parity-lib/flake.nix

{
  description = "parity-lib — shared per-archetype publish-app builders for the ~51 parity repos (cluster #192/#193/#194, emmett#44)";

  inputs = {
    # Shared fleet pin so the ~51 consumers stay binary-cache aligned.
    fleet.url = "git+https://git.oleks.space/oleks/fleet-pins";
    nixpkgs.follows = "fleet/nixpkgs-ci";
    flake-utils.url = "github:numtide/flake-utils";
  };

  outputs =
    {
      self,
      nixpkgs,
      flake-utils,
      ...
    }:
    {
      # ---------------------------------------------------------------------
      # lib.* — system-INDEPENDENT entry points. A consumer calls
      #   parity.lib.mkParityBuilders { pkgs = <its own pkgs>; }
      # and gets the six mk*Publish builders back, OR uses the per-builder
      # convenience wrappers below which take pkgs as the first argument.
      # ---------------------------------------------------------------------
      lib =
        let
          builders = pkgs: import ./lib/builders.nix { inherit pkgs; };
          wrap =
            name: pkgs: args:
            (builders pkgs).${name} args;
          imageLayers = import ./lib/image-layers.nix;
        in
        {
          mkParityBuilders = builders;
          # Pkgs-independent nix2container layer-chain helper (lib/image-layers.nix):
          #   parity.lib.foldImageLayers buildLayer [ { deps = …; } … ]
          inherit (imageLayers) foldImageLayers;
          mkPyPiWheelPublish = wrap "mkPyPiWheelPublish";
          mkPyPiWheelPublishMulti = wrap "mkPyPiWheelPublishMulti";
          mkS390xNpmPublish = wrap "mkS390xNpmPublish";
          mkS390xNpmPublishMulti = wrap "mkS390xNpmPublishMulti";
          mkGenericBinaryPublish = wrap "mkGenericBinaryPublish";
          mkNix2ContainerPublish = wrap "mkNix2ContainerPublish";
          mkGoBinaryPublish = wrap "mkGoBinaryPublish";
          mkHelmPublish = wrap "mkHelmPublish";
          mkAtticClosurePublish = wrap "mkAtticClosurePublish";
        };
    }
    // flake-utils.lib.eachDefaultSystem (
      system:
      let
        pkgs = import nixpkgs { inherit system; };
        inherit (pkgs) lib;

        pipelineDoctor = pkgs.writeShellApplication {
          name = "pipeline-doctor";
          runtimeInputs = with pkgs; [
            coreutils
            gnugrep
            gnused
            findutils
            jq
          ];
          text = ''exec bash ${./ci/pipeline-doctor.sh} "$@"'';
        };

        # Smoke check: instantiate a builder with stub args so the apps eval, and
        # exercise foldImageLayers with a stub buildLayer so its contract (each
        # layer gets reproducible=false + the prior layers) can't silently break.
        builders = import ./lib/builders.nix { inherit pkgs; };
        imageLayers = import ./lib/image-layers.nix;
        layerProbe = imageLayers.foldImageLayers (c: c) [
          { deps = [ pkgs.hello ]; }
          { deps = [ pkgs.coreutils ]; }
        ];
        smoke = pkgs.runCommand "parity-lib-smoke" { } ''
          : "${
            builtins.toString (
              lib.attrNames (
                builders.mkPyPiWheelPublish {
                  pname = "demo";
                  version = "0.0.0";
                  wheel = pkgs.hello;
                }
              )
            )
          }"
          ${lib.optionalString (
            builtins.length layerProbe != 2 || (builtins.elemAt layerProbe 1).reproducible
          ) ''echo "foldImageLayers contract broken" >&2; exit 1''}
          touch $out
        '';
      in
      {
        packages = {
          pipeline-doctor = pipelineDoctor;
          default = pipelineDoctor;
        };

        apps.pipeline-doctor = {
          type = "app";
          program = lib.getExe pipelineDoctor;
          meta.description = "Assert the parity contract for a repo and print local-equivalent commands (cluster #193).";
        };

        checks.smoke = smoke;

        formatter = pkgs.nixfmt-rfc-style;
      }
    );
}