feat(nix): use crate2nix to cache workspace builds#477
Merged
Conversation
Six superpowers-bridge artifacts for the crane-to-crate2nix build substrate migration, refactored from beads epic ironstar-8g3 via audited two-design synthesis. Bound to Linear CAM-15.
Create openspec/linear.yaml registry (project ironstar-build-performance) and record the T1 Backlog->Todo transition in the proposal D10 ledger.
Task 1 of migrate-crane-to-crate2nix: locked crate2nix input (0.15.0), just regenerate-cargo-nix recipe pinned via --inputs-from, generated default-features Cargo.nix (576 crates, per-member src keystone verified). Crane substrate untouched.
Task 2 of migrate-crane-to-crate2nix: ironstarCrateOverrides (libduckdb-sys, aws-lc-sys, ring), Cargo.nix import with pinned toolchain threading, per-member injected source trees for the two parent-reaching members (embed parity with crane verified byte-identical), package-set-invariant exclusions. Additive: crane ironstar drvPath unchanged; eval ratio 1.23x vs crane baseline.
First tasks.md checkbox checked (task 1 bootstrap complete) fired the apply gate; CAM-15 moved to In Progress and the D10 ledger appended the transition.
Task 3: crane-free mkWorkspaceGate via importCargoLock + cargoSetupHook with exact flag parity (cargo-profile dev, default nextest profile, --deny warnings); 933 passed / 5 network-ignored skipped reproduced twice; 20 per-crate *-test/*-clippy packages deleted; 14-check surface unchanged.
Task 4: regenerate-lock-files.yaml extended with Cargo.lock/Cargo.toml trigger paths and a regenerate+amend step pair mirroring bun.nix; regenerate-cargo-nix flake app wrapping the pinned crate2nix input; cargo-nix-lock-sync no-network staleness check (package-scoped parsing, red-on-mismatch demonstrated). Check surface 14 -> 15.
Synthetic Renovate-style bumps, crane vs crate2nix dry-run rebuild sets: shallow (adler2) 13/504 crates (2.6%) vs crane's invariant whole-blob; deep (libc) 135/504 (27%) vs whole-blob. Supports go on the cache-granularity criterion for the task-5 swap.
10 of 11 members at exact parity (696 passed + 2 ignored matching per-member baselines); buildRustCrate builds lib AND tests/ integration targets; granularity confirmed (leaf edit rebuilds 2 of 11 test suites); single blocker is a darwin dSYM cp defect in the crate2nix test runner, fixable without Cargo.nix edits.
Gate-shape revision per the runTests parity experiment: 11 per-member checks on the per-crate graph replace the monolithic nextest gate; crane-sliver fallback removed from the design; workspace-clippy remains the sole cargo gate with a crane-free deps-prebuild as optional follow-up.
11 runTests checks reusing the per-crate rlib graph (one build of every crate, shared by binary and tests); workspace-test becomes a zero-cost linkFarm aggregate; darwin dSYM fix via crate-override postInstall (parity with crane's bare-binary install); 933/5 envelope reconstructed exactly; leaf edit reruns 2 of 11 suites. Check surface 15 -> 26.
Task 4b minimal slice: snapshot-as-envelope + invariants-as-regulator (sibling of cargo-nix-lock-sync), hermeticity correction (no recursive nix in sandbox; snapshot is a committed regenerated artifact), canonical system x86_64-linux, Rust-core roots, persistent duplication pinned-as-baseline. Full observability program deferred to follow-up.
build-graph-snapshot app (nix derivation show -r + hash-free normalization over 16 canonical x86_64-linux Rust-core roots), committed snapshot envelope + baseline ceilings, pure content-addressed build-graph-invariants check (red-on-ceiling-breach demonstrated), just regenerate-build-graph-snapshot recipe, Renovate workflow lockstep step. Check surface 26 -> 27. Baseline-zero locks the coexistence topology so tasks 5-6 land as measured deltas.
Task 5: packages.ironstar/ironstar-release are now the crate2nix builds (drv-identical to the -c2n names: zero rebuilds); crane buildPackage definitions deleted; checks.ironstar follows via inherit; transition exclusions removed from package-set-invariant; build-graph snapshot/baseline root keys migrated (ceiling values unchanged). E2E 22/1-skip against the c2n binary; post-swap one-dep-bump cone demo: 13 derivations, matching pre-swap.
Task 6: crane input, crane.cachix.org substituter, and all crane machinery removed; crane-free source filter verified byte-identical (zero rebuilds); dead nix-unit input removed; workflows README updated to the live 27-check surface; build-graph snapshot byte-identical and regulator green; final one-dep-bump cone demo: 13 derivations rebuild, ~565 deps + 7 members stay cached.
cameronraysmith
force-pushed
the
ironstar-8g3-crate2nix-migration
branch
from
217c03d to
445da5b
Compare
Rephrase load-bearing comments durably (rust-embed empty-folder footgun, content-addressed member-src names) and drop design-ruling citations, task numbers, and migration-phase narration from production code and the workflows README.
Verify pass failed on artifact drift: the delta spec still encoded the superseded monolithic-gate contract (nextest mandate, runTests prohibition, exactly-14 surface). Rewrite the test/clippy requirement to the as-built per-member shape, add the build-graph envelope/regulator requirement, reconcile proposal and design figures (27 checks, 933/5 envelope), and drop residual nix-unit comment references. Code untouched.
Re-adjudicated after artifact reconciliation: 0 critical, 0 warning, 2 carried suggestions (Renovate-gated live dry-run deferral; single-system baseline + frozen member-src names, both with recorded rationale). Overall decision: pass.
verify.md checked PASS after artifact reconciliation; one re-queue crossing recorded (review_round 1) with the dropped FAIL attempt preserved in the ledger. CAM-15 description refreshed to the as-built figures.
cameronraysmith
force-pushed
the
ironstar-8g3-crate2nix-migration
branch
from
c5b4617 to
fed46d1
Compare
cameronraysmith
changed the title
…on-gating end state Re-round opsx:verify (2026-06-14) confirmed the build-graph regulator demotion reduced the flake check surface 27->26 with build-graph-invariants absent from .#checks. Regenerate migrate-crane-to-crate2nix verify.md and measurements.md, correct residual 27/build-graph-invariants references in proposal.md and tasks.md, and add the first verify.md for add-build-graph-compendium.
cameronraysmith
added
the
author-approved
![mergify[bot]](https://avatars.githubusercontent.com/in/10562?s=60&v=4){kind=small}
Merge Queue Status
This pull request spent 10 seconds in the queue, including 2 seconds running CI. Required conditions to merge
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.