ofborg/README.md

4.9 KiB

grahamcofborg

Guidelines

  1. make sure you've reviewed the code before you trigger it on a PR that isn't your own
  2. be gentle, preferably don't run mass rebuilds / massive builds like chromium on it

Automatic Building

Users who are trusted (see: ./config.public.json) or known (see: ./config.known-users.json) will have their PRs automatically trigger builds if their commits follow the well-defined format of Nixpkgs. Example messages and the builds:

Message Automatic Build
vim: 1.0.0 -> 2.0.0 vim
python36Packages.requests,python27Packages.requests: 1.0.0 -> 2.0.0 python36Packages.requests, python27Packages.requests
python{2,3}Packages.requests: 1.0.0 -> 2.0.0 nothing

If a PR is opened with many commits, it will create a single build job for all of the detected packages. If a PR is opened and many commits are pushed one by one to the open PR, many build jobs will be created.

To disable automatic building of packages on a PR, add [WIP] to the PR's title, or the 2.status: work-in-progress label.

Commands

The comment parser is line-based, so comments can be interleaved with instructions.

  1. To trigger the bot, the line must start with a case insensitive version of @GrahamcOfBorg.
  2. To use multiple commands, insert a bit of whitespace and then your new command.

Commands:

test (added: 2017-11-24)

@grahamcofborg test list of tests

This will run nix-build ./nixos/release.nix -A tests.list -A tests.of -A tests.tests in the nixpkgs checkout. Note: this will only run on x86_64-linux machines.

eval

@grahamcofborg eval

Note: Every PR automatically evaluates when it is opened and when the commits change. There is no reason to run eval on a PR unless the evaluation has failed for weird reasons, or because master was broken before.

build

@grahamcofborg build list of attrs

This will run nix-build ./default.nix -A list -A of -A attrs in the nixpkgs checkout.


Multiple Commands:

@grahamcofborg build list of attrs
@grahamcofborg eval

or even:

@grahamcofborg build list of attrs @grahamcofborg eval

This will also work:

looks good to me!
@grahamcofborg build list of attrs

And this is fine:

@grahamcofborg build list of attrs
looks good to me!

This is will build list, of, attrs, looks, good, to, me!:

@grahamcofborg build list of attrs looks good to me!

How does OfBorg call nix-build?

Builds are run like:

HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-build ./default.nix --no-out-link --keep-going -A hello --option restrict-eval true --option build-timeout 1800 --argstr system thesystem --show-trace

How does OfBorg call nix-instantiate?

NixOS evals are run like:

HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate ./nixos/release.nix -A manual --option restrict-eval true --option build-timeout 1800 --argstr system thesystem --show-trace

Nixpkgs evals are run like:

HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate ./pkgs/top-level/release.nix -A manual --option restrict-eval true --option build-timeout 1800 --argstr system thesystem --show-trace


Running a builder

nix-shell ./shell.nix
$ cd ofborg
$ cargo build
cargo build

then copy example.config.json to config.json and edit its vars. Set nix.remote to an empty string if you're not using the daemon.

Run

./target/debug/builder ./config.json

Note the config.public.json for the public pieces of how I run ofborg, which is merged with config.known-users.json and a third private config file of credentials. These files contain some special keys like

  • known users
  • authorized users
  • log storage

they are only used in the backend processing tasks, and there is no need for them on builders. However, to update the list in config.known-users.json, run ./scripts/update-known-users.sh.

old php stuff...

Only Graham needs to do this, since I run the only remaining PHP components.

<?php

require_once __DIR__ . '/vendor/autoload.php';
use PhpAmqpLib\Connection\AMQPSSLConnection;
use PhpAmqpLib\Message\AMQPMessage;

function rabbitmq_conn($timeout = 3) {
    $host = 'events.nix.gsc.io';
    $connection = new AMQPSSLConnection(
        $host, 5671,
        'eventsuser, eventspassword, '/',
        array(
            'verify_peer' => true,
            'verify_peer_name' => true,
            'peer_name' => $host,
            'verify_depth' => 10,
            'ca_file' => '/etc/ssl/certs/ca-certificates.crt',
        ), array(
            'connection_timeout' => $timeout,
        )
    );

    return $connection;
}

function gh_client() {
    $client = new \Github\Client();
    $client->authenticate('githubusername',
                          'githubpassword',
                          Github\Client::AUTH_HTTP_PASSWORD);

    return $client;
}