# rust-example

Files:
- rust-example/.gitignore
- rust-example/Cargo.toml
- rust-example/README.md
- rust-example/flake.nix
- rust-example/rust-toolchain.toml
- rust-example/src/main.rs
- .github/workflows/rust-example.yml

---

## File: rust-example/.gitignore

```
/target/

```

## File: rust-example/Cargo.toml

```
[package]
name = "rust-example"
version = "0.1.0"
# To check the most recent edition: rustc --edition=2100 2>&1 | grep -oP '\d{4}(?=\|future)'
edition = "2024"
description = "A simple Rust project example for illustrating best practices"
license = "MIT"

[dependencies]

```

## File: rust-example/README.md

```
# rust-example

A simple Rust project demonstrating best practices from [AGENTS.md](../AGENTS.md).

## Design Guidelines Compliance

### Pinned Dependencies

- **Nix**: Uses `flake.nix` with pinned nixpkgs (`nixos-25.05`) for reproducible builds
- **Rust toolchain**: Pins exact version (`1.91.1`) in `rust-toolchain.toml`
- **CVE database**: Pins `advisory-db` for consistent security audits
- **Lock file**: Commits `Cargo.lock` for deterministic builds

### Automatic Linting

All linters run via `nix flake check`:
- **cargo clippy**: Rust linting with `--deny warnings`
- **statix**: Nix static analysis
- **cargo-audit**: Security vulnerability scanning

### Code Formatting

Formatting enforced in CI:
- **rustfmt**: Rust code formatting
- **taplo**: `Cargo.toml` formatting
- **alejandra**: Nix file formatting

## Usage

```bash
# Enter development shell
nix develop

# Build
nix build

# Run all checks (lint, format, test, audit)
nix flake check
```

```

## File: rust-example/flake.nix

```
{
  description = "A simple Rust project example for illustrating best practices";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
    crane.url = "github:ipetkov/crane";
    rust-overlay = {
      url = "github:oxalica/rust-overlay";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    flake-utils.url = "github:numtide/flake-utils";
    advisory-db = {
      url = "github:rustsec/advisory-db";
      flake = false;
    };
  };

  outputs = {
    self,
    nixpkgs,
    crane,
    rust-overlay,
    flake-utils,
    advisory-db,
  }:
    flake-utils.lib.eachDefaultSystem (
      system: let
        pkgs = import nixpkgs {
          inherit system;
          overlays = [(import rust-overlay)];
        };

        # Use rust-toolchain.toml to configure the Rust toolchain
        rustToolchain = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
        craneLib = (crane.mkLib pkgs).overrideToolchain rustToolchain;

        # Source filtering - only include files relevant for Rust builds
        src = craneLib.cleanCargoSource ./.;

        # Common arguments for building the crate
        commonArgs = {
          inherit src;
          strictDeps = true;
        };

        # Build only the dependencies for caching
        cargoArtifacts = craneLib.buildDepsOnly commonArgs;

        # Build the crate
        crate = craneLib.buildPackage (commonArgs // {inherit cargoArtifacts;});

        # Nix source - only include nix files for nix checks
        nixSrc = pkgs.lib.sources.sourceFilesBySuffices ./. [".nix"];
      in {
        checks = {
          # Build the crate as a check
          inherit crate;

          # Run clippy
          clippy = craneLib.cargoClippy (
            commonArgs
            // {
              inherit cargoArtifacts;
              cargoClippyExtraArgs = "--all-targets -- --deny warnings";
            }
          );

          # Check formatting of Rust code
          rustfmt = craneLib.cargoFmt {inherit src;};

          # Check formatting of Cargo.toml
          taplo = craneLib.taploFmt {inherit src;};

          # Run tests
          test = craneLib.cargoNextest (commonArgs
            // {
              inherit cargoArtifacts;
              cargoNextestExtraArgs = "--no-fail-fast";
            });

          # Audit dependencies for security vulnerabilities
          audit = craneLib.cargoAudit {
            inherit advisory-db src;
          };

          # Check Nix formatting with alejandra
          alejandra = pkgs.runCommand "alejandra-check" {buildInputs = [pkgs.alejandra];} ''
            alejandra --check ${nixSrc}
            touch $out
          '';

          # Lint Nix files with statix
          statix = pkgs.runCommand "statix-check" {buildInputs = [pkgs.statix];} ''
            statix check ${nixSrc}
            touch $out
          '';
        };

        packages.default = crate;

        devShells.default = pkgs.mkShell {
          # Include inputs from the package build
          inputsFrom = [crate];

          # Additional dev-shell tools
          packages = with pkgs; [
            cargo-audit
            cargo-nextest
            alejandra
            statix
            taplo
          ];
        };
      }
    );
}

```

## File: rust-example/rust-toolchain.toml

```
[toolchain]
channel = "1.91.1"
components = ["rustfmt", "clippy"]

```

## File: rust-example/src/main.rs

```
fn main() {
    println!("Hello from rust-example!");
}

#[cfg(test)]
mod tests {
    #[test]
    fn test_example() {
        assert_eq!(2 + 2, 4);
    }
}

```

## File: .github/workflows/rust-example.yml

```
name: Rust Example CI

on:
  push:
    branches: [main, master]
    paths:
      - "rust-example/**"
      - ".github/workflows/rust-example.yml"
  pull_request:
    paths:
      - "rust-example/**"
      - ".github/workflows/rust-example.yml"

permissions:
  contents: read
  id-token: write

jobs:
  check:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: rust-example
    steps:
      - uses: actions/checkout@v6

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main

      - name: Configure Magic Nix Cache
        uses: DeterminateSystems/magic-nix-cache-action@main

      - name: Run nix flake check
        run: nix flake check --print-build-logs

```