forked from hswaw/hscloud
RFC: *: move away from rules_nixpkgs
This is an attempt to see how well we do without rules_nixpkgs. rules_nixpkgs has the following problems: - complicates our build system significantly (generated external repository indirection for picking local/nix python and go) - creates builds that cannot run on production (as they are tainted by /nix/store libraries) - is not a full solution to the bazel hermeticity problem anyway, and we'll have to tackle that some other way (eg. by introducing proper C++ cross-compilation toolchains and building everything from C, including Python and Go) Instead of rules_nixpkgs, we ship a shell.nix file, so NixOS users can just: jane@hacker:~/hscloud $ nix-shell hscloud-build-chrootenv:jane@hacker:~/hscloud$ prodaccess This shell.nix is in a way nicer, as it immediately gives you all tools needed to access production straight away. Change-Id: Ieceb5ae0fb4d32e87301e5c99416379cedc900c5
This commit is contained in:
parent
55cc9ab177
commit
4b613303b1
5 changed files with 4 additions and 212 deletions
27
WORKSPACE
27
WORKSPACE
|
@ -25,21 +25,6 @@ http_archive(
|
|||
sha256 = "e46612e9bb0dae8745de6a0643be69e8665a03f63163ac6610c210e80d14c3e4",
|
||||
)
|
||||
|
||||
# Load and setup Nixpkgs, if Nix is present on the build system.
|
||||
http_archive(
|
||||
name = "io_tweag_rules_nixpkgs",
|
||||
strip_prefix = "rules_nixpkgs-dc24090573d74adcf38730422941fd69b87682c7",
|
||||
urls = ["https://github.com/tweag/rules_nixpkgs/archive/dc24090573d74adcf38730422941fd69b87682c7.tar.gz"],
|
||||
sha256 = "aca86baa64174478c57f74ed09d5c2313113abe94aa3af030486d1b14032d3ed",
|
||||
)
|
||||
|
||||
load("//third_party/nix:repository_rules.bzl", "hscloud_setup_nix")
|
||||
|
||||
hscloud_setup_nix(
|
||||
revision = "1179841f9a88b8a548f4b11d1a03aa25a790c379",
|
||||
sha256 = "8b64041bfb9760de9e797c0a985a4830880c21732489f397e217d877edd9a990",
|
||||
)
|
||||
|
||||
# Download Go/Gazelle rules
|
||||
http_archive(
|
||||
name = "io_bazel_rules_go",
|
||||
|
@ -69,9 +54,9 @@ load("@rules_python//python:pip.bzl", "pip_repositories")
|
|||
|
||||
pip_repositories()
|
||||
|
||||
load("@hscloud_pip_imports//:imports.bzl", "hscloud_pip3_import")
|
||||
load("@rules_python//python:pip.bzl", "pip3_import")
|
||||
|
||||
hscloud_pip3_import(
|
||||
pip3_import(
|
||||
name = "pydeps",
|
||||
requirements = "//third_party/py:requirements.txt",
|
||||
)
|
||||
|
@ -81,12 +66,8 @@ load("@pydeps//:requirements.bzl", "pip_install")
|
|||
pip_install()
|
||||
|
||||
# Setup Go toolchain.
|
||||
# This workspace is generated by hscloud_setup_nixpkgs. It will either call
|
||||
# go_register_toolchains() to automagically get Go toolchains from the Internet
|
||||
# or, if nix is present, instead setup a toolchain from nixpkgs.
|
||||
load("@hscloud_go_toolchain//:imports.bzl", "hscloud_go_register_toolchains")
|
||||
|
||||
hscloud_go_register_toolchains()
|
||||
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains")
|
||||
go_register_toolchains()
|
||||
|
||||
# IMPORTANT: match protobuf version above with the one loaded by grpc
|
||||
http_archive(
|
||||
|
|
|
@ -31,12 +31,6 @@ copy_go_binary(
|
|||
visibility = ["//visibility:public"],
|
||||
)
|
||||
|
||||
sh_binary(
|
||||
name = "nixops",
|
||||
srcs = ["nixops.sh"],
|
||||
data = ["@nixops//:bin", "//tools:secretstore"],
|
||||
)
|
||||
|
||||
sh_binary(
|
||||
name = "rook-s3cmd-config",
|
||||
srcs = ["rook-s3cmd-config.sh"],
|
||||
|
|
29
third_party/nix/BUILD
vendored
29
third_party/nix/BUILD
vendored
|
@ -1,29 +0,0 @@
|
|||
load("@rules_python//python:defs.bzl", "py_runtime_pair")
|
||||
|
||||
# Python toolchain definition that uses //third_party/nix:python.nix (via
|
||||
# external repository).
|
||||
|
||||
py_runtime(
|
||||
name = "py3_runtime",
|
||||
interpreter = "@hscloud_nix_python3//:python3",
|
||||
python_version = "PY3",
|
||||
)
|
||||
|
||||
py_runtime(
|
||||
name = "py2_runtime",
|
||||
interpreter = "@hscloud_nix_python2//:python2",
|
||||
python_version = "PY2",
|
||||
)
|
||||
|
||||
|
||||
py_runtime_pair(
|
||||
name = "py_runtime_pair",
|
||||
py2_runtime = ":py2_runtime",
|
||||
py3_runtime = ":py3_runtime",
|
||||
)
|
||||
|
||||
toolchain(
|
||||
name = "py_toolchain",
|
||||
toolchain = ":py_runtime_pair",
|
||||
toolchain_type = "@rules_python//python:toolchain_type",
|
||||
)
|
46
third_party/nix/python.nix
vendored
46
third_party/nix/python.nix
vendored
|
@ -1,46 +0,0 @@
|
|||
# This is a Python interpreter wrapper that's passed to pip3_import under
|
||||
# NixOS.
|
||||
# It allows us to build some pip wheels under NixOS that require special
|
||||
# system libraries. This is quite hacky, it would be much better if we could
|
||||
# somehow tell pip3_import that a given package needs to be built within a
|
||||
# given environment.
|
||||
|
||||
with import <nixpkgs> {};
|
||||
|
||||
let
|
||||
# We use mkDerivation instead of writeScript or writeScriptBin as we need a
|
||||
# derivation that both:
|
||||
# - has a directory structure (for rules_nixpkgs to be able to use it)
|
||||
# - has the Python interpreter directly in that structure and not in bin/, as
|
||||
# rules_python's pip3_import interpreter_path requires a file target, and
|
||||
# will not take an alias. Meanwhile, rules_nixpkgs only creates a BUILD file
|
||||
# in the root path of the external repository (which is populated with a
|
||||
# symlink tree from the nix derivation), so we can onlly directly reference
|
||||
# file in the root of a Nix derivation.
|
||||
generic = package: binary: stdenv.mkDerivation {
|
||||
name = "${binary}-wrapper";
|
||||
version = "1.0";
|
||||
src = ./.;
|
||||
unpackPhase = "";
|
||||
buildPhase = ''
|
||||
mkdir -p $out
|
||||
cat > $out/${binary} <<EOF
|
||||
#!/bin/bash
|
||||
|
||||
# pyscopg wants libpq, and uses pg_config to find paths. Inject pg_config into
|
||||
# the Python interpreter's path.
|
||||
export PATH="${pkgs.postgresql}/bin:\$PATH"
|
||||
|
||||
exec ${package}/bin/${binary} "\$@"
|
||||
EOF
|
||||
'';
|
||||
installPhase = ''
|
||||
chmod +x $out/${binary}
|
||||
'';
|
||||
};
|
||||
|
||||
in {
|
||||
# Add cffi for import _cffi_backend in `cryptography` to work.
|
||||
python2 = generic (pkgs.python27.withPackages (ps: with ps; [ cffi ])) "python2";
|
||||
python3 = generic (pkgs.python37.withPackages (ps: with ps; [ cffi ])) "python3";
|
||||
}
|
108
third_party/nix/repository_rules.bzl
vendored
108
third_party/nix/repository_rules.bzl
vendored
|
@ -1,108 +0,0 @@
|
|||
load("@io_tweag_rules_nixpkgs//nixpkgs:repositories.bzl", "rules_nixpkgs_dependencies")
|
||||
load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_git_repository", "nixpkgs_package")
|
||||
|
||||
def has_nix(ctx):
|
||||
return ctx.which("nix-build") != None
|
||||
|
||||
def _hscloud_gen_go_imports_impl(ctx):
|
||||
ctx.file("BUILD", "")
|
||||
|
||||
imports_for_nix = """
|
||||
load("@io_tweag_rules_nixpkgs//nixpkgs:toolchains/go.bzl", "nixpkgs_go_configure")
|
||||
|
||||
def hscloud_go_register_toolchains():
|
||||
nixpkgs_go_configure(repository = "@nixpkgs")
|
||||
"""
|
||||
imports_for_non_nix = """
|
||||
load("@io_bazel_rules_go//go:deps.bzl", "go_rules_dependencies", "go_register_toolchains")
|
||||
def hscloud_go_register_toolchains():
|
||||
go_register_toolchains()
|
||||
"""
|
||||
|
||||
if has_nix(ctx):
|
||||
ctx.file("imports.bzl", imports_for_nix)
|
||||
else:
|
||||
ctx.file("imports.bzl", imports_for_non_nix)
|
||||
|
||||
# Generate repository containing either a call to go_register_toolchains() or
|
||||
# nixpkgs_go_configure(), depending on nix presence.
|
||||
hscloud_gen_go_imports = repository_rule(
|
||||
implementation = _hscloud_gen_go_imports_impl,
|
||||
attrs = dict(),
|
||||
)
|
||||
|
||||
def _hscloud_gen_pip_imports_impl(ctx):
|
||||
ctx.file("BUILD", "")
|
||||
|
||||
# For Nix, we have to both pass our interpreter to pip3_import, and also
|
||||
# register it as a toolchain.
|
||||
imports_for_nix = """
|
||||
load("@rules_python//python:pip.bzl", "pip3_import")
|
||||
def hscloud_pip3_import(name, requirements):
|
||||
pip3_import(
|
||||
name = name,
|
||||
requirements = requirements,
|
||||
python_interpreter_target = "@hscloud_nix_python3//:python3",
|
||||
)
|
||||
native.register_toolchains("//third_party/nix:py_toolchain")
|
||||
"""
|
||||
imports_for_non_nix = """
|
||||
load("@rules_python//python:pip.bzl", "pip3_import")
|
||||
def hscloud_pip3_import(name, requirements):
|
||||
pip3_import(
|
||||
name = name,
|
||||
requirements = requirements,
|
||||
)
|
||||
"""
|
||||
if has_nix(ctx):
|
||||
ctx.file("imports.bzl", imports_for_nix)
|
||||
else:
|
||||
ctx.file("imports.bzl", imports_for_non_nix)
|
||||
|
||||
# Generate repository containing a wrapped pip3_import that either uses the
|
||||
# host Python interpreter or one from nixpkgs, depending on nix presence.
|
||||
hscloud_gen_pip_imports = repository_rule(
|
||||
implementation = _hscloud_gen_pip_imports_impl,
|
||||
attrs = dict(),
|
||||
)
|
||||
|
||||
def hscloud_setup_nix(revision, sha256):
|
||||
rules_nixpkgs_dependencies()
|
||||
nixpkgs_git_repository(
|
||||
name = "nixpkgs",
|
||||
revision = "1179840f9a88b8a548f4b11d1a03aa25a790c379",
|
||||
sha256 = "8b64041bfb9760de9e797c0a985a4830880c21732489f397e217d877edd9a990",
|
||||
)
|
||||
|
||||
# Load python from nixpkgs. Python is a large source of non-hermiticity,
|
||||
# and loading it from nix vastly hermeticizes the build - well, at least to
|
||||
# also be dependent on this Nix store state. That's still better than just
|
||||
# grabbing whatever random system Python a user might have.
|
||||
nixpkgs_package(
|
||||
name = "hscloud_nix_python2",
|
||||
repositories = { "nixpkgs": "@nixpkgs//:default.nix" },
|
||||
nix_file = "//third_party/nix:python.nix",
|
||||
attribute_path = "python2",
|
||||
build_file_content = """
|
||||
package(default_visibility = ["//visibility:public"])
|
||||
exports_files(["python2"])
|
||||
""",
|
||||
)
|
||||
nixpkgs_package(
|
||||
name = "hscloud_nix_python3",
|
||||
repositories = { "nixpkgs": "@nixpkgs//:default.nix" },
|
||||
nix_file = "//third_party/nix:python.nix",
|
||||
attribute_path = "python3",
|
||||
build_file_content = """
|
||||
package(default_visibility = ["//visibility:public"])
|
||||
exports_files(["python3"])
|
||||
""",
|
||||
)
|
||||
|
||||
# Generate a Go toolchain setup workspace rule.
|
||||
hscloud_gen_go_imports(
|
||||
name = "hscloud_go_toolchain",
|
||||
)
|
||||
hscloud_gen_pip_imports(
|
||||
name = "hscloud_pip_imports",
|
||||
)
|
Loading…
Reference in a new issue