stockholm/shared/2configs/shared-buildbot.nix

157 lines
5.6 KiB
Nix
Raw Normal View History

2015-12-22 19:36:19 +01:00
{ lib, config, pkgs, ... }:
2016-02-15 14:25:30 +01:00
# The buildbot config is self-contained and currently provides a way
# to test "shared" configuration (infrastructure to be used by every krebsminister).
2016-01-18 16:59:44 +01:00
# You can add your own test, test steps as required. Deploy the config on a
# shared host like wolf and everything should be fine.
2016-02-15 14:25:30 +01:00
# TODO for all users schedule a build for fast tests
2016-01-18 16:59:44 +01:00
{
2015-12-24 20:50:23 +01:00
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
2016-02-15 14:25:30 +01:00
krebs.buildbot.master = let
stockholm-mirror-url = http://cgit.wolf/stockholm-mirror ;
in {
2015-12-30 02:45:47 +01:00
secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
slaves = {
testslave = "krebspass";
};
change_source.stockholm = ''
2016-02-15 14:25:30 +01:00
stockholm_repo = '${stockholm-mirror-url}'
cs.append(changes.GitPoller(
stockholm_repo,
2016-02-11 21:03:30 +01:00
workdir='stockholm-poller', branches=True,
project='stockholm',
pollinterval=120))
'';
scheduler = {
force-scheduler = ''
sched.append(schedulers.ForceScheduler(
name="force",
builderNames=["full-tests","fast-tests"]))
'';
fast-tests-scheduler = ''
# test everything real quick
sched.append(schedulers.SingleBranchScheduler(
2016-02-11 21:03:30 +01:00
## all branches
change_filter=util.ChangeFilter(branch_re=".*"),
2016-02-12 22:15:18 +01:00
# treeStableTimer=10,
name="fast-test-all-branches",
builderNames=["fast-tests"]))
'';
2015-12-24 20:50:23 +01:00
test-cac-infest-master = ''
# files everyone depends on or are part of the share branch
def shared_files(change):
r =re.compile("^((krebs|shared)/.*|Makefile|default.nix)")
for file in change.files:
if r.match(file):
return True
return False
sched.append(schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch="master"),
fileIsImportant=shared_files,
2015-12-24 20:50:23 +01:00
treeStableTimer=60*60, # master was stable for the last hour
name="full-master-test",
builderNames=["full-tests"]))
'';
};
builder_pre = ''
# prepare grab_repo step for stockholm
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
env = {"LOGNAME": "shared", "NIX_REMOTE": "daemon"}
# prepare nix-shell
# the dependencies which are used by the test script
deps = [ "gnumake", "jq","nix","rsync",
"(import <stockholm>).pkgs.test.infest-cac-centos7" ]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
nixshell = ["nix-shell",
"-I", "stockholm=.",
"-I", "nixpkgs=/var/src/upstream-nixpkgs",
"-p" ] + deps + [ "--run" ]
# prepare addShell function
def addShell(factory,**kwargs):
factory.addStep(steps.ShellCommand(**kwargs))
'';
builder = {
fast-tests = ''
f = util.BuildFactory()
f.addStep(grab_repo)
for i in [ "test-centos7", "wolf", "test-failing" ]:
addShell(f,name="populate-{}".format(i),env=env,
2016-02-11 21:03:30 +01:00
command=nixshell + \
["{}( make system={} eval.config.krebs.build.populate \
| jq -er .)".format("!" if "failing" in i else "",i)])
2016-02-11 21:03:30 +01:00
# XXX we must prepare ./retiolum.rsa_key.priv for secrets to work
2015-12-30 04:43:16 +01:00
addShell(f,name="instantiate-test-all-modules",env=env,
2015-12-30 02:45:47 +01:00
command=nixshell + \
["touch retiolum.rsa_key.priv; \
nix-instantiate --eval -A \
users.shared.test-all-krebs-modules.system \
-I stockholm=. \
2016-01-19 22:39:43 +01:00
--show-trace \
2015-12-30 02:45:47 +01:00
-I secrets=. '<stockholm>' \
--strict --json"])
2015-12-30 14:47:40 +01:00
addShell(f,name="instantiate-test-minimal-deploy",env=env,
command=nixshell + \
["nix-instantiate --eval -A \
users.shared.test-minimal-deploy.system \
-I stockholm=. \
-I secrets=. '<stockholm>' \
2016-01-19 22:39:43 +01:00
--show-trace \
2015-12-30 14:47:40 +01:00
--strict --json"])
bu.append(util.BuilderConfig(name="fast-tests",
slavenames=slavenames,
factory=f))
'';
slow-tests = ''
s = util.BuildFactory()
s.addStep(grab_repo)
# slave needs 2 files:
# * cac.json
# * retiolum
2015-12-30 01:38:33 +01:00
s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json"))
s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv"))
addShell(s, name="infest-cac-centos7",env=env,
sigtermTime=60, # SIGTERM 1 minute before SIGKILL
2016-01-07 08:05:05 +01:00
timeout=10800, # 3h
command=nixshell + ["infest-cac-centos7"])
bu.append(util.BuilderConfig(name="full-tests",
slavenames=slavenames,
factory=s))
'';
};
2015-12-22 19:36:19 +01:00
enable = true;
web = {
enable = true;
};
2015-12-22 19:36:19 +01:00
irc = {
enable = true;
nick = "wolfbot";
2015-12-22 19:36:19 +01:00
server = "cd.retiolum";
channels = [ "retiolum" ];
2015-12-22 19:36:19 +01:00
allowForce = true;
};
};
krebs.buildbot.slave = {
enable = true;
masterhost = "localhost";
username = "testslave";
password = "krebspass";
packages = with pkgs;[ git nix ];
2015-12-30 04:43:16 +01:00
# all nix commands will need a working nixpkgs installation
extraEnviron = {
NIX_PATH="nixpkgs=/var/src/upstream-nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };
2015-12-22 19:36:19 +01:00
};
}