diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..1f97b0bc --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +version: 2 +updates: + +- package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily + time: '00:00' + timezone: UTC + open-pull-requests-limit: 10 + commit-message: + prefix: "chore" + include: "scope" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c6515a6d..499a0fb4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,12 +20,12 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v19 + - uses: cachix/install-nix-action@v20 with: nix_path: nixpkgs=channel:nixos-22.11 github_access_token: ${{ secrets.GITHUB_TOKEN }} - - uses: cachix/cachix-action@v11 + - uses: cachix/cachix-action@v12 with: name: nix-blockchain-development authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml new file mode 100644 index 00000000..44df0726 --- /dev/null +++ b/.github/workflows/update-flake-lock.yml @@ -0,0 +1,42 @@ +name: Update Nix Flake lockfile + +on: + # Enable option to manually run the action: + workflow_dispatch: + + # Run every Sunday at 00:00: + schedule: + - cron: 0 0 * * 0 + +jobs: + main: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + + - uses: cachix/install-nix-action@v20 + with: + nix_path: nixpkgs=channel:nixos-unstable + github_access_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Run `nix flake update` + id: update-lockfile + run: ./scripts/commit_flake_update.bash + + - uses: tibdex/github-app-token@v1.8.0 + id: generate-token + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + + - name: Create Pull Request + uses: peter-evans/create-pull-request@v5 + with: + token: ${{ steps.generate-token.outputs.token }} + title: 'Update Nix Flake lockfile' + commit-message: ${{ env.COMMIT_MSG }} + branch: 'create-pull-request/update-flake-lockfile' + delete-branch: true + branch-suffix: timestamp + add-paths: flake.lock diff --git a/overlay.nix b/overlay.nix index dc7e77eb..a5a7857b 100644 --- a/overlay.nix +++ b/overlay.nix @@ -1,24 +1,27 @@ _finalNixpkgs: prevNixpkgs: let - solana-rust-artifacts = prevNixpkgs.callPackage ./packages/solana-rust-artifacts {}; + inherit (prevNixpkgs) callPackage symlinkJoin fetchFromGitHub; + inherit (prevNixpkgs.lib) optionalAttrs; - solana-bpf-tools = prevNixpkgs.callPackage ./packages/solana-bpf-tools {}; + solana-rust-artifacts = callPackage ./packages/solana-rust-artifacts {}; - solana-full-sdk = prevNixpkgs.callPackage ./packages/solana-full-sdk { + solana-bpf-tools = callPackage ./packages/solana-bpf-tools {}; + + solana-full-sdk = callPackage ./packages/solana-full-sdk { inherit solana-rust-artifacts solana-bpf-tools; }; - cosmos-theta-testnet = prevNixpkgs.callPackage ./packages/cosmos-theta-testnet {}; + cosmos-theta-testnet = callPackage ./packages/cosmos-theta-testnet {}; - circom = prevNixpkgs.callPackage ./packages/circom/default.nix {}; - circ = prevNixpkgs.callPackage ./packages/circ/default.nix {}; + circom = callPackage ./packages/circom/default.nix {}; + circ = callPackage ./packages/circ/default.nix {}; - wasmd = prevNixpkgs.callPackage ./packages/wasmd/default.nix {}; + wasmd = callPackage ./packages/wasmd/default.nix {}; # erdpy depends on cattrs >= 22.2 cattrs22-2 = prevNixpkgs.python3Packages.cattrs.overridePythonAttrs (previousAttrs: rec { version = "22.2.0"; - src = prevNixpkgs.fetchFromGitHub { + src = fetchFromGitHub { owner = "python-attrs"; repo = "cattrs"; rev = "v${version}"; @@ -34,7 +37,7 @@ _finalNixpkgs: prevNixpkgs: let prevNixpkgs.buildGoModule (args // { version = "1.11.1"; - src = prevNixpkgs.fetchFromGitHub { + src = fetchFromGitHub { owner = "ethereum"; repo = "go-ethereum"; rev = "v1.11.1"; @@ -46,26 +49,26 @@ _finalNixpkgs: prevNixpkgs: let }; # copied from https://github.com/NixOS/nixpkgs/blob/8df7949791250b580220eb266e72e77211bedad9/pkgs/development/python-modules/cryptography/default.nix - cryptography36 = prevNixpkgs.callPackage ./packages/python-modules/cryptography36/default.nix {}; + cryptography36 = callPackage ./packages/python-modules/cryptography36/default.nix {}; - ledgercomm = prevNixpkgs.callPackage ./packages/python-modules/ledgercomm/default.nix {}; - requests-cache = prevNixpkgs.callPackage ./packages/python-modules/requests-cache/default.nix {}; + ledgercomm = callPackage ./packages/python-modules/ledgercomm/default.nix {}; + requests-cache = callPackage ./packages/python-modules/requests-cache/default.nix {}; - erdpy = prevNixpkgs.callPackage ./packages/erdpy/default.nix {}; - elrond-go = prevNixpkgs.callPackage ./packages/elrond-go/default.nix {}; - elrond-proxy-go = prevNixpkgs.callPackage ./packages/elrond-proxy-go/default.nix {}; + erdpy = callPackage ./packages/erdpy/default.nix {}; + elrond-go = callPackage ./packages/elrond-go/default.nix {}; + elrond-proxy-go = callPackage ./packages/elrond-proxy-go/default.nix {}; - go-opera = prevNixpkgs.callPackage ./packages/go-opera/default.nix {}; + go-opera = callPackage ./packages/go-opera/default.nix {}; - leap = prevNixpkgs.callPackage ./packages/leap/default.nix {}; - eos-vm = prevNixpkgs.callPackage ./packages/eos-vm/default.nix {}; - cdt = prevNixpkgs.callPackage ./packages/cdt/default.nix {}; + leap = callPackage ./packages/leap/default.nix {}; + eos-vm = callPackage ./packages/eos-vm/default.nix {}; + cdt = callPackage ./packages/cdt/default.nix {}; - nimbus = prevNixpkgs.callPackage ./packages/nimbus/default.nix {}; + nimbus = callPackage ./packages/nimbus/default.nix {}; - pistache = prevNixpkgs.callPackage ./packages/pistache/default.nix {}; - ffiasm-src = prevNixpkgs.callPackage ./packages/ffiasm/src.nix {}; - zqfield = prevNixpkgs.callPackage ./packages/ffiasm/zqfield.nix { + pistache = callPackage ./packages/pistache/default.nix {}; + ffiasm-src = callPackage ./packages/ffiasm/src.nix {}; + zqfield = callPackage ./packages/ffiasm/zqfield.nix { inherit ffiasm-src; }; # Pairing Groups on BN-254, aka alt_bn128 @@ -76,7 +79,7 @@ _finalNixpkgs: prevNixpkgs: let # https://eips.ethereum.org/EIPS/eip-197 # https://hackmd.io/@aztec-network/ByzgNxBfd # https://hackmd.io/@jpw/bn254 - zqfield-bn254 = prevNixpkgs.symlinkJoin { + zqfield-bn254 = symlinkJoin { name = "zqfield-bn254"; paths = [ (zqfield { @@ -90,14 +93,14 @@ _finalNixpkgs: prevNixpkgs: let }) ]; }; - ffiasm = prevNixpkgs.callPackage ./packages/ffiasm/default.nix { + ffiasm = callPackage ./packages/ffiasm/default.nix { inherit ffiasm-src zqfield-bn254; }; - circom_runtime = prevNixpkgs.callPackage ./packages/circom_runtime/default.nix {}; - rapidsnark = prevNixpkgs.callPackage ./packages/rapidsnark/default.nix { + circom_runtime = callPackage ./packages/circom_runtime/default.nix {}; + rapidsnark = callPackage ./packages/rapidsnark/default.nix { inherit ffiasm zqfield-bn254; }; - rapidsnark-server = prevNixpkgs.callPackage ./packages/rapidsnark-server/default.nix { + rapidsnark-server = callPackage ./packages/rapidsnark-server/default.nix { inherit ffiasm zqfield-bn254 rapidsnark pistache; }; @@ -540,43 +543,49 @@ _finalNixpkgs: prevNixpkgs: let eth-bloom-104 = prevNixpkgs.callPackage ./packages/python-modules/eth-bloom-104/default.nix {}; z3-solver = prevNixpkgs.callPackage ./packages/python-modules/z3-solver/default.nix {inherit jinja2_fixed;}; in { - metacraft-labs = rec { - solana = solana-full-sdk; - inherit cosmos-theta-testnet; - inherit circom; - - # Disabled until cvc4 compiles again - # inherit circ; - - inherit wasmd; - inherit ledgercomm; - inherit cryptography36; - inherit requests-cache; - inherit erdpy; - inherit cattrs22-2; - - # Disabled until elrond-go can build with Go >= 1.19 - # inherit elrond-go; - # inherit elrond-proxy-go; - inherit go-opera; - inherit leap; - inherit eos-vm; - inherit cdt; - - # Ethereum - inherit nimbus; - inherit go-ethereum-capella; - - inherit pistache; - inherit zqfield-bn254; - inherit zqfield; - inherit ffiasm; - inherit circom_runtime; - inherit rapidsnark; - inherit rapidsnark-server; - - inherit mythril; - inherit blake2b-py; - inherit py-solc-x; - }; + metacraft-labs = + rec { + solana = solana-full-sdk; + inherit cosmos-theta-testnet; + inherit circom; + + # Disabled until cvc4 compiles again + # inherit circ; + + inherit wasmd; + + # ElrondGo: + inherit ledgercomm; + inherit cryptography36; + inherit cattrs22-2; + inherit requests-cache; + # Disabled until elrond-go can build with Go >= 1.19 + # Issue #65 + # inherit elrond-go; + # inherit elrond-proxy-go; + # inherit erdpy; + + inherit go-opera; + inherit leap; + inherit eos-vm; + inherit cdt; + + # Ethereum + inherit nimbus; + inherit go-ethereum-capella; + + inherit zqfield-bn254; + inherit ffiasm; + inherit circom_runtime; + inherit rapidsnark; + + # Mythril + inherit mythril; + inherit blake2b-py; + inherit py-solc-x; + } + // optionalAttrs (prevNixpkgs.hostPlatform.isLinux) { + inherit pistache; + inherit rapidsnark-server; + }; } diff --git a/packages/rapidsnark-server/default.nix b/packages/rapidsnark-server/default.nix index b4c44055..50d4e4dd 100644 --- a/packages/rapidsnark-server/default.nix +++ b/packages/rapidsnark-server/default.nix @@ -1,4 +1,5 @@ { + lib, stdenv, pistache, ffiasm, @@ -9,7 +10,12 @@ in stdenv.mkDerivation rec { pname = "rapidsnark-server"; - inherit (rapidsnark) version src nativeBuildInputs doCheck meta; + inherit (rapidsnark) version src nativeBuildInputs doCheck; + meta = + rapidsnark.meta + // { + platforms = with lib.platforms; linux; + }; buildInputs = rapidsnark.buildInputs ++ [pistache]; buildPhase = '' diff --git a/packages/solana-bpf-tools/default.nix b/packages/solana-bpf-tools/default.nix index f98a3efa..22283bc0 100644 --- a/packages/solana-bpf-tools/default.nix +++ b/packages/solana-bpf-tools/default.nix @@ -10,7 +10,7 @@ with pkgs; }; # TODO autoPatchElf is Linux-specific. We need a cross-platform solution. - nativeBuildInputs = [autoPatchelfHook]; + nativeBuildInputs = lib.optionals stdenv.isLinux [autoPatchelfHook]; buildInputs = with pkgs; [ zlib diff --git a/packages/wasmd/default.nix b/packages/wasmd/default.nix index cedc8437..9e892355 100644 --- a/packages/wasmd/default.nix +++ b/packages/wasmd/default.nix @@ -21,21 +21,21 @@ in buildGoModule rec { pname = "wasmd"; - version = "0.40.0-rc.0"; + version = "0.31.0"; src = fetchFromGitHub { owner = "CosmWasm"; repo = "wasmd"; rev = "v${version}"; - hash = "sha256-y+yCzOLR2nRdA6w+u3iI3c8XSHeCIpqdX90msJj+cVA="; + hash = "sha256-lxx1rKvgzvWKeGnUG4Ij7K6tfL7u3cIaf6/CYRvkqLg="; }; proxyVendor = true; - vendorSha256 = "sha256-hRFnF/GmMYy8aOU4lPO6WQOTAmqsyyf+PI0hDEJWf8k="; + vendorSha256 = "sha256-Mv4Y7bsmBBnRkOxgosQDXD8jLXlS+rbz7GPCXjj5cto="; subPackages = ["cmd/wasmd"]; - buildInputs = [autoPatchelfHook]; + nativeBuildInputs = lib.optionals stdenv.isLinux [autoPatchelfHook]; postBuild = '' mkdir -p "$out/lib" diff --git a/scripts/ci.sh b/scripts/ci.sh index f407a8db..56d0303e 100755 --- a/scripts/ci.sh +++ b/scripts/ci.sh @@ -37,4 +37,5 @@ get_platform() { } set -x +nix flake check nix build --json --print-build-logs ".#devShells.$(get_platform).default" diff --git a/scripts/commit_flake_update.bash b/scripts/commit_flake_update.bash new file mode 100755 index 00000000..10bb5e5c --- /dev/null +++ b/scripts/commit_flake_update.bash @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +set -euo pipefail + +if ! git config --get user.name >/dev/null 2>&1 || \ + [ "$(git config --get user.name)" = "" ] || + ! git config --get user.email >/dev/null 2>&1 || \ + [ "$(git config --get user.email)" = "" ]; then + echo "git config user.{name,email} is not set - configuring" + set -x + git config --local user.email "actions-bot" + git config --local user.name "actions-bot@users.noreply.github.com" +fi + +nix flake update --commit-lock-file + +cat >commit_msg <> "$GITHUB_ENV" cat <