Add attic-client (s390x) and geesefs to flake-hub, rewrite CI in xonsh

Move attic-client s390x cross-compilation from building/s390x/attic-client-s390x and geesefs from building/s390x/geesefs-s390x into flake-hub. Replace ci/build.sh with ci/build.xsh. All packages now built and pushed to attic via the existing Woodpecker pipeline on push to main.
2026-03-15 13:09:05 +02:00
parent 776a0e23ea
commit 49fd58b363
5 changed files with 135 additions and 26 deletions
@@ -29,7 +29,7 @@ steps:
          kubernetes.io/arch: amd64
    commands:
      - sh ci/setup.sh
-      - sh ci/build.sh x86_64-linux
+      - xonsh ci/build.xsh x86_64-linux

  - name: build-aarch64-linux
    image: git.oleks.space/oleks/nix-ci:latest
@@ -45,7 +45,7 @@ steps:
          kubernetes.io/arch: arm64
    commands:
      - sh ci/setup.sh
-      - sh ci/build.sh aarch64-linux
+      - xonsh ci/build.xsh aarch64-linux

  - name: build-s390x-linux
    image: git.oleks.space/oleks/nix-ci:latest
@@ -61,4 +61,4 @@ steps:
          kubernetes.io/arch: amd64
    commands:
      - sh ci/setup.sh
-      - sh ci/build.sh s390x-linux
+      - xonsh ci/build.xsh s390x-linux
@@ -1,22 +0,0 @@
-#!/bin/sh
-# Build all flake-hub packages and push to attic
-set -e
-
-ARCH="$1"
-ATTIC_CACHE="attic-infra-cache-k3s-1"
-ATTIC_SERVER="https://nix-cache-upload.oleks.space"
-
-echo "=== Building flake-hub packages for ${ARCH} ==="
-
-# Setup attic
-attic=$(nix build --inputs-from . nixpkgs#attic-client --print-out-paths --no-link)/bin/attic
-"${attic}" login ci "${ATTIC_SERVER}" "${ATTIC_TOKEN}"
-
-echo "Building packages..."
-out=$(nix build ".#packages.${ARCH}.hello-world" --print-build-logs --print-out-paths --no-link)
-"${attic}" push "${ATTIC_CACHE}" "${out}"
-
-out=$(nix build ".#packages.${ARCH}.xonsh" --print-build-logs --print-out-paths --no-link)
-"${attic}" push "${ATTIC_CACHE}" "${out}"
-
-echo "✅ Build completed for ${ARCH}"
@@ -0,0 +1,29 @@
+#!/usr/bin/env xonsh
+"""Build all flake-hub packages and push to attic."""
+
+import sys
+
+ARCH = sys.argv[1]
+ATTIC_CACHE = "attic-infra-cache-k3s-1"
+ATTIC_SERVER = "https://nix-cache-upload.oleks.space"
+
+print(f"=== Building flake-hub packages for {ARCH} ===")
+
+# Setup attic
+attic = $(nix build --inputs-from . nixpkgs#attic-client --print-out-paths --no-link).strip() + "/bin/attic"
+@(attic) login ci @(ATTIC_SERVER) $ATTIC_TOKEN
+
+# Common packages (all arches)
+packages = ["hello-world", "geesefs", "xonsh"]
+
+# Cross-only packages
+if ARCH == "s390x-linux":
+    packages += ["attic-client"]
+
+print("Building packages...")
+for pkg in packages:
+    print(f"--- {pkg} ---")
+    out = $(nix build @(f".#packages.{ARCH}.{pkg}") --print-build-logs --print-out-paths --no-link).strip()
+    @(attic) push @(ATTIC_CACHE) @(out)
+
+print(f"Build completed for {ARCH}")
@@ -29,6 +29,7 @@

      mkPackages = pkgs: {
        hello-world = pkgs.callPackage ./packages/hello-world.nix { };
+        geesefs = pkgs.callPackage ./packages/geesefs.nix { };
        xonsh = pkgs.callPackage ./packages/xonsh.nix {
          xonsh-unwrapped = import ./packages/xonsh-unwrapped.nix {
            inherit (pkgs) lib python3Packages fetchFromGitHub;
@@ -36,6 +37,65 @@
        };
      };

+      # Overlays needed for s390x cross-compilation of attic-client
+      s390xOverlays = [
+        # OpenSSL s390x assembly uses z10 instructions (cijne) that the
+        # nix-bootstrapped assembler doesn't recognize
+        (final: prev: {
+          openssl = prev.openssl.overrideAttrs (old: {
+            configureFlags = (old.configureFlags or [ ]) ++ [ "no-asm" ];
+          });
+        })
+        # musl doesn't support s390x long double (IBM double-double format:
+        # LDBL_MANT_DIG=106, sizeof=16). Make musl appear unavailable so
+        # busybox-sandbox-shell uses glibc static instead.
+        (final: prev: {
+          busybox-sandbox-shell = prev.busybox-sandbox-shell.override {
+            musl = prev.musl // {
+              meta = prev.musl.meta // {
+                platforms = [ ];
+              };
+            };
+          };
+        })
+        # libarchive tests fail in k8s pod sandboxes
+        (final: prev: {
+          libarchive = prev.libarchive.overrideAttrs (_: {
+            doCheck = false;
+          });
+        })
+        # nix 2.28 is a direct dependency of attic-client — disable tests
+        # and fix missing RPATH for boost/zstd/libarchive
+        (final: prev: {
+          nixVersions = prev.nixVersions // {
+            nix_2_28 = prev.nixVersions.nix_2_28.overrideAttrs (old: {
+              doCheck = false;
+              doInstallCheck = false;
+              nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ final.patchelf ];
+              postFixup = (old.postFixup or "") + ''
+                for rpath in ${final.boost}/lib ${final.zstd.out}/lib ${final.libarchive.out}/lib; do
+                  patchelf --add-rpath "$rpath" $out/bin/nix
+                  for lib in $out/lib/lib*.so; do
+                    [ -f "$lib" ] && patchelf --add-rpath "$rpath" "$lib"
+                  done
+                done
+              '';
+            });
+          };
+        })
+        # LLVM test failures in CI pod environment — override libllvm
+        # (not llvm) so it propagates through rustc bootstrap chain
+        (final: prev: {
+          llvmPackages = prev.llvmPackages // {
+            libllvm = prev.llvmPackages.libllvm.overrideAttrs (old: {
+              doCheck = false;
+              doInstallCheck = false;
+              nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ prev.gitMinimal ];
+            });
+          };
+        })
+      ];
+
      # Native builds
      native = flake-utils.lib.eachSystem buildSystems (
        system:
@@ -69,6 +129,11 @@
        builtins.map (
          target:
          let
+            targetOverlays =
+              {
+                "s390x-linux" = s390xOverlays;
+              }
+              .${target} or [];
            pkgs = import nixpkgs {
              system = "x86_64-linux";
              crossSystem.config =
@@ -78,12 +143,20 @@
                  }
                  .${target}
                }.config;
+              overlays = targetOverlays;
            };
            packages = mkPackages pkgs;
+            crossOnlyPackages =
+              {
+                "s390x-linux" = {
+                  inherit (pkgs) attic-client;
+                };
+              }
+              .${target} or {};
          in
          {
            name = target;
-            value = packages // {
+            value = packages // crossOnlyPackages // {
              default = packages.hello-world;
            };
          }
@@ -0,0 +1,29 @@
+{
+  lib,
+  buildGoModule,
+  fetchFromGitHub,
+}:
+
+buildGoModule rec {
+  pname = "geesefs";
+  version = "0.43.5";
+
+  src = fetchFromGitHub {
+    owner = "yandex-cloud";
+    repo = "geesefs";
+    rev = "v${version}";
+    hash = "sha256-cfeL7fnxS+UFUlRVLiO09GHuEOvkiH5PkKcoH+jNRhY=";
+  };
+
+  proxyVendor = true;
+  vendorHash = "sha256-p+shpYrPxYLXpW6A4a/5qM90KH+pcMCqZOPoYTE77f0=";
+
+  subPackages = [ "." ];
+
+  meta = {
+    description = "FUSE FS implementation over S3";
+    homepage = "https://github.com/yandex-cloud/geesefs";
+    license = [ lib.licenses.mit ];
+    platforms = lib.platforms.unix;
+  };
+}