Adapt to 20.03

- Migrate tests to python-based runner for newer nixpkgs. - Adaptations for newer nginx module used in tests - Increase memory size for tests
2024-11-26 10:05:39 +03:00 · 2020-03-02 11:13:47 +01:00 · 2020-03-02 11:13:47 +01:00 · 52dfbeccb1
commit 52dfbeccb1
parent 5bd7ea2aa3
9 changed files with 174 additions and 31 deletions
--- a/examples/full-nixos/arion-compose.nix
+++ b/examples/full-nixos/arion-compose.nix
@ -1,9 +1,11 @@
 {
-  services.webserver = { pkgs, ... }: {
+  services.webserver = { pkgs, lib, ... }: {
    nixos.useSystemd = true;
    nixos.configuration.boot.tmpOnTmpfs = true;
    nixos.configuration.services.nginx.enable = true;
    nixos.configuration.services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual";
+    nixos.configuration.systemd.services.nginx.serviceConfig.AmbientCapabilities = 
+      lib.mkForce [ "CAP_NET_BIND_SERVICE" ];
    service.useHostStore = true;
    service.ports = [
      "8000:80" # host:container
--- a/examples/nixos-unit/arion-compose.nix
+++ b/examples/nixos-unit/arion-compose.nix
@ -28,6 +28,9 @@
        PATH='${config.systemd.services.nginx.environment.PATH}'
        echo nginx:x:${toString config.users.users.nginx.uid}:${toString config.users.groups.nginx.gid}:nginx web server user:/var/empty:/bin/sh >>/etc/passwd
        echo nginx:x:${toString config.users.groups.nginx.gid}:nginx >>/etc/group
+        echo 'nobody:x:65534:65534:Unprivileged account do not use:/var/empty:/run/current-system/sw/bin/nologin' >>/etc/passwd
+        echo 'nogroup:x:65534:' >>/etc/group
+        mkdir -p /run/nginx/ /var/spool/nginx/logs/
        ${config.systemd.services.nginx.runner}
      '';
    };
--- a/nix/ci.nix
+++ b/nix/ci.nix
@ -6,12 +6,22 @@ in

 dimension "Nixpkgs version" {
    "nixos-19_03" = {
-      nixpkgsSource = "nixpkgs";
-      isReferenceNixpkgs = true;
+      # flyingcircus.io latest long-term support is based off 19.03
+      # https://flyingcircus.io/doc/
+      # It is nice to have some level of support for their platform,
+      # but we don't guarantee any support.
+      nixpkgsSource = "nixos-19.03";
      enableDoc = false;
+      nixosTestIsPerl = true;
    };
    "nixos-19_09" = {
      nixpkgsSource = "nixos-19.09";
+      enableDoc = false;
+      nixosTestIsPerl = true;
+    };
+    "nixos-20_03" = {
+      nixpkgsSource = "nixos-20.03";
+      isReferenceNixpkgs = true;
      enableDoc = true;
    };
    "nixos-unstable" = {
@ -19,7 +29,7 @@ dimension "Nixpkgs version" {
      enableDoc = true;
    };
  } (
-    _name: { nixpkgsSource, isReferenceNixpkgs ? false, enableDoc ? true }:
+    _name: { nixpkgsSource, isReferenceNixpkgs ? false, enableDoc ? true, nixosTestIsPerl ? false }:


      dimension "System" {
@ -28,7 +38,10 @@ dimension "Nixpkgs version" {
      } (
        system: { isReferenceTarget ? false, enableNixOSTests ? true }:
          let
-            pkgs = import ./. { inherit system; nixpkgsSrc = sources.${nixpkgsSource}; };
+            pkgs = import ./. {
+              inherit system nixosTestIsPerl;
+              nixpkgsSrc = sources.${nixpkgsSource};
+            };
          in
          {
            inherit (pkgs) arion;
--- a/nix/default.nix
+++ b/nix/default.nix
@ -1,7 +1,8 @@
 { sources ? import ./sources.nix
-, nixpkgsName ? "nixos-19.09"
+, nixpkgsName ? "nixos-20.03"
 , nixpkgsSrc ? sources.${nixpkgsName}
 , system ? builtins.currentSystem
+, nixosTestIsPerl ? false
 , ...
 }:

@ -11,6 +12,7 @@ import nixpkgsSrc ({
  };
  overlays = [
    # all the packages are defined there:
+    (_: _: { inherit nixosTestIsPerl; })
    (import ./overlay.nix)
  ];
  inherit system;
--- a/nix/sources.json
+++ b/nix/sources.json
@ -11,16 +11,40 @@
        "url": "https://github.com/nmattia/niv/archive/1dd094156b249586b66c16200ecfd365c7428dc0.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
+    "nixos-19.03": {
+        "branch": "nixos-19.03",
+        "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
+        "homepage": "https://github.com/NixOS/nixpkgs",
+        "owner": "NixOS",
+        "repo": "nixpkgs-channels",
+        "rev": "34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59",
+        "sha256": "11z6ajj108fy2q5g8y4higlcaqncrbjm3dnv17pvif6avagw4mcb",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs-channels/archive/34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
    "nixos-19.09": {
        "branch": "nixos-19.09",
        "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
        "homepage": "https://github.com/NixOS/nixpkgs",
        "owner": "NixOS",
        "repo": "nixpkgs-channels",
-        "rev": "3ba0d9f75ccffd41e32cfea4046805f8bbab12f5",
-        "sha256": "0w20drs4mwlq12k1sss1x8adyf5ph5jd52n8wdcgmn4sm60qjmki",
+        "rev": "ce9f1aaa39ee2a5b76a9c9580c859a74de65ead5",
+        "sha256": "1s2b9rvpyamiagvpl5cggdb2nmx4f7lpylipd397wz8f0wngygpi",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs-channels/archive/3ba0d9f75ccffd41e32cfea4046805f8bbab12f5.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs-channels/archive/ce9f1aaa39ee2a5b76a9c9580c859a74de65ead5.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
+    "nixos-20.03": {
+        "branch": "nixos-20.03",
+        "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
+        "homepage": "https://github.com/NixOS/nixpkgs",
+        "owner": "NixOS",
+        "repo": "nixpkgs-channels",
+        "rev": "04aca9ac24ad24c2dbeb37e1cfa94d8453f07a51",
+        "sha256": "152k3aisxqd219yvcy6xr8frh0yrs9ycaw1ik04c2lp49d21b8nh",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs-channels/archive/04aca9ac24ad24c2dbeb37e1cfa94d8453f07a51.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "nixos-unstable": {
@ -29,10 +53,10 @@
        "homepage": "https://github.com/NixOS/nixpkgs",
        "owner": "NixOS",
        "repo": "nixpkgs-channels",
-        "rev": "cb4332e3eb6dfdb653f1fc7397a0292df228a533",
-        "sha256": "1722wphznqhpfny08rcy19l85r2l893ckjc3h1vfivj6aj64fwjr",
+        "rev": "42f0be81ae05a8fe6d6e8e7f1c28652e7746e046",
+        "sha256": "1rxb5kmghkzazqcv4d8yczdiv2srs4r7apx4idc276lcikm0hdmf",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs-channels/archive/cb4332e3eb6dfdb653f1fc7397a0292df228a533.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs-channels/archive/42f0be81ae05a8fe6d6e8e7f1c28652e7746e046.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz",
        "version": ""
    },
--- a/tests/arion-test-perl/README.md
+++ b/tests/arion-test-perl/README.md
@ -0,0 +1,4 @@
+
+This test suite exists only to keep tests around for older versions of NixOS.
+
+This will be removed when 19.09 becomes irrelevant.
--- a/tests/arion-test-perl/default.nix
+++ b/tests/arion-test-perl/default.nix
@ -0,0 +1,60 @@
+{ pkgs, ... }:
+
+let
+  # To make some prebuilt derivations available in the vm
+  preEval = modules: import ../../src/nix/eval-composition.nix {
+    inherit modules;
+    inherit pkgs;
+  };
+in
+{
+  name = "arion-test";
+  machine = { pkgs, lib, ... }: {
+    environment.systemPackages = [
+      pkgs.arion
+    ];
+    virtualisation.docker.enable = true;
+    
+    # no caches, because no internet
+    nix.binaryCaches = lib.mkForce [];
+
+    # FIXME: Sandbox seems broken with current version of NixOS test
+    #        w/ writable store. Error:
+    #        machine# error: linking '/nix/store/7r8z2zvhwda85pgpdn5hzzz6hs1njklc-stdenv-linux.drv.chroot/nix/store/6v3y7s4q4wd16hsw393gjpxvcf9159bv-patch-shebangs.sh' to '/nix/store/6v3y7s4q4wd16hsw393gjpxvcf9159bv-patch-shebangs.sh': Operation not permitted
+    #
+    #        There should be no reason why arion can't run without
+    #        sandboxing, so please re-enable.
+    nix.useSandbox = false;
+
+    virtualisation.writableStore = true;
+    virtualisation.pathsInNixDB = [
+      # Pre-build the image because we don't want to build the world
+      # in the vm.
+      (preEval [ ../../examples/minimal/arion-compose.nix ]).config.out.dockerComposeYaml
+      (preEval [ ../../examples/full-nixos/arion-compose.nix ]).config.out.dockerComposeYaml
+      (preEval [ ../../examples/nixos-unit/arion-compose.nix ]).config.out.dockerComposeYaml
+      pkgs.stdenv
+    ];
+
+    virtualisation.memorySize = 512;
+  };
+  testScript = ''
+    $machine->fail("curl localhost:8000");
+    $machine->succeed("docker --version");
+
+    my $makeSubtest = sub {
+      my ( $subtestName, $exampleSrc ) = @_;
+
+      subtest $subtestName => sub {
+        $machine->succeed("rm -rf work && cp -frT $exampleSrc work && cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion up -d");
+        $machine->waitUntilSucceeds("curl localhost:8000");
+        $machine->succeed("cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion down");
+        $machine->waitUntilFails("curl localhost:8000");
+      };
+    };
+
+    $makeSubtest->("minimal", "${../../examples/minimal}");
+    $makeSubtest->("full-nixos", "${../../examples/full-nixos}");
+    $makeSubtest->("nixos-unit", "${../../examples/nixos-unit}");
+  '';
+}
--- a/tests/arion-test/default.nix
+++ b/tests/arion-test/default.nix
@ -35,27 +35,62 @@ in
      (preEval [ ../../examples/nixos-unit/arion-compose.nix ]).config.out.dockerComposeYaml
      pkgs.stdenv
    ];
+
+    virtualisation.memorySize = 512;
  };
  testScript = ''
-    $machine->fail("curl localhost:8000");
-    $machine->succeed("docker --version");
+    machine.fail("curl localhost:8000")
+    machine.succeed("docker --version")

-    my $makeSubtest = sub {
-      my ( $subtestName, $exampleSrc, @codeRefs ) = @_;
+    # Tests
+    #  - arion up
+    #  - arion down
+    #  - examples/minimal
+    with subtest("minimal"):
+        machine.succeed(
+            "rm -rf work && cp -frT ${../../examples/minimal} work && cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion up -d"
+        )
+        machine.wait_until_succeeds("curl localhost:8000")
+        machine.succeed(
+            "cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion down"
+        )
+        machine.wait_until_fails("curl localhost:8000")

-      subtest $subtestName => sub {
-        $machine->succeed("rm -rf work && cp -frT $exampleSrc work && cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion up -d");
-        $machine->waitUntilSucceeds("curl localhost:8000");
-        $_->() for @codeRefs;
-        $machine->succeed("cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion down");
-        $machine->waitUntilFails("curl localhost:8000");
-      };
-    };
+    # Tests
+    #  - arion exec
+    #  - examples/full-nixos
+    with subtest("full-nixos"):
+        machine.succeed(
+            "rm -rf work && cp -frT ${../../examples/full-nixos} work && cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion up -d"
+        )
+        machine.wait_until_succeeds("curl localhost:8000")

-    $makeSubtest->("minimal", "${../../examples/minimal}");
-    $makeSubtest->("full-nixos", "${../../examples/full-nixos}", sub {
-      $machine->succeed("cd work && export NIX_PATH=nixpkgs='${pkgs.path}' && (echo 'nix run -f ~/h/arion arion -c arion exec webserver'; echo 'target=world; echo Hello \$target'; echo exit) | script /dev/null | grep 'Hello world'");
-    });
-    $makeSubtest->("nixos-unit", "${../../examples/nixos-unit}");
+        machine.succeed(
+            """
+            set -eux -o pipefail
+            cd work
+            export NIX_PATH=nixpkgs='${pkgs.path}'
+            echo 'target=world; echo Hello $target; exit' \
+              | script 'arion exec webserver' \
+              | grep 'Hello world'
+            """
+        ),
+
+        machine.succeed(
+            "cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion down"
+        )
+        machine.wait_until_fails("curl localhost:8000")
+
+    # Tests
+    #  - examples/nixos-unit
+    with subtest("nixos-unit"):
+        machine.succeed(
+            "rm -rf work && cp -frT ${../../examples/nixos-unit} work && cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion up -d"
+        )
+        machine.wait_until_succeeds("curl localhost:8000")
+        machine.succeed(
+            "cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion down"
+        )
+        machine.wait_until_fails("curl localhost:8000")
  '';
 }
--- a/tests/default.nix
+++ b/tests/default.nix
@ -1,11 +1,11 @@
-{ pkgs ? import ../pkgs.nix }:
+{ pkgs ? import ../pkgs.nix, nixosTestIsPerl ? false }:
 let
  inherit (pkgs) nixosTest recurseIntoAttrs arion;
 in

 recurseIntoAttrs {

-  test = nixosTest ./arion-test;
+  test = if nixosTestIsPerl then nixosTest ./arion-test-perl else nixosTest ./arion-test;

  testBuild = arion.build {