summaryrefslogtreecommitdiffstats
path: root/krebs/2configs/shared-buildbot.nix
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-07-14 00:17:58 +0200
committertv <tv@krebsco.de>2017-07-14 00:21:02 +0200
commit58380c82848c3db0bd6c3d74904153f3464c2098 (patch)
treedcefa424c037ef13edba18967143b3290dc739cb /krebs/2configs/shared-buildbot.nix
parentc213968c44befe32f115ec0122accebdabd89582 (diff)
merge shared into krebs
Diffstat (limited to 'krebs/2configs/shared-buildbot.nix')
-rw-r--r--krebs/2configs/shared-buildbot.nix178
1 files changed, 178 insertions, 0 deletions
diff --git a/krebs/2configs/shared-buildbot.nix b/krebs/2configs/shared-buildbot.nix
new file mode 100644
index 000000000..efb41cc3e
--- /dev/null
+++ b/krebs/2configs/shared-buildbot.nix
@@ -0,0 +1,178 @@
+{ lib, config, pkgs, ... }:
+# The buildbot config is self-contained and currently provides a way
+# to test "krebs" configuration (infrastructure to be used by every krebsminister).
+
+# You can add your own test, test steps as required. Deploy the config on a
+# krebs host like wolf and everything should be fine.
+
+# TODO for all users schedule a build for fast tests
+{
+ # due to the fact that we actually build stuff on the box via the daemon,
+ # /nix/store should be cleaned up automatically as well
+ services.nginx.virtualHosts.build = {
+ serverAliases = [ "build.wolf.r" ];
+ locations."/".extraConfig = ''
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_pass http://localhost:${toString config.krebs.buildbot.master.web.port};
+ '';
+ };
+
+ nix.gc.automatic = true;
+ nix.gc.dates = "05:23";
+ networking.firewall.allowedTCPPorts = [ 8010 9989 ];
+ krebs.buildbot.master = let
+ stockholm-mirror-url = http://cgit.wolf.r/stockholm-mirror ;
+ in {
+ secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
+ workers = {
+ testworker = "krebspass";
+ };
+ change_source.stockholm = ''
+ stockholm_repo = '${stockholm-mirror-url}'
+ cs.append(changes.GitPoller(
+ stockholm_repo,
+ workdir='stockholm-poller', branches=True,
+ project='stockholm',
+ pollinterval=60))
+ '';
+ scheduler = {
+ force-scheduler = ''
+ sched.append(schedulers.ForceScheduler(
+ name="force",
+ builderNames=[
+ # "full-tests",
+ "fast-tests",
+ "build-local"
+ ]))
+ '';
+ fast-tests-scheduler = ''
+ # test everything real quick
+ sched.append(schedulers.AnyBranchScheduler(
+ treeStableTimer=10,
+ name="fast-all-branches",
+ builderNames=["fast-tests"]))
+ '';
+ test-cac-infest-master = ''
+ # files everyone depends on or are part of the share branch
+ def shared_files(change):
+ r =re.compile("^(krebs/.*|Makefile|default.nix|shell.nix)")
+ for file in change.files:
+ if r.match(file):
+ return True
+ return False
+
+ sched.append(schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch="master"),
+ fileIsImportant=shared_files,
+ treeStableTimer=60*60, # master was stable for the last hour
+ name="full-master",
+ builderNames=[
+ # "full-tests",
+ "build-local"
+ ]))
+ '';
+ };
+ builder_pre = ''
+ # prepare grab_repo step for stockholm
+ grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
+
+ env = {
+ "LOGNAME": "krebs",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ }
+
+ # prepare nix-shell
+ # the dependencies which are used by the test script
+ deps = [ "gnumake", "jq", "nix",
+ "(import <stockholm>).pkgs.populate",
+ "(import <stockholm>).pkgs.test.infest-cac-centos7" ]
+ # TODO: --pure , prepare ENV in nix-shell command:
+ # SSL_CERT_FILE,LOGNAME,NIX_REMOTE
+ nixshell = ["nix-shell",
+ "-I", "stockholm=.",
+ "-I", "nixpkgs=/var/src/nixpkgs",
+ "-p" ] + deps + [ "--run" ]
+
+ # prepare addShell function
+ def addShell(factory,**kwargs):
+ factory.addStep(steps.ShellCommand(**kwargs))
+ '';
+ builder = {
+ fast-tests = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+
+ for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
+ addShell(f,name="build-{}".format(i),env=env,
+ command=nixshell + \
+ ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
+ make \
+ test \
+ target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
+ method=eval \
+ system={}".format(i)])
+
+ bu.append(util.BuilderConfig(name="fast-tests",
+ workernames=workernames,
+ factory=f))
+
+ '';
+ # this build will try to build against local nixpkgs
+ # TODO change to do a 'local' populate and use the retrieved nixpkgs
+ build-local = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+
+
+ bu.append(util.BuilderConfig(name="build-local",
+ workernames=workernames,
+ factory=f))
+ '';
+# slow-tests = ''
+# s = util.BuildFactory()
+# s.addStep(grab_repo)
+#
+# # worker needs 2 files:
+# # * cac.json
+# # * retiolum
+# s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", workerdest="cac.json"))
+# s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", workerdest="retiolum.rsa_key.priv"))
+# addShell(s, name="infest-cac-centos7",env=env,
+# sigtermTime=60, # SIGTERM 1 minute before SIGKILL
+# timeout=10800, # 3h
+# command=nixshell + ["infest-cac-centos7"])
+#
+# bu.append(util.BuilderConfig(name="full-tests",
+# workernames=workernames,
+# factory=s))
+# '';
+ };
+ enable = true;
+ web = {
+ enable = true;
+ };
+ irc = {
+ enable = true;
+ nick = "wolfbot";
+ server = "ni.r";
+ channels = [ { channel = "retiolum"; } ];
+ allowForce = true;
+ };
+ extraConfig = ''
+ c['buildbotURL'] = "http://build.wolf.r/"
+ '';
+ };
+
+ krebs.buildbot.worker = {
+ enable = true;
+ masterhost = "localhost";
+ username = "testworker";
+ password = "krebspass";
+ packages = with pkgs; [ gnumake jq nix populate ];
+ # all nix commands will need a working nixpkgs installation
+ extraEnviron = {
+ NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./krebs/1systems/wolf.nix"; };
+ };
+}