Build and install redwood wheel in all developer tooling

Add a build_redwood step to `securedrop/bin/dev-deps` that uses maturin
to build a wheel and install it into the securedrop-app-code virtualenv.

maturin is only needed at build time, so it is pinned in a new
`build-requirements.txt`

Makefile

@@ -30,6 +30,10 @@ update-admin-pip-requirements:  ## Update admin requirements.
 update-python3-requirements:  ## Update Python 3 requirements with pip-compile.
 	@echo "███ Updating Python 3 requirements files..."
 	@SLIM_BUILD=1 $(DEVSHELL) pip-compile --generate-hashes \
+		--allow-unsafe \
+		--output-file requirements/python3/build-requirements.txt \
+		requirements/python3/build-requirements.in
+	@$(DEVSHELL) pip-compile --generate-hashes \
 		--allow-unsafe \
 		--output-file requirements/python3/develop-requirements.txt \
 		../admin/requirements-ansible.in \

securedrop/bin/dev-deps

@@ -156,3 +156,14 @@ function reset_demo() {
         ./loaddata.py
     fi
 }
+
+function build_redwood() {
+    # Create a debug build of redwood and install it in the app-code virtualenv
+    # TODO: add live reload support
+    # We tell cargo to put its registry/crate cache and build cache in the target/ folder so
+    # it persists instead of being recreated from scratch each time the container starts.
+    # n.b. we can't re-use the host's caches because of permission differences
+    CARGO_TARGET_DIR="${REPOROOT}/target/dev" CARGO_HOME="${REPOROOT}/target/cargo-dev" \
+        /opt/venvs/securedrop-build/bin/maturin build -m "${REPOROOT}/redwood/Cargo.toml" --compatibility linux
+    /opt/venvs/securedrop-app-code/bin/pip install "${REPOROOT}"/target/dev/wheels/redwood-*.whl
+}

securedrop/bin/generate-docs-screenshots

@@ -10,6 +10,7 @@ run_tor &
 run_redis &
 run_x11vnc &
 urandom
+build_redwood
 maybe_create_config_py
 
 ./i18n_tool.py translate-messages --compile

securedrop/bin/run

@@ -14,6 +14,7 @@ source "${BASH_SOURCE%/*}/dev-deps"
 
 run_redis &
 urandom
+build_redwood
 maybe_create_config_py
 reset_demo
 maybe_use_tor

securedrop/bin/run-mypy

@@ -7,6 +7,9 @@ REPOROOT=$(git rev-parse --show-toplevel)
 cd "${REPOROOT}"
 
 if [ "$(command -v mypy)" ]; then
+    source "${BASH_SOURCE%/*}/dev-deps"
+    build_redwood
+
     mypy ./securedrop ./admin --namespace-packages --explicit-package-bases "$@"
 elif [ -d "/opt/venvs/securedrop-app-code/" ]; then
     # Inside the dev container, but no mypy

securedrop/bin/run-test

@@ -24,6 +24,7 @@ run_redis &
 setup_vncauth
 run_x11vnc &
 urandom
+build_redwood
 maybe_create_config_py
 
 if [ -n "${CIRCLE_BRANCH:-}" ] ; then

securedrop/bin/translation-test

@@ -11,6 +11,7 @@ run_redis &
 setup_vncauth
 run_x11vnc &
 urandom
+build_redwood
 maybe_create_config_py
 ./i18n_tool.py translate-messages --compile
 

securedrop/dockerfiles/focal/python3/SlimDockerfile

@@ -9,16 +9,18 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install
                        apache2-dev coreutils vim \
                        python3-pip python3-all python3-venv virtualenv python3-dev libssl-dev \
                        gnupg2 redis-server git curl wget \
-                       enchant libffi-dev sqlite3 gettext sudo tor basez
+                       enchant libffi-dev sqlite3 gettext sudo tor basez cargo
 
 COPY requirements requirements
+RUN python3 -m venv /opt/venvs/securedrop-build && \
+    /opt/venvs/securedrop-build/bin/pip3 install --no-deps --require-hashes -r requirements/python3/build-requirements.txt
 RUN python3 -m venv /opt/venvs/securedrop-app-code && \
     /opt/venvs/securedrop-app-code/bin/pip3 install --no-deps --require-hashes -r requirements/python3/bootstrap-requirements.txt && \
     /opt/venvs/securedrop-app-code/bin/pip3 install --no-deps --require-hashes -r requirements/python3/test-requirements.txt && \
     /opt/venvs/securedrop-app-code/bin/pip3 install --no-deps --require-hashes -r requirements/python3/requirements.txt
 
 RUN if test $USER_NAME != root ; then useradd --no-create-home --home-dir /tmp --uid $USER_ID $USER_NAME && echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers ; fi && \
-    chown -R $USER_NAME.$USER_NAME /opt/venvs/securedrop-app-code/
+    chown -R $USER_NAME.$USER_NAME /opt/venvs/
 
 STOPSIGNAL SIGKILL
 

securedrop/requirements/python3/build-requirements.in

@@ -0,0 +1 @@
+maturin>=0.13.2

securedrop/requirements/python3/build-requirements.txt

@@ -0,0 +1,25 @@
+#
+# This file is autogenerated by pip-compile
+# To update, run:
+#
+#    pip-compile --allow-unsafe --generate-hashes --output-file=requirements/python3/build-requirements.txt requirements/python3/build-requirements.in
+#
+maturin==0.13.2 \
+    --hash=sha256:0a37e30d71b24dfe6ca9eac639ef976bdbf6d1676605f7dd260b5e6e5f93d441 \
+    --hash=sha256:18882138e633d32e7a18d147ec38c71930db254817f3714e9fd70e01e379e255 \
+    --hash=sha256:1ddc42d0b51a2537257a74791df8fbdaf204e72e8e7e2e0da9e02d1c46c6699c \
+    --hash=sha256:4ed0ad394e50f5b43e2b4a79d7f395b1d98f7cd5b48a527fe6aeb0d4da15b803 \
+    --hash=sha256:57a870a82715ddd84e2f5a59cbb313c7d39ebf8398b2a0c36ada9ff9d82056d7 \
+    --hash=sha256:5eb555636eb9fd4f54efc48e5891067f94c0b50f7f402a897c41644f817e70f4 \
+    --hash=sha256:66a46de95e919be8c5db0b4bc604617a1d79f031373afddb389049c4bbe5b064 \
+    --hash=sha256:6f2421b23d6699f5d1b408735b306648277ccd833ea9496139f888f95a53faa0 \
+    --hash=sha256:7caf8c85b8cf759eca31e4c4b36b58afb28be5db86cce951d9633d99a70c4af1 \
+    --hash=sha256:93fef9c0ead64fb0741c18009dc0521181b91241d1c09b0eda5c9a5e06dfc6d0 \
+    --hash=sha256:ac51f99936dcbff9cbb8cef960c6b82203c7e4ea6cf2dc127df0c725ab1f73a6 \
+    --hash=sha256:ca3a3f2328a0da542323f75a725f38b8ebb575c5805b4bb5c9ba5dd046450239 \
+    --hash=sha256:cc69d4c2854daa16b91bcc8bc0680a188eb4e239bd627dbc721c7177d2082b16
+    # via -r requirements/python3/build-requirements.in
+tomli==2.0.1 \
+    --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
+    --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
+    # via maturin