build: implement a nix flake

[addisonbeck]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-14844

📔 Objective

Implement a nix flake for the project. It has a ton of capabilities. Primarily it can:

1. Provide fully reproducible builds with locked versions of key build
   technologies like rust, android dependencies, etc. Only Xcode is an
   exception to this.
2. Enable the ability to run all of CIs builds locally in sandboxed
   environments without installing any software permanently on the building
   machine. Build dependencies are garbage collected after use.
3. Automatically setup and maintain complicated, version locked local
   development environments painlessly.

These features enable so many QoL improvements to local development and CI that really imagination is the only limiting factor. A few include:

1. Decoupling us from the Github Actions platform as a necessary part of building our software. Enabling running, enhancing, and debugging CI locally.
2. Outputting identical artifacts between local dev, CI, or anywhere else that a build happens.
3. Encouraging and expanding the use of best-practice tooling (like cargo-nextest), as well as making it easier to use more best-practice tooling without worrying about cluttering dev environments, or communicating a bunch of complicated setup steps every time a new tool is added.
4. Potential cache enhancements such that build artifacts can be shared between environments.

The flake is documented with more detail, including how to get started using it and all of the builds available.

This screenshot shows the output of nix build .#everything - a "build-the-world" job. Everything it does can also be run as smaller groups or even individual builds for specific mobile architectures, crates, checks, etc.

Please note: it doesn't really run in 4 minutes. There's caching at play there. nix build .#everything without any cached dependencies takes about 30 minutes on my M2 MacBook pro. Further optimizations could probably be made to speed up the build. Most of the bottleneck is dealing with Android and its build environment.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
  team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 8d0e0a87-1125-4670-b4f5-24c31eafa3bf

Great job, no security vulnerabilities found in this Pull Request

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.51%. Comparing base (9e09cc5) to head (6a18cae).
Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #153      +/-   ##
==========================================
+ Coverage   65.34%   65.51%   +0.17%     
==========================================
  Files         195      195              
  Lines       15087    15156      +69     
==========================================
+ Hits         9859     9930      +71     
+ Misses       5228     5226       -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[tangowithfoxtrot]

This is amazing! I was able to get the devshell running locally and everything seems to be working.

I just have a few small nits in the documentation.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud