Merge pull request #7648 from hercules-ci/move-nixos-tests

Move nixos tests
This commit is contained in:
Théophane Hufschmitt 2023-01-27 15:11:48 +01:00 committed by GitHub
commit ccaadc9575
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 57 additions and 98 deletions

View file

@ -21,7 +21,7 @@ Maintainers: tick if completed or explain if not relevant
- [ ] tests, as appropriate
- functional tests - `tests/**.sh`
- unit tests - `src/*/tests`
- integration tests
- integration tests - `tests/nixos/*`
- [ ] documentation in the manual
- [ ] code and comments are self-explanatory
- [ ] commit message explains why the change was made

View file

@ -409,6 +409,18 @@
};
};
nixos-lib = import (nixpkgs + "/nixos/lib") { };
# https://nixos.org/manual/nixos/unstable/index.html#sec-calling-nixos-tests
runNixOSTestFor = system: test: nixos-lib.runTest {
imports = [ test ];
hostPkgs = nixpkgsFor.${system};
defaults = {
nixpkgs.pkgs = nixpkgsFor.${system};
};
_module.args.nixpkgs = nixpkgs;
};
in {
# A Nixpkgs overlay that overrides the 'nix' and
@ -487,49 +499,22 @@
};
# System tests.
tests.remoteBuilds = import ./tests/remote-builds.nix {
system = "x86_64-linux";
inherit nixpkgs;
overlay = self.overlays.default;
};
tests.remoteBuilds = runNixOSTestFor "x86_64-linux" ./tests/nixos/remote-builds.nix;
tests.nix-copy-closure = import ./tests/nix-copy-closure.nix {
system = "x86_64-linux";
inherit nixpkgs;
overlay = self.overlays.default;
};
tests.nix-copy-closure = runNixOSTestFor "x86_64-linux" ./tests/nixos/nix-copy-closure.nix;
tests.nssPreload = (import ./tests/nss-preload.nix rec {
system = "x86_64-linux";
inherit nixpkgs;
overlay = self.overlays.default;
});
tests.nssPreload = runNixOSTestFor "x86_64-linux" ./tests/nixos/nss-preload.nix;
tests.githubFlakes = (import ./tests/github-flakes.nix rec {
system = "x86_64-linux";
inherit nixpkgs;
overlay = self.overlays.default;
});
tests.githubFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/github-flakes.nix;
tests.sourcehutFlakes = (import ./tests/sourcehut-flakes.nix rec {
system = "x86_64-linux";
inherit nixpkgs;
overlay = self.overlays.default;
});
tests.sourcehutFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/sourcehut-flakes.nix;
tests.containers = (import ./tests/containers.nix rec {
system = "x86_64-linux";
inherit nixpkgs;
overlay = self.overlays.default;
});
tests.containers = runNixOSTestFor "x86_64-linux" ./tests/nixos/containers/containers.nix;
tests.setuid = nixpkgs.lib.genAttrs
["i686-linux" "x86_64-linux"]
(system:
import ./tests/setuid.nix rec {
inherit nixpkgs system;
overlay = self.overlays.default;
});
(system: runNixOSTestFor system ./tests/nixos/setuid.nix);
# Make sure that nix-env still produces the exact same result
# on a particular version of Nixpkgs.

View file

@ -1,12 +1,7 @@
# Test whether we can run a NixOS container inside a Nix build using systemd-nspawn.
{ nixpkgs, system, overlay }:
{ lib, nixpkgs, ... }:
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
makeTest ({
{
name = "containers";
nodes =
@ -65,4 +60,4 @@ makeTest ({
host.succeed("[[ $(cat ./result/msg) = 'Hello World' ]]")
'';
})
}

View file

@ -1,14 +1,9 @@
{ nixpkgs, system, overlay }:
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
{ lib, config, nixpkgs, ... }:
let
pkgs = config.nodes.client.nixpkgs.pkgs;
# Generate a fake root CA and a fake api.github.com / github.com / channels.nixos.org certificate.
cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; }
cert = pkgs.runCommand "cert" { nativeBuildInputs = [ pkgs.openssl ]; }
''
mkdir -p $out
@ -92,8 +87,6 @@ let
'';
in
makeTest (
{
name = "github-flakes";
@ -207,4 +200,4 @@ makeTest (
client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
'';
})
}

View file

@ -1,13 +1,16 @@
# Test nix-copy-closure.
{ nixpkgs, system, overlay }:
{ lib, config, nixpkgs, hostPkgs, ... }:
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
let
pkgs = config.nodes.client.nixpkgs.pkgs;
makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; pkgD = pkgs.tmux; in {
pkgA = pkgs.cowsay;
pkgB = pkgs.wget;
pkgC = pkgs.hello;
pkgD = pkgs.tmux;
in {
name = "nix-copy-closure";
nodes =
@ -74,4 +77,4 @@ makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; pkgD = pk
# )
# client.succeed("nix-store --check-validity ${pkgC}")
'';
})
}

View file

@ -1,11 +1,9 @@
{ nixpkgs, system, overlay }:
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
{ lib, config, nixpkgs, ... }:
let
pkgs = config.nodes.client.nixpkgs.pkgs;
nix-fetch = pkgs.writeText "fetch.nix" ''
derivation {
# This derivation is an copy from what is available over at
@ -41,9 +39,7 @@ let
'';
in
makeTest (
rec {
{
name = "nss-preload";
nodes = {
@ -122,4 +118,4 @@ rec {
nix-build ${nix-fetch} >&2
""")
'';
})
}

View file

@ -1,15 +1,9 @@
# Test Nix's remote build feature.
{ nixpkgs, system, overlay }:
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
makeTest (
{ config, lib, hostPkgs, ... }:
let
pkgs = config.nodes.client.nixpkgs.pkgs;
# The configuration of the remote builders.
builder =
@ -75,7 +69,7 @@ in
# Create an SSH key on the client.
subprocess.run([
"${pkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
"${hostPkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
], capture_output=True, check=True)
client.succeed("mkdir -p -m 700 /root/.ssh")
client.copy_from_host("key", "/root/.ssh/id_ed25519")
@ -109,4 +103,4 @@ in
builder1.block()
client.succeed("nix-build ${expr nodes.client.config 4}")
'';
})
}

View file

@ -1,13 +1,12 @@
# Verify that Linux builds cannot create setuid or setgid binaries.
{ nixpkgs, system, overlay }:
{ lib, config, nixpkgs, ... }:
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
let
pkgs = config.nodes.machine.nixpkgs.pkgs;
makeTest {
in
{
name = "setuid";
nodes.machine =

View file

@ -1,12 +1,8 @@
{ nixpkgs, system, overlay }:
with import (nixpkgs + "/nixos/lib/testing-python.nix")
{
inherit system;
extraConfigurations = [{ nixpkgs.overlays = [ overlay ]; }];
};
{ lib, config, hostPkgs, nixpkgs, ... }:
let
pkgs = config.nodes.sourcehut.nixpkgs.pkgs;
# Generate a fake root CA and a fake git.sr.ht certificate.
cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; }
''
@ -64,8 +60,6 @@ let
in
makeTest (
{
name = "sourcehut-flakes";
@ -164,4 +158,4 @@ makeTest (
client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
'';
})
}