docs(ci): establish docs/ci/adr namespace (ci-001 pipeline, ci-002 flake)
ci / gate (push) Successful in 2m33s
ci / gate (push) Successful in 2m33s
Records the CI/release pipeline as ADR-ci-001 and relocates the nix-flake ADR from main's ADR-0049 to ADR-ci-002 (content unchanged, history note added). Both live in docs/ci/adr/ with a README index — a dated, ci-segmented namespace disjoint from main's integer ADR sequence, the same split the website subproject uses to avoid cross-branch number collisions. Drops the ADR-0049 entry from docs/adr/README. ci-001 covers the runner model, the baked nix CI image, the clippy+test gate, the static-musl release on tag, trigger hygiene, auth, and scope.
This commit is contained in:
claude@clouddev1
@@ -0,0 +1,185 @@
|
||||
# ADR-ci-001: CI + release pipeline on Gitea Actions
|
||||
|
||||
## Status
|
||||
|
||||
**Accepted (2026-06-12); implemented the same day on the `ci` branch.** Every
|
||||
fork below was settled with the user as the pipeline was built, and each stage
|
||||
was verified live before acceptance:
|
||||
|
||||
- a throwaway probe workflow established how the runner executes jobs;
|
||||
- the CI image was built and checked locally (runner contract, warm devShell);
|
||||
- the gate ran green (**clippy clean; 2424 tests pass / 0 fail / 1 intentional
|
||||
ignored doctest**);
|
||||
- the release was exercised end-to-end — tag `v0.0.0-citest2` published a Gitea
|
||||
release carrying the static binary (~10 MB) and its `.sha256`.
|
||||
|
||||
This ADR records the **CI/release pipeline**. The **dev/build environment it
|
||||
runs on** — the nix flake (devShell + reproducible build, pinned Rust 1.95.0)
|
||||
— is **ADR-ci-002** (relocated here from main's ADR-0049); this ADR builds on
|
||||
it rather than restating it.
|
||||
|
||||
> **Namespacing.** Kept in `docs/ci/adr/` (id `ADR-ci-001`), disjoint from
|
||||
> `main`'s integer ADR sequence, mirroring the website subproject's
|
||||
> `docs/website/adr/`. This avoids the cross-branch number collisions that
|
||||
> previously forced website ADRs to be renumbered (see that namespace's
|
||||
> history note and ADR-0000 "Numbering discipline").
|
||||
|
||||
## Context
|
||||
|
||||
The project is near feature-complete and needs CI (`requirements.md` **TT5**;
|
||||
the **CI** item in the deferred list) and a release path for its distributed
|
||||
binaries (**D1**/**D2**/**D3**). The self-hosted Gitea instance
|
||||
(`git.lazyeval.net`) has its Actions runner freshly set up — a first-time
|
||||
in-anger use — with a DinD-capable setup and a reusable `docker-build`
|
||||
template, exercised by a handful of sample workflows.
|
||||
|
||||
The starting constraints, and what the probe found:
|
||||
|
||||
- The runner label is **`ci-public`**. A throwaway probe
|
||||
(`ci-probe.yaml`, since removed) established that **jobs run *inside* a
|
||||
container** — `ghcr.io/catthehacker/ubuntu:act-22.04` by default, as **root**
|
||||
— and therefore the runner *host's* nix is **not** on the steps' PATH
|
||||
(`nix NOT on PATH`, `no /nix`). A custom job `container:` *can* be pulled
|
||||
(it pulled `nixos/nix:latest`), but the runner keeps job containers alive
|
||||
with `entrypoint: /bin/sleep` and runs JS actions (e.g. `actions/checkout`)
|
||||
with `node`, so the container must provide **`sleep` + `bash` + `node`** —
|
||||
a bare `nixos/nix` image has none and fails to start.
|
||||
- The reusable template only does `docker build`; it neither runs a Rust gate
|
||||
nor pushes images nor uploads release assets — so a Rust pipeline can't just
|
||||
call it.
|
||||
- The whole motivation (per the user) is for CI to use the project's **nix
|
||||
flake** for its tools rather than relying on whatever the build machine has
|
||||
— i.e. **one toolchain definition shared by dev and CI**.
|
||||
|
||||
## Decision
|
||||
|
||||
### 1. Toolchain delivery — a baked nix CI image
|
||||
|
||||
CI gets its toolchain from a **purpose-built job-container image**, not from
|
||||
host nix and not by installing nix per-job:
|
||||
|
||||
- **Base `node:22-bookworm-slim`.** Debian slim already provides `bash` +
|
||||
coreutils (`sleep`); the `node` tag adds the actions runtime. This satisfies
|
||||
the act_runner job-container contract at a fraction of the size of the
|
||||
catthehacker runner images (chosen on the user's prompt to avoid those
|
||||
multi-GB images), and far more reliably than a bare `nixos/nix` (which can't
|
||||
start). `.gitea/ci-image/Dockerfile`.
|
||||
- **Single-user nix on top**, flakes enabled, with the **flake's devShell
|
||||
pre-warmed** (`nix develop` realizes nixpkgs + the pinned Rust toolchain +
|
||||
`cargo-sweep` + the musl cc into the store). CI then runs `nix develop -c …`
|
||||
against a warm store — the *same* pinned toolchain as dev (ADR-ci-002),
|
||||
reaching a ready toolchain in ~1.4 s.
|
||||
- **Built + pushed by `build-ci-image.yaml`** via the DinD service to the
|
||||
Gitea container registry as `git.lazyeval.net/<owner>/rdbms-playground-ci`,
|
||||
a **public** package (anonymous pull, no gate-side credentials). It runs only
|
||||
when an image input changes (Dockerfile / `flake.nix` / `flake.lock` /
|
||||
`rust-toolchain.toml`) or on manual dispatch.
|
||||
|
||||
### 2. Gate — `ci.yaml`
|
||||
|
||||
On branch pushes and PRs, a single job runs **inside the CI image**:
|
||||
`nix develop -c cargo clippy --all-targets -- -D warnings` then
|
||||
`nix develop -c cargo test --no-fail-fast`.
|
||||
|
||||
**`fmt` is deliberately not gated.** The tree isn't clean under stock
|
||||
`rustfmt` (~100 files would change; no `rustfmt.toml` is committed) and
|
||||
reformatting would churn blame across the in-flight website branch and ongoing
|
||||
`main` work — so, by user decision, the gate is **clippy + test** and fmt is
|
||||
revisited on `main` (also recorded in ADR-ci-002).
|
||||
|
||||
### 3. Release — `release.yaml`
|
||||
|
||||
On a `v*` tag, one job in the CI image:
|
||||
|
||||
1. **tests** (`cargo test`) — so a tag can never publish untested code, even
|
||||
one pointing at a never-gated commit (user choice over relying solely on the
|
||||
branch gate);
|
||||
2. **builds the static binary** for **`x86_64-unknown-linux-musl`** (D2:
|
||||
single static binary, no runtime deps). The glibc/nix-store build is
|
||||
non-portable; the musl target with `crt-static` is fully static. rusqlite's
|
||||
`bundled` SQLite C is compiled by a **musl `cc`** (`pkgsCross.musl64`) wired
|
||||
into the flake devShell via `CC_<target>` + `CARGO_TARGET_<TARGET>_LINKER`;
|
||||
`[profile.release] strip = "symbols"` trims it (~13 MB → ~10 MB);
|
||||
3. **publishes** the binary + a `.sha256` to a Gitea release via the API and
|
||||
the auto-provided **`GITEA_TOKEN`** — no third-party action (just `curl` +
|
||||
`node`, both in the image).
|
||||
|
||||
### 4. Triggers — branch vs tag hygiene
|
||||
|
||||
- Gate and image-build are scoped to **branch** pushes (`branches: ['**']`).
|
||||
Tag pushes ignore `paths:` filters and would otherwise spuriously rebuild the
|
||||
unchanged image and re-gate an already-gated commit; the branch filter
|
||||
excludes tags. **`release.yaml` owns tags** (`tags: ['v*']`).
|
||||
- Pushing commits + a tag together still gates the commits (via the branch
|
||||
ref) and releases (via the tag ref) — no lost coverage, no duplicate runs.
|
||||
|
||||
### 5. Auth
|
||||
|
||||
- **Image push:** a dedicated PAT with `write:package`, supplied as the
|
||||
`REGISTRY_USERNAME` / `REGISTRY_TOKEN` Actions secrets (the package owner
|
||||
must match the token's user — an `oli`-namespace push with a different user
|
||||
is refused with `reqPackageAccess`).
|
||||
- **Release publish:** the auto `GITEA_TOKEN` (repo/release scope).
|
||||
|
||||
### 6. Scope this iteration — Linux x86_64, step by step
|
||||
|
||||
The user's target is the full **D1** matrix, approached incrementally. This
|
||||
iteration ships **Linux x86_64 only**; the rest is deferred (below).
|
||||
|
||||
## Consequences
|
||||
|
||||
- **One toolchain, dev and CI.** They build through the same flake and cannot
|
||||
drift. New image rebuilds only when the flake/toolchain/Dockerfile change.
|
||||
- **D2 is met on Linux.** The release artifact is a genuinely static,
|
||||
stripped musl binary that runs with no runtime dependencies.
|
||||
- **DinD is per-job (no layer cache across runs),** so every `build-ci-image`
|
||||
run rebuilds from scratch (~6 min). Acceptable at its trigger frequency;
|
||||
base-pull caching via the `dind-cached` proxy variant is a possible later
|
||||
optimisation.
|
||||
- **The CI image is ~5.5 GB+** (the Rust toolchain closure, now also musl).
|
||||
Pulled once per runner and cached; slimming (multi-stage, prune) is optional.
|
||||
- **Every gate run recompiles the full dependency graph** (warm *toolchain*,
|
||||
cold *deps*; clippy and test don't share artifacts), ~2 min total. Fine for
|
||||
now; dependency/`target` caching is a deferred speed item.
|
||||
- **`GITEA_TOKEN` must retain release scope;** if an instance policy narrows
|
||||
it, the release publish falls back to a repo-scoped PAT secret.
|
||||
|
||||
## Alternatives considered
|
||||
|
||||
- **Run on the runner host's nix.** Rejected — the probe showed steps run in a
|
||||
container where host nix is unreachable.
|
||||
- **Install nix per-job in the default image.** Works but cold every run
|
||||
(slow) and throwaway once the image exists; rejected in favour of the baked
|
||||
image.
|
||||
- **`catthehacker` or bare `nixos/nix` as the base.** catthehacker is a
|
||||
multi-GB runner emulation we don't need; bare `nixos/nix` lacks
|
||||
`sleep`/`bash`/`node` and won't start. `node:22-bookworm-slim` is the small,
|
||||
contract-satisfying middle (user's suggestion).
|
||||
- **A standard `rust:1.95` CI image instead of the flake.** Simpler in CI but a
|
||||
*second* toolchain definition (drift) — counter to the unify-with-dev goal.
|
||||
- **A third-party Gitea release action.** Avoided; the API + auto token keep
|
||||
the release self-contained and debuggable.
|
||||
|
||||
## Deferred / out of scope (tracked, step by step)
|
||||
|
||||
- **D1 matrix:** aarch64, macOS, Windows builds (cross toolchains; macOS is the
|
||||
hard part on a Linux runner).
|
||||
- **D3 packaging:** Homebrew / Scoop / winget / `cargo-binstall` manifests
|
||||
(and binstall-friendly asset naming/archives).
|
||||
- **Tier 4 (PTY E2E):** still unwired (`requirements.md` **TT4**); the gate runs
|
||||
tiers 1–3 only, so **TT5** ("CI runs all tiers on Linux/macOS/Windows") is
|
||||
partially met — Linux, tiers 1–3.
|
||||
- **CI speed:** dependency/`target` caching (cargo-chef into the image, or
|
||||
`actions/cache`), and image slimming / `dind-cached` base-pull caching.
|
||||
- **Website deploy:** the static site → Cloudflare via Gitea Actions (a
|
||||
separate, simpler workflow on the website branch).
|
||||
- **fmt gate:** revisit on `main` once a `rustfmt` style is chosen.
|
||||
|
||||
## Relationship to other decisions
|
||||
|
||||
- **Builds on ADR-ci-002** (nix flake dev + build env). This ADR adds the
|
||||
musl-target/cc to that flake and consumes it from CI.
|
||||
- **Advances `requirements.md`:** **TT5** (CI runs the tiers — Linux, 1–3),
|
||||
**D2** (static binary — Linux, done), **D1**/**D3** (partial/deferred).
|
||||
- **Mirrors the website subproject's** separate ADR namespace and its
|
||||
static→Cloudflare-via-Gitea-Actions deployment posture (ADR-website-001).
|
||||
@@ -0,0 +1,135 @@
|
||||
# ADR-ci-002: Nix flake for a reproducible dev + build environment
|
||||
|
||||
## Status
|
||||
|
||||
**Accepted (2026-06-12).** Implemented the same day on the `ci` branch:
|
||||
`flake.nix`, `flake.lock`, `rust-toolchain.toml`, `.envrc`. Verified
|
||||
end-to-end before acceptance — `nix develop` provides the pinned
|
||||
toolchain; `nix build .#default` produces a working binary; `cargo
|
||||
clippy --all-targets -- -D warnings` is clean and `cargo test` is
|
||||
**2424 passed / 0 failed / 1 ignored** (the ignored item is the
|
||||
intentional ```` ```ignore ```` doctest at `src/friendly/mod.rs:21`),
|
||||
all run *through the flake*. This ADR is the dev/build-environment
|
||||
foundation; the CI **pipeline** that consumes it (runner model, image,
|
||||
gate, release) is **ADR-ci-001**.
|
||||
|
||||
> **History.** Created as **ADR-0049** in `main`'s integer ADR namespace
|
||||
> (`docs/adr/`); moved here to **ADR-ci-002** on 2026-06-12 to keep the
|
||||
> CI/dev-env decisions out of `main`'s sequence and end the cross-branch
|
||||
> number collision (`main` independently reaches for the next integer too —
|
||||
> the same problem the website subproject hit). Content is otherwise
|
||||
> unchanged. See ADR-0000 "Numbering discipline".
|
||||
|
||||
## Context
|
||||
|
||||
The project is near feature-complete and CI is finally being set up
|
||||
(`requirements.md` **TT5**, **CI** in the deferred list). CI must not
|
||||
depend on whatever Rust/toolchain happens to be installed on the build
|
||||
machine — that is neither reproducible nor honest about what the build
|
||||
needs.
|
||||
|
||||
The sibling project **datamage** already solved this with a Nix flake
|
||||
(its ADR 0046): the flake is the single, version-pinned declaration of
|
||||
the toolchain, and both the dev shell and CI go through it so they
|
||||
cannot drift. We adopt the same pattern here. Ours is dramatically
|
||||
simpler than datamage's — this is a pure-Rust TUI with no Tauri /
|
||||
WebKitGTK / Node / WASM surface — so the flake carries almost no system
|
||||
dependencies.
|
||||
|
||||
Two build facts drove the (tiny) dependency set, confirmed from
|
||||
`Cargo.lock`:
|
||||
|
||||
- **`libsqlite3-sys` is built with `bundled`** → SQLite is compiled
|
||||
from vendored C, which needs a C compiler. `nixpkgs`' `stdenv`
|
||||
provides one automatically; nothing is declared for it.
|
||||
- **`arboard`'s clipboard backend is `x11rb`** — a pure-Rust socket
|
||||
XCB client that links *no* C X11 libraries. So no X11/`pkg-config`
|
||||
system inputs are needed to build or test. A live X server is only
|
||||
required at *runtime* to actually copy; headless sessions fall back
|
||||
to OSC 52.
|
||||
|
||||
## Decision
|
||||
|
||||
Adopt a **Nix flake** at the repository root as the canonical
|
||||
declaration of the dev *and* build environment.
|
||||
|
||||
- **`flake.nix`** exposes two outputs (user-chosen 2026-06-12 over a
|
||||
dev-shell-only variant):
|
||||
- **`devShells.default`** — the pinned Rust toolchain (from
|
||||
`rust-toolchain.toml` via `rust-overlay`) plus `cargo-sweep` for
|
||||
the `target/` build-hygiene discipline (CLAUDE.md / the datamage
|
||||
ADR 0050 equivalent).
|
||||
- **`packages.default`** (= `packages.rdbms-playground`) — a
|
||||
`rustPlatform.buildRustPackage` that produces the binary
|
||||
reproducibly from the pinned toolchain and the committed
|
||||
`Cargo.lock` (`cargoLock.lockFile` → `importCargoLock`, which
|
||||
fetches each dependency by its lockfile checksum: offline,
|
||||
deterministic, no `cargoHash` to churn). `nix build` yields the
|
||||
artifact CI's gate/release can consume.
|
||||
- **`rust-toolchain.toml`** pins an **exact stable release**
|
||||
(`1.95.0`), not the floating `stable` channel, so `nix flake update`
|
||||
cannot surprise-bump Rust into new clippy lints that would fail the
|
||||
`-D warnings` gate (same reasoning as datamage ADR 0046). Components:
|
||||
`rustfmt` + `clippy`. No coverage/WASM tooling and no
|
||||
cross-compilation targets yet — those are added when the release
|
||||
matrix needs them, not before.
|
||||
- **`flake.lock`** pins every input (`nixpkgs` `nixos-26.05`,
|
||||
`rust-overlay`, `flake-utils`) to a commit, making the env
|
||||
bit-reproducible.
|
||||
- **`.envrc`** contains `use flake` for direnv auto-activation, kept
|
||||
for parity with datamage even though direnv is not installed on the
|
||||
current dev VM (entry is via `nix develop`).
|
||||
- **`packages.default` sets `doCheck = false`.** The test suite is
|
||||
*not* run during `nix build` — the Nix build sandbox has no `HOME`
|
||||
and no X server, which fights the project-directory / clipboard
|
||||
paths the tests touch. Tests run as their own CI stage via
|
||||
`nix develop -c cargo test`, keeping "build the artifact" and "run
|
||||
the suite" cleanly separate.
|
||||
- **The package version is read from `Cargo.toml`** via
|
||||
`builtins.fromTOML`, so it never drifts from the crate metadata.
|
||||
|
||||
## Consequences
|
||||
|
||||
- **One toolchain definition.** Dev and CI share the exact pinned
|
||||
toolchain; they cannot drift. New contributors run `nix develop`
|
||||
(or get auto-activation via direnv) and have the same Rust as CI.
|
||||
- **D2 (static binary) is unaffected and still pending.** The
|
||||
`nix build` artifact links the Nix-store glibc *dynamically* — it is
|
||||
a reproducible build/test artifact, **not** the single static
|
||||
release binary D2 calls for. Release binaries will target a static
|
||||
toolchain (e.g. `x86_64-unknown-linux-musl`) in the forthcoming CI
|
||||
release work; that is a release-step concern, not a dev-shell one.
|
||||
- **`fmt` is deliberately *not* gated yet.** The tree is not clean
|
||||
under stock `rustfmt` (~100 files would change; no `rustfmt.toml` is
|
||||
committed and the code was shaped by something other than default
|
||||
`rustfmt`). Reformatting churns blame across every file and would
|
||||
conflict with the in-flight website branch and ongoing `main` work,
|
||||
so — user decision 2026-06-12 — the `fmt` gate is left out for now
|
||||
and revisited on `main`. The CI gate is `clippy` + `test`.
|
||||
- **Engine-name posture (CLAUDE.md) is respected.** The flake's
|
||||
comments may name SQLite/`rusqlite` where technically necessary
|
||||
(build-input rationale); no user-facing string is affected.
|
||||
|
||||
## Alternatives considered
|
||||
|
||||
- **Dev-shell only (no build package).** Matches datamage exactly; CI
|
||||
would `cargo build` inside `nix develop -c`. Rejected (user choice):
|
||||
a `nix build` package gives a reproducible release artifact straight
|
||||
from the pinned toolchain, which the release job wants.
|
||||
- **A standard `rust:1.95` image in CI, flake for dev only.** Simpler
|
||||
in CI (no nix-in-CI caching to solve), but it is a *second* place
|
||||
that defines the toolchain — exactly the drift this ADR exists to
|
||||
prevent. Rejected for the unified-env goal; the nix-in-CI caching
|
||||
cost is solved in the CI pipeline work instead.
|
||||
- **`rustup` on the build machine.** The status quo CI would replace —
|
||||
non-reproducible, machine-dependent, the thing we are eliminating.
|
||||
|
||||
## Relationship to other decisions
|
||||
|
||||
- Mirrors **datamage ADR 0046** (nix flake dev env) and its build
|
||||
hygiene companion. This is the rdbms-playground analogue, scoped to
|
||||
a pure-Rust project.
|
||||
- Feeds **ADR-ci-001** (the CI + release pipeline), which consumes this
|
||||
flake for `requirements.md` **TT5** (CI runs the tiers) and the
|
||||
**D1/D2/D3** distribution items (the release uses a static musl target
|
||||
built through this flake).
|
||||
@@ -0,0 +1,22 @@
|
||||
# CI / Build Architecture Decision Records
|
||||
|
||||
Decision records for the **continuous-integration + release pipeline**
|
||||
subproject — the Gitea Actions workflows under `.gitea/`, the nix CI image,
|
||||
and the release tooling. These are kept in their own namespace, separate
|
||||
from the project-wide ADRs in [`docs/adr/`](../../adr/README.md), so CI
|
||||
decisions never compete with the main global ADR sequence for numbers — the
|
||||
same split the website subproject uses (`docs/website/adr/`, on the `website`
|
||||
branch), and for the same reason (see
|
||||
[ADR-0000 "Numbering discipline"](../../adr/0000-record-architecture-decisions.md)).
|
||||
|
||||
**Numbering.** Files are named `<date>-adr-ci-<NNN>.md` and referenced in
|
||||
prose as `ADR-ci-NNN`. The `<date>` (the ADR's accepted/created day,
|
||||
`YYYYMMDD`) plus the `ci` segment keeps the namespace disjoint from `main`'s
|
||||
integers. Assign the next free `NNN` from this index. Every ADR change
|
||||
updates this index in the same edit (the ADR-0000 index-upkeep rule applies
|
||||
here too).
|
||||
|
||||
## Index
|
||||
|
||||
- [ADR-ci-001 — CI + release pipeline on Gitea Actions](20260612-adr-ci-001.md) — **Accepted 2026-06-12** (implemented the same day on the `ci` branch). Establishes the CI/release pipeline on the self-hosted Gitea instance's Actions runner (`ci-public`). **Runner model** (established by a throwaway probe): jobs execute *inside* a container (`catthehacker/ubuntu:act-22.04` by default), as root, so the runner host's nix is **not** reachable from steps. **Toolchain delivery:** a **baked CI image** — `node:22-bookworm-slim` (satisfies the act_runner job-container contract: `/bin/sleep` keep-alive, `bash`, `node` for JS actions; a bare `nixos/nix` image lacks these and won't start) **+ single-user nix + the flake's devShell pre-warmed** — built by `build-ci-image.yaml` via DinD and pushed to the Gitea container registry as a **public** package, so CI runs `nix develop -c …` against the **same pinned toolchain as dev** (the flake, ADR-ci-002) with a warm store (~1.4 s to a ready toolchain). **Gate** (`ci.yaml`): `clippy -D warnings` + `cargo test` inside that image on branch pushes + PRs; **fmt deliberately not gated** (the tree isn't stock-rustfmt-clean — user decision, revisit on `main`; see ADR-ci-002). **Release** (`release.yaml`): on a `v*` tag, runs the tests, builds the **static `x86_64-unknown-linux-musl` binary** (D2: single static binary, no runtime deps — the glibc/nix build is non-portable), strips it, and publishes it + a `.sha256` to a Gitea release via the API and the auto-provided `GITEA_TOKEN`. **Triggers:** gate + image-build are scoped to **branch** pushes (`branches: ['**']`) so a release tag doesn't spuriously re-run them; the image-build additionally path-filters to its inputs (Dockerfile/flake/toolchain); the release owns tags. **Auth:** a dedicated PAT (`REGISTRY_USERNAME`/`REGISTRY_TOKEN` secrets) pushes the image; the auto `GITEA_TOKEN` publishes releases. **Scope this iteration:** Linux x86_64 only — the rest of the D1 matrix (aarch64/macOS/Windows), D3 package-manager manifests, CI-speed dependency caching, and the website's static→Cloudflare deploy are deferred, to be added step by step. Verified live: probe → runner facts; image built + checked locally; gate green (**2424 tests**); release exercised end-to-end (`v0.0.0-citest2` published with binary + checksum). Builds on **ADR-ci-002** (the nix flake, relocated here from main's ADR-0049 to avoid exactly this cross-branch collision).
|
||||
- [ADR-ci-002 — Nix flake for a reproducible dev + build environment](20260612-adr-ci-002.md) — **Accepted 2026-06-12** (relocated from main's **ADR-0049** on the same day — content unchanged — to keep CI/dev-env decisions out of `main`'s integer sequence). The single, version-pinned declaration of the **dev *and* build toolchain** so CI never relies on whatever Rust is on the build machine — mirroring **datamage ADR 0046**, but far simpler (pure-Rust TUI). Root **Nix flake** with two outputs: **`devShells.default`** (pinned **Rust 1.95.0** via `rust-toolchain.toml` + `rust-overlay`, `cargo-sweep`, and the musl cc for the static release build) and **`packages.default`** (`rustPlatform.buildRustPackage` from the committed `Cargo.lock`; `doCheck = false`). Exact-pin (not floating `stable`) so `nix flake update` can't surprise-bump clippy past the `-D warnings` gate. System inputs near-empty by design (`libsqlite3-sys bundled` → stdenv cc only; `arboard`→`x11rb` pure-Rust). `.envrc` (`use flake`) for direnv parity. Verified through the flake: `nix build` yields a working binary, clippy clean, **2424 tests pass / 0 fail / 1 intentional ignored doctest**. Consumed by **ADR-ci-001** (the pipeline). Alternatives rejected: dev-shell-only; a standard `rust:1.95` CI image (a second toolchain definition = drift); `rustup` on the build host (non-reproducible).
|
||||
Reference in New Issue
Block a user