From c0d2787deeba976f95972284785f4e7b039a5ae7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 12 May 2025 13:03:06 +0200 Subject: [PATCH 1/2] docs/testing: update to latest api --- docs/site/contributing/testing.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/site/contributing/testing.md b/docs/site/contributing/testing.md index 6791e45a9..d775ed86c 100644 --- a/docs/site/contributing/testing.md +++ b/docs/site/contributing/testing.md @@ -32,7 +32,7 @@ VM tests should be avoided wherever it is possible to implement a cheaper unit t Existing nixos vm tests in clan-core can be found by using ripgrep: ```shellSession -rg "import.*/lib/test-base.nix" +rg self.clanLib.test.baseTest ``` ### Locating definitions of failing VM tests @@ -50,7 +50,7 @@ example: locating the vm test named `borgbackup`: ```shellSession $ rg "borgbackup =" ./checks ./checks/flake-module.nix -41: borgbackup = import ./borgbackup nixosTestArgs; +44- wayland-proxy-virtwl = self.clanLib.test.baseTest ./wayland-proxy-virtwl nixosTestArgs; ``` -> the location of that test is `/checks/flake-module.nix` line `41`. @@ -99,15 +99,15 @@ Basically everything stated under the NixOS VM tests sections applies here, exce Limitations: -- does not yet support networking -- supports only one machine as of now - +- Cannot run in interactive mode, however while the container test runs, it logs a nsenter command that can be used to log into each of the container. +- setuid binaries don't work ### Where to find examples for NixOS container tests Existing nixos container tests in clan-core can be found by using ripgrep: + ```shellSession -rg "import.*/lib/container-test.nix" +rg self.clanLib.test.containerTest ``` From 67def050fdf0c1ab298ac29e4044e5d62a491d27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 12 May 2025 13:08:17 +0200 Subject: [PATCH 2/2] use a clan-core snapshots for ci tests We currently have to re-run our integration tests a lot because they are depending on the whole repository. This pull request changes locks the clan-core used for vm tests. This has the caveat that we might not run the latest NixOS machine of our profiles. On the upside we can test behaviour against an older clan-core version and capture breakages and make it backwards compatible. If we actually want to test the latest version, the PR that changes the exposed flake api, could also bump the clan-core snapshot. --- .../workflows/update-clan-core-for-checks.yml | 33 +++++++++++++++++ checks/clan-core-for-checks.nix | 6 ++++ checks/flake-module.nix | 6 ++++ checks/flash/flake-module.nix | 3 +- checks/installation/flake-module.nix | 5 +-- checks/morph/flake-module.nix | 2 +- flakeModules/demo_iso.nix | 2 +- pkgs/flake-module.nix | 1 + pkgs/update-clan-core-for-checks/default.nix | 35 +++++++++++++++++++ 9 files changed, 88 insertions(+), 5 deletions(-) create mode 100644 .gitea/workflows/update-clan-core-for-checks.yml create mode 100644 checks/clan-core-for-checks.nix create mode 100644 pkgs/update-clan-core-for-checks/default.nix diff --git a/.gitea/workflows/update-clan-core-for-checks.yml b/.gitea/workflows/update-clan-core-for-checks.yml new file mode 100644 index 000000000..8d858a889 --- /dev/null +++ b/.gitea/workflows/update-clan-core-for-checks.yml @@ -0,0 +1,33 @@ +name: "Update pinned clan-core for checks" +on: + repository_dispatch: + workflow_dispatch: + schedule: + - cron: "51 2 * * *" +jobs: + update-pinned-clan-core: + runs-on: nix + steps: + - uses: actions/checkout@v4 + with: + submodules: true + - name: Update clan-core for checks + run: nix run .#update-clan-core-for-checks + - uses: github.com/quentinlegot/gitea-create-pull-request@c05fb67b080696dcdb2d2b7ea83051ec413f7285 # Change full sha to last commit of this repo if needed + with: + commit-message: Bump clan-core + branch: update-clan-core-for-checks + - name: Create pull request + run: | + git commit -am "" + git push origin HEAD:update-clan-core-for-checks + curl -X POST \ + -H "Authorization: token $GITEA_TOKEN" \ + -H "Content-Type: application/json" \ + -d '{ + "head": "update-clan-core-branch", + "base": "main", + "title": "Automated Update: Clan Core", + "body": "This PR updates the pinned clan-core for checks." + }' \ + "${GITEA_SERVER_URL}/api/v1/repos/${GITEA_OWNER}/${GITEA_REPO}/pulls" diff --git a/checks/clan-core-for-checks.nix b/checks/clan-core-for-checks.nix new file mode 100644 index 000000000..10da498ab --- /dev/null +++ b/checks/clan-core-for-checks.nix @@ -0,0 +1,6 @@ +{ fetchgit }: +fetchgit { + url = "https://git.clan.lol/clan/clan-core.git"; + rev = "1e8b9def2a021877342491ca1f4c45533a580759"; + sha256 = "0f12vwr1abwa1iwjbb5z5xx8jlh80d9njwdm6iaw1z1h2m76xgzc"; +} diff --git a/checks/flake-module.nix b/checks/flake-module.nix index c601a98f7..bc8a58a3a 100644 --- a/checks/flake-module.nix +++ b/checks/flake-module.nix @@ -101,6 +101,12 @@ in mkdir -p $out cat $schemaFile > $out/allSchemas.json ''; + + clan-core-for-checks = pkgs.runCommand "clan-core-for-checks" { } '' + cp -r ${pkgs.callPackage ./clan-core-for-checks.nix { }} $out + chmod +w $out/flake.lock + cp ${../flake.lock} $out/flake.lock + ''; }; legacyPackages = { nixosTests = diff --git a/checks/flash/flake-module.nix b/checks/flash/flake-module.nix index 7d1e911e6..96e2d1f47 100644 --- a/checks/flash/flake-module.nix +++ b/checks/flash/flake-module.nix @@ -43,6 +43,7 @@ let dependencies = [ pkgs.disko + pkgs.buildPackages.xorg.lndir self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".pkgs.perlPackages.ConfigIniFiles self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".pkgs.perlPackages.FileSlurp @@ -80,7 +81,7 @@ # Some distros like to automount disks with spaces machine.succeed('mkdir -p "/mnt/with spaces" && mkfs.ext4 /dev/vdb && mount /dev/vdb "/mnt/with spaces"') - machine.succeed("clan flash write --debug --flake ${../..} --yes --disk main /dev/vdb test-flash-machine-${pkgs.hostPlatform.system}") + machine.succeed("clan flash write --debug --flake ${self.checks.x86_64-linux.clan-core-for-checks} --yes --disk main /dev/vdb test-flash-machine-${pkgs.hostPlatform.system}") ''; } { inherit pkgs self; }; }; diff --git a/checks/installation/flake-module.nix b/checks/installation/flake-module.nix index 0d5af173b..07f565218 100644 --- a/checks/installation/flake-module.nix +++ b/checks/installation/flake-module.nix @@ -15,6 +15,7 @@ let pkgs.bash.drvPath pkgs.nixos-anywhere pkgs.bubblewrap + pkgs.buildPackages.xorg.lndir ] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs); closureInfo = pkgs.closureInfo { rootPaths = dependencies; }; in @@ -197,7 +198,7 @@ in installer.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../assets/ssh/privkey} /root/.ssh/id_ed25519") installer.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v nonrootuser@localhost hostname") - installer.succeed("cp -r ${../..} test-flake && chmod -R +w test-flake") + installer.succeed("cp -r ${self.checks.x86_64-linux.clan-core-for-checks} test-flake && chmod -R +w test-flake") installer.succeed("clan machines install --no-reboot --debug --flake test-flake --yes test-install-machine-without-system --target-host nonrootuser@localhost --update-hardware-config nixos-facter >&2") installer.shutdown() @@ -217,7 +218,7 @@ in installer.start() installer.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../assets/ssh/privkey} /root/.ssh/id_ed25519") installer.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v nonrootuser@localhost hostname") - installer.succeed("cp -r ${../..} test-flake && chmod -R +w test-flake") + installer.succeed("cp -r ${self.checks.x86_64-linux.clan-core-for-checks} test-flake && chmod -R +w test-flake") installer.fail("test -f test-flake/machines/test-install-machine/hardware-configuration.nix") installer.fail("test -f test-flake/machines/test-install-machine/facter.json") diff --git a/checks/morph/flake-module.nix b/checks/morph/flake-module.nix index 84884e467..7c4d03511 100644 --- a/checks/morph/flake-module.nix +++ b/checks/morph/flake-module.nix @@ -55,7 +55,7 @@ testScript = '' start_all() actual.fail("cat /etc/testfile") - actual.succeed("env CLAN_DIR=${self} clan machines morph test-morph-template --i-will-be-fired-for-using-this --debug --name test-morph-machine") + actual.succeed("env CLAN_DIR=${self.checks.x86_64-linux.clan-core-for-checks} clan machines morph test-morph-template --i-will-be-fired-for-using-this --debug --name test-morph-machine") assert actual.succeed("cat /etc/testfile") == "morphed" ''; } { inherit pkgs self; }; diff --git a/flakeModules/demo_iso.nix b/flakeModules/demo_iso.nix index 3fc03c373..b4bccfec7 100644 --- a/flakeModules/demo_iso.nix +++ b/flakeModules/demo_iso.nix @@ -37,7 +37,7 @@ let done if ! test -e ~/clan-core; then # git clone https://git.clan.lol/clan/clan-core.git ~/clan-core - cp -rv ${self} clan-core + cp -rv ${self.checks.x86_64-linux.clan-core-for-checks} clan-core fi cd clan-core clan machines morph demo-template --i-will-be-fired-for-using-this diff --git a/pkgs/flake-module.nix b/pkgs/flake-module.nix index 4eade68c7..5551974a2 100644 --- a/pkgs/flake-module.nix +++ b/pkgs/flake-module.nix @@ -36,6 +36,7 @@ classgen = pkgs.callPackage ./classgen { }; zerotierone = pkgs.callPackage ./zerotierone { }; webview-lib = pkgs.callPackage ./webview-lib { }; + update-clan-core-for-checks = pkgs.callPackage ./update-clan-core-for-checks { }; }; }; } diff --git a/pkgs/update-clan-core-for-checks/default.nix b/pkgs/update-clan-core-for-checks/default.nix new file mode 100644 index 000000000..744d0b33f --- /dev/null +++ b/pkgs/update-clan-core-for-checks/default.nix @@ -0,0 +1,35 @@ +{ + writeShellApplication, + git, + jq, + nix-prefetch-git, +}: +writeShellApplication { + name = "update-clan-core-for-checks"; + runtimeInputs = [ + git + jq + nix-prefetch-git + ]; + text = '' + reporoot=$(git rev-parse --show-toplevel) + if [ -z "$reporoot" ]; then + echo "Not in a git repository. Please run this script from the root of the repository." + exit 1 + fi + cd "$reporoot" + # get latest commit of clan-core + json=$(nix-prefetch-git "$(pwd)") + sha256=$(jq -r '.sha256' <<< "$json") + rev=$(jq -r '.rev' <<< "$json") + + cat > ./checks/clan-core-for-checks.nix <