forked from lix-project/lix
Merge pull request #7648 from hercules-ci/move-nixos-tests
Move nixos tests
This commit is contained in:
commit
ccaadc9575
11 changed files with 57 additions and 98 deletions
2
.github/PULL_REQUEST_TEMPLATE.md
vendored
2
.github/PULL_REQUEST_TEMPLATE.md
vendored
|
@ -21,7 +21,7 @@ Maintainers: tick if completed or explain if not relevant
|
|||
- [ ] tests, as appropriate
|
||||
- functional tests - `tests/**.sh`
|
||||
- unit tests - `src/*/tests`
|
||||
- integration tests
|
||||
- integration tests - `tests/nixos/*`
|
||||
- [ ] documentation in the manual
|
||||
- [ ] code and comments are self-explanatory
|
||||
- [ ] commit message explains why the change was made
|
||||
|
|
55
flake.nix
55
flake.nix
|
@ -409,6 +409,18 @@
|
|||
};
|
||||
};
|
||||
|
||||
nixos-lib = import (nixpkgs + "/nixos/lib") { };
|
||||
|
||||
# https://nixos.org/manual/nixos/unstable/index.html#sec-calling-nixos-tests
|
||||
runNixOSTestFor = system: test: nixos-lib.runTest {
|
||||
imports = [ test ];
|
||||
hostPkgs = nixpkgsFor.${system};
|
||||
defaults = {
|
||||
nixpkgs.pkgs = nixpkgsFor.${system};
|
||||
};
|
||||
_module.args.nixpkgs = nixpkgs;
|
||||
};
|
||||
|
||||
in {
|
||||
|
||||
# A Nixpkgs overlay that overrides the 'nix' and
|
||||
|
@ -487,49 +499,22 @@
|
|||
};
|
||||
|
||||
# System tests.
|
||||
tests.remoteBuilds = import ./tests/remote-builds.nix {
|
||||
system = "x86_64-linux";
|
||||
inherit nixpkgs;
|
||||
overlay = self.overlays.default;
|
||||
};
|
||||
tests.remoteBuilds = runNixOSTestFor "x86_64-linux" ./tests/nixos/remote-builds.nix;
|
||||
|
||||
tests.nix-copy-closure = import ./tests/nix-copy-closure.nix {
|
||||
system = "x86_64-linux";
|
||||
inherit nixpkgs;
|
||||
overlay = self.overlays.default;
|
||||
};
|
||||
tests.nix-copy-closure = runNixOSTestFor "x86_64-linux" ./tests/nixos/nix-copy-closure.nix;
|
||||
|
||||
tests.nssPreload = (import ./tests/nss-preload.nix rec {
|
||||
system = "x86_64-linux";
|
||||
inherit nixpkgs;
|
||||
overlay = self.overlays.default;
|
||||
});
|
||||
tests.nssPreload = runNixOSTestFor "x86_64-linux" ./tests/nixos/nss-preload.nix;
|
||||
|
||||
tests.githubFlakes = (import ./tests/github-flakes.nix rec {
|
||||
system = "x86_64-linux";
|
||||
inherit nixpkgs;
|
||||
overlay = self.overlays.default;
|
||||
});
|
||||
tests.githubFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/github-flakes.nix;
|
||||
|
||||
tests.sourcehutFlakes = (import ./tests/sourcehut-flakes.nix rec {
|
||||
system = "x86_64-linux";
|
||||
inherit nixpkgs;
|
||||
overlay = self.overlays.default;
|
||||
});
|
||||
tests.sourcehutFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/sourcehut-flakes.nix;
|
||||
|
||||
tests.containers = (import ./tests/containers.nix rec {
|
||||
system = "x86_64-linux";
|
||||
inherit nixpkgs;
|
||||
overlay = self.overlays.default;
|
||||
});
|
||||
tests.containers = runNixOSTestFor "x86_64-linux" ./tests/nixos/containers/containers.nix;
|
||||
|
||||
tests.setuid = nixpkgs.lib.genAttrs
|
||||
["i686-linux" "x86_64-linux"]
|
||||
(system:
|
||||
import ./tests/setuid.nix rec {
|
||||
inherit nixpkgs system;
|
||||
overlay = self.overlays.default;
|
||||
});
|
||||
(system: runNixOSTestFor system ./tests/nixos/setuid.nix);
|
||||
|
||||
|
||||
# Make sure that nix-env still produces the exact same result
|
||||
# on a particular version of Nixpkgs.
|
||||
|
|
|
@ -1,12 +1,7 @@
|
|||
# Test whether we can run a NixOS container inside a Nix build using systemd-nspawn.
|
||||
{ nixpkgs, system, overlay }:
|
||||
{ lib, nixpkgs, ... }:
|
||||
|
||||
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
||||
inherit system;
|
||||
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
||||
};
|
||||
|
||||
makeTest ({
|
||||
{
|
||||
name = "containers";
|
||||
|
||||
nodes =
|
||||
|
@ -65,4 +60,4 @@ makeTest ({
|
|||
host.succeed("[[ $(cat ./result/msg) = 'Hello World' ]]")
|
||||
'';
|
||||
|
||||
})
|
||||
}
|
|
@ -1,14 +1,9 @@
|
|||
{ nixpkgs, system, overlay }:
|
||||
|
||||
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
||||
inherit system;
|
||||
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
||||
};
|
||||
|
||||
{ lib, config, nixpkgs, ... }:
|
||||
let
|
||||
pkgs = config.nodes.client.nixpkgs.pkgs;
|
||||
|
||||
# Generate a fake root CA and a fake api.github.com / github.com / channels.nixos.org certificate.
|
||||
cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; }
|
||||
cert = pkgs.runCommand "cert" { nativeBuildInputs = [ pkgs.openssl ]; }
|
||||
''
|
||||
mkdir -p $out
|
||||
|
||||
|
@ -92,8 +87,6 @@ let
|
|||
'';
|
||||
in
|
||||
|
||||
makeTest (
|
||||
|
||||
{
|
||||
name = "github-flakes";
|
||||
|
||||
|
@ -207,4 +200,4 @@ makeTest (
|
|||
client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
|
||||
'';
|
||||
|
||||
})
|
||||
}
|
|
@ -1,13 +1,16 @@
|
|||
# Test ‘nix-copy-closure’.
|
||||
|
||||
{ nixpkgs, system, overlay }:
|
||||
{ lib, config, nixpkgs, hostPkgs, ... }:
|
||||
|
||||
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
||||
inherit system;
|
||||
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
||||
};
|
||||
let
|
||||
pkgs = config.nodes.client.nixpkgs.pkgs;
|
||||
|
||||
makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; pkgD = pkgs.tmux; in {
|
||||
pkgA = pkgs.cowsay;
|
||||
pkgB = pkgs.wget;
|
||||
pkgC = pkgs.hello;
|
||||
pkgD = pkgs.tmux;
|
||||
|
||||
in {
|
||||
name = "nix-copy-closure";
|
||||
|
||||
nodes =
|
||||
|
@ -74,4 +77,4 @@ makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; pkgD = pk
|
|||
# )
|
||||
# client.succeed("nix-store --check-validity ${pkgC}")
|
||||
'';
|
||||
})
|
||||
}
|
|
@ -1,11 +1,9 @@
|
|||
{ nixpkgs, system, overlay }:
|
||||
|
||||
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
||||
inherit system;
|
||||
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
||||
};
|
||||
{ lib, config, nixpkgs, ... }:
|
||||
|
||||
let
|
||||
|
||||
pkgs = config.nodes.client.nixpkgs.pkgs;
|
||||
|
||||
nix-fetch = pkgs.writeText "fetch.nix" ''
|
||||
derivation {
|
||||
# This derivation is an copy from what is available over at
|
||||
|
@ -41,9 +39,7 @@ let
|
|||
'';
|
||||
in
|
||||
|
||||
makeTest (
|
||||
|
||||
rec {
|
||||
{
|
||||
name = "nss-preload";
|
||||
|
||||
nodes = {
|
||||
|
@ -122,4 +118,4 @@ rec {
|
|||
nix-build ${nix-fetch} >&2
|
||||
""")
|
||||
'';
|
||||
})
|
||||
}
|
|
@ -1,15 +1,9 @@
|
|||
# Test Nix's remote build feature.
|
||||
|
||||
{ nixpkgs, system, overlay }:
|
||||
|
||||
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
||||
inherit system;
|
||||
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
||||
};
|
||||
|
||||
makeTest (
|
||||
{ config, lib, hostPkgs, ... }:
|
||||
|
||||
let
|
||||
pkgs = config.nodes.client.nixpkgs.pkgs;
|
||||
|
||||
# The configuration of the remote builders.
|
||||
builder =
|
||||
|
@ -75,7 +69,7 @@ in
|
|||
|
||||
# Create an SSH key on the client.
|
||||
subprocess.run([
|
||||
"${pkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
|
||||
"${hostPkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
|
||||
], capture_output=True, check=True)
|
||||
client.succeed("mkdir -p -m 700 /root/.ssh")
|
||||
client.copy_from_host("key", "/root/.ssh/id_ed25519")
|
||||
|
@ -109,4 +103,4 @@ in
|
|||
builder1.block()
|
||||
client.succeed("nix-build ${expr nodes.client.config 4}")
|
||||
'';
|
||||
})
|
||||
}
|
|
@ -1,13 +1,12 @@
|
|||
# Verify that Linux builds cannot create setuid or setgid binaries.
|
||||
|
||||
{ nixpkgs, system, overlay }:
|
||||
{ lib, config, nixpkgs, ... }:
|
||||
|
||||
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
||||
inherit system;
|
||||
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
||||
};
|
||||
let
|
||||
pkgs = config.nodes.machine.nixpkgs.pkgs;
|
||||
|
||||
makeTest {
|
||||
in
|
||||
{
|
||||
name = "setuid";
|
||||
|
||||
nodes.machine =
|
|
@ -1,12 +1,8 @@
|
|||
{ nixpkgs, system, overlay }:
|
||||
|
||||
with import (nixpkgs + "/nixos/lib/testing-python.nix")
|
||||
{
|
||||
inherit system;
|
||||
extraConfigurations = [{ nixpkgs.overlays = [ overlay ]; }];
|
||||
};
|
||||
{ lib, config, hostPkgs, nixpkgs, ... }:
|
||||
|
||||
let
|
||||
pkgs = config.nodes.sourcehut.nixpkgs.pkgs;
|
||||
|
||||
# Generate a fake root CA and a fake git.sr.ht certificate.
|
||||
cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; }
|
||||
''
|
||||
|
@ -64,8 +60,6 @@ let
|
|||
|
||||
in
|
||||
|
||||
makeTest (
|
||||
|
||||
{
|
||||
name = "sourcehut-flakes";
|
||||
|
||||
|
@ -164,4 +158,4 @@ makeTest (
|
|||
client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
|
||||
'';
|
||||
|
||||
})
|
||||
}
|
Loading…
Reference in a new issue