From 90c1eb8851f3c27c456bbf4fff9be98478051d99 Mon Sep 17 00:00:00 2001 From: Gabriel Gonzalez Date: Tue, 14 Jan 2020 07:35:36 -0800 Subject: [PATCH] Minimize unnecessary rebuilds (#105) This improves the granularity of the Nix build graph in order to minimize unnecessary rebuilds. This also fixed several bugs in the package generation along the way, so this change includes those fixes. --- 1.12/Prelude.dhall | 29 ++++ 1.12/README.md | 6 +- .../out/aws-iam-authenticator-chart.yaml | 54 +++++++ 1.12/examples/out/ingress.yaml | 2 +- 1.13/Prelude.dhall | 29 ++++ 1.13/README.md | 6 +- .../out/aws-iam-authenticator-chart.yaml | 54 +++++++ 1.13/examples/out/ingress.yaml | 2 +- 1.14/Prelude.dhall | 29 ++++ 1.14/README.md | 4 +- .../out/aws-iam-authenticator-chart.yaml | 54 +++++++ 1.15/Prelude.dhall | 29 ++++ 1.15/README.md | 4 +- .../out/aws-iam-authenticator-chart.yaml | 54 +++++++ 1.16/Prelude.dhall | 29 ++++ .../out/aws-iam-authenticator-chart.yaml | 54 +++++++ 1.17/Prelude.dhall | 29 ++++ 1.17/README.md | 4 +- .../out/aws-iam-authenticator-chart.yaml | 54 +++++++ README.md | 4 +- dhall-kubernetes-generator/src/Main.hs | 29 +++- examples/out/aws-iam-authenticator-chart.yaml | 54 +++++++ nix/dhall-kubernetes.nix | 6 +- nix/kubernetes/1.6.3.txt | 1 - nix/make-dhall-kubernetes.nix | 84 ---------- nix/nixpkgs.nix | 153 ++++++++++++++---- scripts/generate.sh | 4 +- 27 files changed, 723 insertions(+), 138 deletions(-) create mode 100644 1.12/Prelude.dhall create mode 100644 1.12/examples/out/aws-iam-authenticator-chart.yaml create mode 100644 1.13/Prelude.dhall create mode 100644 1.13/examples/out/aws-iam-authenticator-chart.yaml create mode 100644 1.14/Prelude.dhall create mode 100644 1.14/examples/out/aws-iam-authenticator-chart.yaml create mode 100644 1.15/Prelude.dhall create mode 100644 1.15/examples/out/aws-iam-authenticator-chart.yaml create mode 100644 1.16/Prelude.dhall create mode 100644 1.16/examples/out/aws-iam-authenticator-chart.yaml create mode 100644 1.17/Prelude.dhall create mode 100644 1.17/examples/out/aws-iam-authenticator-chart.yaml create mode 100644 examples/out/aws-iam-authenticator-chart.yaml delete mode 100644 nix/kubernetes/1.6.3.txt delete mode 100644 nix/make-dhall-kubernetes.nix diff --git a/1.12/Prelude.dhall b/1.12/Prelude.dhall new file mode 100644 index 00000000..6996e86a --- /dev/null +++ b/1.12/Prelude.dhall @@ -0,0 +1,29 @@ +{- This file provides a central `Prelude` import for the rest of the library to + use so that the integrity check only needs to be updated in one place + whenever upgrading the interpreter. + + This allows the user to provide their own Prelude import using the + `DHALL_PRELUDE` environment variable, like this: + + ``` + $ export DHALL_PRELUDE='https://prelude.dhall-lang.org/package.dhall sha256:...' + ``` + + Note that overriding the Prelude in this way only works if this repository + is imported locally. Remote imports do not have access to environment + variables and any attempt to import one will fall back to the next available + import. To learn more, read: + + * https://github.com/dhall-lang/dhall-lang/wiki/Safety-guarantees#cross-site-scripting-xss + + This file also provides an import without the integrity check as a slower + fallback if the user is using a different version of the Dhall interpreter. + + This pattern is documented in the dhall-nethack repo: + + * https://github.com/dhall-lang/dhall-nethack/blob/master/Prelude.dhall +-} + + env:DHALL_PRELUDE +? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69 +? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall diff --git a/1.12/README.md b/1.12/README.md index 96143bf5..73c9bdeb 100644 --- a/1.12/README.md +++ b/1.12/README.md @@ -53,7 +53,7 @@ In the following example, we: -- examples/deploymentSimple.dhall let kubernetes = - ../package.dhall sha256:ab1c971ddeb178c1cfc5e749b211b4fe6fdb6fa1b68b10de62aeb543efcd60b3 + ../package.dhall sha256:ce1e73deebf8c4eb513bfc736adfd924fe696ffee486f6f4bd81ed281bbf0f2a let deployment = kubernetes.Deployment::{ @@ -152,7 +152,7 @@ let map = Prelude.List.map let kv = Prelude.JSON.keyText let kubernetes = - ../package.dhall sha256:ab1c971ddeb178c1cfc5e749b211b4fe6fdb6fa1b68b10de62aeb543efcd60b3 + ../package.dhall sha256:ce1e73deebf8c4eb513bfc736adfd924fe696ffee486f6f4bd81ed281bbf0f2a let Service = { name : Text, host : Text, version : Text } @@ -233,7 +233,7 @@ Result: ```yaml ## examples/out/ingress.yaml -apiVersion: networking.k8s.io/v1beta1 +apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: diff --git a/1.12/examples/out/aws-iam-authenticator-chart.yaml b/1.12/examples/out/aws-iam-authenticator-chart.yaml new file mode 100644 index 00000000..8eb23ce4 --- /dev/null +++ b/1.12/examples/out/aws-iam-authenticator-chart.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: aws-iam-authenticator + chart: aws-iam-authenticator-0.1.1 + heritage: dhall + release: wintering-rodent + name: wintering-rodent-aws-iam-authenticator +spec: + template: + metadata: + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + labels: + app: aws-iam-authenticator + release: wintering-rodent + name: aws-iam-authenticator + spec: + containers: + - args: + - server + - "--config=/etc/aws-iam-authenticator/config.yaml" + - "--state-dir=/var/aws-iam-authenticator" + - "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml" + image: gcr.io/heptio-images/authenticator:v0.1.0 + name: wintering-rodent-aws-iam-authenticator + volumeMounts: + - mountPath: /etc/aws-iam-authenticator/ + name: config + - mountPath: /var/aws-iam-authenticator/ + name: state + - mountPath: /etc/kubernetes/aws-iam-authenticator/ + name: output + hostNetwork: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: CriticalAddonsOnly + key: Exists + volumes: + - configMap: + name: wintering-rodent-aws-iam-authenticator + name: config + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: output + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: state + updateStrategy: + type: RollingUpdate diff --git a/1.12/examples/out/ingress.yaml b/1.12/examples/out/ingress.yaml index 41382d50..4d56edb1 100644 --- a/1.12/examples/out/ingress.yaml +++ b/1.12/examples/out/ingress.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.k8s.io/v1beta1 +apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: diff --git a/1.13/Prelude.dhall b/1.13/Prelude.dhall new file mode 100644 index 00000000..6996e86a --- /dev/null +++ b/1.13/Prelude.dhall @@ -0,0 +1,29 @@ +{- This file provides a central `Prelude` import for the rest of the library to + use so that the integrity check only needs to be updated in one place + whenever upgrading the interpreter. + + This allows the user to provide their own Prelude import using the + `DHALL_PRELUDE` environment variable, like this: + + ``` + $ export DHALL_PRELUDE='https://prelude.dhall-lang.org/package.dhall sha256:...' + ``` + + Note that overriding the Prelude in this way only works if this repository + is imported locally. Remote imports do not have access to environment + variables and any attempt to import one will fall back to the next available + import. To learn more, read: + + * https://github.com/dhall-lang/dhall-lang/wiki/Safety-guarantees#cross-site-scripting-xss + + This file also provides an import without the integrity check as a slower + fallback if the user is using a different version of the Dhall interpreter. + + This pattern is documented in the dhall-nethack repo: + + * https://github.com/dhall-lang/dhall-nethack/blob/master/Prelude.dhall +-} + + env:DHALL_PRELUDE +? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69 +? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall diff --git a/1.13/README.md b/1.13/README.md index 96143bf5..e3bec32c 100644 --- a/1.13/README.md +++ b/1.13/README.md @@ -53,7 +53,7 @@ In the following example, we: -- examples/deploymentSimple.dhall let kubernetes = - ../package.dhall sha256:ab1c971ddeb178c1cfc5e749b211b4fe6fdb6fa1b68b10de62aeb543efcd60b3 + ../package.dhall sha256:9789c555bc6494df664bc567a163d162e0dbbe6b9a471f8946a6476fa4069f5f let deployment = kubernetes.Deployment::{ @@ -152,7 +152,7 @@ let map = Prelude.List.map let kv = Prelude.JSON.keyText let kubernetes = - ../package.dhall sha256:ab1c971ddeb178c1cfc5e749b211b4fe6fdb6fa1b68b10de62aeb543efcd60b3 + ../package.dhall sha256:9789c555bc6494df664bc567a163d162e0dbbe6b9a471f8946a6476fa4069f5f let Service = { name : Text, host : Text, version : Text } @@ -233,7 +233,7 @@ Result: ```yaml ## examples/out/ingress.yaml -apiVersion: networking.k8s.io/v1beta1 +apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: diff --git a/1.13/examples/out/aws-iam-authenticator-chart.yaml b/1.13/examples/out/aws-iam-authenticator-chart.yaml new file mode 100644 index 00000000..8eb23ce4 --- /dev/null +++ b/1.13/examples/out/aws-iam-authenticator-chart.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: aws-iam-authenticator + chart: aws-iam-authenticator-0.1.1 + heritage: dhall + release: wintering-rodent + name: wintering-rodent-aws-iam-authenticator +spec: + template: + metadata: + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + labels: + app: aws-iam-authenticator + release: wintering-rodent + name: aws-iam-authenticator + spec: + containers: + - args: + - server + - "--config=/etc/aws-iam-authenticator/config.yaml" + - "--state-dir=/var/aws-iam-authenticator" + - "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml" + image: gcr.io/heptio-images/authenticator:v0.1.0 + name: wintering-rodent-aws-iam-authenticator + volumeMounts: + - mountPath: /etc/aws-iam-authenticator/ + name: config + - mountPath: /var/aws-iam-authenticator/ + name: state + - mountPath: /etc/kubernetes/aws-iam-authenticator/ + name: output + hostNetwork: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: CriticalAddonsOnly + key: Exists + volumes: + - configMap: + name: wintering-rodent-aws-iam-authenticator + name: config + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: output + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: state + updateStrategy: + type: RollingUpdate diff --git a/1.13/examples/out/ingress.yaml b/1.13/examples/out/ingress.yaml index 41382d50..4d56edb1 100644 --- a/1.13/examples/out/ingress.yaml +++ b/1.13/examples/out/ingress.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.k8s.io/v1beta1 +apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: diff --git a/1.14/Prelude.dhall b/1.14/Prelude.dhall new file mode 100644 index 00000000..6996e86a --- /dev/null +++ b/1.14/Prelude.dhall @@ -0,0 +1,29 @@ +{- This file provides a central `Prelude` import for the rest of the library to + use so that the integrity check only needs to be updated in one place + whenever upgrading the interpreter. + + This allows the user to provide their own Prelude import using the + `DHALL_PRELUDE` environment variable, like this: + + ``` + $ export DHALL_PRELUDE='https://prelude.dhall-lang.org/package.dhall sha256:...' + ``` + + Note that overriding the Prelude in this way only works if this repository + is imported locally. Remote imports do not have access to environment + variables and any attempt to import one will fall back to the next available + import. To learn more, read: + + * https://github.com/dhall-lang/dhall-lang/wiki/Safety-guarantees#cross-site-scripting-xss + + This file also provides an import without the integrity check as a slower + fallback if the user is using a different version of the Dhall interpreter. + + This pattern is documented in the dhall-nethack repo: + + * https://github.com/dhall-lang/dhall-nethack/blob/master/Prelude.dhall +-} + + env:DHALL_PRELUDE +? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69 +? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall diff --git a/1.14/README.md b/1.14/README.md index 96143bf5..6170aae6 100644 --- a/1.14/README.md +++ b/1.14/README.md @@ -53,7 +53,7 @@ In the following example, we: -- examples/deploymentSimple.dhall let kubernetes = - ../package.dhall sha256:ab1c971ddeb178c1cfc5e749b211b4fe6fdb6fa1b68b10de62aeb543efcd60b3 + ../package.dhall sha256:7839bf40f940757e4d71d3c1b84d878f6a4873c3b2706ae4be307b5991acdcac let deployment = kubernetes.Deployment::{ @@ -152,7 +152,7 @@ let map = Prelude.List.map let kv = Prelude.JSON.keyText let kubernetes = - ../package.dhall sha256:ab1c971ddeb178c1cfc5e749b211b4fe6fdb6fa1b68b10de62aeb543efcd60b3 + ../package.dhall sha256:7839bf40f940757e4d71d3c1b84d878f6a4873c3b2706ae4be307b5991acdcac let Service = { name : Text, host : Text, version : Text } diff --git a/1.14/examples/out/aws-iam-authenticator-chart.yaml b/1.14/examples/out/aws-iam-authenticator-chart.yaml new file mode 100644 index 00000000..8eb23ce4 --- /dev/null +++ b/1.14/examples/out/aws-iam-authenticator-chart.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: aws-iam-authenticator + chart: aws-iam-authenticator-0.1.1 + heritage: dhall + release: wintering-rodent + name: wintering-rodent-aws-iam-authenticator +spec: + template: + metadata: + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + labels: + app: aws-iam-authenticator + release: wintering-rodent + name: aws-iam-authenticator + spec: + containers: + - args: + - server + - "--config=/etc/aws-iam-authenticator/config.yaml" + - "--state-dir=/var/aws-iam-authenticator" + - "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml" + image: gcr.io/heptio-images/authenticator:v0.1.0 + name: wintering-rodent-aws-iam-authenticator + volumeMounts: + - mountPath: /etc/aws-iam-authenticator/ + name: config + - mountPath: /var/aws-iam-authenticator/ + name: state + - mountPath: /etc/kubernetes/aws-iam-authenticator/ + name: output + hostNetwork: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: CriticalAddonsOnly + key: Exists + volumes: + - configMap: + name: wintering-rodent-aws-iam-authenticator + name: config + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: output + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: state + updateStrategy: + type: RollingUpdate diff --git a/1.15/Prelude.dhall b/1.15/Prelude.dhall new file mode 100644 index 00000000..6996e86a --- /dev/null +++ b/1.15/Prelude.dhall @@ -0,0 +1,29 @@ +{- This file provides a central `Prelude` import for the rest of the library to + use so that the integrity check only needs to be updated in one place + whenever upgrading the interpreter. + + This allows the user to provide their own Prelude import using the + `DHALL_PRELUDE` environment variable, like this: + + ``` + $ export DHALL_PRELUDE='https://prelude.dhall-lang.org/package.dhall sha256:...' + ``` + + Note that overriding the Prelude in this way only works if this repository + is imported locally. Remote imports do not have access to environment + variables and any attempt to import one will fall back to the next available + import. To learn more, read: + + * https://github.com/dhall-lang/dhall-lang/wiki/Safety-guarantees#cross-site-scripting-xss + + This file also provides an import without the integrity check as a slower + fallback if the user is using a different version of the Dhall interpreter. + + This pattern is documented in the dhall-nethack repo: + + * https://github.com/dhall-lang/dhall-nethack/blob/master/Prelude.dhall +-} + + env:DHALL_PRELUDE +? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69 +? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall diff --git a/1.15/README.md b/1.15/README.md index 96143bf5..26245072 100644 --- a/1.15/README.md +++ b/1.15/README.md @@ -53,7 +53,7 @@ In the following example, we: -- examples/deploymentSimple.dhall let kubernetes = - ../package.dhall sha256:ab1c971ddeb178c1cfc5e749b211b4fe6fdb6fa1b68b10de62aeb543efcd60b3 + ../package.dhall sha256:4bd5939adb0a5fc83d76e0d69aa3c5a30bc1a5af8f9df515f44b6fc59a0a4815 let deployment = kubernetes.Deployment::{ @@ -152,7 +152,7 @@ let map = Prelude.List.map let kv = Prelude.JSON.keyText let kubernetes = - ../package.dhall sha256:ab1c971ddeb178c1cfc5e749b211b4fe6fdb6fa1b68b10de62aeb543efcd60b3 + ../package.dhall sha256:4bd5939adb0a5fc83d76e0d69aa3c5a30bc1a5af8f9df515f44b6fc59a0a4815 let Service = { name : Text, host : Text, version : Text } diff --git a/1.15/examples/out/aws-iam-authenticator-chart.yaml b/1.15/examples/out/aws-iam-authenticator-chart.yaml new file mode 100644 index 00000000..8eb23ce4 --- /dev/null +++ b/1.15/examples/out/aws-iam-authenticator-chart.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: aws-iam-authenticator + chart: aws-iam-authenticator-0.1.1 + heritage: dhall + release: wintering-rodent + name: wintering-rodent-aws-iam-authenticator +spec: + template: + metadata: + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + labels: + app: aws-iam-authenticator + release: wintering-rodent + name: aws-iam-authenticator + spec: + containers: + - args: + - server + - "--config=/etc/aws-iam-authenticator/config.yaml" + - "--state-dir=/var/aws-iam-authenticator" + - "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml" + image: gcr.io/heptio-images/authenticator:v0.1.0 + name: wintering-rodent-aws-iam-authenticator + volumeMounts: + - mountPath: /etc/aws-iam-authenticator/ + name: config + - mountPath: /var/aws-iam-authenticator/ + name: state + - mountPath: /etc/kubernetes/aws-iam-authenticator/ + name: output + hostNetwork: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: CriticalAddonsOnly + key: Exists + volumes: + - configMap: + name: wintering-rodent-aws-iam-authenticator + name: config + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: output + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: state + updateStrategy: + type: RollingUpdate diff --git a/1.16/Prelude.dhall b/1.16/Prelude.dhall new file mode 100644 index 00000000..6996e86a --- /dev/null +++ b/1.16/Prelude.dhall @@ -0,0 +1,29 @@ +{- This file provides a central `Prelude` import for the rest of the library to + use so that the integrity check only needs to be updated in one place + whenever upgrading the interpreter. + + This allows the user to provide their own Prelude import using the + `DHALL_PRELUDE` environment variable, like this: + + ``` + $ export DHALL_PRELUDE='https://prelude.dhall-lang.org/package.dhall sha256:...' + ``` + + Note that overriding the Prelude in this way only works if this repository + is imported locally. Remote imports do not have access to environment + variables and any attempt to import one will fall back to the next available + import. To learn more, read: + + * https://github.com/dhall-lang/dhall-lang/wiki/Safety-guarantees#cross-site-scripting-xss + + This file also provides an import without the integrity check as a slower + fallback if the user is using a different version of the Dhall interpreter. + + This pattern is documented in the dhall-nethack repo: + + * https://github.com/dhall-lang/dhall-nethack/blob/master/Prelude.dhall +-} + + env:DHALL_PRELUDE +? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69 +? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall diff --git a/1.16/examples/out/aws-iam-authenticator-chart.yaml b/1.16/examples/out/aws-iam-authenticator-chart.yaml new file mode 100644 index 00000000..8eb23ce4 --- /dev/null +++ b/1.16/examples/out/aws-iam-authenticator-chart.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: aws-iam-authenticator + chart: aws-iam-authenticator-0.1.1 + heritage: dhall + release: wintering-rodent + name: wintering-rodent-aws-iam-authenticator +spec: + template: + metadata: + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + labels: + app: aws-iam-authenticator + release: wintering-rodent + name: aws-iam-authenticator + spec: + containers: + - args: + - server + - "--config=/etc/aws-iam-authenticator/config.yaml" + - "--state-dir=/var/aws-iam-authenticator" + - "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml" + image: gcr.io/heptio-images/authenticator:v0.1.0 + name: wintering-rodent-aws-iam-authenticator + volumeMounts: + - mountPath: /etc/aws-iam-authenticator/ + name: config + - mountPath: /var/aws-iam-authenticator/ + name: state + - mountPath: /etc/kubernetes/aws-iam-authenticator/ + name: output + hostNetwork: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: CriticalAddonsOnly + key: Exists + volumes: + - configMap: + name: wintering-rodent-aws-iam-authenticator + name: config + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: output + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: state + updateStrategy: + type: RollingUpdate diff --git a/1.17/Prelude.dhall b/1.17/Prelude.dhall new file mode 100644 index 00000000..6996e86a --- /dev/null +++ b/1.17/Prelude.dhall @@ -0,0 +1,29 @@ +{- This file provides a central `Prelude` import for the rest of the library to + use so that the integrity check only needs to be updated in one place + whenever upgrading the interpreter. + + This allows the user to provide their own Prelude import using the + `DHALL_PRELUDE` environment variable, like this: + + ``` + $ export DHALL_PRELUDE='https://prelude.dhall-lang.org/package.dhall sha256:...' + ``` + + Note that overriding the Prelude in this way only works if this repository + is imported locally. Remote imports do not have access to environment + variables and any attempt to import one will fall back to the next available + import. To learn more, read: + + * https://github.com/dhall-lang/dhall-lang/wiki/Safety-guarantees#cross-site-scripting-xss + + This file also provides an import without the integrity check as a slower + fallback if the user is using a different version of the Dhall interpreter. + + This pattern is documented in the dhall-nethack repo: + + * https://github.com/dhall-lang/dhall-nethack/blob/master/Prelude.dhall +-} + + env:DHALL_PRELUDE +? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall sha256:771c7131fc87e13eb18f770a27c59f9418879f7e230ba2a50e46f4461f43ec69 +? https://raw.githubusercontent.com/dhall-lang/dhall-lang/v10.0.0/Prelude/package.dhall diff --git a/1.17/README.md b/1.17/README.md index 96143bf5..e562139a 100644 --- a/1.17/README.md +++ b/1.17/README.md @@ -53,7 +53,7 @@ In the following example, we: -- examples/deploymentSimple.dhall let kubernetes = - ../package.dhall sha256:ab1c971ddeb178c1cfc5e749b211b4fe6fdb6fa1b68b10de62aeb543efcd60b3 + ../package.dhall sha256:e9c55c7ff71f901314129e7ef100c3af5ec7a918dce25e06d83fa8c5472cb680 let deployment = kubernetes.Deployment::{ @@ -152,7 +152,7 @@ let map = Prelude.List.map let kv = Prelude.JSON.keyText let kubernetes = - ../package.dhall sha256:ab1c971ddeb178c1cfc5e749b211b4fe6fdb6fa1b68b10de62aeb543efcd60b3 + ../package.dhall sha256:e9c55c7ff71f901314129e7ef100c3af5ec7a918dce25e06d83fa8c5472cb680 let Service = { name : Text, host : Text, version : Text } diff --git a/1.17/examples/out/aws-iam-authenticator-chart.yaml b/1.17/examples/out/aws-iam-authenticator-chart.yaml new file mode 100644 index 00000000..8eb23ce4 --- /dev/null +++ b/1.17/examples/out/aws-iam-authenticator-chart.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: aws-iam-authenticator + chart: aws-iam-authenticator-0.1.1 + heritage: dhall + release: wintering-rodent + name: wintering-rodent-aws-iam-authenticator +spec: + template: + metadata: + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + labels: + app: aws-iam-authenticator + release: wintering-rodent + name: aws-iam-authenticator + spec: + containers: + - args: + - server + - "--config=/etc/aws-iam-authenticator/config.yaml" + - "--state-dir=/var/aws-iam-authenticator" + - "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml" + image: gcr.io/heptio-images/authenticator:v0.1.0 + name: wintering-rodent-aws-iam-authenticator + volumeMounts: + - mountPath: /etc/aws-iam-authenticator/ + name: config + - mountPath: /var/aws-iam-authenticator/ + name: state + - mountPath: /etc/kubernetes/aws-iam-authenticator/ + name: output + hostNetwork: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: CriticalAddonsOnly + key: Exists + volumes: + - configMap: + name: wintering-rodent-aws-iam-authenticator + name: config + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: output + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: state + updateStrategy: + type: RollingUpdate diff --git a/README.md b/README.md index 96143bf5..e562139a 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ In the following example, we: -- examples/deploymentSimple.dhall let kubernetes = - ../package.dhall sha256:ab1c971ddeb178c1cfc5e749b211b4fe6fdb6fa1b68b10de62aeb543efcd60b3 + ../package.dhall sha256:e9c55c7ff71f901314129e7ef100c3af5ec7a918dce25e06d83fa8c5472cb680 let deployment = kubernetes.Deployment::{ @@ -152,7 +152,7 @@ let map = Prelude.List.map let kv = Prelude.JSON.keyText let kubernetes = - ../package.dhall sha256:ab1c971ddeb178c1cfc5e749b211b4fe6fdb6fa1b68b10de62aeb543efcd60b3 + ../package.dhall sha256:e9c55c7ff71f901314129e7ef100c3af5ec7a918dce25e06d83fa8c5472cb680 let Service = { name : Text, host : Text, version : Text } diff --git a/dhall-kubernetes-generator/src/Main.hs b/dhall-kubernetes-generator/src/Main.hs index 628babc6..2c899ee8 100644 --- a/dhall-kubernetes-generator/src/Main.hs +++ b/dhall-kubernetes-generator/src/Main.hs @@ -11,12 +11,15 @@ import Data.Maybe (maybeToList) import Data.Text (Text, pack) import Data.Void (Void) import Data.Yaml +import Dhall.Core (Expr(..)) import Dhall.Kubernetes.Data (patchCyclicImports) -import Dhall.Kubernetes.Types import Numeric.Natural (Natural) import Text.Megaparsec (Parsec, some, parse, (<|>), errorBundlePretty) import Text.Megaparsec.Char (char, alphaNumChar) +import Dhall.Kubernetes.Types + (DuplicateHandler, ModelName(..), Prefix, Swagger(..)) + import qualified Data.List as List import qualified Data.Map.Strict as Data.Map import qualified Data.Ord as Ord @@ -26,12 +29,15 @@ import qualified Data.Text.Prettyprint.Doc.Render.Text as PrettyText import qualified Dhall.Core as Dhall import qualified Dhall.Format import qualified Dhall.Kubernetes.Convert as Convert +import qualified Dhall.Kubernetes.Types as Types import qualified Dhall.Parser import qualified Dhall.Pretty import qualified Dhall.Util +import qualified GHC.IO.Encoding import qualified Options.Applicative import qualified Text.Megaparsec as Megaparsec import qualified Text.Megaparsec.Char.Lexer as Megaparsec.Lexer +import qualified System.IO import qualified Turtle -- | Top-level program options @@ -43,7 +49,7 @@ data Options = Options } -- | Write and format a Dhall expression to a file -writeDhall :: Turtle.FilePath -> Expr -> IO () +writeDhall :: Turtle.FilePath -> Types.Expr -> IO () writeDhall path expr = do echoStr $ "Writing file '" <> Turtle.encodeString path <> "'" Turtle.writeTextFile path $ pretty expr <> "\n" @@ -129,7 +135,7 @@ parseVersion = Megaparsec.try parseSuffix <|> parsePrefix getVersion :: ModelName -> Maybe Version getVersion ModelName{..} = case Megaparsec.parse parseVersion "" unModelName of - Left errors -> Nothing + Left _ -> Nothing Right version -> Just version preferStableResource :: DuplicateHandler @@ -139,7 +145,7 @@ preferStableResource (_, names) = skipDuplicatesHandler :: DuplicateHandler skipDuplicatesHandler = const Nothing -parseImport :: String -> Expr -> Dhall.Parser.Parser Dhall.Import +parseImport :: String -> Types.Expr -> Dhall.Parser.Parser Dhall.Import parseImport _ (Dhall.Note _ (Dhall.Embed l)) = pure l parseImport prefix e = fail $ "Expected a Dhall import for " <> prefix <> " not:\n" <> show e @@ -190,6 +196,8 @@ parserInfoOptions = main :: IO () main = do + GHC.IO.Encoding.setLocaleEncoding System.IO.utf8 + Options{..} <- Options.Applicative.execParser parserInfoOptions let duplicateHandler = @@ -242,6 +250,17 @@ main = do let schemas = Data.Map.intersectionWithKey toSchema types defaults + let package = + Combine + (Embed (Convert.mkImport prefixMap [ ] "schemas.dhall")) + (RecordLit + [ ( "IntOrString" + , Field (Embed (Convert.mkImport prefixMap [ ] "types.dhall")) "IntOrString" + ) + , ( "Resource", Embed (Convert.mkImport prefixMap [ ] "typesUnion.dhall")) + ] + ) + -- Output schemas that combine both the types and defaults Turtle.mktree "schemas" for_ (Data.Map.toList schemas) $ \(ModelName name, expr) -> do @@ -259,8 +278,10 @@ main = do typesUnionPath = "./typesUnion.dhall" defaultsRecordPath = "./defaults.dhall" schemasRecordPath = "./schemas.dhall" + packageRecordPath = "./package.dhall" writeDhall typesUnionPath (Dhall.Union $ fmap Just typesMap) writeDhall typesRecordPath (Dhall.RecordLit typesMap) writeDhall defaultsRecordPath (Dhall.RecordLit defaultsMap) writeDhall schemasRecordPath (Dhall.RecordLit schemasMap) + writeDhall packageRecordPath package diff --git a/examples/out/aws-iam-authenticator-chart.yaml b/examples/out/aws-iam-authenticator-chart.yaml new file mode 100644 index 00000000..8eb23ce4 --- /dev/null +++ b/examples/out/aws-iam-authenticator-chart.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: aws-iam-authenticator + chart: aws-iam-authenticator-0.1.1 + heritage: dhall + release: wintering-rodent + name: wintering-rodent-aws-iam-authenticator +spec: + template: + metadata: + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + labels: + app: aws-iam-authenticator + release: wintering-rodent + name: aws-iam-authenticator + spec: + containers: + - args: + - server + - "--config=/etc/aws-iam-authenticator/config.yaml" + - "--state-dir=/var/aws-iam-authenticator" + - "--generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml" + image: gcr.io/heptio-images/authenticator:v0.1.0 + name: wintering-rodent-aws-iam-authenticator + volumeMounts: + - mountPath: /etc/aws-iam-authenticator/ + name: config + - mountPath: /var/aws-iam-authenticator/ + name: state + - mountPath: /etc/kubernetes/aws-iam-authenticator/ + name: output + hostNetwork: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: CriticalAddonsOnly + key: Exists + volumes: + - configMap: + name: wintering-rodent-aws-iam-authenticator + name: config + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: output + - hostPath: + path: /srv/kubernetes/aws-iam-authenticator/ + name: state + updateStrategy: + type: RollingUpdate diff --git a/nix/dhall-kubernetes.nix b/nix/dhall-kubernetes.nix index f6820467..6af074d0 100644 --- a/nix/dhall-kubernetes.nix +++ b/nix/dhall-kubernetes.nix @@ -1,4 +1,4 @@ -{ fetchurl, make-dhall-kubernetes, lib, stdenv }: +{ fetchurl, make-dhall-kubernetes-package, lib, stdenv }: let kubernetesDirectory = ./kubernetes; @@ -17,7 +17,7 @@ let let spec = stdenv.mkDerivation { - name = "kubernetes-openapi-spec-${version}"; + name = "kubernetes-${version}"; src = fetchurl { @@ -35,7 +35,7 @@ let ''; }; in - make-dhall-kubernetes spec; + make-dhall-kubernetes-package spec; }; in diff --git a/nix/kubernetes/1.6.3.txt b/nix/kubernetes/1.6.3.txt deleted file mode 100644 index 18bc6da5..00000000 --- a/nix/kubernetes/1.6.3.txt +++ /dev/null @@ -1 +0,0 @@ -08yzbcigmy35qi7xbpcm3sxbfw2bhvna2m6rqqnzfh64bl13c219 diff --git a/nix/make-dhall-kubernetes.nix b/nix/make-dhall-kubernetes.nix deleted file mode 100644 index 4e707a5c..00000000 --- a/nix/make-dhall-kubernetes.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ coreutils -, dhall -, dhall-json -, dhallPackages -, glibcLocales -, haskellPackages -, lib -, python3 -, stdenv -}: - -spec: - -let - # Ignore generated files - ignoreOutputs = - name: type: - !(lib.elem name - (map toString - [ ../README.md - ../types - ../defaults - ../schemas - ../defaults.dhall - ../types.dhall - ../typesUnion.dhall - ../schemas.dhall - ] - ) - ); - -in - stdenv.mkDerivation { - name = "dhall-kubernetes"; - - DHALL_PRELUDE = "${dhallPackages.prelude}/package.dhall"; - - XDG_CACHE_HOME = "."; - - buildInputs = - [ dhall - dhall-json - python3 - glibcLocales - ]; - - buildPhase = '' - patchShebangs ./scripts/build-readme.sh - - ./scripts/build-readme.sh - - ${coreutils}/bin/mkdir -p types defaults - - ${haskellPackages.dhall-kubernetes-generator}/bin/dhall-kubernetes-generator '${spec}' - - for file in ./types.dhall ./typesUnion.dhall ./defaults.dhall ./schemas.dhall ./package.dhall ./examples/*.dhall; do - echo "Freezing file '$file'" - - ${dhall}/bin/dhall freeze --all --inplace "$file" - done - ''; - - checkPhase = '' - patchShebangs ./scripts/build-examples.py - - patchShebangs ./scripts/check-source.py - - LC_ALL=en_US.UTF-8 ./scripts/check-source.py - - mkdir -p tmp - - LC_ALL=en_US.UTF-8 ./scripts/build-examples.py tmp - ''; - - installPhase = '' - ${coreutils}/bin/mkdir --parents "$out" - - cp -r types defaults schemas examples types.dhall defaults.dhall typesUnion.dhall schemas.dhall package.dhall README.md "$out" - ''; - - src = - lib.cleanSourceWith - { filter = ignoreOutputs; src = lib.cleanSource ./..; }; -} diff --git a/nix/nixpkgs.nix b/nix/nixpkgs.nix index 966e819c..02779e58 100644 --- a/nix/nixpkgs.nix +++ b/nix/nixpkgs.nix @@ -6,41 +6,138 @@ let ref = "refs/heads/nixos-unstable"; }; - config = { - packageOverrides = pkgs: rec { - make-dhall-kubernetes = pkgs.callPackage ./make-dhall-kubernetes.nix {}; + overlay = pkgsNew: pkgsOld: { + make-dhall-kubernetes = + spec: + pkgsNew.runCommand "dhall-${spec.name}" {} '' + ${pkgsNew.coreutils}/bin/mkdir -p $out - dhall-kubernetes = pkgs.callPackage ./dhall-kubernetes.nix {}; + cd $out - haskellPackages = pkgs.haskellPackages.override (old: { - overrides = - let - previous = old.overrides or (_: _: {}); + ${pkgsNew.haskellPackages.dhall-kubernetes-generator}/bin/dhall-kubernetes-generator '${spec}' + ''; - packages = pkgs.haskell.lib.packageSourceOverrides { - dhall = "1.27.0"; + make-dhall-kubernetes-package = + spec: + let + drv = pkgsNew.make-dhall-kubernetes spec; - dhall-json = "1.5.0"; + kubernetesFiles = [ + "defaults.dhall" + "package.dhall" + "schemas.dhall" + "types.dhall" + "typesUnion.dhall" + ]; - dhall-kubernetes-generator = ../dhall-kubernetes-generator; - }; + examples = [ + "aws-iam-authenticator-chart" + "deployment" + "deploymentSimple" + "ingress" + "service" + ]; - manual = haskellPackagesNew: haskellPackagesOld: { - dhall = pkgs.haskell.lib.dontCheck haskellPackagesOld.dhall; + exampleFiles = + let + exampleToLocal = example: "examples/${example}.dhall"; - dhall-json = - pkgs.haskell.lib.dontCheck haskellPackagesOld.dhall-json; - }; + in + map exampleToLocal examples; - in - pkgs.lib.fold pkgs.lib.composeExtensions (_: _: {}) - [ previous - packages - manual - ]; - } - ); - }; + copiedFiles = + exampleFiles ++ [ "Prelude.dhall" "docs/README.md.dhall" ]; + + frozenFiles = kubernetesFiles ++ exampleFiles; + + checkedFiles = frozenFiles; + + copyKubernetes = + file: + "${pkgsNew.coreutils}/bin/cp ${drv}/${file} $out/${file}"; + + copyLocal = + file: + "${pkgsNew.coreutils}/bin/cp ${./.. + "/${file}"} $out/${file}"; + + freezeFile = + file: + ''echo 'Freezing ./${file}' + ${pkgsNew.dhall}/bin/dhall freeze --all --inplace $out/${file} + ''; + + buildExample = + example: + let + inputFile = "examples/${example}.dhall"; + + outputFile = "examples/out/${example}.yaml"; + + in + ''echo './${inputFile} → ./${outputFile}' + ${pkgsNew.dhall-json}/bin/dhall-to-yaml --omitEmpty --file $out/${inputFile} > $out/${outputFile} + ''; + + checkFile = + file: + ''echo 'Checking ./${file}' + ${pkgsNew.dhall}/bin/dhall type --quiet --file $out/${file} + ''; + + in + pkgsNew.runCommand "package-${drv.name}" { XDG_CACHE_HOME="."; } '' + ${pkgsNew.coreutils}/bin/mkdir --parents "$out/examples/out" + ${pkgsNew.coreutils}/bin/mkdir --parents "$out/docs" + ${pkgsNew.rsync}/bin/rsync --recursive ${drv}/ $out/ + ${pkgsNew.coreutils}/bin/chmod u+w $out/ + ${pkgsNew.lib.concatMapStringsSep "\n" copyLocal copiedFiles} + ${pkgsNew.coreutils}/bin/chmod u+w --recursive $out/ + ${pkgsNew.lib.concatMapStringsSep "\n" freezeFile frozenFiles} + ${pkgsNew.lib.concatMapStringsSep "\n" checkFile checkedFiles} + ${pkgsNew.lib.concatMapStringsSep "\n" buildExample examples} + ${let + inputFile = "docs/README.md.dhall"; + + outputFile = "README.md"; + + in + ''echo './${inputFile} → ./${outputFile}' + ${pkgsNew.dhall}/bin/dhall text --file $out/${inputFile} > $out/${outputFile} + '' + } + ''; + + dhall-kubernetes = pkgsNew.callPackage ./dhall-kubernetes.nix {}; + + haskellPackages = pkgsOld.haskellPackages.override (old: { + overrides = + let + previous = old.overrides or (_: _: {}); + + packages = pkgsNew.haskell.lib.packageSourceOverrides { + dhall = "1.27.0"; + + dhall-json = "1.5.0"; + + dhall-kubernetes-generator = ../dhall-kubernetes-generator; + }; + + manual = haskellPackagesNew: haskellPackagesOld: { + dhall = pkgsNew.haskell.lib.dontCheck haskellPackagesOld.dhall; + + dhall-json = + pkgsNew.haskell.lib.dontCheck haskellPackagesOld.dhall-json; + }; + + in + pkgsNew.lib.fold pkgsNew.lib.composeExtensions (_: _: {}) + [ previous + packages + manual + ]; + } + ); }; + in - import nixpkgs { inherit config; } + import nixpkgs { config = {}; overlays = [ overlay ]; } diff --git a/scripts/generate.sh b/scripts/generate.sh index dd83cd1a..f0ed7e03 100755 --- a/scripts/generate.sh +++ b/scripts/generate.sh @@ -20,8 +20,8 @@ if DIR=$(nix-build release.nix --attr "\"${VERSION}\"" --no-out-link); then chmod -R u+w "${BASE}/schemas" cp -r "${DIR}/examples" "${BASE}" chmod -R u+w "${BASE}/examples" - cp "${DIR}/types.dhall" "${DIR}/typesUnion.dhall" "${DIR}/defaults.dhall" "${DIR}/schemas.dhall" "${DIR}/package.dhall" "${BASE}" - chmod u+w "${BASE}/types.dhall" "${BASE}/typesUnion.dhall" "${BASE}/defaults.dhall" "${BASE}/schemas.dhall" "${BASE}/package.dhall" + cp "${DIR}/types.dhall" "${DIR}/typesUnion.dhall" "${DIR}/defaults.dhall" "${DIR}/schemas.dhall" "${DIR}/package.dhall" "${DIR}/Prelude.dhall" "${BASE}" + chmod u+w "${BASE}/types.dhall" "${BASE}/typesUnion.dhall" "${BASE}/defaults.dhall" "${BASE}/schemas.dhall" "${BASE}/package.dhall" "${BASE}/Prelude.dhall" cp "${DIR}/README.md" "${BASE}/README.md" chmod u+w "${BASE}/README.md" fi