diff --git a/.github/generate-matrix/action.yml b/.github/generate-matrix/action.yml index 78ac3655..d45e0c28 100644 --- a/.github/generate-matrix/action.yml +++ b/.github/generate-matrix/action.yml @@ -20,10 +20,9 @@ outputs: runs: using: "composite" steps: - - name: Install Nix - uses: cachix/install-nix-action@v25 - with: - extra_nix_config: accept-flake-config = true + - name: Pull Docker Image + shell: bash + run: docker pull ghcr.io/metacraft-labs/docker-ci:latest - name: Generate CI Matrix id: generate-matrix @@ -31,7 +30,7 @@ runs: env: IS_INITIAL: ${{ inputs.is-initial }} CACHIX_CACHE: ${{ inputs.cachix-cache }} - run: nix develop .#ci -c ./scripts/ci-matrix.sh + run: docker run -v "$(pwd)":/mnt ghcr.io/metacraft-labs/docker-ci:latest ci - name: Upload CI Matrix uses: actions/upload-artifact@v4 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 27f05cc3..927cd69d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -58,6 +58,7 @@ jobs: uses: cachix/install-nix-action@v25 with: extra_nix_config: accept-flake-config = true + install_url: "https://releases.nixos.org/nix/nix-2.19.3/install" - uses: cachix/cachix-action@v14 with: diff --git a/packages/all-packages.nix b/packages/all-packages.nix index 6b5ecc10..0bea8952 100644 --- a/packages/all-packages.nix +++ b/packages/all-packages.nix @@ -104,75 +104,82 @@ }; polkadot = polkadot-generic {}; polkadot-fast = polkadot-generic {enableFastRuntime = true;}; + minimalPkgs = callPackage ./minimal-packages/default.nix {}; + ci-matrix = callPackage ./ci-matrix/default.nix {inherit minimalPkgs;}; in { - legacyPackages.metacraft-labs = - rec { - gaiad = callPackage ./gaiad {}; - cosmos-theta-testnet = callPackage ./cosmos-theta-testnet {inherit gaiad;}; - blst = callPackage ./blst {}; - bnb-beacon-node = callPackage ./bnb-beacon-node {}; - - circom = callPackage ./circom/default.nix {craneLib = craneLib-stable;}; - circ = callPackage ./circ/default.nix {craneLib = craneLib-stable;}; - - emscripten = pkgs.emscripten.overrideAttrs (old: { - postInstall = '' - pushd $TMPDIR - echo 'int __main_argc_argv() { return 42; }' >test.c - for MEM in "-s ALLOW_MEMORY_GROWTH" ""; do - for LTO in -flto ""; do - for OPT in "-O2" "-O3" "-Oz" "-Os"; do - $out/bin/emcc $MEM $LTO $OPT -s WASM=1 -s STANDALONE_WASM test.c + legacyPackages = { + metacraft-labs = + rec { + gaiad = callPackage ./gaiad {}; + cosmos-theta-testnet = callPackage ./cosmos-theta-testnet {inherit gaiad;}; + blst = callPackage ./blst {}; + bnb-beacon-node = callPackage ./bnb-beacon-node {}; + + circom = callPackage ./circom/default.nix {craneLib = craneLib-stable;}; + circ = callPackage ./circ/default.nix {craneLib = craneLib-stable;}; + + emscripten = pkgs.emscripten.overrideAttrs (old: { + postInstall = '' + pushd $TMPDIR + echo 'int __main_argc_argv() { return 42; }' >test.c + for MEM in "-s ALLOW_MEMORY_GROWTH" ""; do + for LTO in -flto ""; do + for OPT in "-O2" "-O3" "-Oz" "-Os"; do + $out/bin/emcc $MEM $LTO $OPT -s WASM=1 -s STANDALONE_WASM test.c + done done done - done - ''; - }); + ''; + }); - go-opera = callPackage ./go-opera/default.nix {}; + go-opera = callPackage ./go-opera/default.nix {}; - circom_runtime = callPackage ./circom_runtime/default.nix {}; + circom_runtime = callPackage ./circom_runtime/default.nix {}; - # Polkadot - inherit polkadot polkadot-fast; + # Polkadot + inherit polkadot polkadot-fast; - avalanche-cli = callPackage ./avalanche-cli/default.nix {}; + avalanche-cli = callPackage ./avalanche-cli/default.nix {}; - inherit corepack-shims; - } - // lib.optionalAttrs hostPlatform.isLinux rec { - wasmd = callPackage ./wasmd/default.nix {}; + inherit corepack-shims; + } + // lib.optionalAttrs hostPlatform.isLinux rec { + wasmd = callPackage ./wasmd/default.nix {}; - # Solana - solana-rust-artifacts = callPackage ./solana-rust-artifacts {}; + # Solana + solana-rust-artifacts = callPackage ./solana-rust-artifacts {}; - solana-bpf-tools = callPackage ./solana-bpf-tools {}; + solana-bpf-tools = callPackage ./solana-bpf-tools {}; - solana = callPackage ./solana-full-sdk { - inherit solana-rust-artifacts solana-bpf-tools; - }; + solana = callPackage ./solana-full-sdk { + inherit solana-rust-artifacts solana-bpf-tools; + }; + + inherit cryptography36; + + inherit py-ecc; + # inherit erdpy elrond-go elrond-proxy-go; + + # EOS / Antelope + leap = callPackage ./leap/default.nix {}; + eos-vm = callPackage ./eos-vm/default.nix {}; + cdt = callPackage ./cdt/default.nix {}; + } + // lib.optionalAttrs hostPlatform.isx86 rec { + inherit zqfield-bn254 ffiasm ffiasm-src rapidsnark; - inherit cryptography36; - - inherit py-ecc; - # inherit erdpy elrond-go elrond-proxy-go; - - # EOS / Antelope - leap = callPackage ./leap/default.nix {}; - eos-vm = callPackage ./eos-vm/default.nix {}; - cdt = callPackage ./cdt/default.nix {}; - } - // lib.optionalAttrs hostPlatform.isx86 rec { - inherit zqfield-bn254 ffiasm ffiasm-src rapidsnark; - - inherit cardano graphql; - } - // lib.optionalAttrs (hostPlatform.isx86 && hostPlatform.isLinux) rec { - pistache = callPackage ./pistache/default.nix {}; - inherit zqfield-bn254; - rapidsnark-server = callPackage ./rapidsnark-server/default.nix { - inherit ffiasm zqfield-bn254 rapidsnark pistache; + inherit cardano graphql; + } + // lib.optionalAttrs (hostPlatform.isx86 && hostPlatform.isLinux) rec { + pistache = callPackage ./pistache/default.nix {}; + inherit zqfield-bn254; + rapidsnark-server = callPackage ./rapidsnark-server/default.nix { + inherit ffiasm zqfield-bn254 rapidsnark pistache; + }; }; - }; + + inherit ci-matrix; + docker-image = callPackage ./docker-image/default.nix {inherit ci-matrix minimalPkgs;}; + }; }; } diff --git a/packages/avalanche-cli/default.nix b/packages/avalanche-cli/default.nix index bb618f36..ff31167f 100644 --- a/packages/avalanche-cli/default.nix +++ b/packages/avalanche-cli/default.nix @@ -1,7 +1,7 @@ {pkgs}: with pkgs; buildGoModule rec { - pname = "avalanche-cli"; + pname = "test1234-avalanche-cli"; version = "1.3.7"; src = fetchFromGitHub { diff --git a/packages/ci-matrix/default.nix b/packages/ci-matrix/default.nix new file mode 100644 index 00000000..2123da45 --- /dev/null +++ b/packages/ci-matrix/default.nix @@ -0,0 +1,38 @@ +{ + pkgs, + minimalPkgs, +}: let +in + with pkgs; + minimalPkgs.stdenv.mkDerivation rec { + pname = "ci-matrix"; + version = "N/A"; + + src = ../../scripts; + + buildInputs = [minimalPkgs.bash minimalPkgs.glibc]; + + buildPhase = '' + cp $src/{ci-matrix,nix-eval-jobs,system-info}.sh . + sed -i 's|jq|${minimalPkgs.jq}/bin/jq|' *.sh + sed -i 's|nix-eval-jobs |${minimalPkgs.nix-eval-jobs}/bin/nix-eval-jobs |' *.sh + sed -i 's|"$root_dir/scripts/|"'$out'/bin/|' *.sh + ''; + installPhase = '' + mkdir -p $out/bin + cp {ci-matrix,nix-eval-jobs,system-info}.sh $out/bin''; + + postFixup = '' + sed -i 's|${pkgs.bash}|${bash}|' $out/bin/* + ''; + + doCheck = false; + + passthru = { + jq = minimalPkgs.jq; + nix-eval-jobs = minimalPkgs.nix-eval-jobs; + nix = minimalPkgs.nix; + }; + + meta.mainProgram = "ci-matrix.sh"; + } diff --git a/packages/docker-image/default.nix b/packages/docker-image/default.nix new file mode 100644 index 00000000..c88e4916 --- /dev/null +++ b/packages/docker-image/default.nix @@ -0,0 +1,138 @@ +{ + pkgs, + dockerTools, + cacert, + ci-matrix, + minimalPkgs, + replaceDependency, +}: let + image = (dockerTools.override {jq = minimalPkgs.jq;}).buildImageWithNixDb { + name = "ghcr.io/metacraft-labs/docker-ci"; + tag = "latest"; + + contents = with pkgs; [ + ./root + (replaceDependency + { + drv = minimalPkgs.bash; + oldDependency = pkgs.glibc; + newDependency = minimalPkgs.glibc; + }) + + (replaceDependency + { + drv = minimalPkgs.gnugrep; + oldDependency = pkgs.glibc; + newDependency = minimalPkgs.glibc; + }) + + (replaceDependency + { + drv = minimalPkgs.git; + oldDependency = pkgs.glibc; + newDependency = minimalPkgs.glibc; + }) + + (replaceDependency + { + drv = minimalPkgs.jq; + oldDependency = pkgs.glibc; + newDependency = minimalPkgs.glibc; + }) + + (replaceDependency + { + drv = minimalPkgs.nix; + oldDependency = pkgs.glibc; + newDependency = minimalPkgs.glibc; + }) + + (replaceDependency + { + drv = minimalPkgs.nix-eval-jobs; + oldDependency = pkgs.glibc; + newDependency = minimalPkgs.glibc; + }) + + (replaceDependency + { + drv = minimalPkgs.coreutils; + oldDependency = pkgs.glibc; + newDependency = minimalPkgs.glibc; + }) + + (writeTextFile { + name = "nix.conf"; + destination = "/etc/nix/nix.conf"; + text = '' + accept-flake-config = true + experimental-features = nix-command flakes + filter-syscalls = false + ''; + }) + + # runtime dependencies of nix + (replaceDependency + { + drv = pkgs.cacert; + oldDependency = pkgs.glibc; + newDependency = minimalPkgs.glibc; + }) + + # for our ci + # cachix + (replaceDependency + { + drv = ci-matrix; + oldDependency = pkgs.glibc; + newDependency = minimalPkgs.glibc; + }) + + (replaceDependency + { + drv = + writeShellScriptBin "ci" + '' + cd /mnt + export CACHIX_CACHE=mcl-blockchain-packages + git config --global --add safe.directory /mnt + ci-matrix.sh + ''; + oldDependency = pkgs.bash; + newDependency = minimalPkgs.bash; + }) + ]; + + extraCommands = '' + # for /usr/bin/env + mkdir usr + ln -s ../bin usr/bin + + # make sure /tmp exists + mkdir -m 1777 tmp + + # need a HOME + mkdir -vp root + ''; + + config = { + Cmd = ["/bin/bash"]; + Env = [ + "ENV=/etc/profile.d/nix.sh" + "BASH_ENV=/etc/profile.d/nix.sh" + "NIX_BUILD_SHELL=/bin/bash" + "NIX_PATH=nixpkgs=${./fake_nixpkgs}" + "PAGER=cat" + "PATH=/usr/bin:/bin" + "SSL_CERT_FILE=${(replaceDependency + { + drv = pkgs.cacert; + oldDependency = pkgs.glibc; + newDependency = minimalPkgs.glibc; + })}/etc/ssl/certs/ca-bundle.crt" + "USER=root" + ]; + }; + }; +in + image diff --git a/packages/docker-image/fake_nixpkgs/default.nix b/packages/docker-image/fake_nixpkgs/default.nix new file mode 100644 index 00000000..eee7aaca --- /dev/null +++ b/packages/docker-image/fake_nixpkgs/default.nix @@ -0,0 +1,10 @@ +_: +throw '' + This container doesn't include nixpkgs. + + The best way to work around that is to pin your dependencies. See + https://nix.dev/tutorials/first-steps/towards-reproducibility-pinning-nixpkgs.html + + Or if you must, override the NIX_PATH environment variable with eg: + "NIX_PATH=nixpkgs=channel:nixos-unstable" +'' diff --git a/packages/docker-image/root/etc/group b/packages/docker-image/root/etc/group new file mode 100644 index 00000000..162f79fd --- /dev/null +++ b/packages/docker-image/root/etc/group @@ -0,0 +1,21 @@ +root:x:0: +wheel:x:1: +kmem:x:2: +tty:x:3: +messagebus:x:4: +disk:x:6: +audio:x:17: +floppy:x:18: +uucp:x:19: +lp:x:20: +cdrom:x:24: +tape:x:25: +video:x:26: +dialout:x:27: +utmp:x:29: +adm:x:55: +keys:x:96: +users:x:100: +input:x:174: +nixbld:x:30000:nixbld1,nixbld10,nixbld11,nixbld12,nixbld13,nixbld14,nixbld15,nixbld16,nixbld17,nixbld18,nixbld19,nixbld2,nixbld20,nixbld21,nixbld22,nixbld23,nixbld24,nixbld25,nixbld26,nixbld27,nixbld28,nixbld29,nixbld3,nixbld30,nixbld31,nixbld32,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9 +nogroup:x:65534: diff --git a/packages/docker-image/root/etc/nsswitch.conf b/packages/docker-image/root/etc/nsswitch.conf new file mode 100644 index 00000000..59a21416 --- /dev/null +++ b/packages/docker-image/root/etc/nsswitch.conf @@ -0,0 +1,11 @@ +passwd: files mymachines systemd +group: files mymachines systemd +shadow: files + +hosts: files mymachines dns myhostname +networks: files + +ethers: files +services: files +protocols: files +rpc: files diff --git a/packages/docker-image/root/etc/passwd b/packages/docker-image/root/etc/passwd new file mode 100644 index 00000000..006b53f7 --- /dev/null +++ b/packages/docker-image/root/etc/passwd @@ -0,0 +1,34 @@ +root:x:0:0:System administrator:/root:/bin/bash +nixbld1:x:30001:30000:Nix build user 1:/var/empty:/run/current-system/sw/bin/nologin +nixbld2:x:30002:30000:Nix build user 2:/var/empty:/run/current-system/sw/bin/nologin +nixbld3:x:30003:30000:Nix build user 3:/var/empty:/run/current-system/sw/bin/nologin +nixbld4:x:30004:30000:Nix build user 4:/var/empty:/run/current-system/sw/bin/nologin +nixbld5:x:30005:30000:Nix build user 5:/var/empty:/run/current-system/sw/bin/nologin +nixbld6:x:30006:30000:Nix build user 6:/var/empty:/run/current-system/sw/bin/nologin +nixbld7:x:30007:30000:Nix build user 7:/var/empty:/run/current-system/sw/bin/nologin +nixbld8:x:30008:30000:Nix build user 8:/var/empty:/run/current-system/sw/bin/nologin +nixbld9:x:30009:30000:Nix build user 9:/var/empty:/run/current-system/sw/bin/nologin +nixbld10:x:30010:30000:Nix build user 10:/var/empty:/run/current-system/sw/bin/nologin +nixbld11:x:30011:30000:Nix build user 11:/var/empty:/run/current-system/sw/bin/nologin +nixbld12:x:30012:30000:Nix build user 12:/var/empty:/run/current-system/sw/bin/nologin +nixbld13:x:30013:30000:Nix build user 13:/var/empty:/run/current-system/sw/bin/nologin +nixbld14:x:30014:30000:Nix build user 14:/var/empty:/run/current-system/sw/bin/nologin +nixbld15:x:30015:30000:Nix build user 15:/var/empty:/run/current-system/sw/bin/nologin +nixbld16:x:30016:30000:Nix build user 16:/var/empty:/run/current-system/sw/bin/nologin +nixbld17:x:30017:30000:Nix build user 17:/var/empty:/run/current-system/sw/bin/nologin +nixbld18:x:30018:30000:Nix build user 18:/var/empty:/run/current-system/sw/bin/nologin +nixbld19:x:30019:30000:Nix build user 19:/var/empty:/run/current-system/sw/bin/nologin +nixbld20:x:30020:30000:Nix build user 20:/var/empty:/run/current-system/sw/bin/nologin +nixbld21:x:30021:30000:Nix build user 21:/var/empty:/run/current-system/sw/bin/nologin +nixbld22:x:30022:30000:Nix build user 22:/var/empty:/run/current-system/sw/bin/nologin +nixbld23:x:30023:30000:Nix build user 23:/var/empty:/run/current-system/sw/bin/nologin +nixbld24:x:30024:30000:Nix build user 24:/var/empty:/run/current-system/sw/bin/nologin +nixbld25:x:30025:30000:Nix build user 25:/var/empty:/run/current-system/sw/bin/nologin +nixbld26:x:30026:30000:Nix build user 26:/var/empty:/run/current-system/sw/bin/nologin +nixbld27:x:30027:30000:Nix build user 27:/var/empty:/run/current-system/sw/bin/nologin +nixbld28:x:30028:30000:Nix build user 28:/var/empty:/run/current-system/sw/bin/nologin +nixbld29:x:30029:30000:Nix build user 29:/var/empty:/run/current-system/sw/bin/nologin +nixbld30:x:30030:30000:Nix build user 30:/var/empty:/run/current-system/sw/bin/nologin +nixbld31:x:30031:30000:Nix build user 31:/var/empty:/run/current-system/sw/bin/nologin +nixbld32:x:30032:30000:Nix build user 32:/var/empty:/run/current-system/sw/bin/nologin +nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin diff --git a/packages/minimal-packages/default.nix b/packages/minimal-packages/default.nix new file mode 100644 index 00000000..590831fc --- /dev/null +++ b/packages/minimal-packages/default.nix @@ -0,0 +1,183 @@ +{pkgs}: rec { + aws-sdk-cpp-nix-do-not-use = + (pkgs.aws-sdk-cpp.override { + apis = ["s3" "transfer"]; + customMemoryManagement = false; + }) + .overrideAttrs { + # only a stripped down version is build which takes a lot less resources to build + requiredSystemFeatures = []; + }; + + glibc = pkgs.glibc.overrideAttrs (old: { + postFixup = '' + rm -rf $out/{share,libexec,lib/gconv/*} + ''; + }); + + gcc = pkgs.wrapCCWith { + cc = pkgs.gcc-unwrapped; + libc = glibc; + bintools = pkgs.binutils.override { + libc = glibc; + }; + }; + + stdenv = pkgs.overrideCC pkgs.stdenv gcc; + + acl = (pkgs.acl.override {inherit stdenv;}).overrideAttrs (old: { + pname = old.pname + "-min"; + + postFixup = '' + rm -rf $out/share + ''; + }); + + libarchive = (pkgs.libarchive.override {inherit stdenv acl;}).overrideAttrs (old: { + pname = old.pname + "-min"; + }); + gnugrep = (pkgs.gnugrep.override {inherit stdenv;}).overrideAttrs (old: { + pname = old.pname + "-min"; + + postFixup = '' + rm -rf $out/share + + sed -i 's|${pkgs.bash}|${bash}|' $out/bin/* + ''; + doCheck = false; + }); + + jq = (pkgs.jq.override {inherit stdenv;}).overrideAttrs (old: { + pname = old.pname + "-min"; + + # outputs = ["bin" "doc" "man" "dev" "lib" "out"]; + outputs = ["bin" "dev" "lib" "out"]; + configureFlags = old.configureFlags ++ ["--mandir=/tmp" "--datadir=/tmp"]; + postInstall = '' + rm -rf $out/{share/{man,doc}},include,lib/pkgconfig} + ''; + }); + + coreutils = + (pkgs.coreutils.override { + inherit stdenv acl; + + gmpSupport = false; + aclSupport = false; + attrSupport = false; + }) + .overrideAttrs + (old: { + pname = old.pname + "-min"; + postFixup = '' + rm -rf $out/{share/info,lib/debug}} $info/* $debug/* + ''; + passthru = {inherit stdenv acl;}; + doCheck = false; + }); + + libkrb5 = (pkgs.libkrb5.override {inherit stdenv;}).overrideAttrs (old: { + pname = old.pname + "-min"; + postFixup = '' + rm -rf $out/share + sed -i 's|${pkgs.bash}|${bash}|' $out/bin/* + ''; + }); + + curl = (pkgs.curl.override {inherit stdenv libkrb5;}).overrideAttrs (old: { + pname = old.pname + "-min"; + postFixup = '' + rm -rf $out/share + ''; + }); + nix = + (pkgs.nixVersions.unstable.override { + inherit + stdenv + coreutils + libarchive + curl + ; + + enableDocumentation = false; + withAWS = false; + withLibseccomp = false; + }) + .overrideAttrs (old: { + pname = old.pname + "-min"; + postFixup = '' + rm -rf $out/{/etc/profile.d/*.fish,libexec/nix/build-remote,share} + ${pkgs.removeReferencesTo}/bin/remove-references-to -t ${aws-sdk-cpp-nix-do-not-use} $out/bin/nix $out/lib/libnixstore.so + ''; + buildInputs = old.buildInputs ++ [pkgs.removeReferencesTo]; + #replacing references breaks the check phase + doInstallCheck = false; + passthru = { + inherit + stdenv + coreutils + libarchive + curl + ; + }; + }); + + nix-eval-jobs = (pkgs.nix-eval-jobs.override {inherit stdenv nix;}).overrideAttrs (old: { + pname = old.pname + "-min"; + + passthru = {inherit stdenv nix;}; + }); + + # use bashInteractive instead of bash when testing + bash = + (pkgs.bash.override { + inherit stdenv; + withDocs = false; + }) + .overrideAttrs (old: { + # name = old.name + "-min"; + + postFixup = + old.postFixup + + '' + rm $out/bin/sh + ln -s $out/bin/bash $out/bin/sh + + rm -rf $out/{include,lib/bash/{loadables.h,Makefile.sample}} + sed -i 's|${pkgs.glibc}|${glibc}|' $out/{bin,lib/bash}/* + ''; + passthru = {inherit stdenv;}; + }); + git = + ( + pkgs.git.override { + inherit bash; + inherit stdenv; + perlSupport = false; + pythonSupport = false; + withManual = false; + withpcre2 = false; + svnSupport = false; + guiSupport = false; + } + ) + .overrideAttrs ( + old: { + pname = old.pname + "-min"; + + # installCheck is broken when perl is disabled + doInstallCheck = false; + postFixup = '' + mkdir -p $out/share2 + cp -r $out/share/git-core $out/share2/ + rm -rf $out/share + mv $out/share2 $out/share + rm -rf $out/libexec/git-core/{mergetools,.git-*,git-{archimport,citool,cvs*,daemon,difftool--helper,\ + filter-branch,gui--askpass,http-*,imap-send,instaweb,merge*,p4,quiltimport,request-pull,send-email,shell,subtree,web--browse},scalar} \ + $out/bin/{scalar,git-{credential-netrc,cvsserver,shell}} + + sed -i 's|${pkgs.bash}|${bash}|' $out/bin/git $out/libexec/git-core/git + ''; + } + ); +} diff --git a/scripts/system-info.sh b/scripts/system-info.sh index 6f841fbc..dd8eca9b 100644 --- a/scripts/system-info.sh +++ b/scripts/system-info.sh @@ -35,7 +35,7 @@ get_platform() { export is_darwin=true ;; Darwin.arm64|Darwin.aarch64) - system=aarch64-darwin + export system=aarch64-darwin export is_linux=false export is_darwin=true ;;