forked from lix-project/lix
Merge pull request #7648 from hercules-ci/move-nixos-tests
Move nixos tests
This commit is contained in:
commit
ccaadc9575
11 changed files with 57 additions and 98 deletions
2
.github/PULL_REQUEST_TEMPLATE.md
vendored
2
.github/PULL_REQUEST_TEMPLATE.md
vendored
|
@ -21,7 +21,7 @@ Maintainers: tick if completed or explain if not relevant
|
||||||
- [ ] tests, as appropriate
|
- [ ] tests, as appropriate
|
||||||
- functional tests - `tests/**.sh`
|
- functional tests - `tests/**.sh`
|
||||||
- unit tests - `src/*/tests`
|
- unit tests - `src/*/tests`
|
||||||
- integration tests
|
- integration tests - `tests/nixos/*`
|
||||||
- [ ] documentation in the manual
|
- [ ] documentation in the manual
|
||||||
- [ ] code and comments are self-explanatory
|
- [ ] code and comments are self-explanatory
|
||||||
- [ ] commit message explains why the change was made
|
- [ ] commit message explains why the change was made
|
||||||
|
|
55
flake.nix
55
flake.nix
|
@ -409,6 +409,18 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nixos-lib = import (nixpkgs + "/nixos/lib") { };
|
||||||
|
|
||||||
|
# https://nixos.org/manual/nixos/unstable/index.html#sec-calling-nixos-tests
|
||||||
|
runNixOSTestFor = system: test: nixos-lib.runTest {
|
||||||
|
imports = [ test ];
|
||||||
|
hostPkgs = nixpkgsFor.${system};
|
||||||
|
defaults = {
|
||||||
|
nixpkgs.pkgs = nixpkgsFor.${system};
|
||||||
|
};
|
||||||
|
_module.args.nixpkgs = nixpkgs;
|
||||||
|
};
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
# A Nixpkgs overlay that overrides the 'nix' and
|
# A Nixpkgs overlay that overrides the 'nix' and
|
||||||
|
@ -487,49 +499,22 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
# System tests.
|
# System tests.
|
||||||
tests.remoteBuilds = import ./tests/remote-builds.nix {
|
tests.remoteBuilds = runNixOSTestFor "x86_64-linux" ./tests/nixos/remote-builds.nix;
|
||||||
system = "x86_64-linux";
|
|
||||||
inherit nixpkgs;
|
|
||||||
overlay = self.overlays.default;
|
|
||||||
};
|
|
||||||
|
|
||||||
tests.nix-copy-closure = import ./tests/nix-copy-closure.nix {
|
tests.nix-copy-closure = runNixOSTestFor "x86_64-linux" ./tests/nixos/nix-copy-closure.nix;
|
||||||
system = "x86_64-linux";
|
|
||||||
inherit nixpkgs;
|
|
||||||
overlay = self.overlays.default;
|
|
||||||
};
|
|
||||||
|
|
||||||
tests.nssPreload = (import ./tests/nss-preload.nix rec {
|
tests.nssPreload = runNixOSTestFor "x86_64-linux" ./tests/nixos/nss-preload.nix;
|
||||||
system = "x86_64-linux";
|
|
||||||
inherit nixpkgs;
|
|
||||||
overlay = self.overlays.default;
|
|
||||||
});
|
|
||||||
|
|
||||||
tests.githubFlakes = (import ./tests/github-flakes.nix rec {
|
tests.githubFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/github-flakes.nix;
|
||||||
system = "x86_64-linux";
|
|
||||||
inherit nixpkgs;
|
|
||||||
overlay = self.overlays.default;
|
|
||||||
});
|
|
||||||
|
|
||||||
tests.sourcehutFlakes = (import ./tests/sourcehut-flakes.nix rec {
|
tests.sourcehutFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/sourcehut-flakes.nix;
|
||||||
system = "x86_64-linux";
|
|
||||||
inherit nixpkgs;
|
|
||||||
overlay = self.overlays.default;
|
|
||||||
});
|
|
||||||
|
|
||||||
tests.containers = (import ./tests/containers.nix rec {
|
tests.containers = runNixOSTestFor "x86_64-linux" ./tests/nixos/containers/containers.nix;
|
||||||
system = "x86_64-linux";
|
|
||||||
inherit nixpkgs;
|
|
||||||
overlay = self.overlays.default;
|
|
||||||
});
|
|
||||||
|
|
||||||
tests.setuid = nixpkgs.lib.genAttrs
|
tests.setuid = nixpkgs.lib.genAttrs
|
||||||
["i686-linux" "x86_64-linux"]
|
["i686-linux" "x86_64-linux"]
|
||||||
(system:
|
(system: runNixOSTestFor system ./tests/nixos/setuid.nix);
|
||||||
import ./tests/setuid.nix rec {
|
|
||||||
inherit nixpkgs system;
|
|
||||||
overlay = self.overlays.default;
|
|
||||||
});
|
|
||||||
|
|
||||||
# Make sure that nix-env still produces the exact same result
|
# Make sure that nix-env still produces the exact same result
|
||||||
# on a particular version of Nixpkgs.
|
# on a particular version of Nixpkgs.
|
||||||
|
|
|
@ -1,12 +1,7 @@
|
||||||
# Test whether we can run a NixOS container inside a Nix build using systemd-nspawn.
|
# Test whether we can run a NixOS container inside a Nix build using systemd-nspawn.
|
||||||
{ nixpkgs, system, overlay }:
|
{ lib, nixpkgs, ... }:
|
||||||
|
|
||||||
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
{
|
||||||
inherit system;
|
|
||||||
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
|
||||||
};
|
|
||||||
|
|
||||||
makeTest ({
|
|
||||||
name = "containers";
|
name = "containers";
|
||||||
|
|
||||||
nodes =
|
nodes =
|
||||||
|
@ -65,4 +60,4 @@ makeTest ({
|
||||||
host.succeed("[[ $(cat ./result/msg) = 'Hello World' ]]")
|
host.succeed("[[ $(cat ./result/msg) = 'Hello World' ]]")
|
||||||
'';
|
'';
|
||||||
|
|
||||||
})
|
}
|
|
@ -1,14 +1,9 @@
|
||||||
{ nixpkgs, system, overlay }:
|
{ lib, config, nixpkgs, ... }:
|
||||||
|
|
||||||
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
|
||||||
inherit system;
|
|
||||||
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
|
||||||
};
|
|
||||||
|
|
||||||
let
|
let
|
||||||
|
pkgs = config.nodes.client.nixpkgs.pkgs;
|
||||||
|
|
||||||
# Generate a fake root CA and a fake api.github.com / github.com / channels.nixos.org certificate.
|
# Generate a fake root CA and a fake api.github.com / github.com / channels.nixos.org certificate.
|
||||||
cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; }
|
cert = pkgs.runCommand "cert" { nativeBuildInputs = [ pkgs.openssl ]; }
|
||||||
''
|
''
|
||||||
mkdir -p $out
|
mkdir -p $out
|
||||||
|
|
||||||
|
@ -92,8 +87,6 @@ let
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
|
|
||||||
makeTest (
|
|
||||||
|
|
||||||
{
|
{
|
||||||
name = "github-flakes";
|
name = "github-flakes";
|
||||||
|
|
||||||
|
@ -207,4 +200,4 @@ makeTest (
|
||||||
client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
|
client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
|
||||||
'';
|
'';
|
||||||
|
|
||||||
})
|
}
|
|
@ -1,13 +1,16 @@
|
||||||
# Test ‘nix-copy-closure’.
|
# Test ‘nix-copy-closure’.
|
||||||
|
|
||||||
{ nixpkgs, system, overlay }:
|
{ lib, config, nixpkgs, hostPkgs, ... }:
|
||||||
|
|
||||||
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
let
|
||||||
inherit system;
|
pkgs = config.nodes.client.nixpkgs.pkgs;
|
||||||
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
|
||||||
};
|
|
||||||
|
|
||||||
makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; pkgD = pkgs.tmux; in {
|
pkgA = pkgs.cowsay;
|
||||||
|
pkgB = pkgs.wget;
|
||||||
|
pkgC = pkgs.hello;
|
||||||
|
pkgD = pkgs.tmux;
|
||||||
|
|
||||||
|
in {
|
||||||
name = "nix-copy-closure";
|
name = "nix-copy-closure";
|
||||||
|
|
||||||
nodes =
|
nodes =
|
||||||
|
@ -74,4 +77,4 @@ makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; pkgD = pk
|
||||||
# )
|
# )
|
||||||
# client.succeed("nix-store --check-validity ${pkgC}")
|
# client.succeed("nix-store --check-validity ${pkgC}")
|
||||||
'';
|
'';
|
||||||
})
|
}
|
|
@ -1,11 +1,9 @@
|
||||||
{ nixpkgs, system, overlay }:
|
{ lib, config, nixpkgs, ... }:
|
||||||
|
|
||||||
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
|
||||||
inherit system;
|
|
||||||
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
|
||||||
};
|
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
|
pkgs = config.nodes.client.nixpkgs.pkgs;
|
||||||
|
|
||||||
nix-fetch = pkgs.writeText "fetch.nix" ''
|
nix-fetch = pkgs.writeText "fetch.nix" ''
|
||||||
derivation {
|
derivation {
|
||||||
# This derivation is an copy from what is available over at
|
# This derivation is an copy from what is available over at
|
||||||
|
@ -41,9 +39,7 @@ let
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
|
|
||||||
makeTest (
|
{
|
||||||
|
|
||||||
rec {
|
|
||||||
name = "nss-preload";
|
name = "nss-preload";
|
||||||
|
|
||||||
nodes = {
|
nodes = {
|
||||||
|
@ -122,4 +118,4 @@ rec {
|
||||||
nix-build ${nix-fetch} >&2
|
nix-build ${nix-fetch} >&2
|
||||||
""")
|
""")
|
||||||
'';
|
'';
|
||||||
})
|
}
|
|
@ -1,15 +1,9 @@
|
||||||
# Test Nix's remote build feature.
|
# Test Nix's remote build feature.
|
||||||
|
|
||||||
{ nixpkgs, system, overlay }:
|
{ config, lib, hostPkgs, ... }:
|
||||||
|
|
||||||
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
|
||||||
inherit system;
|
|
||||||
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
|
||||||
};
|
|
||||||
|
|
||||||
makeTest (
|
|
||||||
|
|
||||||
let
|
let
|
||||||
|
pkgs = config.nodes.client.nixpkgs.pkgs;
|
||||||
|
|
||||||
# The configuration of the remote builders.
|
# The configuration of the remote builders.
|
||||||
builder =
|
builder =
|
||||||
|
@ -75,7 +69,7 @@ in
|
||||||
|
|
||||||
# Create an SSH key on the client.
|
# Create an SSH key on the client.
|
||||||
subprocess.run([
|
subprocess.run([
|
||||||
"${pkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
|
"${hostPkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
|
||||||
], capture_output=True, check=True)
|
], capture_output=True, check=True)
|
||||||
client.succeed("mkdir -p -m 700 /root/.ssh")
|
client.succeed("mkdir -p -m 700 /root/.ssh")
|
||||||
client.copy_from_host("key", "/root/.ssh/id_ed25519")
|
client.copy_from_host("key", "/root/.ssh/id_ed25519")
|
||||||
|
@ -109,4 +103,4 @@ in
|
||||||
builder1.block()
|
builder1.block()
|
||||||
client.succeed("nix-build ${expr nodes.client.config 4}")
|
client.succeed("nix-build ${expr nodes.client.config 4}")
|
||||||
'';
|
'';
|
||||||
})
|
}
|
|
@ -1,13 +1,12 @@
|
||||||
# Verify that Linux builds cannot create setuid or setgid binaries.
|
# Verify that Linux builds cannot create setuid or setgid binaries.
|
||||||
|
|
||||||
{ nixpkgs, system, overlay }:
|
{ lib, config, nixpkgs, ... }:
|
||||||
|
|
||||||
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
let
|
||||||
inherit system;
|
pkgs = config.nodes.machine.nixpkgs.pkgs;
|
||||||
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
|
||||||
};
|
|
||||||
|
|
||||||
makeTest {
|
in
|
||||||
|
{
|
||||||
name = "setuid";
|
name = "setuid";
|
||||||
|
|
||||||
nodes.machine =
|
nodes.machine =
|
|
@ -1,12 +1,8 @@
|
||||||
{ nixpkgs, system, overlay }:
|
{ lib, config, hostPkgs, nixpkgs, ... }:
|
||||||
|
|
||||||
with import (nixpkgs + "/nixos/lib/testing-python.nix")
|
|
||||||
{
|
|
||||||
inherit system;
|
|
||||||
extraConfigurations = [{ nixpkgs.overlays = [ overlay ]; }];
|
|
||||||
};
|
|
||||||
|
|
||||||
let
|
let
|
||||||
|
pkgs = config.nodes.sourcehut.nixpkgs.pkgs;
|
||||||
|
|
||||||
# Generate a fake root CA and a fake git.sr.ht certificate.
|
# Generate a fake root CA and a fake git.sr.ht certificate.
|
||||||
cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; }
|
cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; }
|
||||||
''
|
''
|
||||||
|
@ -64,8 +60,6 @@ let
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
makeTest (
|
|
||||||
|
|
||||||
{
|
{
|
||||||
name = "sourcehut-flakes";
|
name = "sourcehut-flakes";
|
||||||
|
|
||||||
|
@ -164,4 +158,4 @@ makeTest (
|
||||||
client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
|
client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
|
||||||
'';
|
'';
|
||||||
|
|
||||||
})
|
}
|
Loading…
Reference in a new issue