CI system for the distro
Find a file
2018-02-23 21:45:18 -05:00
doc Add a sample-command workflow 2017-11-06 12:38:23 -05:00
ircbot Merge remote-tracking branch 'origin/released' into next 2018-02-09 19:11:02 -05:00
log-api Provide metadata in the log api 2018-02-21 22:42:35 -05:00
nix Bump nixpkgs 2018-02-23 17:55:35 -05:00
ofborg Add repos to the public config 2018-02-23 21:45:18 -05:00
php Remove extra libs now that the mass rebuild filter isn't PHP anymore 2018-02-23 21:28:32 -05:00
scripts Update users, merge the scripts 2018-02-23 17:10:56 -05:00
.gitignore ignore nix patches 2018-02-09 19:33:29 -05:00
CODE_OF_CONDUCT.md Create CODE_OF_CONDUCT.md 2017-11-29 19:21:27 -05:00
config.extra-known-users.json update users 2018-02-18 18:13:49 -05:00
config.known-users.json Update users, merge the scripts 2018-02-23 17:10:56 -05:00
config.public.json Add repos to the public config 2018-02-23 21:45:18 -05:00
default.nix rebuild crate expressions with carnix 0.6.5 2018-02-08 10:15:24 +00:00
example.config.json clean up the readme 2017-12-01 20:58:05 -05:00
factoids.toml Shortens FAQ entry for !notfound 2018-01-10 20:03:00 -05:00
LICENSE Add a license 2017-11-24 08:51:55 -05:00
README.md Remove extra libs now that the mass rebuild filter isn't PHP anymore 2018-02-23 21:28:32 -05:00
release.nix Make a release job 2017-12-08 21:10:28 -05:00
service.nix borg service example 2017-11-04 12:24:18 -04:00
shell.nix make git an explicit dependency 2018-01-29 14:27:34 -05:00

grahamcofborg

Guidelines

  1. make sure you've reviewed the code before you trigger it on a PR that isn't your own
  2. be gentle, preferably don't run mass rebuilds / massive builds like chromium on it

Automatic Building

Users who are trusted (see: ./config.public.json) or known (see: ./config.known-users.json) will have their PRs automatically trigger builds if their commits follow the well-defined format of Nixpkgs. Example messages and the builds:

Message Automatic Build
vim: 1.0.0 -> 2.0.0 vim
python36Packages.requests,python27Packages.requests: 1.0.0 -> 2.0.0 python36Packages.requests, python27Packages.requests
python{2,3}Packages.requests: 1.0.0 -> 2.0.0 nothing

If a PR is opened with many commits, it will create a single build job for all of the detected packages. If a PR is opened and many commits are pushed one by one to the open PR, many build jobs will be created.

To disable automatic building of packages on a PR, add [WIP] to the PR's title, or the 2.status: work-in-progress label.

Commands

The comment parser is line-based, so comments can be interleaved with instructions.

  1. To trigger the bot, the line must start with a case insensitive version of @GrahamcOfBorg.
  2. To use multiple commands, insert a bit of whitespace and then your new command.

Commands:

test (added: 2017-11-24)

@grahamcofborg test list of tests

This will run nix-build ./nixos/release.nix -A tests.list -A tests.of -A tests.tests in the nixpkgs checkout. Note: this will only run on x86_64-linux machines.

eval

@grahamcofborg eval

Note: Every PR automatically evaluates when it is opened and when the commits change. There is no reason to run eval on a PR unless the evaluation has failed for weird reasons, or because master was broken before.

build

@grahamcofborg build list of attrs

This will run nix-build ./default.nix -A list -A of -A attrs in the nixpkgs checkout.


Multiple Commands:

@grahamcofborg build list of attrs
@grahamcofborg eval

or even:

@grahamcofborg build list of attrs @grahamcofborg eval

This will also work:

looks good to me!
@grahamcofborg build list of attrs

And this is fine:

@grahamcofborg build list of attrs
looks good to me!

This is will build list, of, attrs, looks, good, to, me!:

@grahamcofborg build list of attrs looks good to me!

How does OfBorg call nix-build?

Builds are run like:

HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-build ./default.nix --no-out-link --keep-going -A hello --option restrict-eval true --option build-timeout 1800 --argstr system thesystem --show-trace

How does OfBorg call nix-instantiate?

NixOS evals are run like:

HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate ./nixos/release.nix -A manual --option restrict-eval true --option build-timeout 1800 --argstr system thesystem --show-trace

Nixpkgs evals are run like:

HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate ./pkgs/top-level/release.nix -A manual --option restrict-eval true --option build-timeout 1800 --argstr system thesystem --show-trace

Running meta checks locally

$ curl -o outpaths.nix https://raw.githubusercontent.com/NixOS/ofborg/released/ofborg/src/outpaths.nix
$ GC_INITIAL_HEAP_SIZE=4g nix-env -f ./outpaths.nix -qaP --no-name --out-path --arg checkMeta true > out-paths

Running a builder

nix-shell ./shell.nix
$ cd ofborg
$ cargo build
cargo build

then copy example.config.json to config.json and edit its vars. Set nix.remote to an empty string if you're not using the daemon.

Run

./target/debug/builder ./config.json

Note the config.public.json for the public pieces of how I run ofborg, which is merged with config.known-users.json and a third private config file of credentials. These files contain some special keys like

  • known users
  • authorized users
  • log storage

they are only used in the backend processing tasks, and there is no need for them on builders. However, to update the list in config.known-users.json, run ./scripts/update-known-users.sh.

old php stuff...

Only Graham needs to do this, since I run the only remaining PHP components.

<?php

require_once __DIR__ . '/vendor/autoload.php';
use PhpAmqpLib\Connection\AMQPSSLConnection;
use PhpAmqpLib\Message\AMQPMessage;

function rabbitmq_conn($timeout = 3) {
    $host = 'events.nix.gsc.io';
    $connection = new AMQPSSLConnection(
        $host, 5671,
        'eventsuser, eventspassword, '/',
        array(
            'verify_peer' => true,
            'verify_peer_name' => true,
            'peer_name' => $host,
            'verify_depth' => 10,
            'ca_file' => '/etc/ssl/certs/ca-certificates.crt',
        ), array(
            'connection_timeout' => $timeout,
        )
    );

    return $connection;
}

function gh_secret() {
    return "github webhook secret";
}