use a clan-core snapshots for ci tests

We currently have to re-run our integration tests a lot because they are
depending on the whole repository. This pull request changes locks the
clan-core used for vm tests. This has the caveat that we might not run
the latest NixOS machine of our profiles. On the upside we can test
behaviour against an older clan-core version and capture breakages and
make it backwards compatible. If we actually want to test the latest
version, the PR that changes the exposed flake api, could also bump the
clan-core snapshot.

.gitea/workflows/update-clan-core-for-checks.yml

@@ -0,0 +1,33 @@
+name: "Update pinned clan-core for checks"
+on:
+  repository_dispatch:
+  workflow_dispatch:
+  schedule:
+    - cron: "51 2 * * *"
+jobs:
+  update-pinned-clan-core:
+    runs-on: nix
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Update clan-core for checks
+        run: nix run .#update-clan-core-for-checks
+      - uses: github.com/quentinlegot/gitea-create-pull-request@c05fb67b080696dcdb2d2b7ea83051ec413f7285 # Change full sha to last commit of this repo if needed
+        with:
+          commit-message: Bump clan-core
+          branch: update-clan-core-for-checks
+      - name: Create pull request
+        run: |
+          git commit -am ""
+          git push origin HEAD:update-clan-core-for-checks
+          curl -X POST \
+            -H "Authorization: token $GITEA_TOKEN" \
+            -H "Content-Type: application/json" \
+            -d '{
+              "head": "update-clan-core-branch",
+              "base": "main",
+              "title": "Automated Update: Clan Core",
+              "body": "This PR updates the pinned clan-core for checks."
+            }' \
+            "${GITEA_SERVER_URL}/api/v1/repos/${GITEA_OWNER}/${GITEA_REPO}/pulls"

checks/clan-core-for-checks.nix

@@ -0,0 +1,6 @@
+{ fetchgit }:
+fetchgit {
+  url = "https://git.clan.lol/clan/clan-core.git";
+  rev = "1e8b9def2a021877342491ca1f4c45533a580759";
+  sha256 = "0f12vwr1abwa1iwjbb5z5xx8jlh80d9njwdm6iaw1z1h2m76xgzc";
+}

checks/flake-module.nix

@@ -101,6 +101,12 @@ in
                 mkdir -p $out
                 cat $schemaFile > $out/allSchemas.json
               '';
+
+          clan-core-for-checks = pkgs.runCommand "clan-core-for-checks" { } ''
+            cp -r ${pkgs.callPackage ./clan-core-for-checks.nix { }} $out
+            chmod +w $out/flake.lock
+            cp ${../flake.lock} $out/flake.lock
+          '';
         };
       legacyPackages = {
         nixosTests =

checks/flash/flake-module.nix

@@ -43,6 +43,7 @@
     let
       dependencies = [
         pkgs.disko
+        pkgs.buildPackages.xorg.lndir
         self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".pkgs.perlPackages.ConfigIniFiles
         self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".pkgs.perlPackages.FileSlurp
 
@@ -80,7 +81,7 @@
 
             # Some distros like to automount disks with spaces
             machine.succeed('mkdir -p "/mnt/with spaces" && mkfs.ext4 /dev/vdb && mount /dev/vdb "/mnt/with spaces"')
-            machine.succeed("clan flash write --debug --flake ${../..} --yes --disk main /dev/vdb test-flash-machine-${pkgs.hostPlatform.system}")
+            machine.succeed("clan flash write --debug --flake ${self.checks.x86_64-linux.clan-core-for-checks} --yes --disk main /dev/vdb test-flash-machine-${pkgs.hostPlatform.system}")
           '';
         } { inherit pkgs self; };
       };

checks/installation/flake-module.nix

@@ -15,6 +15,7 @@ let
         pkgs.bash.drvPath
         pkgs.nixos-anywhere
         pkgs.bubblewrap
+        pkgs.buildPackages.xorg.lndir
       ] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
       closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
     in
@@ -197,7 +198,7 @@ in
             installer.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../assets/ssh/privkey} /root/.ssh/id_ed25519")
 
             installer.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v nonrootuser@localhost hostname")
-            installer.succeed("cp -r ${../..} test-flake && chmod -R +w test-flake")
+            installer.succeed("cp -r ${self.checks.x86_64-linux.clan-core-for-checks} test-flake && chmod -R +w test-flake")
 
             installer.succeed("clan machines install --no-reboot --debug --flake test-flake --yes test-install-machine-without-system --target-host nonrootuser@localhost --update-hardware-config nixos-facter >&2")
             installer.shutdown()
@@ -217,7 +218,7 @@ in
             installer.start()
             installer.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../assets/ssh/privkey} /root/.ssh/id_ed25519")
             installer.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v nonrootuser@localhost hostname")
-            installer.succeed("cp -r ${../..} test-flake && chmod -R +w test-flake")
+            installer.succeed("cp -r ${self.checks.x86_64-linux.clan-core-for-checks} test-flake && chmod -R +w test-flake")
             installer.fail("test -f test-flake/machines/test-install-machine/hardware-configuration.nix")
             installer.fail("test -f test-flake/machines/test-install-machine/facter.json")
 

checks/morph/flake-module.nix

@@ -55,7 +55,7 @@
           testScript = ''
             start_all()
             actual.fail("cat /etc/testfile")
-            actual.succeed("env CLAN_DIR=${self} clan machines morph test-morph-template --i-will-be-fired-for-using-this --debug --name test-morph-machine")
+            actual.succeed("env CLAN_DIR=${self.checks.x86_64-linux.clan-core-for-checks} clan machines morph test-morph-template --i-will-be-fired-for-using-this --debug --name test-morph-machine")
             assert actual.succeed("cat /etc/testfile") == "morphed"
           '';
         } { inherit pkgs self; };

flakeModules/demo_iso.nix

@@ -37,7 +37,7 @@ let
       done
       if ! test -e ~/clan-core; then
         # git clone https://git.clan.lol/clan/clan-core.git ~/clan-core
-        cp -rv ${self} clan-core
+        cp -rv ${self.checks.x86_64-linux.clan-core-for-checks} clan-core
       fi
       cd clan-core
       clan machines morph demo-template --i-will-be-fired-for-using-this

pkgs/flake-module.nix

@@ -36,6 +36,7 @@
         classgen = pkgs.callPackage ./classgen { };
         zerotierone = pkgs.callPackage ./zerotierone { };
         webview-lib = pkgs.callPackage ./webview-lib { };
+        update-clan-core-for-checks = pkgs.callPackage ./update-clan-core-for-checks { };
       };
     };
 }

pkgs/update-clan-core-for-checks/default.nix

@@ -0,0 +1,35 @@
+{
+  writeShellApplication,
+  git,
+  jq,
+  nix-prefetch-git,
+}:
+writeShellApplication {
+  name = "update-clan-core-for-checks";
+  runtimeInputs = [
+    git
+    jq
+    nix-prefetch-git
+  ];
+  text = ''
+    reporoot=$(git rev-parse --show-toplevel)
+    if [ -z "$reporoot" ]; then
+      echo "Not in a git repository. Please run this script from the root of the repository."
+      exit 1
+    fi
+    cd "$reporoot"
+    # get latest commit of clan-core
+    json=$(nix-prefetch-git "$(pwd)")
+    sha256=$(jq -r '.sha256' <<< "$json")
+    rev=$(jq -r '.rev' <<< "$json")
+
+    cat > ./checks/clan-core-for-checks.nix <<EOF
+    { fetchgit }:
+    fetchgit {
+      url = "https://git.clan.lol/clan/clan-core.git";
+      rev = "$rev";
+      sha256 = "$sha256";
+    }
+    EOF
+  '';
+}