Conversation
There was a problem hiding this comment.
Pull request overview
This PR continues the migration to a Nix-based build and CI workflow, replacing the prior compile-env/docker-based approach and wiring sysroot/toolchain configuration through Nix shells and Nix builds.
Changes:
- Replaces the legacy compile-env + fake-nix workflow with
default.nix/overlays,nix-shell, and updatedjustrecipes. - Updates CI (
dev.yml) to build/test via Nix targets and introduces new Nix packaging pieces (FRR packaging, platform/profile plumbing). - Refactors sysroot usage in Rust build scripts and updates docs to match the new Nix-first workflow.
Reviewed changes
Copilot reviewed 55 out of 56 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| testing.md | Updates testing instructions to assume nix-shell tooling. |
| sysfs/build.rs | Removes sysroot build script logic. |
| sysfs/Cargo.toml | Drops dpdk-sysroot-helper build-dependency. |
| shell.nix | Switches shell entrypoint to default.nix devenv. |
| scripts/update-doc-headers.sh | Bumps KaTeX version used in docs. |
| scripts/todo.sh | Adds a Nix-based build/test “checklist” script. |
| scripts/test-runner.sh | Removes legacy docker-based test runner wrapper. |
| scripts/rust.env | Removes legacy RUSTFLAGS/profile env file. |
| scripts/k8s-crd.env | Updates gateway CRD ref env file (now likely legacy). |
| scripts/installl-real-nix.sh | Adds helper to replace “fake nix” with real Nix install. |
| scripts/dpdk-sys.env | Updates pinned dpdk-sys commit. |
| scripts/doc/custom-header.html | Updates KaTeX CDN links and integrity hashes. |
| rust-toolchain.toml | Removes rustup toolchain file in favor of Nix toolchain sourcing. |
| routing/Cargo.toml | Cleans tokio features and adds dev tokio “full”. |
| npins/sources.json | Updates Nix pins (crane, frr, gateway, nixpkgs, rust, rust-overlay). |
| nix/profiles.nix | Adjusts compile/link/security profile flags and profile mapping. |
| nix/platforms.nix | Adds platform name mapping for bluefield2 → bluefield. |
| nix/pkgs/frr/patches/yang-hack.patch | Adds FRR/libyang-related patch. |
| nix/pkgs/frr/patches/xrelifo.py.fix.patch | Adds FRR python/xrelfo patch. |
| nix/pkgs/frr/default.nix | Introduces FRR derivation with configurable protocol support. |
| nix/pkgs/frr/clippy-helper.nix | Adds split derivation for FRR “clippy” tool for cross builds. |
| nix/pkgs/dpdk/default.nix | Simplifies DPDK build params and uses platform-provided properties. |
| nix/overlays/llvm.nix | Reworks LLVM+Rust toolchain overlay to source versions from pins. |
| nix/overlays/frr.nix | Adds overlay customizing dependencies for FRR static/cross builds. |
| nix/overlays/default.nix | Registers new overlays (rust/llvm/dataplane/frr). |
| nix/overlays/dataplane.nix | Wires platform/profile into DPDK build and tweaks deps. |
| nix/overlays/dataplane-dev.nix | Uses llvmPackages’ stdenv and adds a static-leaning gdb override. |
| net/src/buffer/test_buffer.rs | Cleans doc-only import; adds explicit PacketBuffer doc link. |
| mgmt/tests/reconcile.rs | Adds VM-runner attribute to a test. |
| mgmt/src/tests/mgmt.rs | Removes unused imports and disables a VM test during refactor. |
| mgmt/Cargo.toml | Adds n-vm + tracing-subscriber for tests. |
| k8s-intf/build.rs | Refactors CRD generation to OUT_DIR and env-driven inputs. |
| k8s-intf/Cargo.toml | Swaps build deps to dpdk-sysroot-helper. |
| justfile | Replaces compile-env/sterile/docker flows with Nix build/test/container commands. |
| init/build.rs | Switches to dpdk_sysroot_helper::use_sysroot() behind feature gate. |
| init/Cargo.toml | Introduces sysroot feature and makes sysroot helper optional. |
| hardware/src/os/mod.rs | Fixes a typo in a clippy lint comment. |
| hardware/build.rs | Switches to centralized use_sysroot(). |
| dpdk/src/lcore.rs | Updates lcore ID call to rte_lcore_id(). |
| dpdk/build.rs | Switches to centralized use_sysroot(). |
| dpdk-sysroot-helper/src/lib.rs | Changes sysroot discovery to DATAPLANE_SYSROOT and adds use_sysroot(). |
| dpdk-sys/build.rs | Updates bindgen/sysroot handling and link libs list. |
| development/code/running-tests.md | Updates test-running docs to Nix-first commands. |
| default.nix | Major Nix build definition: dev shell env, profiles, test archives, container tars. |
| dataplane/src/drivers/dpdk.rs | Gates DPDK driver file behind dpdk feature. |
| dataplane/build.rs | Switches to centralized use_sysroot() behind dpdk feature. |
| dataplane/Cargo.toml | Makes dpdk deps optional behind a dpdk feature (default on). |
| cli/build.rs | Removes sysroot build script logic. |
| cli/Cargo.toml | Drops dpdk-sysroot-helper build-dependency. |
| README.md | Updates developer setup/docs to nix-shell workflow. |
| Cargo.toml | Updates workspace version and dependency versions. |
| Cargo.lock | Updates lockfile to match dependency/version changes. |
| .github/workflows/dev.yml.old | Keeps old workflow as .old (new file added). |
| .github/workflows/dev.yml | Reworks CI to use Nix builds and archives. |
| .envrc | Simplifies direnv env vars for the new devroot/sysroot layout. |
| .cargo/config.toml | Updates env vars and rustflags for sysroot/devroot-based builds. |
mvachhar
force-pushed
the
pr/mvachhar/new-build-system
branch
7 times, most recently
from
d2a1beb to
cddb251
Compare
daniel-noland
force-pushed
the
pr/mvachhar/new-build-system
branch
from
cddb251 to
3591e49
Compare
mvachhar
force-pushed
the
pr/mvachhar/new-build-system
branch
from
3591e49 to
921adf0
Compare
daniel-noland
force-pushed
the
pr/mvachhar/new-build-system
branch
from
e3be498 to
eb71953
Compare
daniel-noland
force-pushed
the
pr/mvachhar/new-build-system
branch
2 times, most recently
from
bae29e6 to
6a688dd
Compare
mvachhar
force-pushed
the
pr/mvachhar/new-build-system
branch
2 times, most recently
from
81e9456 to
0059740
Compare
Add a nix derivation for frr-agent, the Hedgehog FRR management agent. This is a Rust binary built with buildRustPackage from the pinned frr-agent source. References to build-time paths are stripped with nuke-refs to keep the closure minimal. Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Rework the core build machinery in default.nix to support the new nix-native build pipeline. The old default.nix was structured around the compile-env sysroot approach; this rework introduces proper nix builders and integrates FRR packaging support. Changes: - Add tag parameter for container/version tagging - Add fuzz to cargo-profile map - Add frr-pkgs import with FRR overlay - Add comments explaining libc fully-qualified paths in sysroot - Add skopeo to devroot for container operations - Rework devenv from shellHook to structured env attributes - Add jsonFilter for source filtering - Simplify cargo-cmd-prefix (unconditional build-std-features) - Remove sanitizer-conditional RUSTFLAGS block - Add VERSION env var from tag parameter - Rename package-builder to workspace-builder - Rework test-builder to support building all tests at once - Update crane config (removeReferencesToRustToolchain/VendorDir) - Use clang++ as the linker driver instead of clang so that C++ standard library and exception handling runtime are linked correctly for transitive C++ dependencies (e.g. DPDK PMDs, hwloc) Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Add docs-builder helper and docs output that runs `cargo doc` through the nix build system with -D warnings. Supports building docs for individual packages or the entire workspace. Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Rework the dataplane tar to use busybox (providing a shell and coreutils in-container), symlinks instead of copies for binaries, and additional security hardening: - Add /home and /tmp directories - Use symlinks to nix store paths instead of copying binaries - Install busybox for minimal shell access - Change tar permissions to ugo-sw (no write, no setuid/setgid) - Add dontPatchShebangs, dontFixup, dontPatchElf - Include workspace.dataplane, workspace.init, workspace.cli, busybox and glibc.libgcc unconditionally in the tar - Rename attribute from dataplane-tar to dataplane.tar Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Add container image definitions using nixpkgs dockerTools: - containers.dataplane: production image with busybox, cli, init - containers.dataplane-debugger: debug image with gdb, rr, libc debug symbols - containers.frr.dataplane: FRR with dplane-plugin, dplane-rpc, frr-agent - containers.frr.host: FRR host variant with fakeNss The FRR containers include fakeRootCommands for /run/frr directory setup and use tini as the entrypoint. Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Add llvm tools to the dev shell for llvm-cov/llvm-profdata. Set CLANG_PATH, LLVM_COV, LLVM_PROFDATA, and CARGO_LLVM_COV_* env vars in .cargo/config.toml. Inject -ffile-prefix-map into all dataplane-dep builds so coverage data maps /build paths back to nix store source paths. Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Rework build.rs scripts across the workspace to use the nix build environment. Remove the ureq-based CRD fetching and dotenvy env-file parsing from k8s-intf build.rs; the CRD is now read from a nix-provided path. Remove build.rs from cli and sysfs (no longer needed). Simplify dpdk-sysroot-helper to read DATAPLANE_SYSROOT from the environment and add rerun-if-env-changed directive. Update Cargo.toml build-dependencies to match. Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Nix builds can't access the network from a build.rs script, so the prior approach of fetching CRDs via ureq at build time won't work. Move CRD binding generation from committed source to build.rs so that bindings are always in sync with the CRD schema provided by nix. This eliminates the need to manually regenerate and commit the 500-line gateway_agent_crd.rs file when the upstream CRD changes. The generated module and its re-exports are removed; consumers now get the bindings via the build-time generation in k8s-intf's build.rs (which invokes kopium against the nix-provided CRD file). Also simplify the version handling: get_gateway_version() now returns a plain String (defaulting to "dev" when VERSION is unset) instead of Option<String> that was always Some. Remove the commented-out npins-based version lookup and the now-unused serde_json build-dependency. Remove the standalone rerun-if-changed for the sysroot path (now handled by dpdk-sysroot-helper::use_sysroot()). Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Add feature gates to the dataplane and init crates so DPDK and dpdk-sysroot-helper are optional dependencies. The dataplane crate gets a `dpdk` feature (default on) with a corresponding cfg(feature = "dpdk") gate on the DPDK driver module. The init crate gets a `sysroot` feature (default on). This allows building without a DPDK sysroot for development and testing scenarios. Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Remove k8s-crd.env, rust.env, and test-runner.sh. These scripts provided environment variables and test execution support for the old compile-env build approach. Their functionality is now provided by: - k8s-crd.env: nix build environment (GW_CRD_PATH in .cargo/config.toml) - rust.env: nix shell and build profiles (nix/profiles.nix) - test-runner.sh: n-vm test runner (#[n_vm::in_vm] annotations) Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Replace the old fixin::wrap(with_caps(...)) capability-escalation pattern on test_sample_config with #[n_vm::in_vm] and mark it #[ignore] pending vm runner integration. Add required dev-dependencies (n-vm, tracing-subscriber to mgmt; tokio with full features to routing). Deduplicate tokio feature flags in routing. Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 64 out of 68 changed files in this pull request and generated no new comments.
Comments suppressed due to low confidence (1)
.github/workflows/dev.yml:224
confidence: 9
tags: [logic]
This `if:` condition references `inputs.debug_enabled`, but this workflow also runs on non-`workflow_dispatch` events where the `inputs` context may be undefined (this previously caused expression-evaluation failures elsewhere in this workflow). Prefer `github.event.inputs.debug_enabled` (or gate via a default) to avoid workflow parsing/evaluation errors on PR/push runs.
- name: "Setup tmate session for debug"
if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
uses: "mxschmitt/action-tmate@v3"
</details>
Fredi-raspall
left a comment
Fredi-raspall
left a comment
There was a problem hiding this comment.
@daniel-noland this is a huge PR, for a change ;-)
I can't see any major issue with it, other than the things commented.
I am approving with the hope that we don't lose any convenient flexibility with it, like being able to regenerate the CRD with local changes for the spec. I believe this is useful to experiment or prototype ideas without requiring a versioned CRD that has not been agreed.
k8s-intf/build.rs
Outdated
| let version = get_gateway_version(); | ||
| let agent_crd_contents = { | ||
| let agent_crd_path = | ||
| PathBuf::from(std::env::var("GW_CRD_PATH").expect("GW_CRD_PATH var unset")) |
There was a problem hiding this comment.
With this, are we going to lose the ability to build an unversioned CRD spec from a local file?
There was a problem hiding this comment.
I think you would just need to override the GW_CRD_PATH
| #[rustfmt::skip] | ||
| pub mod gateway_agent_crd { | ||
| pub use crate::generated::gateway_agent_crd::*; | ||
| include!(concat!(env!("OUT_DIR"), "/gateway_agent_crd.rs")); |
There was a problem hiding this comment.
What is the advantage of pasting the generated code here, instead of having a separate file?
There was a problem hiding this comment.
We can't see that code in git anymore, do we?
There was a problem hiding this comment.
You can see the generated code via cargo expand if you like. Generally it is ill advised to check in generated code because it can lead to alignment / reproduction issues
There was a problem hiding this comment.
I recommend committing generated code because it lets you see what's changed in PRs and commit history. It's a good practice overall for transparency. Additionally, it clearly highlights issues with external dependencies silently changing the generated code. @daniel-noland We can merge it as is, but please follow up to commit the generated code.
justfile
Outdated
| {{ skopeo }} copy {{skopeo_copy_flags}} {{skopeo_dest_insecure}} --all docker-daemon:{{ oci_image_full }} docker://{{ oci_image_full }} | ||
| echo "Pushed {{ oci_image_full }}" | ||
| for container in dataplane frr.dataplane; do | ||
| nix-shell --run "just debug_justfile={{debug_justfile}} oci_repo=ghcr.io version={{version}} profile=release platform=x86-64-v3 sanitize= instrument=none push-container ${container}" |
There was a problem hiding this comment.
I've almost missed it, it should still use the oci_repo var o user can set it as usual like
just oci_repo=ghcr.io push
and it should never default to ghcr.io
qmonnet
left a comment
qmonnet
left a comment
There was a problem hiding this comment.
I'm still unfamiliar with Nix, and still unable to comment on the largest portion of the changes. Thanks for addressing the specific comments from my review. Too bad the higher-level comments didn't trigger any discussion. Here are some new observations anyway:
-
Nit: Commit 2 (RUSTSEC fix), we probably don't need the full advisory in the commit log - in particular @-mentioning the vulnerability reporter in the commit will just add some useless noise each time this commit is pushed again, for that person. Please remove at least the mention.
-
You should probably move the workflow updates after the latest justfile updates, given that they use recipes adding in the latter commits + cargo-edit dependency etc. Also commit
build: add computed cargo flag variables and recipes to justfile's description contains:Note: the lint fix portion is a fixup for: "build: rewrite justfile for nix build system" -
Commits
build: add computed cargo flag variables and recipes to justfileand newer have duplicateSigned-off-bys. -
I really don't understand all checks going into the single “pre-flight” step in CI. It feels like it's all preliminary stuff before the real tests that actually matter in VLAB. This feels wrong: dataplane has its unit tests, and they're important. It also makes it a pain to process the logs in the GitHub interface, see the related comment below.
Also, it's not particularly pleasant to get AI-generated replies in discussion threads, labelled as authored by you.
| instrument="${{matrix.build.instrument}}" \ | ||
| features="${features}" \ | ||
| oci_repo="ghcr.io" \ | ||
| pre-flight |
There was a problem hiding this comment.
Looking at the output from the workflow, I'm really not a fan of having all the "pre-flight" checks in a single workflow step.
-
It means we redo all checks for shuttle tests, rather than just the shuttle tests. It looks like the total is about 10 minute long, would be nice to nearly cut it by half.
-
It also means we get only one section of the logs for (
cargo deny+ format check + linter + doc tests + unit tests) * 2 features sets. It produces 10k lines out output. If something fails you need to go through the detailed logs to even figure out what sort of test failed (rather than seeing immediately that it's thecargo denycheck, for example). It also makes it much more difficult to find the logs from a particular step, if you need to peek at them.
OK to have a pre-flight command in the justfile (although I don't really understand why unit tests are part of that), but I'd rather expend into several steps in CI.
There was a problem hiding this comment.
my thinking was to make the CI more maintainable by allowing edits to the justfile to impact CI without needing to edit the yaml. That leverages nix's reproducibility to make it very unlikely that it will pass on the local machine and fail in CI.
That said, the time hit is unfortunate.
| - l2vni | ||
| hybrid: | ||
| - false | ||
| # Upgrade tests are disabled at the moment |
There was a problem hiding this comment.
Nit: That was also part of the chunk to revert
There was a problem hiding this comment.
That's ok, we'll enable them after the release
| > Dedicated `just` recipes for running full fuzz campaigns (with libfuzzer/afl) are planned for a future PR. | ||
|
|
||
| [README.md]: ../../README.md | ||
| [afl]: https://github.com/AFLplusplus/AFLplusplus |
There was a problem hiding this comment.
Please remove the URL from line 59 if you add it here.
| - [Nix][nix] (the nix-shell provides the full toolchain, including Rust, Cargo, and all required libraries). | ||
| The single-user installation is recommended unless you are familiar with nix and prefer the multi-user installation; | ||
| both will work. | ||
| - [just][just] (task runner — install through your package manager or `nix-env -i just`) |
There was a problem hiding this comment.
| - [just][just] (task runner — install through your package manager or `nix-env -i just`) | |
| - [just] (task runner - install through your package manager or `nix-env -i just`) |
Tell Claude there's no need to make file UTF-8 just for em-dashes 🙂
(OK admittedly this one was UTF-8 already because of the “Dependency cheat-sheet”).
There was a problem hiding this comment.
??? What's wrong with em-dash?
There was a problem hiding this comment.
Nothing's wrong with em-dashes themselves, but UTF-8 char are harder to work with if you need to grep or sed something in a plain text file. It's also not consistent in style with the rest of the docs. We've been using simple dashes in similar cases so far, and I don't see the fact that Claude is authoring this chunk (assuming it did, although I can be wrong) as a good reason to sporadically introduce em-dashes, it's just making work in terminal potentially harder for no benefit that I can see.
Rewrite the justfile to work with the nix build environment instead of the old compile-env/docker approach. Key changes: - Remove all compile-env and docker container machinery (image pulling, docker socket handling, container-based builds) - Remove dotenv loading of scripts/rust.env (environment now comes from nix) - Replace target triple (x86_64-unknown-linux-gnu) with platform name (x86-64-v3/bluefield2) to match the nix platform abstraction - Add nix-based build/push recipes that invoke nix build and skopeo - Add sanitizer and instrumentation selection variables (sanitize, instrument) - Simplify cargo invocations (no longer need explicit target/linker flags) - Add FRR container image push alongside dataplane container - Add `push` recipe for pushing all release container images - Wrap test and lint recipes in nix-shell for toolchain access - Rewrite coverage recipe to use nix-built test archives with local llvm-cov/llvm-profdata - Rename clippy recipe to lint - Remove obsolete recipes (hugepages, build-sweep, rustdoc-serve, setup/teardown-test-env) Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Rewrite the dev.yml CI workflow to use nix instead of the compile-env/docker build approach. Key changes: - Replace compile-env setup with cachix/install-nix-action and cachix for binary caching - Replace the profile-only build matrix with a target x profile matrix: targets are nix outputs (tests.all, frr.dataplane, dataplane) and profiles include debug and release - Comment out sanitizer matrix entries (address, thread) pending build-time and correctness fixes; when re-enabled they will use the fuzz profile with coverage instrumentation - Wrap just/cargo invocations in nix-shell so the CI runner has access to the full nix-provided toolchain - Use REGISTRY_URL (set by the reusable workflow) for container pushes instead of a hardcoded registry variable - Rename the "check" job to "build" to better reflect what it does - Add lint (clippy), rustdoc, and doctest steps for the tests.all matrix target so these checks are not lost in the workflow rewrite - Override the devfiles change-detection gate for tag pushes and manual workflow dispatches so builds always run for releases - Remove stale commented-out upgrade-from matrix entry - Add FRR version bumping alongside dataplane in the tag-push release job - Remove docker-based cargo/just invocations in favor of nix build commands Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Rewrite README.md and test documentation to reflect the new nix-based development workflow. The old instructions required manually installing Rust via rustup, pulling docker-based compile-env images, and symlinking /nix (the "fake nix" hack). The new workflow is: install nix, enter the dev shell with `just shell`, and use just recipes for building, testing, and linting. Document build arguments (profile, sanitize, instrument, platform, jobs), container build/push workflow, the lint and docs recipes, and setup-roots for the initial sysroot/devroot symlink creation. Also update the test-running docs to reference cargo-nextest and the nix-shell environment instead of the old test-runner.sh script. Co-Authored-By: Manish Vachharajani <manish@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Add a 'features' argstr to default.nix (comma-separated, same pattern as 'sanitize') that injects --features into cargo-cmd-prefix. This flows through to all cargo invocations: workspace-builder, test-builder, clippy-builder, and docs-builder. Add a corresponding 'features' variable to the justfile that passes through to nix build via --argstr. The version string incorporates enabled features (e.g. -feat.shuttle) for artifact disambiguation. Add a 'filter' variable to the justfile that is forwarded to nextest as a test name filter (e.g. 'shuttle' to run only shuttle-named tests). Add shuttle test invocation to the CI test step: after the regular test run, a second just invocation builds and runs the test archive with features=shuttle and the 'shuttle' nextest filter, restoring the shuttle concurrency testing that was present in the old workflow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Add private computed variables `_cargo_feature_flags` and `_cargo_profile_flag` that each recipe can compose as needed (not all cargo subcommands accept all flags). - `_cargo_feature_flags`: expands --no-default-features and/or --features based on the `default_features` and `features` just variables. - `_cargo_profile_flag`: expands --profile based on the `profile` variable (empty for debug since that is the cargo default). Add `check-dependencies` recipe wrapping `cargo deny` with feature flags. Add `doctest` recipe wrapping `cargo test --doc` with feature and profile flags. Fix `lint` recipe to use the computed variables instead of hardcoding `--all-features`. Note: the lint fix portion is a fixup for: "build: rewrite justfile for nix build system" Signed-off-by: Daniel Noland <daniel@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Adds the cargo-edit package (which provides `cargo upgrade`) to the nix dev shell so that the bump workflow can run `cargo upgrade` within nix-shell. Signed-off-by: Daniel Noland <daniel@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
The gateway repo has been absorbed into the fabric repo. Update all references to the gateway npins source to point to fabric instead. - npins/sources.json: replace gateway pin with fabric pin (v0.113.2) - scripts/gen-pins.sh: update pin name and comments - default.nix: update GW_CRD_PATH in devenv and build env - nix/overlays/dataplane-dev.nix: update source and destination paths - .cargo/config.toml: update GW_CRD_PATH for local dev - README.md: update pin management instructions Signed-off-by: Daniel Noland <daniel@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
The gateway and gateway-proto repos have been archived and merged into the fabric repo. Replace the two stale repo links with a single fabric link. Signed-off-by: Daniel Noland <daniel@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Signed-off-by: Daniel Noland <daniel@githedgehog.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
| - l2vni | ||
| hybrid: | ||
| - false | ||
| # Upgrade tests are disabled at the moment |
There was a problem hiding this comment.
That's ok, we'll enable them after the release
|
I think it's in a good enough state now. The only outstanding thing from my side is that we should commit the generated code for the CRDs.
|
This PR is a continuation of the work started by @daniel-noland to move to a proper nix based build system.
Most of this PR was built based on #1275 and the work of Claude Code using Opus 4.6. As such it should be reviewed carefully. I have tried to do the work in small chunks with the AI to get some review as we go along, but I am not a nix expert and had to rely a bit on the AI's judgement as to the best approach for certain things.
TODO:
Make failing new sanitizer runs optional - the sanitizers found real bugs we need to fix in separate PRsCo-pilot review of this PR before signoffDONERemoveDONEscripts/todo.sh.RemoveDONEscripts/install-real-nix.sh.justtargets for building and pushing containers is there (I believe we are good, but I want to confirm)