ci: Nix flake and devShell #2189
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2189 +/- ##
==========================================
+ Coverage 79.04% 79.06% +0.02%
==========================================
Files 612 612
Lines 106510 106510
Branches 15053 15052 -1
==========================================
+ Hits 84192 84217 +25
+ Misses 21664 21639 -25
Partials 654 654 ☔ View full report in Codecov by Sentry. |
| { | ||
| description = "AWS-LC is a general-purpose cryptographic library"; | ||
|
|
||
| inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; |
There was a problem hiding this comment.
Will we have to keep this up to date? Is there an option for latest?
There was a problem hiding this comment.
Latest is essentially a development branch and comes with the risk of breakage. There are only 2 releases a year (similar to Canonical's cadence), so the version bumps can be infrequent.
|
This would also ease the integration of CBMC once mlkem-native is merged (#2176), as there's a flake specifying the CBMC tooling (https://github.com/pq-code-package/mlkem-native/tree/main/nix/cbmc). |
Issues:
none
Description of changes:
Adds a Nix package flake and a development shell with the tooling needed to build and test aws-lc.
The flake allows other projects, such as s2n-tls, to directly pull aws-lc into a nix Ci environment. The devshell is a self-contained development shell, setup and managed by nix, focused on reproducible builds, and can be helpful for bootstrapping new folks.
Example devshell usage:
Testing:
How is this change tested (unit tests, fuzz tests, etc.)? locally, new action on my fork
Sample output of the GitHub Action: https://github.com/dougch/aws-lc/actions/runs/13296817224/job/37130549429
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.