If this is technically needed, let's just not check them into the version control system.
@@ -1,48 +0,0 @@ | |||
# hadolint ignore=DL3029 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file is used by Tilt for local development.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the note, I will remember to look into the integration with Tilt
@@ -1,112 +0,0 @@ | |||
# NOTICE: This file is written with the assumption that it will be used in parca-dev/cross-builder. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have yet to see the end of the PR, but I wanted to note that goreleaser also handles creating the GH release and uploading the archives; I'd like to keep that automation in place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, if we move forward with Nix, this will be covered by something else, there are still some TODOs, but it is not hard to replace.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome 🎉 It was just a reminder 😊
Using Makefile like a Nix command cheat sheet? Yes, I had it in mind, definitely a good idea
I do not like vendoring either, but it is required by
https://nixos.org/manual/nixpkgs/stable/#ssec-language-go There are discussions in An alternative that can also be investigated is the gomod2nix community module. But it requires to maintain a |
❤️
Thanks a lot for all the references. I'm gonna check them. |
0f8afd8
to
ccf5ac8
Compare
This should be able to be significantly simplified with the recent re-base onto the Otel profiler I would imagine... |
@maxbrunet The update process isn't that bad, you can use nix-update for instance to do this in a single command (you will also need to update your vendor dir with a command, so it shouldn't differ in the amount of manual work needed, but it'll save you 1.7M lines of code). We run this script via task runner/our CI to keep the vendorHash up to date: https://github.com/edgelesssys/contrast/blob/55e6fb096a9fb3f028c93c07f21baa46473c23eb/packages/scripts.nix#L19-L50 |
Pardon the title, I couldn't help myself 😅
This PR is opened to gather opinions and is not fully ready for a release, it could be finished in this branch or with follow-up PRs (allowing others to chip in and get familiar with it). Not all required decisions have been made, none are final.
We might want to have a call to go over the changes and maybe give an intro to Nix.
I learned a whole lot about Nix by putting this PR together, and I still feel like I am only scratching the surface.
Motivation
Provide a build system and development environment where C dependencies and compilers are easy to use, without having to think about them.
Changes
vendorSha256
hash needs to be maintained (hard to automate) (Renovate supportsgo mod vendor
)nixos-unstable
branch of nixpkgs for latest packages (rolling release)nix flake
to pinnixpkgs
revision (experimental Nix code packages)nix-shell
bynix develop
(part of experimental commands working with Nix flakes)CONTRIBUTING.md
Context
Closes #1304
Closes #568
With further work, could solve #709
Pros and Cons
Cons
VERSION
file and release notes (e.g. googleapis/release-please)go build
. To iterate faster during development, the later can be used in a Nix shell.Pros
Documentation
Further work
nix develop
in GH workflows