From 67def050fdf0c1ab298ac29e4044e5d62a491d27 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 12 May 2025 13:08:17 +0200
Subject: [PATCH] use a clan-core snapshots for ci tests

We currently have to re-run our integration tests a lot because they are
depending on the whole repository. This pull request changes locks the
clan-core used for vm tests. This has the caveat that we might not run
the latest NixOS machine of our profiles. On the upside we can test
behaviour against an older clan-core version and capture breakages and
make it backwards compatible. If we actually want to test the latest
version, the PR that changes the exposed flake api, could also bump the
clan-core snapshot.
---
 .../workflows/update-clan-core-for-checks.yml | 33 +++++++++++++++++
 checks/clan-core-for-checks.nix               |  6 ++++
 checks/flake-module.nix                       |  6 ++++
 checks/flash/flake-module.nix                 |  3 +-
 checks/installation/flake-module.nix          |  5 +--
 checks/morph/flake-module.nix                 |  2 +-
 flakeModules/demo_iso.nix                     |  2 +-
 pkgs/flake-module.nix                         |  1 +
 pkgs/update-clan-core-for-checks/default.nix  | 35 +++++++++++++++++++
 9 files changed, 88 insertions(+), 5 deletions(-)
 create mode 100644 .gitea/workflows/update-clan-core-for-checks.yml
 create mode 100644 checks/clan-core-for-checks.nix
 create mode 100644 pkgs/update-clan-core-for-checks/default.nix

diff --git a/.gitea/workflows/update-clan-core-for-checks.yml b/.gitea/workflows/update-clan-core-for-checks.yml
new file mode 100644
index 000000000..8d858a889
--- /dev/null
+++ b/.gitea/workflows/update-clan-core-for-checks.yml
@@ -0,0 +1,33 @@
+name: "Update pinned clan-core for checks"
+on:
+  repository_dispatch:
+  workflow_dispatch:
+  schedule:
+    - cron: "51 2 * * *"
+jobs:
+  update-pinned-clan-core:
+    runs-on: nix
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Update clan-core for checks
+        run: nix run .#update-clan-core-for-checks
+      - uses: github.com/quentinlegot/gitea-create-pull-request@c05fb67b080696dcdb2d2b7ea83051ec413f7285 # Change full sha to last commit of this repo if needed
+        with:
+          commit-message: Bump clan-core
+          branch: update-clan-core-for-checks
+      - name: Create pull request
+        run: |
+          git commit -am ""
+          git push origin HEAD:update-clan-core-for-checks
+          curl -X POST \
+            -H "Authorization: token $GITEA_TOKEN" \
+            -H "Content-Type: application/json" \
+            -d '{
+              "head": "update-clan-core-branch",
+              "base": "main",
+              "title": "Automated Update: Clan Core",
+              "body": "This PR updates the pinned clan-core for checks."
+            }' \
+            "${GITEA_SERVER_URL}/api/v1/repos/${GITEA_OWNER}/${GITEA_REPO}/pulls"
diff --git a/checks/clan-core-for-checks.nix b/checks/clan-core-for-checks.nix
new file mode 100644
index 000000000..10da498ab
--- /dev/null
+++ b/checks/clan-core-for-checks.nix
@@ -0,0 +1,6 @@
+{ fetchgit }:
+fetchgit {
+  url = "https://git.clan.lol/clan/clan-core.git";
+  rev = "1e8b9def2a021877342491ca1f4c45533a580759";
+  sha256 = "0f12vwr1abwa1iwjbb5z5xx8jlh80d9njwdm6iaw1z1h2m76xgzc";
+}
diff --git a/checks/flake-module.nix b/checks/flake-module.nix
index c601a98f7..bc8a58a3a 100644
--- a/checks/flake-module.nix
+++ b/checks/flake-module.nix
@@ -101,6 +101,12 @@ in
                 mkdir -p $out
                 cat $schemaFile > $out/allSchemas.json
               '';
+
+          clan-core-for-checks = pkgs.runCommand "clan-core-for-checks" { } ''
+            cp -r ${pkgs.callPackage ./clan-core-for-checks.nix { }} $out
+            chmod +w $out/flake.lock
+            cp ${../flake.lock} $out/flake.lock
+          '';
         };
       legacyPackages = {
         nixosTests =
diff --git a/checks/flash/flake-module.nix b/checks/flash/flake-module.nix
index 7d1e911e6..96e2d1f47 100644
--- a/checks/flash/flake-module.nix
+++ b/checks/flash/flake-module.nix
@@ -43,6 +43,7 @@
     let
       dependencies = [
         pkgs.disko
+        pkgs.buildPackages.xorg.lndir
         self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".pkgs.perlPackages.ConfigIniFiles
         self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".pkgs.perlPackages.FileSlurp
 
@@ -80,7 +81,7 @@
 
             # Some distros like to automount disks with spaces
             machine.succeed('mkdir -p "/mnt/with spaces" && mkfs.ext4 /dev/vdb && mount /dev/vdb "/mnt/with spaces"')
-            machine.succeed("clan flash write --debug --flake ${../..} --yes --disk main /dev/vdb test-flash-machine-${pkgs.hostPlatform.system}")
+            machine.succeed("clan flash write --debug --flake ${self.checks.x86_64-linux.clan-core-for-checks} --yes --disk main /dev/vdb test-flash-machine-${pkgs.hostPlatform.system}")
           '';
         } { inherit pkgs self; };
       };
diff --git a/checks/installation/flake-module.nix b/checks/installation/flake-module.nix
index 0d5af173b..07f565218 100644
--- a/checks/installation/flake-module.nix
+++ b/checks/installation/flake-module.nix
@@ -15,6 +15,7 @@ let
         pkgs.bash.drvPath
         pkgs.nixos-anywhere
         pkgs.bubblewrap
+        pkgs.buildPackages.xorg.lndir
       ] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
       closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
     in
@@ -197,7 +198,7 @@ in
             installer.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../assets/ssh/privkey} /root/.ssh/id_ed25519")
 
             installer.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v nonrootuser@localhost hostname")
-            installer.succeed("cp -r ${../..} test-flake && chmod -R +w test-flake")
+            installer.succeed("cp -r ${self.checks.x86_64-linux.clan-core-for-checks} test-flake && chmod -R +w test-flake")
 
             installer.succeed("clan machines install --no-reboot --debug --flake test-flake --yes test-install-machine-without-system --target-host nonrootuser@localhost --update-hardware-config nixos-facter >&2")
             installer.shutdown()
@@ -217,7 +218,7 @@ in
             installer.start()
             installer.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../assets/ssh/privkey} /root/.ssh/id_ed25519")
             installer.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v nonrootuser@localhost hostname")
-            installer.succeed("cp -r ${../..} test-flake && chmod -R +w test-flake")
+            installer.succeed("cp -r ${self.checks.x86_64-linux.clan-core-for-checks} test-flake && chmod -R +w test-flake")
             installer.fail("test -f test-flake/machines/test-install-machine/hardware-configuration.nix")
             installer.fail("test -f test-flake/machines/test-install-machine/facter.json")
 
diff --git a/checks/morph/flake-module.nix b/checks/morph/flake-module.nix
index 84884e467..7c4d03511 100644
--- a/checks/morph/flake-module.nix
+++ b/checks/morph/flake-module.nix
@@ -55,7 +55,7 @@
           testScript = ''
             start_all()
             actual.fail("cat /etc/testfile")
-            actual.succeed("env CLAN_DIR=${self} clan machines morph test-morph-template --i-will-be-fired-for-using-this --debug --name test-morph-machine")
+            actual.succeed("env CLAN_DIR=${self.checks.x86_64-linux.clan-core-for-checks} clan machines morph test-morph-template --i-will-be-fired-for-using-this --debug --name test-morph-machine")
             assert actual.succeed("cat /etc/testfile") == "morphed"
           '';
         } { inherit pkgs self; };
diff --git a/flakeModules/demo_iso.nix b/flakeModules/demo_iso.nix
index 3fc03c373..b4bccfec7 100644
--- a/flakeModules/demo_iso.nix
+++ b/flakeModules/demo_iso.nix
@@ -37,7 +37,7 @@ let
       done
       if ! test -e ~/clan-core; then
         # git clone https://git.clan.lol/clan/clan-core.git ~/clan-core
-        cp -rv ${self} clan-core
+        cp -rv ${self.checks.x86_64-linux.clan-core-for-checks} clan-core
       fi
       cd clan-core
       clan machines morph demo-template --i-will-be-fired-for-using-this
diff --git a/pkgs/flake-module.nix b/pkgs/flake-module.nix
index 4eade68c7..5551974a2 100644
--- a/pkgs/flake-module.nix
+++ b/pkgs/flake-module.nix
@@ -36,6 +36,7 @@
         classgen = pkgs.callPackage ./classgen { };
         zerotierone = pkgs.callPackage ./zerotierone { };
         webview-lib = pkgs.callPackage ./webview-lib { };
+        update-clan-core-for-checks = pkgs.callPackage ./update-clan-core-for-checks { };
       };
     };
 }
diff --git a/pkgs/update-clan-core-for-checks/default.nix b/pkgs/update-clan-core-for-checks/default.nix
new file mode 100644
index 000000000..744d0b33f
--- /dev/null
+++ b/pkgs/update-clan-core-for-checks/default.nix
@@ -0,0 +1,35 @@
+{
+  writeShellApplication,
+  git,
+  jq,
+  nix-prefetch-git,
+}:
+writeShellApplication {
+  name = "update-clan-core-for-checks";
+  runtimeInputs = [
+    git
+    jq
+    nix-prefetch-git
+  ];
+  text = ''
+    reporoot=$(git rev-parse --show-toplevel)
+    if [ -z "$reporoot" ]; then
+      echo "Not in a git repository. Please run this script from the root of the repository."
+      exit 1
+    fi
+    cd "$reporoot"
+    # get latest commit of clan-core
+    json=$(nix-prefetch-git "$(pwd)")
+    sha256=$(jq -r '.sha256' <<< "$json")
+    rev=$(jq -r '.rev' <<< "$json")
+
+    cat > ./checks/clan-core-for-checks.nix <<EOF
+    { fetchgit }:
+    fetchgit {
+      url = "https://git.clan.lol/clan/clan-core.git";
+      rev = "$rev";
+      sha256 = "$sha256";
+    }
+    EOF
+  '';
+}