movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Merge pull request #78045 from flokli/buildkite-agent-user-runtime-test

Browse source 
nixos/buildkite: add option to configure user, add nix-required packages to runtime, add test
This commit is contained in:
zimbatm 2020-01-20 13:50:10 +00:00 committed by GitHub
commit e20de6b57a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 52 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

44
nixos/modules/services/continuous-integration/buildkite-agent.nix
View file

@ -29,6 +29,8 @@ let
${concatStringsSep "\n" (mapAttrsToList mkHookEntry (filterAttrs (n: v: v != null) cfg.hooks))} ${concatStringsSep "\n" (mapAttrsToList mkHookEntry (filterAttrs (n: v: v != null) cfg.hooks))}
''; '';
defaultUser = "buildkite-agent";
in in
{ {
@ -50,12 +52,21 @@ in
}; };
runtimePackages = mkOption { runtimePackages = mkOption {
default = [ pkgs.bash pkgs.nix ]; default = [ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ];
defaultText = "[ pkgs.bash pkgs.nix ]"; defaultText = "[ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]";
description = "Add programs to the buildkite-agent environment"; description = "Add programs to the buildkite-agent environment";
type = types.listOf types.package; type = types.listOf types.package;
}; };
user = mkOption {
type = types.str;
default = defaultUser;
description = ''
Set this option when you want to run the buildkite agent as something else
than the default user "buildkite-agent".
'';
};
tokenPath = mkOption { tokenPath = mkOption {
type = types.path; type = types.path;
description = '' description = ''
@ -93,7 +104,8 @@ in
}; };
privateSshKeyPath = mkOption { privateSshKeyPath = mkOption {
type = types.path; type = types.nullOr types.path;
default = null;
## maximum care is taken so that secrets (ssh keys and the CI token) ## maximum care is taken so that secrets (ssh keys and the CI token)
## don't end up in the Nix store. ## don't end up in the Nix store.
apply = final: if final == null then null else toString final; apply = final: if final == null then null else toString final;
@ -185,14 +197,14 @@ in
}; };
config = mkIf config.services.buildkite-agent.enable { config = mkIf config.services.buildkite-agent.enable {
users.users.buildkite-agent = users.users.buildkite-agent = mkIf (cfg.user == defaultUser) {
{ name = "buildkite-agent"; name = "buildkite-agent";
home = cfg.dataDir; home = cfg.dataDir;
createHome = true; createHome = true;
description = "Buildkite agent user"; description = "Buildkite agent user";
extraGroups = [ "keys" ]; extraGroups = [ "keys" ];
isSystemUser = true; isSystemUser = true;
}; };
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
@ -212,11 +224,11 @@ in
sshDir = "${cfg.dataDir}/.ssh"; sshDir = "${cfg.dataDir}/.ssh";
tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags); tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags);
in in
'' optionalString (cfg.privateSshKeyPath != null) ''
mkdir -m 0700 -p "${sshDir}" mkdir -m 0700 -p "${sshDir}"
cp -f "${toString cfg.openssh.privateKeyPath}" "${sshDir}/id_rsa" cp -f "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa"
chmod 600 "${sshDir}"/id_rsa* chmod 600 "${sshDir}"/id_rsa
'' + ''
cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF
token="$(cat ${toString cfg.tokenPath})" token="$(cat ${toString cfg.tokenPath})"
name="${cfg.name}" name="${cfg.name}"
@ -230,7 +242,7 @@ in
serviceConfig = serviceConfig =
{ ExecStart = "${cfg.package}/bin/buildkite-agent start --config /var/lib/buildkite-agent/buildkite-agent.cfg"; { ExecStart = "${cfg.package}/bin/buildkite-agent start --config /var/lib/buildkite-agent/buildkite-agent.cfg";
User = "buildkite-agent"; User = cfg.user;
RestartSec = 5; RestartSec = 5;
Restart = "on-failure"; Restart = "on-failure";
TimeoutSec = 10; TimeoutSec = 10;

1
nixos/tests/all-tests.nix
View file

@ -33,6 +33,7 @@ in
bind = handleTest ./bind.nix {}; bind = handleTest ./bind.nix {};
bittorrent = handleTest ./bittorrent.nix {}; bittorrent = handleTest ./bittorrent.nix {};
#blivet = handleTest ./blivet.nix {}; # broken since 2017-07024 #blivet = handleTest ./blivet.nix {}; # broken since 2017-07024
buildkite-agent = handleTest ./buildkite-agent.nix {};
boot = handleTestOn ["x86_64-linux"] ./boot.nix {}; # syslinux is unsupported on aarch64 boot = handleTestOn ["x86_64-linux"] ./boot.nix {}; # syslinux is unsupported on aarch64
boot-stage1 = handleTest ./boot-stage1.nix {}; boot-stage1 = handleTest ./boot-stage1.nix {};
borgbackup = handleTest ./borgbackup.nix {}; borgbackup = handleTest ./borgbackup.nix {};

23
nixos/tests/buildkite-agent.nix Normal file
View file

@ -0,0 +1,23 @@
import ./make-test-python.nix ({ pkgs, ... }:
{
name = "buildkite-agent";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ flokli ];
};
machine = { pkgs, ... }: {
services.buildkite-agent = {
enable = true;
privateSshKeyPath = (import ./ssh-keys.nix pkgs).snakeOilPrivateKey;
tokenPath = (pkgs.writeText "my-token" "5678");
};
};
testScript = ''
# we can't wait on the unit to start up, as we obviously can't connect to buildkite,
# but we can look whether files are set up correctly
machine.wait_for_file("/var/lib/buildkite-agent/buildkite-agent.cfg")
machine.wait_for_file("/var/lib/buildkite-agent/.ssh/id_rsa")
'';
})