diff --git a/.drone.yml b/.drone.yml index f54bd8f9..a170d5a2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,92 +1,3 @@ ---- -kind: pipeline -type: docker -name: Upstreaming - -steps: - - name: "Sync 'devos' branch with upstream" - image: alpine/git - when: - event: - - cron - cron: - - sync-main-with-upstream - environment: - GITEA_SSH_KEY: - from_secret: gitea_ssh_key - commands: - - ./.drone/setup_ssh.sh - - git remote add devos git@git.b12f.io:pub-solar/devos - - git remote set-url origin git@git.b12f.io:pub-solar/os - - git fetch --all - - git checkout -b devos --track origin/devos - - git merge -X theirs devos/main - - git push origin devos - - git remote set-url origin https://git.b12f.io/pub-solar/os.git - - - name: "Sync $BRANCH with upstream" - image: alpine/git - when: - event: - - cron - cron: - - sync-main-with-upstream - - sync-b12f-with-main - - sync-teutat3s-with-main - environment: - GITEA_SSH_KEY: - from_secret: gitea_ssh_key - commands: - - git fetch origin - - git checkout origin/main - - ./.drone/setup_ssh.sh - - git remote set-url origin git@git.b12f.io:pub-solar/os - - git fetch --all - - ./.drone/upstream-branch.sh - - - name: "Open pull request for failed merge" - image: nixery.dev/shell/tea - when: - status: - - failure - event: - - cron - cron: - - sync-main-with-upstream - - sync-b12f-with-main - - sync-teutat3s-with-main - environment: - TEA_CONFIG: - from_secret: tea_config - commands: - - mkdir -p ~/.config/tea - - echo "$$TEA_CONFIG" > ~/.config/tea/config.yml - - tea pulls create --base main --head devos - - - name: "Notify matrix" - image: plugins/matrix - when: - status: - - failure - event: - - cron - cron: - - sync-main-with-upstream - - sync-b12f-with-main - - sync-teutat3s-with-main - settings: - homeserver: https://matrix.pub.solar - roomid: dfQBqwkhIzrFjMSsxy:pub.solar - username: - from_secret: matrix_username - password: - from_secret: matrix_password - template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)" - -trigger: - event: - - cron - --- kind: pipeline type: docker @@ -98,15 +9,78 @@ steps: when: event: - pull_request - - tag environment: NIX_FLAGS: "--print-build-logs --verbose" commands: - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' - - nix $$NIX_FLAGS flake check + - nix $$NIX_FLAGS develop --command nix flake show - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + +--- +kind: pipeline +type: exec +name: Tests + +steps: + - name: "Tests" + environment: + NIX_FLAGS: "--print-build-logs --verbose" + commands: + - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' + - nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest" + - nix-store --read-log result + - nix $$NIX_FLAGS flake check - nix $$NIX_FLAGS develop --command echo OK + - name: "Upload artifacts" + environment: + TRITON_DONT_SOURCE_PROFILE: 1 + PRIVATE_SSH_KEY: + from_secret: private_ssh_key + MANTA_USER: pub_solar + MANTA_URL: https://eu-central.manta.greenbaum.cloud + MANTA_KEY_ID: "5d:5f:3d:22:8d:37:1f:e6:d6:ab:06:18:d9:a2:04:67" + commands: + - export TARGET_DIR="ci/$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}" + - echo env var TARGET_DIR is set to $$TARGET_DIR + - "mkdir ~/.ssh && chmod 700 ~/.ssh" + - echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519 + - nix flake new --template "git+https://git.greenbaum.cloud/dev/tritonshell?ref=main" ./tritonshell + - git add tritonshell + - cd tritonshell + - nix develop --command mput -p -f ../result/foot_wayland_info.png ~~/public/$${TARGET_DIR}/foot_wayland_info.png + - nix develop --command mput -p -f ../result/test-wayland.out ~~/public/$${TARGET_DIR}/test-wayland.out + +trigger: + ref: + - refs/tags/v* + - refs/tags/t* + +--- +kind: pipeline +type: docker +name: Notification + +steps: + - name: "Notify matrix" + image: plugins/matrix + settings: + homeserver: https://matrix.pub.solar + roomid: dfQBqwkhIzrFjMSsxy:pub.solar + username: + from_secret: matrix_username + password: + from_secret: matrix_password + template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png" + +depends_on: + - Tests + +trigger: + ref: + - refs/tags/v* + - refs/tags/t* + --- kind: pipeline type: docker @@ -115,14 +89,15 @@ name: Publish ISO steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest + environment: + NIX_FLAGS: "--print-build-logs --verbose" volumes: - name: file-exchange path: /var/nix/iso-cache commands: - | - nix --print-build-logs --verbose \ - build \ - '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso' + nix $$NIX_FLAGS build \ + '.#nixosConfigurations.bootstrap.config.system.build.isoImage' - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -148,8 +123,10 @@ depends_on: - Check trigger: + branch: + - main event: - - tag + - push volumes: - name: file-exchange @@ -157,6 +134,6 @@ volumes: --- kind: signature -hmac: da951ba8ede88996728acfb47846e01880eb0e3b91f66e47848d6c1cc727c5d9 +hmac: 5d7c0ef5519ffe68189271b18d9084db55c9e14831f95234655f5387f9426db0 ... diff --git a/flake.lock b/flake.lock index ea2f834c..d49440b6 100644 --- a/flake.lock +++ b/flake.lock @@ -162,15 +162,16 @@ "nixpkgs-unstable": "nixpkgs-unstable" }, "locked": { - "lastModified": 1659622306, - "narHash": "sha256-Kpfm2PNs+kZU0W7qcugoPATLG8I2P7FJFGTgsf1LJiU=", - "owner": "divnix", + "lastModified": 1661600857, + "narHash": "sha256-KfQCcTtfvU0PXV4fD9XKIMcKx9lUUR0xWJoBgc12fKE=", + "owner": "pub-solar", "repo": "digga", - "rev": "d1193743a535d7fbbc7f3eda4e51295b10bd4d2c", + "rev": "c902b3ef0aa45cb4f336c390f647bb182c38a221", "type": "github" }, "original": { - "owner": "divnix", + "owner": "pub-solar", + "ref": "fix/bootstrap-iso", "repo": "digga", "type": "github" } @@ -355,22 +356,6 @@ "type": "github" } }, - "fork": { - "locked": { - "lastModified": 1659962873, - "narHash": "sha256-M9GdH4WhpHm1PHLyn8E/mDwhNohrSDtUQINwISmFncg=", - "owner": "teutat3s", - "repo": "nixpkgs", - "rev": "76889bfa9fa296a47892eacfb4e82cfcff296938", - "type": "github" - }, - "original": { - "owner": "teutat3s", - "ref": "bump/deploy-rs", - "repo": "nixpkgs", - "type": "github" - } - }, "home": { "inputs": { "nixpkgs": [ @@ -638,7 +623,6 @@ "darwin": "darwin", "deploy": "deploy", "digga": "digga", - "fork": "fork", "home": "home", "latest": "latest_2", "master": "master", diff --git a/flake.nix b/flake.nix index b801c700..ec03c7e3 100644 --- a/flake.nix +++ b/flake.nix @@ -12,7 +12,7 @@ latest.url = "github:nixos/nixpkgs/nixos-unstable"; master.url = "github:nixos/nixpkgs/master"; - digga.url = "github:divnix/digga"; + digga.url = "github:pub-solar/digga/fix/bootstrap-iso"; digga.inputs.nixpkgs.follows = "nixos"; digga.inputs.nixlib.follows = "nixos"; digga.inputs.home-manager.follows = "home"; diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index ba509911..7772b0f1 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -1,9 +1,6 @@ { profiles, ... }: { - # build with: `nix build '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso'` - # reachable on the local link via ssh root@fe80::47%eno1 - # where 'eno1' is replaced by your own machine's network - # interface that has the local link to the target machine + # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"` imports = [ # profiles.networking profiles.users.root # make sure to configure ssh keys diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix new file mode 100644 index 00000000..1460ab16 --- /dev/null +++ b/modules/ci-runner/default.nix @@ -0,0 +1,41 @@ +{ lib, config, pkgs, self, ... }: +with lib; +let + psCfg = config.pub-solar; + cfg = config.pub-solar.ci-runner; +in +{ + options.pub-solar.ci-runner = { + enable = mkEnableOption "Enables a systemd service that runs drone-ci-runner"; + }; + + config = mkIf cfg.enable { + systemd.user.services.ci-runner = { + enable = true; + + description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM."; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + }; + + path = [ + pkgs.git + pkgs.nix + pkgs.libvirt + ]; + + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "libvirtd.service" ]; + + script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config''; + }; + + age.secrets."drone-runner-exec-config" = { + file = "${self}/secrets/drone-runner-exec-config"; + mode = "700"; + owner = psCfg.user.name; + }; + }; +} diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index bd8502d1..075ba775 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -61,7 +61,7 @@ in }; }; - services.getty.autologinUser = mkIf cfg.autologin.enable "${psCfg.user.name}"; + services.getty.autologinUser = mkIf cfg.autologin.enable (mkForce "${psCfg.user.name}"); qt5 = { enable = true; diff --git a/pkgs/drone-docker-runner.nix b/pkgs/drone-docker-runner.nix index 7d098536..e1773d5a 100644 --- a/pkgs/drone-docker-runner.nix +++ b/pkgs/drone-docker-runner.nix @@ -6,7 +6,7 @@ self: with self; '' --env=DRONE_RPC_PROTO=$DRONE_RPC_PROTO \ --env=DRONE_RPC_HOST=$DRONE_RPC_HOST \ --env=DRONE_RPC_SECRET=$(${self.libsecret}/bin/secret-tool lookup drone rpc-secret) \ - --env=DRONE_RUNNER_CAPACITY=4 \ + --env=DRONE_RUNNER_CAPACITY=8 \ --env=DRONE_RUNNER_NAME=$(${self.inetutils}/bin/hostname) \ --publish=3000:3000 \ --restart=always \ diff --git a/tests/first-test.nix b/tests/first-test.nix index 1e9af9f9..251779a1 100644 --- a/tests/first-test.nix +++ b/tests/first-test.nix @@ -65,7 +65,6 @@ # Wait for Sway to complete startup: machine.wait_for_file("/run/user/1000/wayland-1") machine.wait_for_file("/tmp/sway-ipc.sock") - machine.wait_for_file("/run/user/1000/pipewire-0") # Start a terminal (foot) on workspace 3: machine.wait_for_text("1") @@ -77,6 +76,9 @@ machine.sleep(3) machine.wait_for_text("pub-solar") machine.send_chars("test-wayland\n") + machine.wait_for_file("/tmp/test-wayland-exit-ok") + print(machine.succeed("cat /tmp/test-wayland.out")) + machine.copy_from_vm("/tmp/test-wayland.out") machine.sleep(3) machine.screenshot("foot_wayland_info") machine.send_key("meta_l-shift-q") diff --git a/tests/second-test.nix b/tests/second-test.nix new file mode 100644 index 00000000..d6409820 --- /dev/null +++ b/tests/second-test.nix @@ -0,0 +1,14 @@ +{ }: +{ + name = "secondTest"; + + nodes.test-machine2 = { suites ? null, ... }: { + imports = [ + suites.iso + ]; + }; + + testScript = '' + machines[0].systemctl("is-system-running --wait") + ''; +}