Merge pull request #7648 from hercules-ci/move-nixos-tests

Move nixos tests
This commit is contained in:
Théophane Hufschmitt 2023-01-27 15:11:48 +01:00 committed by GitHub
commit ccaadc9575
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 57 additions and 98 deletions

View file

@ -21,7 +21,7 @@ Maintainers: tick if completed or explain if not relevant
- [ ] tests, as appropriate - [ ] tests, as appropriate
- functional tests - `tests/**.sh` - functional tests - `tests/**.sh`
- unit tests - `src/*/tests` - unit tests - `src/*/tests`
- integration tests - integration tests - `tests/nixos/*`
- [ ] documentation in the manual - [ ] documentation in the manual
- [ ] code and comments are self-explanatory - [ ] code and comments are self-explanatory
- [ ] commit message explains why the change was made - [ ] commit message explains why the change was made

View file

@ -409,6 +409,18 @@
}; };
}; };
nixos-lib = import (nixpkgs + "/nixos/lib") { };
# https://nixos.org/manual/nixos/unstable/index.html#sec-calling-nixos-tests
runNixOSTestFor = system: test: nixos-lib.runTest {
imports = [ test ];
hostPkgs = nixpkgsFor.${system};
defaults = {
nixpkgs.pkgs = nixpkgsFor.${system};
};
_module.args.nixpkgs = nixpkgs;
};
in { in {
# A Nixpkgs overlay that overrides the 'nix' and # A Nixpkgs overlay that overrides the 'nix' and
@ -487,49 +499,22 @@
}; };
# System tests. # System tests.
tests.remoteBuilds = import ./tests/remote-builds.nix { tests.remoteBuilds = runNixOSTestFor "x86_64-linux" ./tests/nixos/remote-builds.nix;
system = "x86_64-linux";
inherit nixpkgs;
overlay = self.overlays.default;
};
tests.nix-copy-closure = import ./tests/nix-copy-closure.nix { tests.nix-copy-closure = runNixOSTestFor "x86_64-linux" ./tests/nixos/nix-copy-closure.nix;
system = "x86_64-linux";
inherit nixpkgs;
overlay = self.overlays.default;
};
tests.nssPreload = (import ./tests/nss-preload.nix rec { tests.nssPreload = runNixOSTestFor "x86_64-linux" ./tests/nixos/nss-preload.nix;
system = "x86_64-linux";
inherit nixpkgs;
overlay = self.overlays.default;
});
tests.githubFlakes = (import ./tests/github-flakes.nix rec { tests.githubFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/github-flakes.nix;
system = "x86_64-linux";
inherit nixpkgs;
overlay = self.overlays.default;
});
tests.sourcehutFlakes = (import ./tests/sourcehut-flakes.nix rec { tests.sourcehutFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/sourcehut-flakes.nix;
system = "x86_64-linux";
inherit nixpkgs;
overlay = self.overlays.default;
});
tests.containers = (import ./tests/containers.nix rec { tests.containers = runNixOSTestFor "x86_64-linux" ./tests/nixos/containers/containers.nix;
system = "x86_64-linux";
inherit nixpkgs;
overlay = self.overlays.default;
});
tests.setuid = nixpkgs.lib.genAttrs tests.setuid = nixpkgs.lib.genAttrs
["i686-linux" "x86_64-linux"] ["i686-linux" "x86_64-linux"]
(system: (system: runNixOSTestFor system ./tests/nixos/setuid.nix);
import ./tests/setuid.nix rec {
inherit nixpkgs system;
overlay = self.overlays.default;
});
# Make sure that nix-env still produces the exact same result # Make sure that nix-env still produces the exact same result
# on a particular version of Nixpkgs. # on a particular version of Nixpkgs.

View file

@ -1,12 +1,7 @@
# Test whether we can run a NixOS container inside a Nix build using systemd-nspawn. # Test whether we can run a NixOS container inside a Nix build using systemd-nspawn.
{ nixpkgs, system, overlay }: { lib, nixpkgs, ... }:
with import (nixpkgs + "/nixos/lib/testing-python.nix") { {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
makeTest ({
name = "containers"; name = "containers";
nodes = nodes =
@ -65,4 +60,4 @@ makeTest ({
host.succeed("[[ $(cat ./result/msg) = 'Hello World' ]]") host.succeed("[[ $(cat ./result/msg) = 'Hello World' ]]")
''; '';
}) }

View file

@ -1,14 +1,9 @@
{ nixpkgs, system, overlay }: { lib, config, nixpkgs, ... }:
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
let let
pkgs = config.nodes.client.nixpkgs.pkgs;
# Generate a fake root CA and a fake api.github.com / github.com / channels.nixos.org certificate. # Generate a fake root CA and a fake api.github.com / github.com / channels.nixos.org certificate.
cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; } cert = pkgs.runCommand "cert" { nativeBuildInputs = [ pkgs.openssl ]; }
'' ''
mkdir -p $out mkdir -p $out
@ -92,8 +87,6 @@ let
''; '';
in in
makeTest (
{ {
name = "github-flakes"; name = "github-flakes";
@ -207,4 +200,4 @@ makeTest (
client.succeed("nix build nixpkgs#fuse --tarball-ttl 0") client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
''; '';
}) }

View file

@ -1,13 +1,16 @@
# Test nix-copy-closure. # Test nix-copy-closure.
{ nixpkgs, system, overlay }: { lib, config, nixpkgs, hostPkgs, ... }:
with import (nixpkgs + "/nixos/lib/testing-python.nix") { let
inherit system; pkgs = config.nodes.client.nixpkgs.pkgs;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; pkgD = pkgs.tmux; in { pkgA = pkgs.cowsay;
pkgB = pkgs.wget;
pkgC = pkgs.hello;
pkgD = pkgs.tmux;
in {
name = "nix-copy-closure"; name = "nix-copy-closure";
nodes = nodes =
@ -74,4 +77,4 @@ makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; pkgD = pk
# ) # )
# client.succeed("nix-store --check-validity ${pkgC}") # client.succeed("nix-store --check-validity ${pkgC}")
''; '';
}) }

View file

@ -1,11 +1,9 @@
{ nixpkgs, system, overlay }: { lib, config, nixpkgs, ... }:
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
let let
pkgs = config.nodes.client.nixpkgs.pkgs;
nix-fetch = pkgs.writeText "fetch.nix" '' nix-fetch = pkgs.writeText "fetch.nix" ''
derivation { derivation {
# This derivation is an copy from what is available over at # This derivation is an copy from what is available over at
@ -41,9 +39,7 @@ let
''; '';
in in
makeTest ( {
rec {
name = "nss-preload"; name = "nss-preload";
nodes = { nodes = {
@ -122,4 +118,4 @@ rec {
nix-build ${nix-fetch} >&2 nix-build ${nix-fetch} >&2
""") """)
''; '';
}) }

View file

@ -1,15 +1,9 @@
# Test Nix's remote build feature. # Test Nix's remote build feature.
{ nixpkgs, system, overlay }: { config, lib, hostPkgs, ... }:
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
makeTest (
let let
pkgs = config.nodes.client.nixpkgs.pkgs;
# The configuration of the remote builders. # The configuration of the remote builders.
builder = builder =
@ -75,7 +69,7 @@ in
# Create an SSH key on the client. # Create an SSH key on the client.
subprocess.run([ subprocess.run([
"${pkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", "" "${hostPkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
], capture_output=True, check=True) ], capture_output=True, check=True)
client.succeed("mkdir -p -m 700 /root/.ssh") client.succeed("mkdir -p -m 700 /root/.ssh")
client.copy_from_host("key", "/root/.ssh/id_ed25519") client.copy_from_host("key", "/root/.ssh/id_ed25519")
@ -109,4 +103,4 @@ in
builder1.block() builder1.block()
client.succeed("nix-build ${expr nodes.client.config 4}") client.succeed("nix-build ${expr nodes.client.config 4}")
''; '';
}) }

View file

@ -1,13 +1,12 @@
# Verify that Linux builds cannot create setuid or setgid binaries. # Verify that Linux builds cannot create setuid or setgid binaries.
{ nixpkgs, system, overlay }: { lib, config, nixpkgs, ... }:
with import (nixpkgs + "/nixos/lib/testing-python.nix") { let
inherit system; pkgs = config.nodes.machine.nixpkgs.pkgs;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
makeTest { in
{
name = "setuid"; name = "setuid";
nodes.machine = nodes.machine =

View file

@ -1,12 +1,8 @@
{ nixpkgs, system, overlay }: { lib, config, hostPkgs, nixpkgs, ... }:
with import (nixpkgs + "/nixos/lib/testing-python.nix")
{
inherit system;
extraConfigurations = [{ nixpkgs.overlays = [ overlay ]; }];
};
let let
pkgs = config.nodes.sourcehut.nixpkgs.pkgs;
# Generate a fake root CA and a fake git.sr.ht certificate. # Generate a fake root CA and a fake git.sr.ht certificate.
cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; } cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; }
'' ''
@ -64,8 +60,6 @@ let
in in
makeTest (
{ {
name = "sourcehut-flakes"; name = "sourcehut-flakes";
@ -164,4 +158,4 @@ makeTest (
client.succeed("nix build nixpkgs#fuse --tarball-ttl 0") client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
''; '';
}) }