From 6aac14a46d44dd0956a9fc3e7e94dbbacd54d5d8 Mon Sep 17 00:00:00 2001 From: Rodney Lorrimar Date: Wed, 25 Apr 2018 06:56:28 +0100 Subject: [PATCH 1/3] buildkite-agent: fix variable expansion in hook scripts @cleverca found this bug in the declarative hooks config. Any shell variables referenced in a hook script would get expanded by the hooks directory builder. Prevent variable expansion by quoting the here doc limit string. --- modules/services/buildkite-agent.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/buildkite-agent.nix b/modules/services/buildkite-agent.nix index 96c2f3b3..1438eeef 100644 --- a/modules/services/buildkite-agent.nix +++ b/modules/services/buildkite-agent.nix @@ -17,7 +17,7 @@ let hooksDir = let mkHookEntry = name: value: '' - cat > $out/${name} < $out/${name} <<'EOF' #! ${pkgs.stdenv.shell} set -e ${value} From 80baf761852f4f8ad4b04972aeea50cc4a4eb424 Mon Sep 17 00:00:00 2001 From: Rodney Lorrimar Date: Wed, 25 Apr 2018 07:17:50 +0100 Subject: [PATCH 2/3] buildkite-agent: Only start service once networking is available buildkite-agent gets the hostname at startup, so needs to be started after the hostname is set. --- modules/services/buildkite-agent.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/modules/services/buildkite-agent.nix b/modules/services/buildkite-agent.nix index 1438eeef..165323be 100644 --- a/modules/services/buildkite-agent.nix +++ b/modules/services/buildkite-agent.nix @@ -221,11 +221,20 @@ in ''; serviceConfig = { - KeepAlive = true; - RunAtLoad = true; ProcessType = "Interactive"; ThrottleInterval = 30; + # The combination of KeepAlive.NetworkState and WatchPaths + # will ensure that buildkite-agent is started on boot, but + # after networking is available (so the hostname is + # correct). + RunAtLoad = true; + KeepAlive.NetworkState = true; + WatchPaths = [ + "/etc/resolv.conf" + "/Library/Preferences/SystemConfiguration/NetworkInterfaces.plist" + ]; + GroupName = "buildkite-agent"; UserName = "buildkite-agent"; WorkingDirectory = config.users.users.buildkite-agent.home; From 6d6d11fdad377d82aaf1d61173dd9fa6764da07a Mon Sep 17 00:00:00 2001 From: Rodney Lorrimar Date: Thu, 10 May 2018 11:43:46 +0100 Subject: [PATCH 3/3] fixup! buildkite-agent: fix variable expansion in hook scripts Addresses PR review comment. --- modules/services/buildkite-agent.nix | 22 ++++++++++------------ tests/services-buildkite-agent.nix | 6 +++++- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/modules/services/buildkite-agent.nix b/modules/services/buildkite-agent.nix index 165323be..936446dd 100644 --- a/modules/services/buildkite-agent.nix +++ b/modules/services/buildkite-agent.nix @@ -16,18 +16,16 @@ let mkHookOptions = hooks: listToAttrs (map mkHookOption hooks); hooksDir = let - mkHookEntry = name: value: '' - cat > $out/${name} <<'EOF' - #! ${pkgs.stdenv.shell} - set -e - ${value} - EOF - chmod 755 $out/${name} - ''; - in pkgs.runCommand "buildkite-agent-hooks" {} '' - mkdir $out - ${concatStringsSep "\n" (mapAttrsToList mkHookEntry (filterAttrs (n: v: v != null) cfg.hooks))} - ''; + mkHookEntry = name: value: { + inherit name; + path = pkgs.writeScript "buildkite-agent-hook-${name}" '' + #! ${pkgs.stdenv.shell} + set -e + ${value} + ''; + }; + in pkgs.linkFarm "buildkite-agent-hooks" + (mapAttrsToList mkHookEntry (filterAttrs (n: v: v != null) cfg.hooks)); in diff --git a/tests/services-buildkite-agent.nix b/tests/services-buildkite-agent.nix index 518d3ac3..4ca89b8f 100644 --- a/tests/services-buildkite-agent.nix +++ b/tests/services-buildkite-agent.nix @@ -12,7 +12,7 @@ in extraConfig = "yolo=1"; openssh.privateKeyPath = "/dev/null"; openssh.publicKeyPath = "/dev/null"; - hooks.command = "echo test"; + hooks.command = "echo test hook"; inherit tokenPath; }; @@ -24,5 +24,9 @@ in script=$(cat ${config.out}/Library/LaunchDaemons/org.nixos.buildkite-agent.plist | awk -F'[< ]' '$3 ~ "^/nix/store/.*" {print $3}') grep "yolo=1" "$script" grep "${tokenPath}" "$script" + + echo "checking that a buildkite-agent hook works" >&2 + hooks_path=$(cat $script | awk -F'"' '/^hooks-path/ {print $2;}') + $hooks_path/command | grep test ''; }