Makes | Stack | Fluid Attacks Help

Makes

Rationale

We use Makes to easily create reproducible tasks for any programming language and system architecture. Makes allows the following:
  1. Build environments for all our products (Python, TypeScript, Terraform, Go, Cue, Kotlin, etc.)
  2. Build CI/CD flows (build, test, deploy, etc.)
  3. Run such environments/flows locally for development experience
  4. Ensure such environments/flow are reproducible by using cryptography (SHA256)
  5. Build composable systems, where bigger components can reuse logic from smaller ones

Alternatives

Makes was initially built to provide a Nix-based tool for easily distributing software. We could not find anything similar at the time, so we decided to build it ourselves. Years later, several similar solutions have appeared. Below are the ones we have reviewed, ordered from most to least interesting based on our specific needs.

Nix + Flakes

  1. Nix + Flakes allows creating modular and reproducible packages or environments for any programming language and system architecture.
  2. It does not do anything else besides providing building blocks for fulfilling the above purpose.
  3. It provides standard interfaces for declaring inputs and outputs for a given piece of software.
  4. It embraces pure Nix, meaning that modularity and overall flexibility are greater, but learning curve is also higher.
  5. It has first-class-level support implementations for all our current programming languages.
  6. It supports declarative configurations for language-specific package managers like uv and npm.
  7. It does not provide out-of-the-box declarative support for external services.
  8. It supports fully cryptographically-signed environments for security and reproducibility.
  9. It can be easily integrated into Cachix for performance.
  10. It provides garbage collection support for easily cleaning up disk space.
  11. It supports automatic shell activation via nix-direnv for development experience.
  12. Being pure Nix, it has the biggest community and excellent support.
Notes
Flakes + Nix was last reviewed on Mar 31, 2025.

devenv

  1. devenv provides a Nix wrapper for creating reproducible environments for any programming language and system architecture.
  2. It only provides development environments, meaning that reproducibility and modularity are highly affected.
  3. It does not provide standard interfaces for declaring inputs and outputs for a given piece of software.
  4. Its interfaces are similar to Makes's, considerably decreasing its learning curve for us.
  5. It has out-of-the-box declarative support for all our current programming languages.
  6. It supports declarative configurations for language-specific package managers like Poetry and npm.
  7. It provides out-of-the-box declarative support for a considerable list of services like DynamoDB, OpenSearch, Nginx, among others.
  8. It supports fully cryptographically-signed environments for security and reproducibility.
  9. It has Cachix support for performance.
  10. It provides garbage collection support for easily cleaning up disk space.
  11. It supports automatic shell activation for development experience.
  12. Being a Nix wrapper, its community is smaller and support not as good.
Note on devenv last review date
devenv was last reviewed on Jan 27, 2025.

Devbox

  1. Devbox provides a Nix wrapper for creating reproducible tasks for any programming language and system architecture.
  2. It does not do anything else besides providing building blocks for fulfilling the above purpose. It is less flexible compared to Nix + Flakes, Makes, and devenv.
  3. It does not provide standard interfaces for declaring inputs and outputs for a given piece of software.
  4. Its interfaces try to fully abstract Nix with JSON, making it less flexible but also making it way simpler.
  5. It has out-of-the-box declarative support for all our current programming languages.
  6. It supports declarative configurations for language-specific package managers like Poetry and npm.
  7. It provides out-of-the-box declarative support for a small list of services, although most of them are currently not relevant to our needs.
  8. It supports fully cryptographically-signed environments for security and reproducibility.
  9. It provides its own cache for performance. This would increase the learning curve for us, as we already know Cachix.
  10. It does not provide any information regarding garbage collection.
  11. It supports automatic shell activation for development experience.
  12. Being a Nix wrapper, its community is smaller and support not as good.
Note on Devbox last review date
Devbox was last reviewed on Jan 27, 2025.

Flox

  1. Flox provides a Nix wrapper for creating reproducible tasks for any programming language and system architecture.
  2. It does not do anything else besides providing building blocks for fulfilling the above purpose. It is less flexible compared to Nix + Flakes, Makes, and devenv.
  3. It does not provide standard interfaces for declaring inputs and outputs for a given piece of software.
  4. Its interfaces try to fully abstract Nix with a self-made approach, making it less flexible and increasing its learning curve for us.
  5. It does not have support for any programming language, forcing users to approach configurations in a procedural way.
  6. It does not support any language-specific package managers, forcing users to approach configurations in a procedural way.
  7. It does not provide support for any services, forcing users to approach configurations in a procedural way.
  8. It does not seem to provide a way for pinning environments, making them unstable.
  9. It does not support Cachix but instead uses FloxHub, increasing the learning curve for us.
  10. It does not provide any information regarding garbage collection.
  11. It does not provide any information regarding automatic shell activation.
  12. Being a Nix wrapper, its community is smaller and support not as good.
Note on Flox last review date
Flox was last reviewed on Jan 27, 2025.

Usage

We use Makes for serving all of Fluid Attacks' software.

Guidelines

Please refer to the official Makes documentation.

Installing Makes

  1. Make sure that Nix is installed on your system.

  2. Follow the steps at the official Makes documentation.

Using Makes

You can build and run the components of your choice, for example:

m gitlab:fluidattacks/universe@trunk /forces --help
m gitlab:fluidattacks/universe@trunk /melts --help
m gitlab:fluidattacks/universe@trunk /reviews --help
m gitlab:fluidattacks/universe@trunk /skims --help

Updates

You can update Makes by installing it again, but from a higher version.

In order to update the components installed with Makes no action is required on your part, updates are automatically rolled out to your machine with a delay of at most one day. However, if you want to force an update right away, just run rm -rf ~/.cache/makes, or reference an specific commit instead of @trunk.


Troubleshooting

General considerations

  • A stable internet connection is required
  • A stable DNS resolver is required. Please consider using the following:
    • IPv4: 1.1.1.18.8.8.88.8.4.4
    • IPv6: 2001:4860:4860::88882001:4860:4860::8844

Checklist

  1. If the installation failed while installing Nix,

    1. checkout the Nix manual for more detailed installation instructions, and
    2. if the problem persists, please let us know at help@fluidattacks.com.

  2. If the installation failed while installing Makes, please let us know at help@fluidattacks.com.

  3. If the process failed while using m gitlab:xxx /yyy,

    1. repeat the installation of Makes and try again,

    2. refresh the cache with rm -rf ~/.cache/makes and try again, and

    3. if the problem persists, please let us know at help@fluidattacks.com.

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.