vriska/hydra
0
0
Fork 0
forked from lix-project/hydra
Code Pull requests Activity

flake.nix: format with nixpkgs-fmt

Browse source
This commit is contained in:
Graham Christensen 2022-02-09 10:43:40 -05:00
parent 1abe7f4d80
commit 68c6c3d556
1 changed files with 243 additions and 195 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

438
flake.nix
View file

@ -16,7 +16,8 @@
# NixOS configuration used for VM tests. # NixOS configuration used for VM tests.
hydraServer = hydraServer =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ imports = [ self.nixosModules.hydraTest ]; {
imports = [ self.nixosModules.hydraTest ];
virtualisation.memorySize = 1024; virtualisation.memorySize = 1024;
virtualisation.writableStore = true; virtualisation.writableStore = true;
@ -26,11 +27,12 @@
nix = { nix = {
# Without this nix tries to fetch packages from the default # Without this nix tries to fetch packages from the default
# cache.nixos.org which is not reachable from this sandboxed NixOS test. # cache.nixos.org which is not reachable from this sandboxed NixOS test.
binaryCaches = []; binaryCaches = [ ];
}; };
}; };
in rec { in
rec {
# A Nixpkgs overlay that provides a 'hydra' package. # A Nixpkgs overlay that provides a 'hydra' package.
overlay = final: prev: { overlay = final: prev: {
@ -215,17 +217,17 @@
}; };
TieHashMethod = final.buildPerlPackage { TieHashMethod = final.buildPerlPackage {
pname = "Tie-Hash-Method"; pname = "Tie-Hash-Method";
version = "0.02"; version = "0.02";
src = final.fetchurl { src = final.fetchurl {
url = "mirror://cpan/authors/id/Y/YV/YVES/Tie-Hash-Method-0.02.tar.gz"; url = "mirror://cpan/authors/id/Y/YV/YVES/Tie-Hash-Method-0.02.tar.gz";
sha256 = "d513fbb51413f7ca1e64a1bdce6194df7ec6076dea55066d67b950191eec32a9"; sha256 = "d513fbb51413f7ca1e64a1bdce6194df7ec6076dea55066d67b950191eec32a9";
};
meta = {
description = "Tied hash with specific methods overriden by callbacks";
license = with final.lib.licenses; [ artistic1 ];
};
}; };
meta = {
description = "Tied hash with specific methods overriden by callbacks";
license = with final.lib.licenses; [ artistic1 ];
};
};
Test2Harness = final.buildPerlPackage { Test2Harness = final.buildPerlPackage {
pname = "Test2-Harness"; pname = "Test2-Harness";
@ -326,7 +328,7 @@
sha256 = "1mnnpkmj8kpb7qw50sm8h4sd8py37ssy2xi5hhxzr5whcx0cvhm8"; sha256 = "1mnnpkmj8kpb7qw50sm8h4sd8py37ssy2xi5hhxzr5whcx0cvhm8";
}; };
meta = { meta = {
description= "Active Directory Security Identifier manipulation"; description = "Active Directory Security Identifier manipulation";
license = with final.lib.licenses; [ artistic2 ]; license = with final.lib.licenses; [ artistic2 ];
}; };
}; };
@ -340,7 +342,7 @@
}; };
propagatedBuildInputs = with final.perlPackages; [ NetLDAP NetLDAPServer TestMore DataDump NetLDAPSID ]; propagatedBuildInputs = with final.perlPackages; [ NetLDAP NetLDAPServer TestMore DataDump NetLDAPSID ];
meta = { meta = {
description= "test Net::LDAP code"; description = "test Net::LDAP code";
license = with final.lib.licenses; [ artistic1 ]; license = with final.lib.licenses; [ artistic1 ];
}; };
}; };
@ -355,7 +357,7 @@
propagatedBuildInputs = with final.perlPackages; [ NetLDAP CatalystPluginAuthentication ClassAccessorFast ]; propagatedBuildInputs = with final.perlPackages; [ NetLDAP CatalystPluginAuthentication ClassAccessorFast ];
buildInputs = with final.perlPackages; [ TestMore TestMockObject TestException NetLDAPServerTest ]; buildInputs = with final.perlPackages; [ TestMore TestMockObject TestException NetLDAPServerTest ];
meta = { meta = {
description= "Authentication from an LDAP Directory"; description = "Authentication from an LDAP Directory";
license = with final.lib.licenses; [ artistic1 ]; license = with final.lib.licenses; [ artistic1 ];
}; };
}; };
@ -522,31 +524,72 @@
]; ];
}; };
in stdenv.mkDerivation { in
stdenv.mkDerivation {
name = "hydra-${version}"; name = "hydra-${version}";
src = self; src = self;
buildInputs = buildInputs =
[ makeWrapper autoconf automake libtool unzip nukeReferences pkgconfig libpqxx [
gitAndTools.topGit mercurial darcs subversion breezy openssl bzip2 libxslt makeWrapper
final.nix perlDeps perl mdbook pixz autoconf
automake
libtool
unzip
nukeReferences
pkgconfig
libpqxx
gitAndTools.topGit
mercurial
darcs
subversion
breezy
openssl
bzip2
libxslt
final.nix
perlDeps
perl
mdbook
pixz
boost boost
postgresql_13 postgresql_13
(if lib.versionAtLeast lib.version "20.03pre" (if lib.versionAtLeast lib.version "20.03pre"
then nlohmann_json then nlohmann_json
else nlohmann_json.override { multipleHeaders = true; }) else nlohmann_json.override { multipleHeaders = true; })
]; ];
checkInputs = [ checkInputs = [
foreman python3 netcat-openbsd glibcLocales cacert cacert
foreman
glibcLocales
netcat-openbsd
python3
]; ];
hydraPath = lib.makeBinPath ( hydraPath = lib.makeBinPath (
[ subversion openssh final.nix coreutils findutils pixz [
gzip bzip2 lzma gnutar unzip git gitAndTools.topGit mercurial darcs gnused breezy subversion
] ++ lib.optionals stdenv.isLinux [ rpm dpkg cdrkit ] ); openssh
final.nix
coreutils
findutils
pixz
gzip
bzip2
lzma
gnutar
unzip
git
gitAndTools.topGit
mercurial
darcs
gnused
breezy
] ++ lib.optionals stdenv.isLinux [ rpm dpkg cdrkit ]
);
shellHook = '' shellHook = ''
pushd $(git rev-parse --show-toplevel) >/dev/null pushd $(git rev-parse --show-toplevel) >/dev/null
@ -603,14 +646,14 @@
build.x86_64-linux = packages.x86_64-linux.hydra; build.x86_64-linux = packages.x86_64-linux.hydra;
manual = manual =
pkgs.runCommand "hydra-manual-${version}" {} pkgs.runCommand "hydra-manual-${version}" { }
'' ''
mkdir -p $out/share mkdir -p $out/share
cp -prvd ${pkgs.hydra}/share/doc $out/share/ cp -prvd ${pkgs.hydra}/share/doc $out/share/
mkdir $out/nix-support mkdir $out/nix-support
echo "doc manual $out/share/doc/hydra" >> $out/nix-support/hydra-build-products echo "doc manual $out/share/doc/hydra" >> $out/nix-support/hydra-build-products
''; '';
tests.install.x86_64-linux = tests.install.x86_64-linux =
with import (nixpkgs + "/nixos/lib/testing-python.nix") { system = "x86_64-linux"; }; with import (nixpkgs + "/nixos/lib/testing-python.nix") { system = "x86_64-linux"; };
@ -682,7 +725,7 @@
+ "--data-urlencode 'q=SELECT * FROM hydra_build_status' | grep success" + "--data-urlencode 'q=SELECT * FROM hydra_build_status' | grep success"
) )
''; '';
}; };
tests.gitea.x86_64-linux = tests.gitea.x86_64-linux =
with import (nixpkgs + "/nixos/lib/testing-python.nix") { system = "x86_64-linux"; }; with import (nixpkgs + "/nixos/lib/testing-python.nix") { system = "x86_64-linux"; };
@ -700,7 +743,7 @@
hostName = "localhost"; hostName = "localhost";
systems = [ "x86_64-linux" ]; systems = [ "x86_64-linux" ];
}]; }];
binaryCaches = []; binaryCaches = [ ];
}; };
services.gitea = { services.gitea = {
enable = true; enable = true;
@ -713,168 +756,170 @@
networking.firewall.allowedTCPPorts = [ 3000 ]; networking.firewall.allowedTCPPorts = [ 3000 ];
}; };
skipLint = true; skipLint = true;
testScript = let testScript =
scripts.mktoken = pkgs.writeText "token.sql" '' let
INSERT INTO access_token (id, uid, name, created_unix, updated_unix, token_hash, token_salt, token_last_eight) VALUES (1, 1, 'hydra', 1617107360, 1617107360, 'a930f319ca362d7b49a4040ac0af74521c3a3c3303a86f327b01994430672d33b6ec53e4ea774253208686c712495e12a486', 'XRjWE9YW0g', '31d3a9c7'); scripts.mktoken = pkgs.writeText "token.sql" ''
''; INSERT INTO access_token (id, uid, name, created_unix, updated_unix, token_hash, token_salt, token_last_eight) VALUES (1, 1, 'hydra', 1617107360, 1617107360, 'a930f319ca362d7b49a4040ac0af74521c3a3c3303a86f327b01994430672d33b6ec53e4ea774253208686c712495e12a486', 'XRjWE9YW0g', '31d3a9c7');
scripts.git-setup = pkgs.writeShellScript "setup.sh" ''
set -x
mkdir -p /tmp/repo $HOME/.ssh
cat ${snakeoilKeypair.privkey} > $HOME/.ssh/privk
chmod 0400 $HOME/.ssh/privk
git -C /tmp/repo init
cp ${smallDrv} /tmp/repo/jobset.nix
git -C /tmp/repo add .
git config --global user.email test@localhost
git config --global user.name test
git -C /tmp/repo commit -m 'Initial import'
git -C /tmp/repo remote add origin gitea@machine:root/repo
GIT_SSH_COMMAND='ssh -i $HOME/.ssh/privk -o StrictHostKeyChecking=no' \
git -C /tmp/repo push origin master
git -C /tmp/repo log >&2
'';
scripts.hydra-setup = pkgs.writeShellScript "hydra.sh" ''
set -x
su -l hydra -c "hydra-create-user root --email-address \
'alice@example.org' --password foobar --role admin"
URL=http://localhost:3000
USERNAME="root"
PASSWORD="foobar"
PROJECT_NAME="trivial"
JOBSET_NAME="trivial"
mycurl() {
curl --referer $URL -H "Accept: application/json" \
-H "Content-Type: application/json" $@
}
cat >data.json <<EOF
{ "username": "$USERNAME", "password": "$PASSWORD" }
EOF
mycurl -X POST -d '@data.json' $URL/login -c hydra-cookie.txt
cat >data.json <<EOF
{
"displayname":"Trivial",
"enabled":"1",
"visible":"1"
}
EOF
mycurl --silent -X PUT $URL/project/$PROJECT_NAME \
-d @data.json -b hydra-cookie.txt
cat >data.json <<EOF
{
"description": "Trivial",
"checkinterval": "60",
"enabled": "1",
"visible": "1",
"keepnr": "1",
"enableemail": true,
"emailoverride": "hydra@localhost",
"type": 0,
"nixexprinput": "git",
"nixexprpath": "jobset.nix",
"inputs": {
"git": {"value": "http://localhost:3001/root/repo.git", "type": "git"},
"gitea_repo_name": {"value": "repo", "type": "string"},
"gitea_repo_owner": {"value": "root", "type": "string"},
"gitea_status_repo": {"value": "git", "type": "string"},
"gitea_http_url": {"value": "http://localhost:3001", "type": "string"}
}
}
EOF
mycurl --silent -X PUT $URL/jobset/$PROJECT_NAME/$JOBSET_NAME \
-d @data.json -b hydra-cookie.txt
'';
api_token = "d7f16a3412e01a43a414535b16007c6931d3a9c7";
snakeoilKeypair = {
privkey = pkgs.writeText "privkey.snakeoil" ''
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
-----END EC PRIVATE KEY-----
''; '';
pubkey = pkgs.lib.concatStrings [ scripts.git-setup = pkgs.writeShellScript "setup.sh" ''
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA" set -x
"yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa" mkdir -p /tmp/repo $HOME/.ssh
"9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil" cat ${snakeoilKeypair.privkey} > $HOME/.ssh/privk
]; chmod 0400 $HOME/.ssh/privk
}; git -C /tmp/repo init
cp ${smallDrv} /tmp/repo/jobset.nix
git -C /tmp/repo add .
git config --global user.email test@localhost
git config --global user.name test
git -C /tmp/repo commit -m 'Initial import'
git -C /tmp/repo remote add origin gitea@machine:root/repo
GIT_SSH_COMMAND='ssh -i $HOME/.ssh/privk -o StrictHostKeyChecking=no' \
git -C /tmp/repo push origin master
git -C /tmp/repo log >&2
'';
smallDrv = pkgs.writeText "jobset.nix" '' scripts.hydra-setup = pkgs.writeShellScript "hydra.sh" ''
{ trivial = builtins.derivation { set -x
name = "trivial"; su -l hydra -c "hydra-create-user root --email-address \
system = "x86_64-linux"; 'alice@example.org' --password foobar --role admin"
builder = "/bin/sh";
allowSubstitutes = false; URL=http://localhost:3000
preferLocalBuild = true; USERNAME="root"
args = ["-c" "echo success > $out; exit 0"]; PASSWORD="foobar"
}; PROJECT_NAME="trivial"
} JOBSET_NAME="trivial"
mycurl() {
curl --referer $URL -H "Accept: application/json" \
-H "Content-Type: application/json" $@
}
cat >data.json <<EOF
{ "username": "$USERNAME", "password": "$PASSWORD" }
EOF
mycurl -X POST -d '@data.json' $URL/login -c hydra-cookie.txt
cat >data.json <<EOF
{
"displayname":"Trivial",
"enabled":"1",
"visible":"1"
}
EOF
mycurl --silent -X PUT $URL/project/$PROJECT_NAME \
-d @data.json -b hydra-cookie.txt
cat >data.json <<EOF
{
"description": "Trivial",
"checkinterval": "60",
"enabled": "1",
"visible": "1",
"keepnr": "1",
"enableemail": true,
"emailoverride": "hydra@localhost",
"type": 0,
"nixexprinput": "git",
"nixexprpath": "jobset.nix",
"inputs": {
"git": {"value": "http://localhost:3001/root/repo.git", "type": "git"},
"gitea_repo_name": {"value": "repo", "type": "string"},
"gitea_repo_owner": {"value": "root", "type": "string"},
"gitea_status_repo": {"value": "git", "type": "string"},
"gitea_http_url": {"value": "http://localhost:3001", "type": "string"}
}
}
EOF
mycurl --silent -X PUT $URL/jobset/$PROJECT_NAME/$JOBSET_NAME \
-d @data.json -b hydra-cookie.txt
'';
api_token = "d7f16a3412e01a43a414535b16007c6931d3a9c7";
snakeoilKeypair = {
privkey = pkgs.writeText "privkey.snakeoil" ''
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
-----END EC PRIVATE KEY-----
'';
pubkey = pkgs.lib.concatStrings [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
"yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
"9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil"
];
};
smallDrv = pkgs.writeText "jobset.nix" ''
{ trivial = builtins.derivation {
name = "trivial";
system = "x86_64-linux";
builder = "/bin/sh";
allowSubstitutes = false;
preferLocalBuild = true;
args = ["-c" "echo success > $out; exit 0"];
};
}
'';
in
''
import json
machine.start()
machine.wait_for_unit("multi-user.target")
machine.wait_for_open_port(3000)
machine.wait_for_open_port(3001)
machine.succeed(
"su -l gitea -c 'GITEA_WORK_DIR=/var/lib/gitea gitea admin user create "
+ "--username root --password root --email test@localhost'"
)
machine.succeed("su -l postgres -c 'psql gitea < ${scripts.mktoken}'")
machine.succeed(
"curl --fail -X POST http://localhost:3001/api/v1/user/repos "
+ "-H 'Accept: application/json' -H 'Content-Type: application/json' "
+ f"-H 'Authorization: token ${api_token}'"
+ ' -d \'{"auto_init":false, "description":"string", "license":"mit", "name":"repo", "private":false}\'''
)
machine.succeed(
"curl --fail -X POST http://localhost:3001/api/v1/user/keys "
+ "-H 'Accept: application/json' -H 'Content-Type: application/json' "
+ f"-H 'Authorization: token ${api_token}'"
+ ' -d \'{"key":"${snakeoilKeypair.pubkey}","read_only":true,"title":"SSH"}\'''
)
machine.succeed(
"${scripts.git-setup}"
)
machine.succeed(
"${scripts.hydra-setup}"
)
machine.wait_until_succeeds(
'curl -Lf -s http://localhost:3000/build/1 -H "Accept: application/json" '
+ '| jq .buildstatus | xargs test 0 -eq'
)
data = machine.succeed(
'curl -Lf -s "http://localhost:3001/api/v1/repos/root/repo/statuses/$(cd /tmp/repo && git show | head -n1 | awk "{print \\$2}")" '
+ "-H 'Accept: application/json' -H 'Content-Type: application/json' "
+ f"-H 'Authorization: token ${api_token}'"
)
response = json.loads(data)
assert len(response) == 2, "Expected exactly two status updates for latest commit!"
assert response[0]['status'] == "success", "Expected latest status to be success!"
assert response[1]['status'] == "pending", "Expected first status to be pending!"
machine.shutdown()
''; '';
in ''
import json
machine.start()
machine.wait_for_unit("multi-user.target")
machine.wait_for_open_port(3000)
machine.wait_for_open_port(3001)
machine.succeed(
"su -l gitea -c 'GITEA_WORK_DIR=/var/lib/gitea gitea admin user create "
+ "--username root --password root --email test@localhost'"
)
machine.succeed("su -l postgres -c 'psql gitea < ${scripts.mktoken}'")
machine.succeed(
"curl --fail -X POST http://localhost:3001/api/v1/user/repos "
+ "-H 'Accept: application/json' -H 'Content-Type: application/json' "
+ f"-H 'Authorization: token ${api_token}'"
+ ' -d \'{"auto_init":false, "description":"string", "license":"mit", "name":"repo", "private":false}\'''
)
machine.succeed(
"curl --fail -X POST http://localhost:3001/api/v1/user/keys "
+ "-H 'Accept: application/json' -H 'Content-Type: application/json' "
+ f"-H 'Authorization: token ${api_token}'"
+ ' -d \'{"key":"${snakeoilKeypair.pubkey}","read_only":true,"title":"SSH"}\'''
)
machine.succeed(
"${scripts.git-setup}"
)
machine.succeed(
"${scripts.hydra-setup}"
)
machine.wait_until_succeeds(
'curl -Lf -s http://localhost:3000/build/1 -H "Accept: application/json" '
+ '| jq .buildstatus | xargs test 0 -eq'
)
data = machine.succeed(
'curl -Lf -s "http://localhost:3001/api/v1/repos/root/repo/statuses/$(cd /tmp/repo && git show | head -n1 | awk "{print \\$2}")" '
+ "-H 'Accept: application/json' -H 'Content-Type: application/json' "
+ f"-H 'Authorization: token ${api_token}'"
)
response = json.loads(data)
assert len(response) == 2, "Expected exactly two status updates for latest commit!"
assert response[0]['status'] == "success", "Expected latest status to be success!"
assert response[1]['status'] == "pending", "Expected first status to be pending!"
machine.shutdown()
'';
}; };
tests.ldap.x86_64-linux = tests.ldap.x86_64-linux =
@ -912,6 +957,7 @@
objectClass: dcObject objectClass: dcObject
objectClass: organization objectClass: organization
dn: ou=users,dc=example dn: ou=users,dc=example
ou: users ou: users
description: All users description: All users
@ -1114,9 +1160,11 @@
nixosConfigurations.container = nixpkgs.lib.nixosSystem { nixosConfigurations.container = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = modules =
[ self.nixosModules.hydraTest [
self.nixosModules.hydraTest
self.nixosModules.hydraProxy self.nixosModules.hydraProxy
{ system.configurationRevision = self.rev; {
system.configurationRevision = self.rev;
boot.isContainer = true; boot.isContainer = true;
networking.useDHCP = false; networking.useDHCP = false;