From 3a2686f358514095a6315bdeb21a0752352eaff3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 13 May 2022 23:24:44 +0200 Subject: [PATCH] move ci to garnix --- .github/workflows/test.yml | 28 ++------------------------- .gitlab-ci.yml | 8 -------- flake.lock | 6 +++--- flake.nix | 39 +++++++++++++++++++++++++------------- unit-tests.nix | 3 +-- 5 files changed, 32 insertions(+), 52 deletions(-) delete mode 100644 .gitlab-ci.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9722d27..97d2668 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,35 +5,11 @@ on: - cron: '51 2 * * *' jobs: tests: - strategy: - matrix: - nixPath: - - nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-21.05.tar.gz - - nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz - os: [ ubuntu-latest, macos-latest ] - runs-on: ${{ matrix.os }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: cachix/install-nix-action@v17 - with: - nix_path: "${{ matrix.nixPath }}" - - name: Setup cachix - uses: cachix/cachix-action@v10 - with: - name: mic92 - signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - name: Add keys group (needed for go tests) run: sudo groupadd keys - if: matrix.os == 'ubuntu-latest' - - name: Run lint - run: nix-build --no-out-link default.nix -A lint - if: matrix.os == 'ubuntu-latest' - - name: List flake structure - run: nix flake show - - name: Run flake check (flake) - run: nix flake check -L - # this should be the same as `nix flake check` - - name: Build nix packages - run: nix-build --no-out-link release.nix - name: Run unit tests - run: nix-shell --no-out-link ./unit-tests.nix --argstr sudo "$(command -v sudo)" --pure --run 'true' + run: nix develop .#unit-tests --command "true" diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index f951f02..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,8 +0,0 @@ -stages: - - build - -build-job: - stage: build - script: - - nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixpkgs-unstable.tar.gz -A sops-install-secrets.tests - - nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-21.11.tar.gz -A sops-install-secrets.tests diff --git a/flake.lock b/flake.lock index 3336199..3f1e19c 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1638097282, - "narHash": "sha256-EXCzj9b8X/lqDPJapxZThIOKL5ASbpsJZ+8L1LnY1ig=", + "lastModified": 1652252629, + "narHash": "sha256-SvT64apetqc8P5nYp1/fOZvUmHUPdPFUZbhSpKy+1aI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "78cb77b29d37a9663e05b61abb4fa09465da4b70", + "rev": "d2fc6856824cb87742177eefc8dd534bdb6c3439", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d345af1..5991bff 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,12 @@ { description = "Integrates sops into nixos"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - outputs = { self, nixpkgs }: let + nixConfig.extra-substituters = ["https://cache.garnix.io"]; + nixConfig.extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; + outputs = { + self, + nixpkgs, + }: let systems = [ "x86_64-linux" "i686-linux" @@ -13,21 +18,29 @@ ]; forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system); in { - overlay = final: prev: - let - localPkgs = import ./default.nix { pkgs = final; }; - in { - inherit (localPkgs) sops-install-secrets sops-init-gpg-key sops-pgp-hook sops-import-keys-hook sops-ssh-to-age; - # backward compatibility - inherit (prev) ssh-to-pgp; - }; + overlay = final: prev: let + localPkgs = import ./default.nix {pkgs = final;}; + in { + inherit (localPkgs) sops-install-secrets sops-init-gpg-key sops-pgp-hook sops-import-keys-hook sops-ssh-to-age; + # backward compatibility + inherit (prev) ssh-to-pgp; + }; nixosModules.sops = import ./modules/sops; nixosModule = self.nixosModules.sops; - packages = forAllSystems (system: import ./default.nix { - pkgs = import nixpkgs { inherit system; }; - }); - checks = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] + packages = forAllSystems (system: + import ./default.nix { + pkgs = import nixpkgs {inherit system;}; + }); + checks = + nixpkgs.lib.genAttrs ["x86_64-linux" "aarch64-linux"] (system: self.packages.${system}.sops-install-secrets.tests); defaultPackage = forAllSystems (system: self.packages.${system}.sops-init-gpg-key); + devShell = forAllSystems ( + system: + nixpkgs.legacyPackages.${system}.callPackage ./shell.nix {} + ); + devShells = forAllSystems (system: { + unit-tests = nixpkgs.legacyPackages.${system}.callPackage ./unit-tests.nix {}; + }); }; } diff --git a/unit-tests.nix b/unit-tests.nix index 7483fa0..20029a7 100644 --- a/unit-tests.nix +++ b/unit-tests.nix @@ -1,5 +1,4 @@ { pkgs ? import {} -, sudo ? "sudo" }: let sopsPkgs = import ./. { inherit pkgs; }; @@ -22,7 +21,7 @@ in pkgs.stdenv.mkDerivation { NIX_PATH=nixpkgs=${toString pkgs.path} TEST_ASSETS=$(realpath ./pkgs/sops-pgp-hook/test-assets) \ sops-pgp-hook.test ${pkgs.lib.optionalString (pkgs.stdenv.isLinux) '' - ${sudo} TEST_ASSETS=$(realpath ./pkgs/sops-install-secrets/test-assets) \ + sudo TEST_ASSETS=$(realpath ./pkgs/sops-install-secrets/test-assets) \ unshare --mount --fork sops-install-secrets.test ''} '';