Migrate to hs-nix-infra for the Nix setup #1778
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit exposes the pact input of chainweb at the Nix layer: * Allows the pact input to be overriden as a flake input * Exposes the pact package (with the CLI) of the Haskell package set
The customizable nix-conf features are now in it
DevopsGoth
approved these changes
Nov 9, 2023
jwiegley
reviewed
Nov 13, 2023
flake.nix
Outdated
| haskellNix = { | ||
| url = "github:input-output-hk/haskell.nix"; | ||
| hs-nix-infra = { | ||
| url = "github:kadena-io/hs-nix-infra/enis/metadata-experiments"; |
There was a problem hiding this comment.
We intend to follow the main branch at this repo, yes?
There was a problem hiding this comment.
@jwiegley, that's correct, I'm just experimenting with a few approaches for now.
jwiegley
approved these changes
Nov 13, 2023
Trying to expose the `src` of the pact input by caching it as a nix store path proved to be fragile. It's possible to output such paths from recursive-nix derivations, but those paths will be very tricky to access by downstream Nix expressions. This commit instead uses pure metadata to reconstruct the pact src definition at the recursive layer.
jwiegley
approved these changes
Nov 16, 2023
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
chessai
approved these changes
Dec 4, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR does the following:
Unify the GHC derivation used across Kadena projects
Instead of depending on
nixpkgsandhaskellNixdirectly, this flake now depends on our newhs-nix-infraflake and uses thenixpkgsandhaskellNixrevisions provided by it. The hash of thenixpkgsandhaskellNixflakes used for defining thehaskell.nixprojectdetermines the hash of the GHC package that gets used to compile the Haskell modules.When multiple projects depend on
nixpkgsandhaskellNixindependently, it's very hard (and not really well supported by nix CLI) to make sure that they don't deviate from each others'nixpkgsandhaskellNixpins arbitrarily. I.e. updating two projects'flake.lockfiles at slightly different times is likely to cause one of the pins to be on a different revision, even though the difference doesn't matter functionally.These unnecessarily different GHC packages put a lot of pressure on our CI infrastructure, taking hours to build functionally equivalent GHC packages and bloating the cache (with binaries from all the architectures we build and cache for). That also bloats the
/nix/storeof anychainwebuser that wants tonix buildan uncachedchainwebversion.The new workflow for updating Haskell-Nix toolchain
After this PR, the new workflow for managing our Haskell dependencies used by Nix will involve the following steps:
hackagepin so that we can build with newly released Haskell packages, we can justnix flake lock --update-input hackagesimilar to how we've been doing so far, because this PR keeps declaringhackageas an input to thechainweb-nodeflake. This means thehackageflake pin can deviate between multiple projects, but that's relatively OK, since thehackagepin doesn't influence the GHC package. The only bloat caused by such deviation is the need to download thehackagerepository, which is inconvenient, but worthwhile in exchange for the convenience of easily bumping the hackage pin.nixpkgsversion or if we need to bump ourhaskellNixpin for any reason, then unlike the status quo, we need to follow a two-step process:hs-nix-infrahas a newer version, bump it in this repo and see if that fixes the build.hs-nix-infraversion isn't good enough, then open a PR tohs-nix-infrato bumpnixpkgsandhaskellNix. The PR would preferably bump both of them to the latest version.Hopefully, this new workflow will reduce the number of
nixpkgs+haskellNixversions we depend on across our Haskell projects.Add a
recursivealternative to thedefaultpackageAs part of the CI automation for this repo, we're building and caching the Nix binaries for
chainweb, which makes it convenient for any user tonix buildchainweb from any commit/branch since all the dependencies will come from our binary cache. However, even without building anything locally, evaluating thedefaultpackage of this flake takes a significant amount of time and involves downloading ~2 GB of Nix dependencies. This is due to the complexity of whathaskellNixdoes for us at Nix evaluation time.This PR introduces a
recursivepackage to this flake's output, which usesrecursive-nixto push the Nix evaluation of thedefaultpackage into the build of a derivation. This means, any user that tries tonix build .#recursivewill fetch the chainweb binary from our cache without having to perform any complex Nix evaluation locally or downloading the Nix dependencies of any such evaluation as long as therecursivederivation they're building is already in our binary cache. If not, therecursive-nixderivation will be built locally (in which case make sure your local Nix setup hasrecursive-nixenabled), which is essentially as much work as buildingdefaultitself. This might still be worthwhile however, since subsequent builds of the samerecursivederivation will complete immediately, without having to evaluate thedefaultderivation again.Expose
pactas an attribute of output derivationThe
defaultpackage and therecursivepackage now both have apactattribute containing the version of thepactthat gets compiled in as well as itssrc. This allows downstream consumers of these packages to access the version and the source of thepactpackage embedded into thechainwebbinary they're building.Allow overriding the pact source
This PR adds a
pactinput to the flake, which defaults to anemptyflake, standing in for anull, meaning that thepactsource pinned from thecabal.projectshould be used. When thepactinput is overridden, via--override-inputor as part of a downstream flake,chainwebwill be built by the providedpactversion. This overriding mechanism is also exposed via the functions in theliboutput for cases when the choice ofpactsource is made outside the resolution of flake inputs.