nix: go generate in src derivation

This saves the generated files in the nix store and exposes them for use by external tools. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-06-07 03:10:36 +09:00 · 2025-06-07 03:10:36 +09:00 · 9a7c81a44e
commit 9a7c81a44e
parent b7e991de5b
3 changed files with 38 additions and 20 deletions
--- a/package.nix
+++ b/package.nix
@ -33,13 +33,34 @@ buildGoModule rec {
  pname = "fortify";
  version = "0.4.1";

-  src = builtins.path {
+  srcFiltered = builtins.path {
    name = "${pname}-src";
    path = lib.cleanSource ./.;
    filter = path: type: !(type == "regular" && (lib.hasSuffix ".nix" path || lib.hasSuffix ".py" path)) && !(type == "directory" && lib.hasSuffix "/test" path) && !(type == "directory" && lib.hasSuffix "/cmd/fsu" path);
  };
  vendorHash = null;

+  src = stdenv.mkDerivation {
+    name = "${pname}-src-full";
+    inherit version;
+    enableParallelBuilding = true;
+    src = srcFiltered;
+
+    buildInputs = [
+      wayland
+      wayland-protocols
+    ];
+
+    nativeBuildInputs = [
+      go
+      pkg-config
+      wayland-scanner
+    ];
+
+    buildPhase = "GOCACHE=$(mktemp -d) go generate ./...";
+    installPhase = "cp -r . $out";
+  };
+
  ldflags =
    lib.attrsets.foldlAttrs
      (
@ -67,7 +88,6 @@ buildGoModule rec {
      libseccomp
      acl
      wayland
-      wayland-protocols
    ]
    ++ (with xorg; [
      libxcb
@ -77,14 +97,9 @@ buildGoModule rec {

  nativeBuildInputs = [
    pkg-config
-    wayland-scanner
    makeBinaryWrapper
  ];

-  preBuild = ''
-    HOME="$(mktemp -d)" PATH="${pkg-config}/bin:$PATH" go generate ./...
-  '';
-
  postInstall =
    let
      appPackages = [
@ -120,6 +135,10 @@ buildGoModule rec {
      gcc
      xorg.xorgproto
      util-linux
+
+      # for go generate
+      wayland-protocols
+      wayland-scanner
    ]
    ++ buildInputs
    ++ nativeBuildInputs;
--- a/test/default.nix
+++ b/test/default.nix
@ -31,14 +31,13 @@ nixosTest {
    {
      environment.systemPackages = [
        # For go tests:
-        (writeShellScriptBin "fortify-go-test" ''
-          set -e
-          WORK="$(mktemp -ud)"
-          cp -r "${self.packages.${system}.fortify.src}" "$WORK"
-          chmod -R +w "$WORK"
-          cd "$WORK"
+        (writeShellScriptBin "fortify-test" ''
+          cd ${self.packages.${system}.fortify.src}
          ${fhs}/bin/fortify-fhs -c \
-            'go generate ./... && go test ${if withRace then "-race" else "-count 16"} ./... && touch /tmp/go-test-ok'
+            'go test ${if withRace then "-race" else "-count 16"} ./...' \
+            &> /tmp/fortify-test.log && \
+            touch /tmp/fortify-test-ok
+          touch /tmp/fortify-test-done
        '')
      ];

--- a/test/test.py
+++ b/test/test.py
@ -80,9 +80,6 @@ def fortify(command):
 start_all()
 machine.wait_for_unit("multi-user.target")

-# Run fortify Go tests outside of nix build in the background:
-machine.succeed("sudo -u untrusted -i fortify-go-test &> /tmp/go-test &")
-
 # To check fortify's version:
 print(machine.succeed("sudo -u alice -i fortify version"))

@ -90,6 +87,9 @@ print(machine.succeed("sudo -u alice -i fortify version"))
 machine.wait_for_file("/run/user/1000/wayland-1")
 machine.wait_for_file("/tmp/sway-ipc.sock")

+# Run fortify Go tests outside of nix build in the background:
+swaymsg("exec fortify-test")
+
 # Deny unmapped uid:
 denyOutput = machine.fail("sudo -u untrusted -i fortify run &>/dev/stdout")
 print(denyOutput)
@ -255,6 +255,6 @@ machine.wait_for_file("/tmp/sway-exit-ok")
 print(machine.succeed("find /run/user/1000/fortify"))

 # Verify go test status:
-machine.wait_for_file("/tmp/go-test", timeout=5)
-print(machine.succeed("cat /tmp/go-test"))
-machine.wait_for_file("/tmp/go-test-ok", timeout=5)
+machine.wait_for_file("/tmp/fortify-test-done")
+print(machine.succeed("cat /tmp/fortify-test.log"))
+machine.wait_for_file("/tmp/fortify-test-ok", timeout=2)