Orca: Use crane in nix build (#130)

Improve incrementality of nix build for orca using crane. This introduces a breaking change in `default.nix` which will require action in all downstream dependencies relying on `default.nix`
ictunion · Oct 21, 2023 · 3813cce · 3813cce
1 parent ba546b9
commit 3813cce
Show file tree

Hide file tree

Showing 6 changed files with 131 additions and 41 deletions.
diff --git a/.github/workflows/orca.yaml b/.github/workflows/orca.yaml
@@ -6,7 +6,6 @@ on:
 jobs:
   nix-build:
     runs-on: ubuntu-latest
-    # if: github.ref_name == 'main'
     steps:
       - name: Clone repository
         uses: actions/checkout@v3
@@ -15,6 +14,10 @@ jobs:
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
 
+      - name: Check orca
+        working-directory: orca
+        run: nix flake check --log-format raw
+
       - name: Build via nix
         working-directory: orca
-        run: nix build
+        run: nix build --log-format raw
diff --git a/orca/default.nix b/orca/default.nix
@@ -1,32 +1,58 @@
-{ rustPlatform
-, pkg-config
+{ pkg-config
 , openssl
 , stdenv
-, darwin
-, lib
+, callPackage
 , texlive
 , makeWrapper
 , nix-gitignore
-, ibm-plex
 , buildFeatures ? []
+, crane
+, system
+, lib
+, darwin
 }:
 let
   tex = import ./latex { inherit texlive; };
-in
-rustPlatform.buildRustPackage {
-  inherit buildFeatures;
-
-  pname = "ict-union-orca";
-  version = "0.1.0";
   src = nix-gitignore.gitignoreSource [] ./.;
-  cargoSha256 = "sha256-iW18bgQwXIT6jL+PW3UxELqUzDJLxldAwwJv2FudB4o=";
+  craneLib = crane.lib.${system};
+  nativeBuildInputs = [
+    openssl
+    pkg-config
+  ];
 
-  nativeBuildInputs = [ pkg-config makeWrapper ];
+  # Build *just* the cargo dependencies, so we can reuse
+  # all of that work (e.g. via cachix) when running in CI
+  cargoArtifacts = craneLib.buildDepsOnly {
+    inherit src nativeBuildInputs;
+  };
 
-  buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [
-    darwin.apple_sdk.frameworks.Security
-  ];
-  postInstall = ''
-    wrapProgram "$out/bin/orca" --suffix PATH : "${tex}/bin"
+  # Run clippy (and deny all warnings) on the crate source,
+  # resuing the dependency artifacts (e.g. from build scripts or
+  # proc-macros) from above.
+  #
+  # Note that this is done as a separate derivation so it
+  # does not impact building just the crate by itself.
+  orca-clippy = craneLib.cargoClippy {
+    inherit cargoArtifacts src nativeBuildInputs;
+    cargoClippyExtraArgs = "-- --deny warnings";
+  };
+
+  orca-fmt = craneLib.cargoFmt {
+    inherit src;
+  };
+in
+rec {
+  orca = craneLib.buildPackage {
+    inherit cargoArtifacts src;
+    nativeBuildInputs = nativeBuildInputs ++ [ makeWrapper ];
+    buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [
+      darwin.apple_sdk.frameworks.Security
+    ];
+    postInstall = ''
+      wrapProgram "$out/bin/orca" --suffix PATH : "${tex}/bin"
   '';
+  };
+
+  inherit orca-clippy;
+  inherit orca-fmt;
 }
diff --git a/orca/flake.lock b/orca/flake.lock
diff --git a/orca/flake.nix b/orca/flake.nix
@@ -3,9 +3,11 @@
   inputs = {
     nixpkgs.url = github:NixOS/nixpkgs;
     flake-utils.url = github:numtide/flake-utils;
+    crane.url = "github:ipetkov/crane";
+    crane.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = { self, nixpkgs, flake-utils }: flake-utils.lib.eachDefaultSystem (system:
+  outputs = { self, nixpkgs, flake-utils, crane }: flake-utils.lib.eachDefaultSystem (system:
     let
       pkgs = import nixpkgs {
         inherit system;
@@ -18,9 +20,13 @@
         openssl
         pkg-config
       ];
-    in
+
+      orcaPkgs = pkgs.callPackage ./default.nix {
+        inherit crane;
+      };
+    in rec
     {
-      devShell = with pkgs;
+      devShells.default = with pkgs;
         mkShell {
           name = "ict-union-orca-dev-env";
           inherit buildInputs;
@@ -30,6 +36,11 @@
           '';
           OSFONTDIR = "${pkgs.ibm-plex}/share/fonts/opentype";
         };
-      defaultPackage = pkgs.callPackage ./default.nix {};
-  });
+
+      defaultPackage = orcaPkgs.orca;
+
+      checks = {
+        inherit (orcaPkgs) orca orca-clippy orca-fmt;
+      };
+    });
 }
diff --git a/orca/src/api/applications/mod.rs b/orca/src/api/applications/mod.rs
@@ -530,8 +530,12 @@ async fn hard_delete<'r>(
         .to_status()
         .assert_rejected()?;
 
-    query::dangerous_hard_delete_application_data(id).execute(&mut tx).await?;
-    query::dangerous_hard_delete_application(id).execute(&mut tx).await?;
+    query::dangerous_hard_delete_application_data(id)
+        .execute(&mut tx)
+        .await?;
+    query::dangerous_hard_delete_application(id)
+        .execute(&mut tx)
+        .await?;
 
     tx.commit().await?;
 

diff --git a/orca/src/processing/mod.rs b/orca/src/processing/mod.rs
@@ -136,7 +136,7 @@ async fn process(
 
     match command {
         NewRegistrationRequest(reg_id, signature) => {
-            process_new_registration(reg_id, signature, config, db_pool).await
+            process_new_registration(reg_id, signature, config, db_pool).await?;
         }
         ResentRegistrationEmail(reg_id) => {
             let application_details = query::query_registration(reg_id).fetch_one(db_pool).await?;
@@ -145,7 +145,7 @@ async fn process(
                 .fetch_one(db_pool)
                 .await?;
 
-            send_verification_email(config, db_pool, &application_details, pdf_data).await
+            send_verification_email(config, db_pool, &application_details, pdf_data).await?;
         }
         RegistrationRequestVerified(reg_id) => {
             // We do this only if notification email is configured
@@ -200,10 +200,10 @@ async fn process(
 
                 send_email(config, message).await?;
             }
-
-            Ok(())
         }
     }
+
+    Ok(())
 }
 
 async fn send_email(config: &Config, message: Message) -> Result<(), ProcessingError> {
@@ -231,8 +231,8 @@ async fn process_new_registration(
         .await?;
 
     // Query for detail information about member
-    // in theory we could also pass this in thee command
-    // but doing it this way means that all triggers, defaults etc are 100% applied to the data
+    // in theory we could also pass this in the command
+    // but doing it this way means that all triggers & defaults etc are 100% applied to the data
     let application_details = query::query_registration(reg_id).fetch_one(db_pool).await?;
 
     // Generate PDF
@@ -256,6 +256,8 @@ async fn send_verification_email(
     application_details: &RegistrationDetails,
     pdf_data: Vec<u8>,
 ) -> Result<(), ProcessingError> {
+    info!("Send verification email to {}", application_details.email);
+
     let token = application_details
         .confirmation_token
         .as_ref()
@@ -395,6 +397,8 @@ async fn print_pdf(
     application_details: &RegistrationDetails,
     dir: &str,
 ) -> Result<String, ProcessingError> {
+    info!("Printing registration pdf at {dir}");
+
     // inline static files
     let form_tex = include_str!("../../latex/registration.tex");
     let logo_png = include_bytes!("../../latex/logo.png");
@@ -424,9 +428,12 @@ async fn print_pdf(
         .stdout(Stdio::null())
         .spawn()?;
 
-    // Await until the command completes
+    // Await until command completes
+    // There is a problem with tokio detecting the exist status of the process
+    // at least in cases where xelatex fails to find font in OSFONTDIR
+    // like similar to https://users.rust-lang.org/t/tokio-child-wait-never-returning/96657
     let status = child.wait().await?;
-    info!("tex command exited successfully: {status}");
+    info!("Tex command exited successfully: {status}");
 
     Ok(format!("{dir}/registration.pdf"))
 }