Merge branch 'main' into b12f

2022-08-29 17:00:00 +02:00 · 2022-08-29 17:00:00 +02:00 · 341f88b21a
parent ce2a1190eb 272bbd40ed
commit 341f88b21a
7 changed files with 200 additions and 120 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -1,92 +1,3 @@
---
-kind: pipeline
-type: docker
-name: Upstreaming
-
-steps:
-  - name: "Sync 'devos' branch with upstream"
-    image: alpine/git
-    when:
-      event:
-        - cron
-      cron:
-        - sync-main-with-upstream
-    environment:
-      GITEA_SSH_KEY:
-        from_secret: gitea_ssh_key
-    commands:
-      - ./.drone/setup_ssh.sh
-      - git remote add devos git@git.b12f.io:pub-solar/devos
-      - git remote set-url origin git@git.b12f.io:pub-solar/os
-      - git fetch --all
-      - git checkout -b devos --track origin/devos
-      - git merge -X theirs devos/main
-      - git push origin devos
-      - git remote set-url origin https://git.b12f.io/pub-solar/os.git
-
-  - name: "Sync $BRANCH with upstream"
-    image: alpine/git
-    when:
-      event:
-        - cron
-      cron:
-        - sync-main-with-upstream
-        - sync-b12f-with-main
-        - sync-teutat3s-with-main
-    environment:
-      GITEA_SSH_KEY:
-        from_secret: gitea_ssh_key
-    commands:
-      - git fetch origin
-      - git checkout origin/main
-      - ./.drone/setup_ssh.sh
-      - git remote set-url origin git@git.b12f.io:pub-solar/os
-      - git fetch --all
-      - ./.drone/upstream-branch.sh
-
-  - name: "Open pull request for failed merge"
-    image: nixery.dev/shell/tea
-    when:
-      status:
-        - failure
-      event:
-        - cron
-      cron:
-        - sync-main-with-upstream
-        - sync-b12f-with-main
-        - sync-teutat3s-with-main
-    environment:
-      TEA_CONFIG:
-        from_secret: tea_config
-    commands:
-      - mkdir -p ~/.config/tea
-      - echo "$$TEA_CONFIG" > ~/.config/tea/config.yml
-      - tea pulls create --base main --head devos
-
-  - name: "Notify matrix"
-    image: plugins/matrix
-    when:
-      status:
-        - failure
-      event:
-        - cron
-      cron:
-        - sync-main-with-upstream
-        - sync-b12f-with-main
-        - sync-teutat3s-with-main
-    settings:
-      homeserver: https://matrix.pub.solar
-      roomid: dfQBqwkhIzrFjMSsxy:pub.solar
-      username:
-        from_secret: matrix_username
-      password:
-        from_secret: matrix_password
-      template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)"
-
-trigger:
-  event:
-    - cron
-
 ---
 kind: pipeline
 type: docker
@ -98,15 +9,78 @@ steps:
    when:
      event:
        - pull_request
-        - tag
    environment:
      NIX_FLAGS: "--print-build-logs --verbose"
    commands:
      - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
-      - nix $$NIX_FLAGS flake check
+      - nix $$NIX_FLAGS develop --command nix flake show
      - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
+
+---
+kind: pipeline
+type: exec
+name: Tests
+
+steps:
+  - name: "Tests"
+    environment:
+      NIX_FLAGS: "--print-build-logs --verbose"
+    commands:
+      - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
+      - nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest"
+      - nix-store --read-log result
+      - nix $$NIX_FLAGS flake check
      - nix $$NIX_FLAGS develop --command echo OK

+  - name: "Upload artifacts"
+    environment:
+      TRITON_DONT_SOURCE_PROFILE: 1
+      PRIVATE_SSH_KEY:
+        from_secret: private_ssh_key
+      MANTA_USER: pub_solar
+      MANTA_URL: https://eu-central.manta.greenbaum.cloud
+      MANTA_KEY_ID: "5d:5f:3d:22:8d:37:1f:e6:d6:ab:06:18:d9:a2:04:67"
+    commands:
+      - export TARGET_DIR="ci/$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}"
+      - echo env var TARGET_DIR is set to $$TARGET_DIR
+      - "mkdir ~/.ssh && chmod 700 ~/.ssh"
+      - echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
+      - nix flake new --template "git+https://git.greenbaum.cloud/dev/tritonshell?ref=main" ./tritonshell
+      - git add tritonshell
+      - cd tritonshell
+      - nix develop --command mput -p -f ../result/foot_wayland_info.png ~~/public/$${TARGET_DIR}/foot_wayland_info.png
+      - nix develop --command mput -p -f ../result/test-wayland.out ~~/public/$${TARGET_DIR}/test-wayland.out
+
+trigger:
+  ref:
+    - refs/tags/v*
+    - refs/tags/t*
+
+---
+kind: pipeline
+type: docker
+name: Notification
+
+steps:
+  - name: "Notify matrix"
+    image: plugins/matrix
+    settings:
+      homeserver: https://matrix.pub.solar
+      roomid: dfQBqwkhIzrFjMSsxy:pub.solar
+      username:
+        from_secret: matrix_username
+      password:
+        from_secret: matrix_password
+      template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png"
+
+depends_on:
+  - Tests
+
+trigger:
+  ref:
+    - refs/tags/v*
+    - refs/tags/t*
+
 ---
 kind: pipeline
 type: docker
@ -115,14 +89,15 @@ name: Publish ISO
 steps:
  - name: "Build ISO"
    image: docker.nix-community.org/nixpkgs/nix-flakes:latest
+    environment:
+      NIX_FLAGS: "--print-build-logs --verbose"
    volumes:
      - name: file-exchange
        path: /var/nix/iso-cache
    commands:
      - |
-        nix --print-build-logs --verbose \
-          build \
-            '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso'
+        nix $$NIX_FLAGS build \
+          '.#nixosConfigurations.bootstrap.config.system.build.isoImage'
      - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/

  - name: "Publish ISO"
@ -148,8 +123,10 @@ depends_on:
  - Check

 trigger:
+  branch:
+    - main
  event:
-    - tag
+    - push

 volumes:
  - name: file-exchange
@ -157,6 +134,6 @@ volumes:

 ---
 kind: signature
-hmac: da951ba8ede88996728acfb47846e01880eb0e3b91f66e47848d6c1cc727c5d9
+hmac: 5d7c0ef5519ffe68189271b18d9084db55c9e14831f95234655f5387f9426db0

 ...
--- a/flake.lock
+++ b/flake.lock
@ -42,11 +42,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1657835815,
-        "narHash": "sha256-CnZszAYpNKydh6N7+xg+eRtWNVoAAGqc6bg+Lpgq1xc=",
+        "lastModified": 1661329936,
+        "narHash": "sha256-dafFjAcJPo0SdegK3E+SnTI8CNMgV/bBm/6CeDf82f8=",
        "owner": "LnL7",
        "repo": "nix-darwin",
-        "rev": "54a24f042f93c79f5679f133faddedec61955cf2",
+        "rev": "ef0e7f41cdf8fae1d2390c4df246c90a364ed8d9",
        "type": "github"
      },
      "original": {
@ -143,15 +143,16 @@
        "nixpkgs-unstable": "nixpkgs-unstable"
      },
      "locked": {
-        "lastModified": 1659622306,
-        "narHash": "sha256-Kpfm2PNs+kZU0W7qcugoPATLG8I2P7FJFGTgsf1LJiU=",
-        "owner": "divnix",
+        "lastModified": 1661600857,
+        "narHash": "sha256-KfQCcTtfvU0PXV4fD9XKIMcKx9lUUR0xWJoBgc12fKE=",
+        "owner": "pub-solar",
        "repo": "digga",
-        "rev": "d1193743a535d7fbbc7f3eda4e51295b10bd4d2c",
+        "rev": "c902b3ef0aa45cb4f336c390f647bb182c38a221",
        "type": "github"
      },
      "original": {
-        "owner": "divnix",
+        "owner": "pub-solar",
+        "ref": "fix/bootstrap-iso",
        "repo": "digga",
        "type": "github"
      }
@ -307,11 +308,11 @@
    },
    "latest_2": {
      "locked": {
-        "lastModified": 1660305968,
-        "narHash": "sha256-r0X1pZCSEA6mzt5OuTA7nHuLmvnbkwgpFAh1iLIx4GU=",
+        "lastModified": 1661361016,
+        "narHash": "sha256-Bjf6ZDnDc6glTwIIItvwfcaeJ5zWFM6GYfPajSArdUY=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c4a0efdd5a728e20791b8d8d2f26f90ac228ee8d",
+        "rev": "b784c5ae63dd288375af1b4d37b8a27dd8061887",
        "type": "github"
      },
      "original": {
@ -358,11 +359,11 @@
    },
    "nixos": {
      "locked": {
-        "lastModified": 1660318005,
-        "narHash": "sha256-g9WCa9lVUmOV6dYRbEPjv/TLOR5hamjeCcKExVGS3OQ=",
+        "lastModified": 1661427965,
+        "narHash": "sha256-LJeSDbiebN0/eRt9vyOm+Bxljdsq5ZdalmmTk9Xpp30=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "5c211b47aeadcc178c5320afd4e74c7eed5c389f",
+        "rev": "058de3818577db19d1965c21e2479916a3eaaf95",
        "type": "github"
      },
      "original": {
@ -378,11 +379,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1657748715,
-        "narHash": "sha256-WecDwDY/hEcDQYzFnccCNa+5Umht0lfjx/d1qGDy/rQ=",
+        "lastModified": 1660727616,
+        "narHash": "sha256-zYTIvdPMYMx/EYqXODAwIIU30RiEHqNHdgarIHuEYZc=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "3323b944d99b026aebfd8de439e001409dde067d",
+        "rev": "adccd191a0e83039d537e021f19495b7bad546a1",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -12,7 +12,7 @@
      latest.url = "github:nixos/nixpkgs/nixos-unstable";
      pub-solar.url = "github:pub-solar/nixpkgs/fix/use-latest-unstable-yubikey-agent";

-      digga.url = "github:divnix/digga";
+      digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
      digga.inputs.nixpkgs.follows = "nixos";
      digga.inputs.nixlib.follows = "nixos";
      digga.inputs.home-manager.follows = "home";
@ -103,7 +103,11 @@
          imports = [ (digga.lib.importHosts ./hosts) ];
          hosts = {
            /* set host specific properties here */
-            PubSolarOS = { };
+            PubSolarOS = {
+              tests = [
+                (import ./tests/first-test.nix { pkgs = nixos.legacyPackages.x86_64-linux; lib = nixos.lib; })
+              ];
+            };
          };
          importables = rec {
            profiles = digga.lib.rakeLeaves ./profiles // {
--- a/hosts/bootstrap.nix
+++ b/hosts/bootstrap.nix
@ -1,9 +1,6 @@
 { profiles, ... }:
 {
-  # build with: `nix build '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso'`
-  # reachable on the local link via ssh root@fe80::47%eno1
-  # where 'eno1' is replaced by your own machine's network
-  # interface that has the local link to the target machine
+  # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
  imports = [
    # profiles.networking
    profiles.users.root # make sure to configure ssh keys
--- a/modules/graphical/default.nix
+++ b/modules/graphical/default.nix
@ -61,7 +61,7 @@ in
      };
    };

-    services.getty.autologinUser = mkIf cfg.autologin.enable "${psCfg.user.name}";
+    services.getty.autologinUser = mkIf cfg.autologin.enable (mkForce "${psCfg.user.name}");

    qt5 = {
      enable = true;
--- a/tests/first-test.nix
+++ b/tests/first-test.nix
@ -0,0 +1,87 @@
+{ pkgs, lib, ... }:
+{
+  name = "firstTest";
+
+  nodes.test-machine = { suites ? null, ... }: {
+    imports = suites.iso;
+
+    home-manager.users.pub-solar.programs.zsh.shellAliases = {
+      test-x11 = "glinfo | tee /tmp/test-x11.out && touch /tmp/test-x11-exit-ok";
+      test-wayland = "wayland-info | tee /tmp/test-wayland.out && touch /tmp/test-wayland-exit-ok";
+    };
+
+    # source: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/tests/sway.nix
+    environment = {
+      # For glinfo and wayland-info:
+      systemPackages = with pkgs; [ mesa-demos wayland-utils alacritty ];
+      # Use a fixed SWAYSOCK path (for swaymsg):
+      variables = {
+        "SWAYSOCK" = "/tmp/sway-ipc.sock";
+        # TODO: Investigate if we can get hardware acceleration to work (via
+        # virtio-gpu and Virgil). We currently have to use the Pixman software
+        # renderer since the GLES2 renderer doesn't work inside the VM (even
+        # with WLR_RENDERER_ALLOW_SOFTWARE):
+        # "WLR_RENDERER_ALLOW_SOFTWARE" = "1";
+        "WLR_RENDERER" = "pixman";
+      };
+
+      # To help with OCR:
+      etc."xdg/foot/foot.ini".text = lib.generators.toINI { } {
+        main = {
+          font = "inconsolata:size=14";
+        };
+        colors = rec {
+          foreground = "000000";
+          background = "ffffff";
+          regular2 = foreground;
+        };
+      };
+    };
+
+    fonts.fonts = [ pkgs.inconsolata ];
+
+    # Need to switch to a different GPU driver than the default one (-vga std) so that Sway can launch:
+    virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ];
+    virtualisation.cores = 4;
+    virtualisation.memorySize = 2048;
+  };
+
+  enableOCR = true;
+
+  testScript = ''
+    import shlex
+    def swaymsg(command: str, succeed=True):
+        with machine.nested(f"sending swaymsg {command!r}" + " (allowed to fail)" * (not succeed)):
+          (machine.succeed if succeed else machine.execute)(
+            f"su - pub-solar -c {shlex.quote('swaymsg -- ' + command)}"
+          )
+
+
+    machine.wait_for_unit("multi-user.target")
+
+    # To check the version:
+    print(machine.succeed("sway --version"))
+
+    # Wait for Sway to complete startup:
+    machine.wait_for_file("/run/user/1000/wayland-1")
+    machine.wait_for_file("/tmp/sway-ipc.sock")
+
+    # Start a terminal (foot) on workspace 3:
+    machine.wait_for_text("1")
+    machine.send_key("meta_l-3")
+    machine.sleep(3)
+    machine.send_key("meta_l-ret")
+    machine.sleep(10)
+    machine.send_chars("whoami\n")
+    machine.sleep(3)
+    machine.wait_for_text("pub-solar")
+    machine.send_chars("test-wayland\n")
+    machine.wait_for_file("/tmp/test-wayland-exit-ok")
+    print(machine.succeed("cat /tmp/test-wayland.out"))
+    machine.copy_from_vm("/tmp/test-wayland.out")
+    machine.sleep(3)
+    machine.screenshot("foot_wayland_info")
+    machine.send_key("meta_l-shift-q")
+    machine.wait_until_fails("pgrep foot")
+  '';
+}
--- a/tests/second-test.nix
+++ b/tests/second-test.nix
@ -0,0 +1,14 @@
+{ }:
+{
+  name = "secondTest";
+
+  nodes.test-machine2 = { suites ? null, ... }: {
+    imports = [
+      suites.iso
+    ];
+  };
+
+  testScript = ''
+    machines[0].systemctl("is-system-running --wait")
+  '';
+}