From 3c922b01ca5b7a535c9b5da18ac344af3110d620 Mon Sep 17 00:00:00 2001 From: Greg Pfeil Date: Wed, 12 Mar 2025 14:05:50 -0600 Subject: [PATCH 1/4] Re-enable Nix builds on aarch64-darwin --- .github/workflows/nix-dev-cache.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-dev-cache.yaml b/.github/workflows/nix-dev-cache.yaml index 8471e3e843..3a0fde364b 100644 --- a/.github/workflows/nix-dev-cache.yaml +++ b/.github/workflows/nix-dev-cache.yaml @@ -22,7 +22,7 @@ jobs: os: - ubuntu-24.04 - macos-13 - # - macos-14 + - macos-14 steps: - uses: actions/checkout@v4 - name: mount Nix store on larger partition From b8861cb01baa9f51ac90db2cfd6b406ac1dc91a2 Mon Sep 17 00:00:00 2001 From: Greg Pfeil Date: Wed, 12 Mar 2025 14:08:25 -0600 Subject: [PATCH 2/4] Re-enable automatic runs of Nix cache workflow Instead of doing it for every PR push, only run it for trunk & releases. The former keeps an up-to-date dev environment in the cache (and lets us know if something needs to be fixed before the next release) while the latter gives us something to pin for downstream consumers (and quick access to releases when bisecting for bugs, etc.). --- .github/workflows/nix-dev-cache.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/nix-dev-cache.yaml b/.github/workflows/nix-dev-cache.yaml index 3a0fde364b..2babc9d4b9 100644 --- a/.github/workflows/nix-dev-cache.yaml +++ b/.github/workflows/nix-dev-cache.yaml @@ -1,15 +1,16 @@ name: Nix development cache on: + push: + branches: + # Cache trunk, to keep recent builds in the cache for development. + - trunk + tags: + # Cache releases, so they can be pinned in the cache for downstream consumers of Unison. + - 'release/**' + # Allow manual caching of branches. This is particularly useful when upgrading the Nix tooling, as we can test the PR + # and ensure that the cache is populated before merging into trunk. workflow_dispatch: - # # Build on every pull request (and new PR commit) - # pull_request: - # # Build on new pushes to trunk (E.g. Merge commits) - # # Without the branch filter, each commit on a branch with a PR is triggered twice. - # # See: https://github.community/t/how-to-trigger-an-action-on-push-or-pull-request-but-not-both/16662 - # push: - # branches: - # - trunk jobs: nix: From df36526adaf9b137ed6039e6adff70b63b488062 Mon Sep 17 00:00:00 2001 From: Greg Pfeil Date: Wed, 12 Mar 2025 14:21:02 -0600 Subject: [PATCH 3/4] Move Nix documentation from development.markdown MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since it’s not the primary build tool, this gets it out of the way and allows for more detailed Nix documentation without overwhelming the core docs. --- development.markdown | 108 +------------------------------------------ nix/README.md | 107 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+), 106 deletions(-) create mode 100644 nix/README.md diff --git a/development.markdown b/development.markdown index d63bf7c245..b23e52a3b2 100644 --- a/development.markdown +++ b/development.markdown @@ -113,113 +113,9 @@ More context at: https://stackoverflow.com/a/59761201/310162 Stack doesn't work deterministically in Windows due to mismatched expectations about how file deletion works. If you get this error, you can just retry the build and it will probably make more progress than the last time. -## Building with Nix +## Nix support -__NB__: It is important that the Unison Nix cache is trusted when building, otherwise you will likely end up building hundreds of packages, including GHC itself. - -The recommended way to do this is to add the public key and URL for the cache to your system’s Nix configuration. /etc/nix/nix.conf should have lines similar to -```conf -trusted-public-keys = unison.cachix.org-1:i1DUFkisRPVOyLp/vblDsbsObmyCviq/zs6eRuzth3k= -trusted-substituters = https://unison.cachix.org -``` -these lines could be prefixed with `extra-` and they may have additional entries besides the ones for our cache. - -This command should work if you don’t want to edit the file manually: -```shell -sudo sh -c 'echo "extra-trusted-public-keys = unison.cachix.org-1:i1DUFkisRPVOyLp/vblDsbsObmyCviq/zs6eRuzth3k= -extra-trusted-substituters = https://unison.cachix.org" >>/etc/nix/nix.conf' -``` -After updating /etc/nix/nix.conf, you need to restart the Nix daemon. To do this on -- Ubuntu: `sudo systemctl restart nix-daemon` -- MacOS: - ```shell - sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist - sudo launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist - ``` - -If you use NixOS, you may instead add this via your configuration.nix with -```nix -nix.settings.trusted-public-keys = ["unison.cachix.org-1:i1DUFkisRPVOyLp/vblDsbsObmyCviq/zs6eRuzth3k="]; -nix.settings.trusted-substituters = ["https://unison.cachix.org"]; -``` -and run `sudo nixos-rebuild switch` afterward. - -It is _not_ recommended to add your user to `trusted-users`. This _can_ make enabling flake configurations simpler (like the Unison Nix cache here), but [it is equivalent to giving that user root access (without need for sudo)](https://nix.dev/manual/nix/2.23/command-ref/conf-file.html#conf-trusted-users). - -## Building package components with nix - -### Build the unison executable -```shell -nix build -``` - -### Build a specific component -This is specified with the normal -`::` triple. - -Some examples: -```shell -nix build '.#component-unison-cli:lib:unison-cli' -nix build '.#component-unison-syntax:test:syntax-tests' -nix build '.#component-unison-cli:exe:transcripts' -``` - -### Development environments - -#### Get into a development environment for building with stack -This gets you into a development environment with the preferred -versions of the compiler and other development tools. These -include: - -- ghc -- stack -- ormolu -- haskell-language-server - -```shell -nix develop -``` - -#### Get into a development environment for building with cabal -This gets you into a development environment with the preferred -versions of the compiler and other development tools. Additionally, -all non-local haskell dependencies (including profiling dependencies) -are provided in the nix shell. - -```shell -nix develop '.#cabal-local' -``` - -#### Get into a development environment for building a specific package -This gets you into a development environment with the preferred -versions of the compiler and other development tools. Additionally, -all haskell dependencies of this package are provided by the nix shell -(including profiling dependencies). - -```shell -nix develop '.#cabal-' -``` - -for example: - -```shell -nix develop '.#cabal-unison-cli' -``` -or -```shell -nix develop '.#cabal-unison-parser-typechecker' -``` - -This is useful if you wanted to profile a package. For example, if you -want to profile `unison-cli-main:exe:unison` then you could get into one of these -shells, cd into its directory, then run the program with -profiling. - -```shell -nix develop '.#cabal-unison-parser-typechecker' -cd unison-cli -cabal run --enable-profiling unison-cli-main:exe:unison -- +RTS -p -``` +See the [readme](./nix/README.md). ## Native compilation diff --git a/nix/README.md b/nix/README.md new file mode 100644 index 0000000000..3bbe8886d2 --- /dev/null +++ b/nix/README.md @@ -0,0 +1,107 @@ +## Building with Nix + +__NB__: It is important that the Unison Nix cache is trusted when building, otherwise you will likely end up building hundreds of packages, including GHC itself. + +The recommended way to do this is to add the public key and URL for the cache to your system’s Nix configuration. /etc/nix/nix.conf should have lines similar to +```conf +trusted-public-keys = unison.cachix.org-1:i1DUFkisRPVOyLp/vblDsbsObmyCviq/zs6eRuzth3k= +trusted-substituters = https://unison.cachix.org +``` +these lines could be prefixed with `extra-` and they may have additional entries besides the ones for our cache. + +This command should work if you don’t want to edit the file manually: +```shell +sudo sh -c 'echo "extra-trusted-public-keys = unison.cachix.org-1:i1DUFkisRPVOyLp/vblDsbsObmyCviq/zs6eRuzth3k= +extra-trusted-substituters = https://unison.cachix.org" >>/etc/nix/nix.conf' +``` +After updating /etc/nix/nix.conf, you need to restart the Nix daemon. To do this on +- Ubuntu: `sudo systemctl restart nix-daemon` +- MacOS: + ```shell + sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist + sudo launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist + ``` + +If you use NixOS, you may instead add this via your configuration.nix with +```nix +nix.settings.trusted-public-keys = ["unison.cachix.org-1:i1DUFkisRPVOyLp/vblDsbsObmyCviq/zs6eRuzth3k="]; +nix.settings.trusted-substituters = ["https://unison.cachix.org"]; +``` +and run `sudo nixos-rebuild switch` afterward. + +It is _not_ recommended to add your user to `trusted-users`. This _can_ make enabling flake configurations simpler (like the Unison Nix cache here), but [it is equivalent to giving that user root access (without need for sudo)](https://nix.dev/manual/nix/2.23/command-ref/conf-file.html#conf-trusted-users). + +## Building package components with nix + +### Build the unison executable +```shell +nix build +``` + +### Build a specific component +This is specified with the normal +`::` triple. + +Some examples: +```shell +nix build '.#component-unison-cli:lib:unison-cli' +nix build '.#component-unison-syntax:test:syntax-tests' +nix build '.#component-unison-cli:exe:transcripts' +``` + +### Development environments + +#### Get into a development environment for building with stack +This gets you into a development environment with the preferred +versions of the compiler and other development tools. These +include: + +- ghc +- stack +- ormolu +- haskell-language-server + +```shell +nix develop +``` + +#### Get into a development environment for building with cabal +This gets you into a development environment with the preferred +versions of the compiler and other development tools. Additionally, +all non-local haskell dependencies (including profiling dependencies) +are provided in the nix shell. + +```shell +nix develop '.#cabal-local' +``` + +#### Get into a development environment for building a specific package +This gets you into a development environment with the preferred +versions of the compiler and other development tools. Additionally, +all haskell dependencies of this package are provided by the nix shell +(including profiling dependencies). + +```shell +nix develop '.#cabal-' +``` + +for example: + +```shell +nix develop '.#cabal-unison-cli' +``` +or +```shell +nix develop '.#cabal-unison-parser-typechecker' +``` + +This is useful if you wanted to profile a package. For example, if you +want to profile `unison-cli-main:exe:unison` then you could get into one of these +shells, cd into its directory, then run the program with +profiling. + +```shell +nix develop '.#cabal-unison-parser-typechecker' +cd unison-cli +cabal run --enable-profiling unison-cli-main:exe:unison -- +RTS -p +``` From e7beb2ff8368d8940af82fa89abe067d4f3f4fc8 Mon Sep 17 00:00:00 2001 From: Greg Pfeil Date: Wed, 12 Mar 2025 14:32:38 -0600 Subject: [PATCH 4/4] Extract the pinned tool versions from flake.nix And reference them in the development docs, so contributors can more easily discover what versions we use. --- development.markdown | 4 ++++ flake.nix | 11 +---------- nix/versions.nix | 11 +++++++++++ 3 files changed, 16 insertions(+), 10 deletions(-) create mode 100644 nix/versions.nix diff --git a/development.markdown b/development.markdown index b23e52a3b2..4c6f5baab5 100644 --- a/development.markdown +++ b/development.markdown @@ -4,6 +4,10 @@ __General:__ `./scripts/test.sh` compiles and builds the Haskell code and runs a _Disclaimer_ If you have trouble getting started, please get in touch via [Discord](https://unison-lang.org/discord) so we can help. If you have any fixes to the process, please send us a PR! +## Development Dependencies + +If you are having trouble with a build, please ensure that your tooling matches the versions we expect. Some build mechanisms will guarantee this to some extent (e.g., the Nix build, or [the Haskell extension for VS Code](https://marketplace.visualstudio.com/items?itemName=haskell.haskell)), but you can see versions listed in [our version file](./nix/versions.nix) (some of which is inherited from [this repo’s VS Code settings](./.vscode/settings.json)). + ## Running Unison To get cracking with Unison: diff --git a/flake.nix b/flake.nix index a266bd2e29..3f9f2f9932 100644 --- a/flake.nix +++ b/flake.nix @@ -26,16 +26,7 @@ "aarch64-darwin" ] (system: let - ## It’s much easier to read from a JSON file than to have JSON import from some other file, so we extract some - ## configuration from the VS Code settings to avoid duplication. - vscodeSettings = nixpkgs-release.lib.importJSON ./.vscode/settings.json; - versions = - vscodeSettings."haskell.toolchain" - ## There are some things we want to pin that the VS Code Haskell extension doesn’t let us control. - // { - hpack = "0.35.2"; - ormolu = "0.7.2.0"; - }; + versions = import ./nix/versions.nix {inherit (nixpkgs-haskellNix) lib;}; pkgs = import nixpkgs-haskellNix { inherit system; inherit (haskellNix) config; diff --git a/nix/versions.nix b/nix/versions.nix new file mode 100644 index 0000000000..01bfd21d98 --- /dev/null +++ b/nix/versions.nix @@ -0,0 +1,11 @@ +{lib}: let + ## It’s much easier to read from a JSON file than to have JSON import from some other file, so we extract some + ## configuration from the VS Code settings to avoid duplication. + vscodeSettings = lib.importJSON ../.vscode/settings.json; +in + vscodeSettings."haskell.toolchain" + ## There are some things we want to pin that the VS Code Haskell extension doesn’t let us control. + // { + hpack = "0.35.2"; + ormolu = "0.7.2.0"; + }