Skip to content

Commit

Permalink
tests(postbuildstepper): add integration test as nixos VM test
Browse files Browse the repository at this point in the history
  • Loading branch information
@steveej
steveej committed Oct 30, 2024
1 parent f25ea56 commit 9cdeeb4
Showing 1 changed file with 176 additions and 11 deletions.
187 changes: 176 additions & 11 deletions modules/flake-parts/packages.postbuildstepper/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
# System independent arguments.
self,
inputs,
lib,
...
}:
{
Expand All @@ -11,14 +10,16 @@
# Arguments specific to the `perSystem` context.
pkgs,
self',
system ? pkgs.system,
lib,
...
}:

{
# system specific outputs like, apps, checks, packages

packages =
let
system = pkgs.system;
cranePkgs = inputs.craneNixpkgs.legacyPackages.${system};
craneLib = inputs.crane.mkLib cranePkgs;

Expand Down Expand Up @@ -60,17 +61,181 @@
postbuildstepperArgs // { cargoArtifacts = postbuildstepperDeps; }
);

};

checks =
let
s3 = {
bucket = "cache.holo.host";
endpoint = "s3.wasabisys.com";
adminKey = "s3key";
adminSecret = "s3secret";
profile = "cache-holo-host-s3-wasabi";

userKey = "s3user";
userSecret = "s3usersecret";

endpointCert = self.lib.makeCert {
inherit pkgs;
caName = "Example good CA";
domain = "${s3.endpoint}";
};

bucketCert = self.lib.makeCert {
inherit pkgs;
caName = "Example good CA";
domain = "${s3.bucket}";
};
};

awsSharedCredentialsFile = pkgs.writeText "aws-shared-credentials" ''
[${s3.profile}]
aws_access_key_id = ${s3.userKey}
aws_secret_access_key = ${s3.userSecret}'';

cacheSecretKey = "testing-2:CoS7sAPcH1M+LD+D/fg9sc1V3uKk88VMHZ/MvAJHsuMSasehxxlUKNa0LUedGgFfA1wlRYF74BNcAldRxX2g8A==";
cachePublicKey = "testing-2:EmrHoccZVCjWtC1HnRoBXwNcJUWBe+ATXAJXUcV9oPA=";
in
lib.attrsets.optionalAttrs pkgs.stdenv.isx86_64 {
postbuildstepper-test = pkgs.writeShellScriptBin "test" ''
env \
PROP_owners="['steveej']" \
PROP_repository="https://github.com/Holo-Host/holo-nixpkgs" \
PROP_project="Holo-Host/holo-nixpkgs" \
PROP_attr="aarch64-linux.hello" \
SECRET_cacheHoloHost2secret="testing-2:CoS7sAPcH1M+LD+D/fg9sc1V3uKk88VMHZ/MvAJHsuMSasehxxlUKNa0LUedGgFfA1wlRYF74BNcAldRxX2g8A==" \
SECRET_awsSharedCredentialsFile="~/.aws/credentials" \
PROP_out_path="${pkgs.hello}" \
nix run .\#postbuildstepper
set -x
export PROP_owners="['steveej']"
export PROP_repository="https://github.com/Holo-Host/holo-nixpkgs"
export PROP_project="Holo-Host/holo-nixpkgs" \
export PROP_attr="aarch64-linux.hello"
export SECRET_cacheHoloHost2secret="${cacheSecretKey}"
export PROP_out_path="${pkgs.hello}"
# this needs to be `cat`ed because the program expects this to contain the content of the file.
export SECRET_awsSharedCredentialsFile="$(cat ${awsSharedCredentialsFile})"
exec ${pkgs.lib.getExe' self.packages.${system}.postbuildstepper "postbuildstepper"}
'';

tests-postbuildstepper-integration = inputs.nixpkgs.lib.nixos.runTest {
name = "postbuildstepper";

imports = [ ];
hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs
# defaults.services.foo.package = self'.packages.postbuildstepper;

# One or more machines:
nodes = {
machine =
{ config, pkgs, ... }:

{
networking.hosts = {
"127.0.0.1" = [
s3.bucket
s3.endpoint
];
};

security.pki.certificateFiles = [
"${s3.endpointCert}/ca.crt"
"${s3.bucketCert}/ca.crt"
];

nix.settings.experimental-features = [
"nix-command"
"flakes"
];

# add hello here as we need it in the VM closure at runtime, and otherwise `nix sign/copy` will try to build or fetch it
environment.systemPackages = [ pkgs.hello ];

services.minio = {
enable = true;
browser = false;
listenAddress = "127.0.0.1:9000";
rootCredentialsFile = pkgs.writeText "creds" ''
MINIO_ROOT_USER=${s3.adminKey}
MINIO_ROOT_PASSWORD=${s3.adminSecret}
'';
};

services.caddy = {
enable = true;
logFormat = ''
# if need be set to DEBUG
level INFO
'';
globalConfig = ''
auto_https off
'';

virtualHosts.${s3.endpoint} = {
extraConfig = ''
tls ${s3.endpointCert}/server.crt ${s3.endpointCert}/server.key
reverse_proxy http://${config.services.minio.listenAddress}
'';
};
virtualHosts.${s3.bucket} = {
extraConfig = ''
tls ${s3.bucketCert}/server.crt ${s3.bucketCert}/server.key
rewrite * /${s3.bucket}{uri}
reverse_proxy http://${config.services.minio.listenAddress}
'';
};
};
};
};

testScript = ''
machine.start()
machine.wait_for_unit("minio.service")
# uncomment this command get a minio trace log
# machine.execute(
# ${pkgs.writeShellScript "trace-minio" ''
# export PATH=${pkgs.minio-client}/bin:$PATH
# set -xe
# # background trace logging for minio
# mc admin trace --all localhost >&2 &
# ''},
# timeout = None
# )
machine.wait_for_unit("caddy.service")
machine.succeed("${pkgs.writeShellScript "prepare-minio" ''
export PATH=${pkgs.minio-client}/bin:$PATH
set -xe
mc alias set localhost "https://${s3.endpoint}" "${s3.adminKey}" "${s3.adminSecret}"
mc mb localhost/${s3.bucket}
# create a non-admin user with write permissions
mc admin user add localhost ${s3.userKey} ${s3.userSecret}
mc admin policy attach localhost readwrite --user ${s3.userKey}
mc alias set user "https://${s3.endpoint}" "${s3.userKey}" "${s3.userSecret}"
# allow anonymous access to the "cache"
mc anonymous set --recursive download localhost/${s3.bucket}
# this file is GET'ed by `nix copy`
echo "StoreDir: /nix/store" > nix-cache-info
mc cp nix-cache-info user/${s3.bucket}/nix-cache-info
# mc cp nix-cache-info localhost/${s3.bucket}/nix-cache-info
for remote in \
https://${s3.endpoint}/${s3.bucket}/nix-cache-info \
https://${s3.bucket}/nix-cache-info \
; do
diff --report-identical-files <(curl ''${remote}) nix-cache-info
done
''}", timeout = 10)
machine.succeed("${lib.getExe self'.checks.postbuildstepper-test}", timeout = 30)
machine.succeed("nix copy --trusted-public-keys ${cachePublicKey} --from https://cache.holo.host --to ./store ${pkgs.hello}", timeout = 30)
'';
};
};
};

Expand Down

0 comments on commit 9cdeeb4

Please sign in to comment.