mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-15 17:50:51 +00:00
Code Activity

move ci to garnix

Browse source
This commit is contained in:
Jörg Thalheim 2022-05-13 23:24:44 +02:00
parent f04ef790f6
commit 3a2686f358
No known key found for this signature in database
5 changed files with 32 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
.github/workflows/test.yml vendored
View file

@ -5,35 +5,11 @@ on:
- cron: '51 2 * * *' - cron: '51 2 * * *'
jobs: jobs:
tests: tests:
strategy: runs-on: ubuntu-latest
matrix:
nixPath:
- nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-21.05.tar.gz
- nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz
os: [ ubuntu-latest, macos-latest ]
runs-on: ${{ matrix.os }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: cachix/install-nix-action@v17 - uses: cachix/install-nix-action@v17
with:
nix_path: "${{ matrix.nixPath }}"
- name: Setup cachix
uses: cachix/cachix-action@v10
with:
name: mic92
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
- name: Add keys group (needed for go tests) - name: Add keys group (needed for go tests)
run: sudo groupadd keys run: sudo groupadd keys
if: matrix.os == 'ubuntu-latest'
- name: Run lint
run: nix-build --no-out-link default.nix -A lint
if: matrix.os == 'ubuntu-latest'
- name: List flake structure
run: nix flake show
- name: Run flake check (flake)
run: nix flake check -L
# this should be the same as `nix flake check`
- name: Build nix packages
run: nix-build --no-out-link release.nix
- name: Run unit tests - name: Run unit tests
run: nix-shell --no-out-link ./unit-tests.nix --argstr sudo "$(command -v sudo)" --pure --run 'true' run: nix develop .#unit-tests --command "true"

8
.gitlab-ci.yml
View file

@ -1,8 +0,0 @@
stages:
- build
build-job:
stage: build
script:
- nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixpkgs-unstable.tar.gz -A sops-install-secrets.tests
- nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-21.11.tar.gz -A sops-install-secrets.tests

6
flake.lock
View file

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1638097282, "lastModified": 1652252629,
"narHash": "sha256-EXCzj9b8X/lqDPJapxZThIOKL5ASbpsJZ+8L1LnY1ig=", "narHash": "sha256-SvT64apetqc8P5nYp1/fOZvUmHUPdPFUZbhSpKy+1aI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "78cb77b29d37a9663e05b61abb4fa09465da4b70", "rev": "d2fc6856824cb87742177eefc8dd534bdb6c3439",
"type": "github" "type": "github"
}, },
"original": { "original": {

23
flake.nix
View file

@ -1,7 +1,12 @@
{ {
description = "Integrates sops into nixos"; description = "Integrates sops into nixos";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
outputs = { self, nixpkgs }: let nixConfig.extra-substituters = ["https://cache.garnix.io"];
nixConfig.extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="];
outputs = {
self,
nixpkgs,
}: let
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
"i686-linux" "i686-linux"
@ -13,8 +18,7 @@
]; ];
forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system); forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
in { in {
overlay = final: prev: overlay = final: prev: let
let
localPkgs = import ./default.nix {pkgs = final;}; localPkgs = import ./default.nix {pkgs = final;};
in { in {
inherit (localPkgs) sops-install-secrets sops-init-gpg-key sops-pgp-hook sops-import-keys-hook sops-ssh-to-age; inherit (localPkgs) sops-install-secrets sops-init-gpg-key sops-pgp-hook sops-import-keys-hook sops-ssh-to-age;
@ -23,11 +27,20 @@
}; };
nixosModules.sops = import ./modules/sops; nixosModules.sops = import ./modules/sops;
nixosModule = self.nixosModules.sops; nixosModule = self.nixosModules.sops;
packages = forAllSystems (system: import ./default.nix { packages = forAllSystems (system:
import ./default.nix {
pkgs = import nixpkgs {inherit system;}; pkgs = import nixpkgs {inherit system;};
}); });
checks = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] checks =
nixpkgs.lib.genAttrs ["x86_64-linux" "aarch64-linux"]
(system: self.packages.${system}.sops-install-secrets.tests); (system: self.packages.${system}.sops-install-secrets.tests);
defaultPackage = forAllSystems (system: self.packages.${system}.sops-init-gpg-key); defaultPackage = forAllSystems (system: self.packages.${system}.sops-init-gpg-key);
devShell = forAllSystems (
system:
nixpkgs.legacyPackages.${system}.callPackage ./shell.nix {}
);
devShells = forAllSystems (system: {
unit-tests = nixpkgs.legacyPackages.${system}.callPackage ./unit-tests.nix {};
});
}; };
} }

3
unit-tests.nix
View file

@ -1,5 +1,4 @@
{ pkgs ? import <nixpkgs> {} { pkgs ? import <nixpkgs> {}
, sudo ? "sudo"
}: }:
let let
sopsPkgs = import ./. { inherit pkgs; }; sopsPkgs = import ./. { inherit pkgs; };
@ -22,7 +21,7 @@ in pkgs.stdenv.mkDerivation {
NIX_PATH=nixpkgs=${toString pkgs.path} TEST_ASSETS=$(realpath ./pkgs/sops-pgp-hook/test-assets) \ NIX_PATH=nixpkgs=${toString pkgs.path} TEST_ASSETS=$(realpath ./pkgs/sops-pgp-hook/test-assets) \
sops-pgp-hook.test sops-pgp-hook.test
${pkgs.lib.optionalString (pkgs.stdenv.isLinux) '' ${pkgs.lib.optionalString (pkgs.stdenv.isLinux) ''
${sudo} TEST_ASSETS=$(realpath ./pkgs/sops-install-secrets/test-assets) \ sudo TEST_ASSETS=$(realpath ./pkgs/sops-install-secrets/test-assets) \
unshare --mount --fork sops-install-secrets.test unshare --mount --fork sops-install-secrets.test
''} ''}
''; '';