Build and Install Devbox via Nix Flake (#2308)

## Summary This adds a flake.nix to our repo for building and distributing Devbox. This will make it easier for developers who install Devbox with Nix to use pre-releases, and keep Devbox up-to-date on their system. This changes our workflow in a few small ways: 1. Whenever `go.mod` changes, we'll need to run `devbox run update-hash` to update the vendorHash for the flake. You can also run this script when you run `go mod tidy` 2. Releasing a new version will also require us to update the version number in the flake.nix. This should be done with a commit ("Bump version to x.y") that also gets tagged with the release number. 3. For debugging purposes, the flake will add the shortened commit hash to the version string. This also helps identify if a user built the binary from a flake. 4. I've added a test to `cli-tests` that will build the flake. I've confirmed that it will fail if the vendorHash is out of date or incorrect 5. We'll periodically need to run `nix flake update` to update the flake.lock file. ## How was it tested? 1. Ran `nix build .` in the Devbox repo, confirmed that the resulting build worked 2. Tested the Github Action by pushing an invalid vendorHash --------- Signed-off-by: John Lago <750845+Lagoja@users.noreply.github.com> Co-authored-by: Greg Curtis <greg.curtis@jetpack.io>
jetify-com · Sep 27, 2024 · 37c36a1 · 37c36a1
1 parent 2544163
commit 37c36a1
Show file tree

Hide file tree

Showing 7 changed files with 175 additions and 24 deletions.
diff --git a/.github/workflows/cli-tests.yaml b/.github/workflows/cli-tests.yaml
@@ -76,6 +76,16 @@ jobs:
       - uses: actions/checkout@v4
       - uses: crate-ci/typos@v1.16.26
 
+  flake-test:
+    name: Test Flake Build
+    if: github.ref != 'refs/heads/main'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - run: nix build .
+      - run: ./result/bin/devbox version
+
   golangci-lint:
     strategy:
       matrix:

diff --git a/.gitignore b/.gitignore
@@ -38,3 +38,7 @@ __pycache__/
 # deployment
 .vercel
 .yarn
+
+# Nix
+vendor/
+result
diff --git a/devbox.json b/devbox.json
@@ -1,45 +1,55 @@
 {
-  "name":        "devbox",
+  "name": "devbox",
   "description": "Instant, easy, and predictable development environments",
   "packages": {
-    "go":                          "latest",
+    "go": "latest",
     "runx:golangci/golangci-lint": "latest",
-    "runx:mvdan/gofumpt":          "latest",
+    "runx:mvdan/gofumpt": "latest"
   },
   "env": {
     "GOENV": "off",
-    "PATH":  "$PATH:$PWD/dist",
+    "PATH": "$PATH:$PWD/dist"
   },
   "shell": {
     "init_hook": [
       // Remove Go environment variables that might've been inherited from the
       // user's environment and could affect the build.
       "test -z $FISH_VERSION && \\",
       "unset       CGO_ENABLED GO111MODULE GOARCH GOFLAGS GOMOD GOOS GOROOT GOTOOLCHAIN GOWORK || \\",
-      "set --erase CGO_ENABLED GO111MODULE GOARCH GOFLAGS GOMOD GOOS GOROOT GOTOOLCHAIN GOWORK",
+      "set --erase CGO_ENABLED GO111MODULE GOARCH GOFLAGS GOMOD GOOS GOROOT GOTOOLCHAIN GOWORK"
     ],
     "scripts": {
       // Build devbox for the current platform
-      "build":              "go build -o dist/devbox ./cmd/devbox",
+      "build": "go build -o dist/devbox ./cmd/devbox",
       "build-darwin-amd64": "GOOS=darwin GOARCH=amd64 go build -o dist/devbox-darwin-amd64 ./cmd/devbox",
       "build-darwin-arm64": "GOOS=darwin GOARCH=arm64 go build -o dist/devbox-darwin-arm64 ./cmd/devbox",
-      "build-linux-amd64":  "GOOS=linux GOARCH=amd64 go build -o dist/devbox-linux-amd64 ./cmd/devbox",
-      "build-linux-arm64":  "GOOS=linux GOARCH=arm64 go build -o dist/devbox-linux-arm64 ./cmd/devbox",
+      "build-linux-amd64": "GOOS=linux GOARCH=amd64 go build -o dist/devbox-linux-amd64 ./cmd/devbox",
+      "build-linux-arm64": "GOOS=linux GOARCH=arm64 go build -o dist/devbox-linux-arm64 ./cmd/devbox",
       "build-all": [
         "devbox run build-darwin-amd64",
         "devbox run build-darwin-arm64",
         "devbox run build-linux-amd64",
-        "devbox run build-linux-arm64",
+        "devbox run build-linux-arm64"
       ],
       // Open VSCode
-      "code":               "code .",
-      "lint":               "golangci-lint run --timeout 5m && scripts/gofumpt.sh",
-      "fmt":                "scripts/gofumpt.sh",
-      "test":               "go test -race -cover ./...",
+      "code": "code .",
+      "lint": "golangci-lint run --timeout 5m && scripts/gofumpt.sh",
+      "fmt": "scripts/gofumpt.sh",
+      "test": "go test -race -cover ./...",
       "test-projects-only": "DEVBOX_RUN_PROJECT_TESTS=1 go test -v -timeout ${DEVBOX_GOLANG_TEST_TIMEOUT:-30m} ./... -run \"TestExamples|TestScriptsWithProjects\"",
-      "update-examples":    "devbox run build && go run testscripts/testrunner/updater/main.go",
-      "tidy":               "go mod tidy",
-
+      "update-examples": "devbox run build && go run testscripts/testrunner/updater/main.go",
+      // Updates the Flake's vendorHash: First run `go mod vendor` to vendor
+      // the dependencies, then hash the vendor directory with Nix.
+      // The hash is saved to the `vendor-hash` file, which is then
+      // read into the Nix Flake.
+      "update-hash": [
+        // realpath to work-around nix hash not liking symlinks
+        "vendor=$(realpath $(mktemp -d))",
+        "trap \"rm -rf $vendor\" EXIT",
+        "go mod vendor -o $vendor",
+        "nix hash path $vendor >vendor-hash",
+      ],
+      "tidy": ["go mod tidy", "devbox run update-hash"],
       // docker-testscripts runs the testscripts with Docker to exercise
       // Linux-specific tests. It invokes the test binary directly, so any extra
       // test runner flags must have their "-test." prefix.
@@ -58,8 +68,8 @@
         "GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go test -c -o testscripts-linux-amd64",
         "GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go test -c -o testscripts-linux-arm64",
         "image=$(docker build --quiet --tag devbox-testscripts-ubuntu:noble --platform linux/amd64 .)",
-        "docker run --rm --mount type=volume,src=devbox-testscripts-amd64,dst=/nix --platform linux/amd64 -e DEVBOX_RUN_FAILING_TESTS -e DEVBOX_RUN_PROJECT_TESTS -e DEVBOX_DEBUG $image \"$@\"",
-      ],
-    },
-  },
+        "docker run --rm --mount type=volume,src=devbox-testscripts-amd64,dst=/nix --platform linux/amd64 -e DEVBOX_RUN_FAILING_TESTS -e DEVBOX_RUN_PROJECT_TESTS -e DEVBOX_DEBUG $image \"$@\""
+      ]
+    }
+  }
 }
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,69 @@
+{
+  description = "Instant, easy, predictable shells and containers";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+
+        lastTag = "0.13.2";
+
+        # Add the commit to the version string, in case someone builds from main
+        getVersion = pkgs.lib.trivial.pipe self [
+          (x: "${lastTag}")
+          (x: if (self ? revCount)
+              then "${x}-${self.shortRev}"
+              else "${x}-${self.dirtyShortRev}")
+        ];
+
+        # Run `devbox run update-flake` to update the vendorHash
+        vendorHash = if builtins.pathExists ./vendor-hash
+                     then builtins.readFile ./vendor-hash
+                     else "";
+
+        buildGoModule = pkgs.buildGo123Module;
+
+      in
+      {
+        inherit self;
+        packages.default = buildGoModule rec {
+          pname = "devbox";
+          version = getVersion;
+
+          src = ./.;
+
+          inherit vendorHash;
+
+          ldflags = [
+            "-s"
+            "-w"
+            "-X go.jetpack.io/devbox/internal/build.Version=${version}"
+          ];
+
+          # Disable tests if they require network access or are integration tests
+          doCheck = false;
+
+          nativeBuildInputs = [ pkgs.installShellFiles ];
+
+          postInstall = ''
+            installShellCompletion --cmd devbox \
+              --bash <($out/bin/devbox completion bash) \
+              --fish <($out/bin/devbox completion fish) \
+              --zsh <($out/bin/devbox completion zsh)
+          '';
+
+          meta = with pkgs.lib; {
+            description = "Instant, easy, and predictable development environments";
+            homepage = "https://www.jetify.com/devbox";
+            license = licenses.asl20;
+            maintainers = with maintainers; [ lagoja ];
+          };
+        };
+      }
+    );
+}
diff --git a/go.sum b/go.sum
diff --git a/vendor-hash b/vendor-hash
@@ -0,0 +1 @@
+sha256-rwmNzYzmZqNcNVV4GgqCVLT6ofIkblVCMJHLGwlhcGw=