From a9c0f8e0b976e6d7d073cb34cd801946590e7f73 Mon Sep 17 00:00:00 2001 From: "P." Date: Tue, 19 Nov 2024 08:36:19 -0600 Subject: [PATCH] nix: use basic flake, add gorin as dependency --- .envrc | 12 +- devshell.toml | 25 --- flake.lock | 416 +++++++++++++++++++++++++++++++++++++++++++++++--- flake.nix | 42 ++--- 4 files changed, 422 insertions(+), 73 deletions(-) delete mode 100644 devshell.toml diff --git a/.envrc b/.envrc index 31ca173..af0cc93 100644 --- a/.envrc +++ b/.envrc @@ -1,12 +1,2 @@ #!/usr/bin/env bash -# ^ added for shellcheck and file-type detection - -# Watch & reload direnv on change -watch_file devshell.toml - -if [[ $(type -t use_flake) != function ]]; then - echo "ERROR: use_flake function missing." - echo "Please update direnv to v2.30.0 or later." - exit 1 -fi -use flake \ No newline at end of file +use flake diff --git a/devshell.toml b/devshell.toml deleted file mode 100644 index 5d13ba8..0000000 --- a/devshell.toml +++ /dev/null @@ -1,25 +0,0 @@ -# https://numtide.github.io/devshell -[devshell] -name = "SimpleRisk Docker images" -packages = [ - "docker-compose", - "dockle", - "grype" -] - -[[commands]] -help = "Runs a stack of containers" -package = "docker-compose" -category = "deployment" - -[[commands]] -help = "Verify if Dockerfile follows best practices (needs the container to be built)" -package = "dockle" -command = "dockle image_tag" -category = "scanners" - -[[commands]] -help = "Verify if container has any security vulnerabilities" -package = "grype" -command = "grype image_tag" -category = "scanners" diff --git a/flake.lock b/flake.lock index 5e1d80f..76634c5 100644 --- a/flake.lock +++ b/flake.lock @@ -1,21 +1,93 @@ { "nodes": { - "devshell": { + "cachix": { "inputs": { + "devenv": "devenv_2", + "flake-compat": [ + "gorinapp", + "devenv", + "flake-compat" + ], + "nixpkgs": [ + "gorinapp", + "devenv", + "nixpkgs" + ], + "pre-commit-hooks": [ + "gorinapp", + "devenv", + "pre-commit-hooks" + ] + }, + "locked": { + "lastModified": 1712055811, + "narHash": "sha256-7FcfMm5A/f02yyzuavJe06zLa9hcMHsagE28ADcmQvk=", + "owner": "cachix", + "repo": "cachix", + "rev": "02e38da89851ec7fec3356a5c04bc8349cae0e30", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "cachix", + "type": "github" + } + }, + "devenv": { + "inputs": { + "cachix": "cachix", + "flake-compat": "flake-compat_3", + "nix": "nix_2", + "nixpkgs": [ + "gorinapp", + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1721817837, + "narHash": "sha256-vZYHahW5w9nMbDV0YFC+HE8bwjkDjJ2kauDQWKjRGtY=", + "owner": "cachix", + "repo": "devenv", + "rev": "44bfc26843694ab17ebae1d4922065e48d93f501", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "devenv", + "type": "github" + } + }, + "devenv_2": { + "inputs": { + "flake-compat": [ + "gorinapp", + "devenv", + "cachix", + "flake-compat" + ], + "nix": "nix", "nixpkgs": "nixpkgs", - "systems": "systems" + "poetry2nix": "poetry2nix", + "pre-commit-hooks": [ + "gorinapp", + "devenv", + "cachix", + "pre-commit-hooks" + ] }, "locked": { - "lastModified": 1695973661, - "narHash": "sha256-BP2H4c42GThPIhERtTpV1yCtwQHYHEKdRu7pjrmQAwo=", - "owner": "numtide", - "repo": "devshell", - "rev": "cd4e2fda3150dd2f689caeac07b7f47df5197c31", + "lastModified": 1708704632, + "narHash": "sha256-w+dOIW60FKMaHI1q5714CSibk99JfYxm0CzTinYWr+Q=", + "owner": "cachix", + "repo": "devenv", + "rev": "2ee4450b0f4b95a1b90f2eb5ffea98b90e48c196", "type": "github" }, "original": { - "owner": "numtide", - "repo": "devshell", + "owner": "cachix", + "ref": "python-rewrite", + "repo": "devenv", "type": "github" } }, @@ -35,16 +107,82 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems_2" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -53,13 +191,137 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "gorinapp", + "devenv", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gorinapp": { + "inputs": { + "devenv": "devenv", + "flake-compat": "flake-compat_4", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1722369316, + "narHash": "sha256-8chXewjxc+Zb5arnh0SGpYwp8xmm6T7FGeTl9ZDtG6k=", + "ref": "refs/heads/main", + "rev": "16b8939753a70f7dda29107e8c99dc4389aa2542", + "revCount": 57, + "type": "git", + "url": "https://codeberg.org/wolfangaukang/gorin" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/wolfangaukang/gorin" + } + }, + "nix": { + "inputs": { + "flake-compat": "flake-compat_2", + "nixpkgs": [ + "gorinapp", + "devenv", + "cachix", + "devenv", + "nixpkgs" + ], + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1712911606, + "narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=", + "owner": "domenkozar", + "repo": "nix", + "rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12", + "type": "github" + }, + "original": { + "owner": "domenkozar", + "ref": "devenv-2.21", + "repo": "nix", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "gorinapp", + "devenv", + "cachix", + "devenv", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688870561, + "narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "165b1650b753316aa7f1787f3005a8d2da0f5301", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix_2": { + "inputs": { + "flake-compat": [ + "gorinapp", + "devenv", + "flake-compat" + ], + "nixpkgs": [ + "gorinapp", + "devenv", + "nixpkgs" + ], + "nixpkgs-regression": "nixpkgs-regression_2" + }, + "locked": { + "lastModified": 1712911606, + "narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=", + "owner": "domenkozar", + "repo": "nix", + "rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12", + "type": "github" + }, + "original": { + "owner": "domenkozar", + "ref": "devenv-2.21", + "repo": "nix", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1677383253, - "narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=", + "lastModified": 1692808169, + "narHash": "sha256-x9Opq06rIiwdwGeK2Ykj69dNc2IvUH1fY55Wm7atwrE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9952d6bc395f5841262b006fbace8dd7e143b634", + "rev": "9201b5ff357e781bf014d0330d18555695df7ba8", "type": "github" }, "original": { @@ -69,7 +331,70 @@ "type": "github" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, + "nixpkgs-regression_2": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { + "locked": { + "lastModified": 1721864797, + "narHash": "sha256-VQ/WeQXEIz6tuET9bZIQ65E7sQ9KnFnhMIgKUoPXc40=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "5d28e331495d871a250900ea8c11bf4a5dc521f3", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1697009197, "narHash": "sha256-viVRhBTFT8fPJTb1N3brQIpFZnttmwo3JVKNuWRVc3s=", @@ -83,12 +408,67 @@ "type": "indirect" } }, + "poetry2nix": { + "inputs": { + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "gorinapp", + "devenv", + "cachix", + "devenv", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1692876271, + "narHash": "sha256-IXfZEkI0Mal5y1jr6IRWMqK8GW2/f28xJenZIPQqkY0=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "d5006be9c2c2417dafb2e2e5034d83fabd207ee3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": [ + "gorinapp", + "devenv", + "flake-compat" + ], + "flake-utils": "flake-utils_2", + "gitignore": "gitignore", + "nixpkgs": [ + "gorinapp", + "devenv", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1713775815, + "narHash": "sha256-Wu9cdYTnGQQwtT20QQMg7jzkANKQjwBD9iccfGKkfls=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "2ac4dcbf55ed43f3be0bae15e181f08a57af24a4", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { - "devshell": "devshell", "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" + "gorinapp": "gorinapp", + "nixpkgs": "nixpkgs_3" } }, "systems": { diff --git a/flake.nix b/flake.nix index 04d428a..933e281 100644 --- a/flake.nix +++ b/flake.nix @@ -1,26 +1,30 @@ { - description = "virtual environments"; + description = "SimpleRisk's Docker and related artifacts"; - inputs.devshell.url = "github:numtide/devshell"; - inputs.flake-utils.url = "github:numtide/flake-utils"; - - inputs.flake-compat = { - url = "github:edolstra/flake-compat"; - flake = false; + inputs = { + flake-compat = { + url = "github:edolstra/flake-compat"; + flake = false; + }; + gorinapp.url = "git+https://codeberg.org/wolfangaukang/gorin"; }; - outputs = { self, flake-utils, devshell, nixpkgs, ... }: - flake-utils.lib.eachDefaultSystem (system: { - devShell = + outputs = { nixpkgs, gorinapp, ... }: + let + overlays = [ + gorinapp.overlays.default + ]; + forEachSystem = nixpkgs.lib.genAttrs (nixpkgs.lib.systems.flakeExposed); + pkgsFor = forEachSystem (system: import nixpkgs { inherit overlays system; }); + + in + { + devShells = forEachSystem (system: let - pkgs = import nixpkgs { - inherit system; + pkgs = pkgsFor.${system}; - overlays = [ devshell.overlays.default ]; - }; - in - pkgs.devshell.mkShell { - imports = [ (pkgs.devshell.importTOML ./devshell.toml) ]; - }; - }); + in { + default = pkgs.mkShell { packages = (with pkgs; [ docker-compose dockle grype gorin ]); }; + }); + }; }