Notes on builds.sr.ht

For the past few months I’ve been using sourcehut’s platform to work on software an it has been quite an interesting experience. Nonetheless, one of the services I really enjoy using is the their build service called builds.sr.ht.

builds.sr.ht is a service on sr.ht that allows you to submit “build manifests” for us to work on. – man.sr.ht

The thing I don’t like on GitHub Actions is that it is kind of magical. For example, you don’t actually know what it is doing when you define that an action should only run when a specific path is modified. Not to even mention their custom actions which usually takes a non-trivial amount of TypeScript/JavaScript.

Contrary to this, builds.sr.ht is really explicit on its build manifest. You’re basically expected to write plain shell scripts for your builds.

Reducing resource usage

As I said previously, there’s no special syntax to work on specific paths, branches, pull requests and such. By default your task will run on every commit you push. In order to reduce our CI usage we can restrain our tasks to run on specific scenarios:

On path change

if ! $(git diff --quiet HEAD HEAD^ -- "<your-path>")
then
  # do something
fi

On branch change

This tip was taken from issue #170.

tasks:
- check-branch: |
   cd repo_name
   if [ "$(git rev-parse your-branch)" != "$(git rev-parse HEAD)" ]; then \
      complete-build; \
   fi

NixOS on builds.sr.ht

As I don’t like to write shell scripts I use Nix and this is my favorite feature of this service. builds.sr.ht supports NixOS by default1. This means that we can leverage Nix Flakes for truly declarative and reproducible builds there! Let’s consider a small example using Go to show you how easy it really is. A small flake.nix containing the following content should suffice our needs:

{
  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";

  outputs = { self, nixpkgs, ... }:
    let pkgs = import nixpkgs { system = "x86_64-linux"; };
    in
    {
      devShells."x86_64-linux".ci = with pkgs; mkShell {
        buildInputs = [ go golangci-lint ];
      };
    };
}

This definition is capable of giving us a shell containing Go and golangci-lint on $PATH.

Now let’s write the build manifest for our CI:

image: nixos/unstable
packages:
  - nixos.nixUnstable
environment:
  NIX_CONFIG: "experimental-features = nix-command flakes"
tasks:
  - lint: |
      cd source
      nix develop .#ci -c golangci-lint run      
  - test: |
      cd source
      nix develop .#ci -c go test ./...      
  - build: |
      cd source
      nix develop .#ci -c go build

And that’s it! We have our CI up and running with the guarantee of having our tools being the same on every run. No sudden updates or unexpected behavior.

  1. https://nixos.org ↩︎

Articles from blogs I follow around the net

The four tenets of SOA revisited

Twenty years after. In the January 2004 issue of MSDN Magazine you can find an article by Don Box titled A Guide to Developing and Running Connected Systems with Indigo. Buried within the (now dated) discussion of the technology…

via ploeh blog March 4, 2024

Building a demo of the Bleichenbacher RSA attack in Rust

Recently while reading Real-World Cryptography, I got nerd sniped1 by the mention of Bleichenbacher's attack on RSA. This is cool, how does it work? I had to understand, and to understand something, I usually have to build it. Well, friends, that is what…

via ntietz.com blog March 4, 2024

How to unbreak Dolphin on SteamOS after the QT6 update

A recent update to Dolphin made it switch to QT6. This makes it crash with this error or something like it: dolphin-emu: symbol lookup error: dolphin-emu: undefined symbol: _Zls6QDebugRK11QDockWidget, version Qt_6 This is fix…

via Xe Iaso's blog March 3, 2024

Generated by openring