Skip to content

Commit

Permalink
refac(cross): fluidattacks#1223 restructure tests
Browse files Browse the repository at this point in the history 
- Move CLI env to src
- Adapt default.nix
- Move container to root directory
- Move tests to root directory
- Move utils to root directory
- Create an isolated namespace per test
- Adapt CI jobs

Signed-off-by: Daniel Salazar <[email protected]>
  • Loading branch information
@dsalaza4
dsalaza4 committed Dec 19, 2024
1 parent 8c08a4a commit 19a2a57
Show file tree
Hide file tree
Showing 45 changed files with 206 additions and 231 deletions.
20 changes: 2 additions & 18 deletions .github/workflows/dev.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,22 +35,6 @@ jobs:
- name: /deployTerraform/module
run: nix-env -if . && m . /deployTerraform/module

linux_dev_example:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
- uses: docker://docker.io/nixos/nix@sha256:c3db4c484f6b1ee6c9bb8ca90307cfbeca8ef88156840911356a677eeaff4845
name: /dev/example
with:
args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /dev/example"
macos_dev_example:
runs-on: macos-latest
steps:
- uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
- uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac
- name: /dev/example
run: nix-env -if . && m . /dev/example

linux_dev_makes:
runs-on: ubuntu-latest
steps:
Expand Down Expand Up @@ -388,15 +372,15 @@ jobs:
- name: /testTerraform/module
run: nix-env -if . && m . /testTerraform/module

linux_computeOnAwsBatch_module:
linux_tests_computeOnAwsBatch:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
- uses: docker://docker.io/nixos/nix@sha256:c3db4c484f6b1ee6c9bb8ca90307cfbeca8ef88156840911356a677eeaff4845
name: /tests/computeOnAwsBatch
with:
args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /tests/computeOnAwsBatch
macos_computeOnAwsBatch_module:
macos_tests_computeOnAwsBatch:
runs-on: macos-latest
steps:
- uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
Expand Down
24 changes: 2 additions & 22 deletions .github/workflows/prod.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,26 +122,6 @@ jobs:
env:
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}

linux_dev_example:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
- uses: docker://docker.io/nixos/nix@sha256:c3db4c484f6b1ee6c9bb8ca90307cfbeca8ef88156840911356a677eeaff4845
name: /dev/example
with:
args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /dev/example"
env:
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
macos_dev_example:
runs-on: macos-latest
steps:
- uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
- uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac
- name: /dev/example
run: nix-env -if . && m . /dev/example
env:
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}

linux_docs_deploy:
runs-on: ubuntu-latest
steps:
Expand Down Expand Up @@ -544,15 +524,15 @@ jobs:
env:
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}

linux_computeOnAwsBatch_module:
linux_tests_computeOnAwsBatch:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
- uses: docker://docker.io/nixos/nix@sha256:c3db4c484f6b1ee6c9bb8ca90307cfbeca8ef88156840911356a677eeaff4845
name: /tests/computeOnAwsBatch
with:
args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /tests/computeOnAwsBatch
macos_computeOnAwsBatch_module:
macos_tests_computeOnAwsBatch:
runs-on: macos-latest
steps:
- uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
Expand Down
51 changes: 49 additions & 2 deletions makes/container-image/makes.nix → container/makes.nix
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,52 @@
{ outputs, __nixpkgs__, ... }: {
jobs."/container-image" = __nixpkgs__.dockerTools.buildImage {
deployContainer = {
makesAmd64 = {
credentials = {
token = "GITHUB_TOKEN";
user = "GITHUB_ACTOR";
};
image = "ghcr.io/fluidattacks/makes:amd64";
src = outputs."/container";
sign = true;
};
makesArm64 = {
credentials = {
token = "GITHUB_TOKEN";
user = "GITHUB_ACTOR";
};
image = "ghcr.io/fluidattacks/makes:arm64";
src = outputs."/container";
sign = true;
};
};
deployContainerManifest = {
makes = {
credentials = {
token = "GITHUB_TOKEN";
user = "GITHUB_ACTOR";
};
image = "ghcr.io/fluidattacks/makes:latest";
manifests = [
{
image = "ghcr.io/fluidattacks/makes:amd64";
platform = {
architecture = "amd64";
os = "linux";
};
}
{
image = "ghcr.io/fluidattacks/makes:arm64";
platform = {
architecture = "arm64";
os = "linux";
};
}
];
sign = true;
tags = [ "24.12" ];
};
};
jobs."/container" = __nixpkgs__.dockerTools.buildImage {
config = {
Env = [
"HOME=/home/root"
Expand All @@ -24,7 +71,7 @@
User = "root:root";
WorkingDir = "/working-dir";
};
name = "container-image";
name = "container";
tag = "latest";

copyToRoot = __nixpkgs__.buildEnv {
Expand Down
9 changes: 3 additions & 6 deletions default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,9 @@ let
agnostic = import ./src/args/agnostic.nix { inherit system; };

args = agnostic // {
outputs."/cli/env/runtime" =
(import ./makes/cli/env/runtime/makes.nix args).jobs."/cli/env/runtime";
outputs."/cli/env/runtime/pypi" =
(import ./makes/cli/env/runtime/pypi/makes.nix
args).jobs."/cli/env/runtime/pypi";
outputs."/src/cli/runtime" =
(import ./src/cli/makes.nix args).jobs."/src/cli/runtime";
projectPath = import ./src/args/project-path args;
projectSrc = ./.;
};
in (import ./makes/makes.nix args).jobs."/"
in (import ./src/makes.nix args).jobs."/"
139 changes: 12 additions & 127 deletions makes.nix
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
{ fetchNixpkgs, fetchUrl, makeScript, outputs, projectPath, __nixpkgs__, ...
}: {
imports = [ ./docs/makes.nix ./makes/makes.nix ];
projectIdentifier = "makes-repo";
{ fetchNixpkgs, outputs, __nixpkgs__, ... }: {
cache = {
readNixos = true;
extra = {
Expand All @@ -16,78 +13,12 @@
};
};
};
deployContainer = {
makesAmd64 = {
credentials = {
token = "GITHUB_TOKEN";
user = "GITHUB_ACTOR";
};
image = "ghcr.io/fluidattacks/makes:amd64";
src = outputs."/container-image";
sign = true;
};
makesArm64 = {
credentials = {
token = "GITHUB_TOKEN";
user = "GITHUB_ACTOR";
};
image = "ghcr.io/fluidattacks/makes:arm64";
src = outputs."/container-image";
sign = true;
};
};
deployContainerManifest = {
makes = {
credentials = {
token = "GITHUB_TOKEN";
user = "GITHUB_ACTOR";
};
image = "ghcr.io/fluidattacks/makes:latest";
manifests = [
{
image = "ghcr.io/fluidattacks/makes:amd64";
platform = {
architecture = "amd64";
os = "linux";
};
}
{
image = "ghcr.io/fluidattacks/makes:arm64";
platform = {
architecture = "arm64";
os = "linux";
};
}
];
sign = true;
tags = [ "24.12" ];
};
};
deployTerraform = {
modules = {
module = {
src = "/test/terraform/module";
version = "1.0";
};
};
};
dev = {
example = { bin = [ __nixpkgs__.hello ]; };
makes = {
bin = [ __nixpkgs__.just __nixpkgs__.reuse ];
source = [ outputs."/cli/env/runtime" ];
};
};
envVars = {
example = {
# Don't do this in production, it's unsafe. We do this for testing purposes.
PGP_PRIVATE = builtins.readFile ./makes/tests/secretsForGpgFromEnv/pgp;
PGP_PUBLIC = builtins.readFile ./makes/tests/secretsForGpgFromEnv/pgp.pub;
VAR_NAME = "test";
source = [ outputs."/src/cli/runtime" ];
};
};
envVarsForTerraform = { example = { VAR_NAME = "test"; }; };
extendingMakesDirs = [ "/makes" ];
formatBash = {
enable = true;
targets = [ "/" ];
Expand All @@ -104,10 +35,13 @@
enable = true;
targets = [ "/" ];
};
helloWorld = {
enable = true;
name = "Jane Doe";
};
imports = [
./container/makes.nix
./docs/makes.nix
./src/makes.nix
./tests/makes.nix
./utils/makes.nix
];
inputs = {
nixpkgs = fetchNixpkgs {
rev = "f88fc7a04249cf230377dd11e04bf125d45e9abe";
Expand All @@ -118,60 +52,11 @@
enable = true;
targets = [ "/" ];
};
lintGitMailMap = { enable = true; };
lintGitMailMap.enable = true;
lintNix = {
enable = true;
targets = [ "/" ];
};
lintTerraform = {
modules = {
module = {
src = "/test/terraform/module";
version = "1.0";
};
};
};
lintWithAjv = {
"test" = {
schema = "/test/lint-with-ajv/schema.json";
targets =
[ "/test/lint-with-ajv/data.json" "/test/lint-with-ajv/data.yaml" ];
};
};
pipelines = {
example = {
gitlabPath = "/test/pipelines/.gitlab-ci.yaml";
jobs = [
{
output = "/lintNix";
args = [ ];
}
{
output = "/helloWorld";
args = [ "1" "2" "3" ];
}
];
};
};
secretsForGpgFromEnv = { example = [ "PGP_PUBLIC" "PGP_PRIVATE" ]; };
secretsForEnvFromSops = {
example = {
manifest = "/makes/tests/secretsForGpgFromEnv/secrets.yaml";
vars = [ "secret" ];
};
};
secretsForTerraformFromEnv = { example = { test = "VAR_NAME"; }; };
testLicense = { enable = true; };
testTerraform = {
modules = {
module = {
setup = [
outputs."/envVars/example"
outputs."/secretsForTerraformFromEnv/example"
];
src = "/test/terraform/module";
version = "1.0";
};
};
};
projectIdentifier = "makes-repo";
testLicense.enable = true;
}
14 changes: 0 additions & 14 deletions makes/cli/env/runtime/makes.nix
View file

This file was deleted.

6 changes: 0 additions & 6 deletions makes/cli/env/runtime/pypi/makes.nix
View file

This file was deleted.

32 changes: 0 additions & 32 deletions makes/makes.nix
View file

This file was deleted.

Loading

0 comments on commit 19a2a57

Please sign in to comment.