# grahamcofborg ## Guidelines 1. make sure you've reviewed the code before you trigger it on a PR that isn't your own 2. be gentle, preferably don't run mass rebuilds / massive builds like chromium on it ## Automatic Building Users who are _trusted_ (see: ./config.public.json) or _known_ (see: ./config.known-users.json) will have their PRs automatically trigger builds if their commits follow the well-defined format of Nixpkgs. Example messages and the builds: |Message|Automatic Build| |-|-| |`vim: 1.0.0 -> 2.0.0`|`vim`| |`python36Packages.requests,python27Packages.requests: 1.0.0 -> 2.0.0`|`python36Packages.requests`, `python27Packages.requests`| |`python{2,3}Packages.requests: 1.0.0 -> 2.0.0`|_nothing_| If a PR is opened with many commits, it will create a single build job for all of the detected packages. If a PR is opened and many commits are pushed one by one to the open PR, many build jobs will be created. To disable automatic building of packages on a PR, add `[WIP]` to the PR's title, or the `2.status: work-in-progress` label. ## Commands The comment parser is line-based, so comments can be interleaved with instructions. 1. To trigger the bot, the line _must_ start with a case insensitive version of `@GrahamcOfBorg`. 2. To use multiple commands, insert a bit of whitespace and then your new command. Commands: ### test (added: 2017-11-24) ``` @grahamcofborg test list of tests ``` This will run `nix-build ./nixos/release.nix -A tests.list -A tests.of -A tests.tests` in the nixpkgs checkout. Note: this will only run on x86_64-linux machines. ### eval ``` @grahamcofborg eval ``` Note: Every PR automatically evaluates when it is opened and when the commits change. There is no reason to run eval on a PR unless the evaluation has failed for weird reasons, or because master was broken before. ### build ``` @grahamcofborg build list of attrs ``` This will run `nix-build ./default.nix -A list -A of -A attrs` in the nixpkgs checkout. --- Multiple Commands: ``` @grahamcofborg build list of attrs @grahamcofborg eval ``` or even: ``` @grahamcofborg build list of attrs @grahamcofborg eval ``` This will also work: ``` looks good to me! @grahamcofborg build list of attrs ``` And this is fine: ``` @grahamcofborg build list of attrs looks good to me! ``` This is will build `list`, `of`, `attrs`, `looks`, `good`, `to`, `me!`: ``` @grahamcofborg build list of attrs looks good to me! ``` # How does OfBorg call nix-build? Builds are run like: > HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-build ./default.nix > --no-out-link --keep-going -A hello > --option restrict-eval true > --option build-timeout 1800 > --argstr system thesystem > --show-trace # How does OfBorg call nix-instantiate? NixOS evals are run like: > HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate ./nixos/release.nix > -A manual > --option restrict-eval true > --option build-timeout 1800 > --argstr system thesystem > --show-trace Nixpkgs evals are run like: > HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate ./pkgs/top-level/release.nix > -A manual > --option restrict-eval true > --option build-timeout 1800 > --argstr system thesystem > --show-trace # Running meta checks locally ``` $ curl -o outpaths.nix https://raw.githubusercontent.com/NixOS/ofborg/released/ofborg/src/outpaths.nix $ GC_INITIAL_HEAP_SIZE=4g nix-env -f ./outpaths.nix -qaP --no-name --out-path --arg checkMeta true > out-paths ``` --- # Running a builder ``` nix-shell ./shell.nix $ cd ofborg $ cargo build ``` ``` cargo build ``` then copy example.config.json to config.json and edit its vars. Set `nix.remote` to an empty string if you're not using the daemon. Run ``` ./target/debug/builder ./config.json ``` Note the config.public.json for the public pieces of how I run ofborg, which is merged with config.known-users.json and a third private config file of credentials. These files contain some special keys like - known users - authorized users - log storage they are only used in the backend processing tasks, and there is no need for them on builders. However, to update the list in config.known-users.json, run `./scripts/update-known-users.sh`. ## old php stuff... Only Graham needs to do this, since I run the only remaining PHP components. ```php true, 'verify_peer_name' => true, 'peer_name' => $host, 'verify_depth' => 10, 'ca_file' => '/etc/ssl/certs/ca-certificates.crt', ), array( 'connection_timeout' => $timeout, ) ); return $connection; } function gh_client() { $client = new \Github\Client(); $client->authenticate('githubusername', 'githubpassword', Github\Client::AUTH_HTTP_PASSWORD); return $client; } ```