CI system for the distro
Find a file
Graham Christensen c1f5e4ff80
Merge pull request #93 from rnhmjoj/released
add rnhmjoj to config.public.json
2018-03-05 07:40:13 -05:00
doc Add a sample-command workflow 2017-11-06 12:38:23 -05:00
ircbot Merge remote-tracking branch 'origin/released' into next 2018-02-09 19:11:02 -05:00
log-api Full logs are at a different root now 2018-01-27 14:40:16 -05:00
nix fixup patch to not trace 2018-02-09 19:31:11 -05:00
ofborg Tag added/removed packages on PRs 2018-02-09 22:23:37 -05:00
php Deleete the PHP poster code 2018-01-31 19:22:43 -05:00
scripts Add unode to the known users 2018-01-28 08:21:18 -05:00
.gitignore ignore nix patches 2018-02-09 19:33:29 -05:00
CODE_OF_CONDUCT.md Create CODE_OF_CONDUCT.md 2017-11-29 19:21:27 -05:00
config.extra-known-users.json Add dywedir to extra-known-users 2018-02-12 23:49:44 +02:00
config.known-users.json Make bhipple a known user 2018-01-28 09:12:27 -05:00
config.public.json fix stray tab character 2018-03-01 20:41:49 +01:00
default.nix rebuild crate expressions with carnix 0.6.5 2018-02-08 10:15:24 +00:00
example.config.json clean up the readme 2017-12-01 20:58:05 -05:00
factoids.toml Shortens FAQ entry for !notfound 2018-01-10 20:03:00 -05:00
LICENSE Add a license 2017-11-24 08:51:55 -05:00
README.md Clarify autobuild commit parsing 2018-03-03 23:59:49 -08:00
release.nix Make a release job 2017-12-08 21:10:28 -05:00
service.nix borg service example 2017-11-04 12:24:18 -04:00
shell.nix make git an explicit dependency 2018-01-29 14:27:34 -05:00

grahamcofborg

Guidelines

  1. make sure you've reviewed the code before you trigger it on a PR that isn't your own
  2. be gentle, preferably don't run mass rebuilds / massive builds like chromium on it

Automatic Building

Users who are trusted (see: ./config.public.json) or known (see: ./config.known-users.json) will have their PRs automatically trigger builds if their commits follow the well-defined format of Nixpkgs, specifically prefixing the commit title with the package attribute. This includes package bumps as well as other changes. Example messages and the builds:

Message Automatic Build
vim: 1.0.0 -> 2.0.0 vim
vagrant: Fix dependencies for version 2.0.2 vagrant
python36Packages.requests,python27Packages.requests: 1.0.0 -> 2.0.0 python36Packages.requests, python27Packages.requests
python{2,3}Packages.requests: 1.0.0 -> 2.0.0 nothing

If a PR is opened with many commits, it will create a single build job for all of the detected packages. If a PR is opened and many commits are pushed one by one to the open PR, many build jobs will be created.

To disable automatic building of packages on a PR, add [WIP] to the PR's title, or the 2.status: work-in-progress label.

Commands

The comment parser is line-based, so comments can be interleaved with instructions.

  1. To trigger the bot, the line must start with a case insensitive version of @GrahamcOfBorg.
  2. To use multiple commands, insert a bit of whitespace and then your new command.

Commands:

test (added: 2017-11-24)

@grahamcofborg test list of tests

This will run nix-build ./nixos/release.nix -A tests.list -A tests.of -A tests.tests in the nixpkgs checkout. Note: this will only run on x86_64-linux machines.

eval

@grahamcofborg eval

Note: Every PR automatically evaluates when it is opened and when the commits change. There is no reason to run eval on a PR unless the evaluation has failed for weird reasons, or because master was broken before.

build

@grahamcofborg build list of attrs

This will run nix-build ./default.nix -A list -A of -A attrs in the nixpkgs checkout.


Multiple Commands:

@grahamcofborg build list of attrs
@grahamcofborg eval

or even:

@grahamcofborg build list of attrs @grahamcofborg eval

This will also work:

looks good to me!
@grahamcofborg build list of attrs

And this is fine:

@grahamcofborg build list of attrs
looks good to me!

This is will build list, of, attrs, looks, good, to, me!:

@grahamcofborg build list of attrs looks good to me!

How does OfBorg call nix-build?

Builds are run like:

HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-build ./default.nix --no-out-link --keep-going -A hello --option restrict-eval true --option build-timeout 1800 --argstr system thesystem --show-trace

How does OfBorg call nix-instantiate?

NixOS evals are run like:

HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate ./nixos/release.nix -A manual --option restrict-eval true --option build-timeout 1800 --argstr system thesystem --show-trace

Nixpkgs evals are run like:

HOME=/homeless-shelter NIX_PATH=nixpkgs=$(pwd) nix-instantiate ./pkgs/top-level/release.nix -A manual --option restrict-eval true --option build-timeout 1800 --argstr system thesystem --show-trace

Running meta checks locally

$ curl -o outpaths.nix https://raw.githubusercontent.com/NixOS/ofborg/released/ofborg/src/outpaths.nix
$ GC_INITIAL_HEAP_SIZE=4g nix-env -f ./outpaths.nix -qaP --no-name --out-path --arg checkMeta true > out-paths

Running a builder

nix-shell ./shell.nix
$ cd ofborg
$ cargo build
cargo build

then copy example.config.json to config.json and edit its vars. Set nix.remote to an empty string if you're not using the daemon.

Run

./target/debug/builder ./config.json

Note the config.public.json for the public pieces of how I run ofborg, which is merged with config.known-users.json and a third private config file of credentials. These files contain some special keys like

  • known users
  • authorized users
  • log storage

they are only used in the backend processing tasks, and there is no need for them on builders. However, to update the list in config.known-users.json, run ./scripts/update-known-users.sh.

old php stuff...

Only Graham needs to do this, since I run the only remaining PHP components.

<?php

require_once __DIR__ . '/vendor/autoload.php';
use PhpAmqpLib\Connection\AMQPSSLConnection;
use PhpAmqpLib\Message\AMQPMessage;

function rabbitmq_conn($timeout = 3) {
    $host = 'events.nix.gsc.io';
    $connection = new AMQPSSLConnection(
        $host, 5671,
        'eventsuser, eventspassword, '/',
        array(
            'verify_peer' => true,
            'verify_peer_name' => true,
            'peer_name' => $host,
            'verify_depth' => 10,
            'ca_file' => '/etc/ssl/certs/ca-certificates.crt',
        ), array(
            'connection_timeout' => $timeout,
        )
    );

    return $connection;
}

function gh_client() {
    $client = new \Github\Client();
    $client->authenticate('githubusername',
                          'githubpassword',
                          Github\Client::AUTH_HTTP_PASSWORD);

    return $client;
}