move ci to garnix

2024-12-14 11:57:52 +00:00 · 2022-05-13 23:24:44 +02:00 · 2022-05-13 23:24:44 +02:00 · 3a2686f358
commit 3a2686f358
parent f04ef790f6
5 changed files with 32 additions and 52 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -5,35 +5,11 @@ on:
    - cron:  '51 2 * * *'
 jobs:
  tests:
-    strategy:
-      matrix:
-        nixPath:
-          - nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-21.05.tar.gz
-          - nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz
-        os: [ ubuntu-latest, macos-latest ]
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - uses: cachix/install-nix-action@v17
-      with:
-        nix_path: "${{ matrix.nixPath }}"
-    - name: Setup cachix
-      uses: cachix/cachix-action@v10
-      with:
-        name: mic92
-        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
    - name: Add keys group (needed for go tests)
      run: sudo groupadd keys
-      if: matrix.os == 'ubuntu-latest'
-    - name: Run lint
-      run: nix-build --no-out-link default.nix -A lint
-      if: matrix.os == 'ubuntu-latest'
-    - name: List flake structure
-      run: nix flake show
-    - name: Run flake check (flake)
-      run: nix flake check -L
-    # this should be the same as `nix flake check`
-    - name: Build nix packages
-      run: nix-build --no-out-link release.nix
    - name: Run unit tests
-      run: nix-shell --no-out-link ./unit-tests.nix --argstr sudo "$(command -v sudo)" --pure --run 'true'
+      run: nix develop .#unit-tests --command "true"
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,8 +0,0 @@
-stages:
-  - build
-
-build-job:
-  stage: build
-  script:
-    - nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixpkgs-unstable.tar.gz -A sops-install-secrets.tests
-    - nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-21.11.tar.gz -A sops-install-secrets.tests
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1638097282,
-        "narHash": "sha256-EXCzj9b8X/lqDPJapxZThIOKL5ASbpsJZ+8L1LnY1ig=",
+        "lastModified": 1652252629,
+        "narHash": "sha256-SvT64apetqc8P5nYp1/fOZvUmHUPdPFUZbhSpKy+1aI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "78cb77b29d37a9663e05b61abb4fa09465da4b70",
+        "rev": "d2fc6856824cb87742177eefc8dd534bdb6c3439",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -1,7 +1,12 @@
 {
  description = "Integrates sops into nixos";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
-  outputs = { self, nixpkgs }: let
+  nixConfig.extra-substituters = ["https://cache.garnix.io"];
+  nixConfig.extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="];
+  outputs = {
+    self,
+    nixpkgs,
+  }: let
    systems = [
      "x86_64-linux"
      "i686-linux"
@ -13,21 +18,29 @@
    ];
    forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
  in {
-    overlay = final: prev:
-      let
-        localPkgs = import ./default.nix { pkgs = final; };
-      in {
-        inherit (localPkgs) sops-install-secrets sops-init-gpg-key sops-pgp-hook sops-import-keys-hook sops-ssh-to-age;
-        # backward compatibility
-        inherit (prev) ssh-to-pgp;
-      };
+    overlay = final: prev: let
+      localPkgs = import ./default.nix {pkgs = final;};
+    in {
+      inherit (localPkgs) sops-install-secrets sops-init-gpg-key sops-pgp-hook sops-import-keys-hook sops-ssh-to-age;
+      # backward compatibility
+      inherit (prev) ssh-to-pgp;
+    };
    nixosModules.sops = import ./modules/sops;
    nixosModule = self.nixosModules.sops;
-    packages = forAllSystems (system: import ./default.nix {
-      pkgs = import nixpkgs { inherit system; };
-    });
-    checks = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ]
+    packages = forAllSystems (system:
+      import ./default.nix {
+        pkgs = import nixpkgs {inherit system;};
+      });
+    checks =
+      nixpkgs.lib.genAttrs ["x86_64-linux" "aarch64-linux"]
      (system: self.packages.${system}.sops-install-secrets.tests);
    defaultPackage = forAllSystems (system: self.packages.${system}.sops-init-gpg-key);
+    devShell = forAllSystems (
+      system:
+        nixpkgs.legacyPackages.${system}.callPackage ./shell.nix {}
+    );
+    devShells = forAllSystems (system: {
+      unit-tests = nixpkgs.legacyPackages.${system}.callPackage ./unit-tests.nix {};
+    });
  };
 }
--- a/unit-tests.nix
+++ b/unit-tests.nix
@ -1,5 +1,4 @@
 { pkgs ? import <nixpkgs> {}
-, sudo ? "sudo"
 }:
 let
  sopsPkgs = import ./. { inherit pkgs; };
@ -22,7 +21,7 @@ in pkgs.stdenv.mkDerivation {
    NIX_PATH=nixpkgs=${toString pkgs.path} TEST_ASSETS=$(realpath ./pkgs/sops-pgp-hook/test-assets) \
      sops-pgp-hook.test
    ${pkgs.lib.optionalString (pkgs.stdenv.isLinux) ''
-      ${sudo} TEST_ASSETS=$(realpath ./pkgs/sops-install-secrets/test-assets) \
+      sudo TEST_ASSETS=$(realpath ./pkgs/sops-install-secrets/test-assets) \
        unshare --mount --fork sops-install-secrets.test
    ''}
  '';