Update nix/rust

[0xgleb]

Motivation

We need the latest version of alloy to upgrade to the new versions of the interpreter/orderbook, we need a newer version of Rust to upgrade to the latest alloy, and we need to bump up rainix to upgrade to the latest version of Rust.

Solution

This PR bumps up Rust/rainix. Following PR will upgrade alloy, alloy-ethers-typecast, and rain.erc

Checks

By submitting this for review, I'm confirming I've done the following:

• made this PR as small as possible
• unit-tested any new functionality
• linked any relevant issues or PRs
• included screenshots (if this involves a front-end change)

Summary by CodeRabbit

• Chores
  • Updated continuous integration workflows to use improved Nix installation and caching actions, enhancing reliability and performance.
  • Added .direnv/ to .gitignore to prevent local environment files from being tracked.
  • Introduced a new .envrc file for better local environment setup with Nix and direnv.
• Style
  • Standardized formatting in configuration and documentation files for improved readability.
• Refactor
  • Simplified and reformatted various configuration files without changing functionality.

[coderabbitai]

Walkthrough

This update refactors GitHub Actions workflows to use new Nix installation and caching actions, updates environment setup files for direnv and Nix, and makes minor formatting improvements to configuration and source files. No functional changes to application logic or public APIs are introduced.

Changes

Files/Groups	Change Summary
.github/workflows/*.yaml, *.yml	Replaced DeterminateSystems Nix actions with nixbuild/nix-quick-install-action and nix-community/cache-nix-action; updated cache keys and Nix options; minor formatting tweaks.
.envrc	Added new file to set up direnv with Nix, ensuring a specific nix-direnv version and watching flake files.
.gitignore	Added .direnv/ to ignored files and removed a trailing blank line.
Cargo.toml	Reformatted [workspace] members to single-line and removed author from [workspace.package].
crates/bindings/Cargo.toml, crates/cli/Cargo.toml, crates/metaboard/Cargo.toml	Removed author.workspace = true from [package] sections.
crates/cli/src/lib.rs	Adjusted indentation in documentation comments for feature descriptions.
crates/cli/src/meta/mod.rs	Removed explicit return statements in methods and simplified error formatting in deserialization.
flake.nix	Simplified attribute set structure, removed rec, and reformatted build input lists.

Sequence Diagram(s)

sequenceDiagram
    participant Developer
    participant GitHub Actions Runner
    participant Nix Installer
    participant Nix Cache

    Developer->>GitHub Actions Runner: Push code / trigger workflow
    GitHub Actions Runner->>Nix Installer: Install Nix (nixbuild/nix-quick-install-action)
    GitHub Actions Runner->>Nix Cache: Restore Nix store cache (nix-community/cache-nix-action)
    GitHub Actions Runner->>GitHub Actions Runner: Run build/test/deploy steps
    GitHub Actions Runner->>Nix Cache: Save updated Nix store cache

Loading

Possibly related PRs

• fix nix #69: Both PRs update GitHub Actions workflows to use the same new Nix installation and caching actions, directly modifying the same workflow logic.

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 29c71fe and c77cdae.

⛔ Files ignored due to path filters (1)

• flake.lock is excluded by !**/*.lock

📒 Files selected for processing (15)

• .envrc (1 hunks)
• .github/workflows/deploy-subgraph.yaml (2 hunks)
• .github/workflows/manual-rs-release.yml (1 hunks)
• .github/workflows/manual-sol-artifacts.yml (2 hunks)
• .github/workflows/manual-subgraph-deploy.yml (1 hunks)
• .github/workflows/rainix.yaml (2 hunks)
• .github/workflows/subgraph-test.yaml (1 hunks)
• .gitignore (1 hunks)
• Cargo.toml (1 hunks)
• crates/bindings/Cargo.toml (0 hunks)
• crates/cli/Cargo.toml (0 hunks)
• crates/cli/src/lib.rs (1 hunks)
• crates/cli/src/meta/mod.rs (4 hunks)
• crates/metaboard/Cargo.toml (1 hunks)
• flake.nix (2 hunks)

💤 Files with no reviewable changes (2)

• crates/bindings/Cargo.toml
• crates/cli/Cargo.toml

🔇 Additional comments (27)

crates/metaboard/Cargo.toml (1)

23-23: Confirm addition of codegen dependency.
The new cynic-codegen = { version = "3" } under [build-dependencies] adds the codegen tool required for building the subgraph. Please verify this version aligns with other crates and that omitting workspace = true is intentional.

.gitignore (1)

5-5: Ignore direnv directory.
Adding .direnv/ ensures that environment-specific state managed by direnv isn’t committed, keeping the repo clean.

crates/cli/src/lib.rs (2)

20-22: Align documentation comment indentation.
Reindented the lines describing the cli feature to match the existing style; this is purely cosmetic.

---

25-28: Normalize tokio-full doc indentation.
Adjusted indentation for the tokio-full feature documentation to improve consistency.

Cargo.toml (1)

3-3: Compact workspace members list.
Converted the members array into a single-line entry for conciseness; no functional impact.

flake.nix (4)

14-16: Simplify packages attribute by removing rec.
Changed packages from a recursive set to a plain attribute set, which streamlines the flake structure without changing behavior.

---

33-36: Condense buildInputs and nativeBuildInputs.
Reformatted these dependency lists into a more compact layout; semantic behavior remains unchanged.

---

43-44: Clarify devShells native build inputs.
Switched to an explicit multi-line assignment for nativeBuildInputs, improving readability in the dev shell configuration.

---

46-46: Adjust closing bracket indentation.
Aligned the closing }); with the eachDefaultSystem invocation for consistent formatting.

.envrc (2)

7-10: Good practice: File watching and flake usage.

The configuration correctly watches for changes in flake.lock and flake.nix to trigger environment reloads, and uses the flake with appropriate verbose flags for debugging.

---

1-5:

Details

❓ Verification inconclusive

Verify the nix-direnv download URL and SHA256 hash for security.

The configuration downloads nix-direnv from GitHub with a pinned hash. While this is a security best practice, we should verify the hash is correct and the URL is legitimate.

---

🏁 Script executed:

#!/bin/bash
# Description: Verify the SHA256 hash matches the downloaded content from the nix-direnv URL

URL="https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc"
EXPECTED_HASH="sha256-RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM="

# Download the file and compute its hash
ACTUAL_HASH=$(curl -s "$URL" | sha256sum | cut -d' ' -f1)
EXPECTED_HASH_DECODED=$(echo "$EXPECTED_HASH" | sed 's/sha256-//' | base64 -d | xxd -p -c 256)

echo "Expected hash: $EXPECTED_HASH_DECODED"
echo "Actual hash: $ACTUAL_HASH"

if [ "$ACTUAL_HASH" = "$EXPECTED_HASH_DECODED" ]; then
    echo "✓ Hash verification passed"
else
    echo "✗ Hash verification failed"
fi

Length of output: 861

---

🏁 Script executed:

#!/usr/bin/env bash
python3 - << 'EOF'
import hashlib, base64, urllib.request
url = "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc"
expected_b64 = "RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM="
# Fetch file
data = urllib.request.urlopen(url).read()
# Compute actual SHA256 hex
actual_hex = hashlib.sha256(data).hexdigest()
# Decode expected base64 to hex
expected_hex = base64.b64decode(expected_b64).hex()
print(f"Actual:   {actual_hex}")
print(f"Expected: {expected_hex}")
print("Match:    {}".format(actual_hex == expected_hex))
EOF

Length of output: 2593

---

🏁 Script executed:

#!/usr/bin/env bash
# Alternative SHA256 verification using curl -k and openssl
URL="https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc"
EXPECTED_B64="RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM="

# Fetch content ignoring certificate issues, compute SHA256 and encode in base64
ACTUAL_B64=$(curl -s -k "$URL" \
  | openssl dgst -sha256 -binary \
  | openssl enc -base64 \
  | tr -d '\n')

echo "Expected: $EXPECTED_B64"
echo "Actual:   $ACTUAL_B64"

if [ "$ACTUAL_B64" = "$EXPECTED_B64" ]; then
  echo "✓ Hash verification passed"
else
  echo "✗ Hash verification failed"
fi

Length of output: 781

---

Manual Verification Required: Confirm nix-direnv SHA256
The sandbox environment lacks the necessary tools to validate the hash. Please run this locally and ensure the output matches the pinned value:

curl -L https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc \
  | sha256sum \
  | awk '{print "sha256-" $1}'

Expected:

sha256-RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM=

crates/cli/src/meta/mod.rs (4)

339-341: Good style improvement: Removed unnecessary reference operator.

The change from &format!(...) to format!(...) is correct since format!() already returns a String that can be consumed directly by the error constructor.

---

808-808: Good style improvement: Using implicit return.

Removing the explicit return statement follows Rust conventions for functions where the last expression is the return value.

---

819-819: Good style improvement: Using implicit return.

Consistent with Rust idioms for implicit returns in the final expression of a function.

---

830-830: Good style improvement: Using implicit return.

Both changes correctly remove explicit return statements in favor of implicit returns, making the code more idiomatic.

Also applies to: 835-835

.github/workflows/manual-rs-release.yml (1)

13-28:

Details

✅ Verification successful

Verify the legitimacy and current versions of the new GitHub actions.

The workflow has been updated to use newer Nix installation and caching actions. While the configuration looks reasonable, we should verify these actions are legitimate and up-to-date.

The cache configuration with 1GB garbage collection limit and OS-specific cache keys looks appropriate for CI optimization.

---

🌐 Web query:

Are nixbuild/nix-quick-install-action@v30 and nix-community/cache-nix-action@v6 legitimate and actively maintained GitHub actions?

💡 Result:

Based on the search results, I can provide information about the GitHub actions you're asking about.

nixbuild/nix-quick-install-action

This GitHub Action is legitimate and appears to be actively maintained. It installs Nix in single-user mode and is designed to be extremely fast, adding almost no time to your workflow's running time[1][2]. The installation is deterministic and supports all Linux and macOS runners[2].

Key features of nixbuild/nix-quick-install-action include:

• Single-user installation (no nix-daemon)
• Very fast installation times (approximately 1 second on Linux, 5 seconds on macOS)[2]
• Deterministic installation process[1]

According to benchmarks, it's one of the fastest Nix installer actions available, taking only about 2 seconds on Ubuntu and 14 seconds on macOS, which is significantly faster than alternatives like cachix/install-nix-action and DeterminateSystems/nix-installer-action[5].

nix-community/cache-nix-action

This GitHub Action is also legitimate and actively maintained. It's part of the nix-community organization and is designed to cache dependencies and build outputs to improve workflow execution time[6][10].

Key features of nix-community/cache-nix-action include:

• Caching the Nix store to speed up workflows[10]
• Integration with other Nix actions (it requires nix-quick-install-action)[4]
• Support for both Linux and macOS platforms[4]
• Advanced garbage collection and cache management features[6]
• Ability to purge old caches based on configurable criteria[6]

The action is used by 244 open-source projects according to Step Security's analysis, indicating widespread adoption in the community[10]. It was updated just 4 days ago (as of the search results date), suggesting active maintenance[10].

Both actions are part of a broader ecosystem of Nix-related GitHub Actions that help establish efficient CI workflows for Nix-based projects[7][8]. They can be used together in workflows, with nix-quick-install-action providing fast Nix installation and cache-nix-action handling caching to improve subsequent builds[4][7].

Citations:

• 1: https://github.com/nixbuild/nix-quick-install-action
• 2: https://github.com/marketplace/actions/nix-quick-install
• 3: https://github.com/cachix/install-nix-action
• 4: https://github.com/nix-community/cache-nix-action
• 5: https://discourse.nixos.org/t/which-github-nix-installer-action-is-faster/25878
• 6: https://github.com/nix-community/cache-nix-action/blob/main/README.md
• 7: https://nix.dev/guides/recipes/continuous-integration-github-actions.html
• 8: https://discourse.nixos.org/t/cachix-nix-install-actions-for-github/4242
• 9: https://github.com/nixbuild/nixbuild-action
• 10: https://app.stepsecurity.io/action-advisor/nix-community/cache-nix-action

---

Verified: Nix GitHub Actions are legitimate and up-to-date

Both nixbuild/nix-quick-install-action@v30 and nix-community/cache-nix-action@v6 are actively maintained, widely adopted, and align with best practices for fast Nix installation and store caching. The Nix configuration (keep-env-derivations, keep-outputs) and 1 GB GC limit are appropriate for CI optimization.

• File: .github/workflows/manual-rs-release.yml (lines 13–28)

.github/workflows/manual-subgraph-deploy.yml (1)

15-30: Consistent Nix setup modernization.

This workflow uses the same updated Nix installation and caching strategy as the other workflow files, which provides consistency across the CI pipeline. The configuration is identical and appropriate.

.github/workflows/subgraph-test.yaml (2)

15-19: Verify nix-quick-install-action usage and version
The replacement of the old installer with nixbuild/nix-quick-install-action@v30 looks correct, but please confirm against the action’s v30 documentation that the keep-env-derivations and keep-outputs flags are supported and spelled correctly.

---

20-30: Approve Nix store caching configuration
The new nix-community/cache-nix-action@v6 step provides a solid caching strategy using a composite key and fallback prefixes, with GC limits to cap the store size. Ensure that gc-max-store-size-linux: 1G is accepted by the action (some versions require a bytes-only value).

.github/workflows/manual-sol-artifacts.yml (2)

6-6: Style: Consistent YAML quoting
Switching to double quotes for the description field aligns with other workflows and has no functional impact.

---

44-49: Apply standardized Nix setup and caching
Replacing the old Nix installer/cache actions with nix-quick-install-action@v30 and cache-nix-action@v6 mirrors other workflows and keeps CI consistent.

.github/workflows/deploy-subgraph.yaml (3)

6-6: Style: Update YAML quoting
Changing the description field to double quotes is purely stylistic and consistent with the other workflows.

---

35-39: Apply new Nix installer with proper flags
The switch to nixbuild/nix-quick-install-action@v30 with keep-env-derivations and keep-outputs matches the rest of the CI pipelines and looks correct.

---

40-50: Approve caching step
The nix-community/cache-nix-action@v6 configuration is consistent with the subgraph-test workflow and should efficiently reuse the Nix store.

.github/workflows/rainix.yaml (3)

32-37: Standardize Nix environment setup
Switching to nixbuild/nix-quick-install-action@v30 with the same Nix configuration flags ensures that all CI jobs share the same installation behavior.

---

38-47: Approve Nix store cache configuration
The caching step with a composite key and GC cap aligns with the other workflows and helps keep runner storage in check.

---

58-58: Encapsulate cargo build in Nix dev shell
Running the wasm target build via nix develop -c guarantees the correct environment—this is a solid integration.

[coderabbitai]

🧹 Nitpick (assertive)

Cleanup: Remove unused commented-out step
The commented-out nix develop --command rainix-sol-prelude line appears vestigial. Consider removing it to declutter the workflow.

🤖 Prompt for AI Agents

In .github/workflows/manual-sol-artifacts.yml at line 61, there is a
commented-out step running `nix develop --command rainix-sol-prelude` that is no
longer used. Remove this commented-out line entirely to clean up and declutter
the workflow file.

[0xgleb]

This is not relevant for this PR

[coderabbitai]

@0xgleb, understood! You're right that cleaning up commented code falls outside the scope of this PR, which is focused on upgrading Rust and rainix versions. I'll note that this suggestion can be addressed in a future cleanup effort if desired.