use Cirrus CI
- Make more economic use of the free CI resources by removing redundant build tasks: - Build unstable pkgs in a single separate task ("pkgs_unstable"). - All stable pkgs are implicitly built by the modules tests. - The build script (ci/build.sh) can now be executed locally for easier debugging. - Use an explicit 'cachix push' command instead of helper/wait-for-network-idle.rb. This is simpler and more reliable.
This commit is contained in:
parent
0b12a4b5a1
commit
1c0233c0a8
42
.cirrus.yml
Normal file
42
.cirrus.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
container:
|
||||||
|
image: nixos/nix
|
||||||
|
# Besides virtualization, this also enables privileged containers which are required for
|
||||||
|
# sandboxed builds
|
||||||
|
kvm: true
|
||||||
|
# Needed for package builds
|
||||||
|
memory: 8G
|
||||||
|
|
||||||
|
environment:
|
||||||
|
CACHIX_SIGNING_KEY: ENCRYPTED[!cec502ed813cbcd0237697d2031f750186ff20eed5815b1ad950ad2f2d701702ae6ba2f0cb4cb1985687a696c8ee492c!]
|
||||||
|
# Save some traffic by excluding the full git history
|
||||||
|
CIRRUS_CLONE_DEPTH: 1
|
||||||
|
|
||||||
|
task:
|
||||||
|
# Use the maximum timeout. Needed when rebuilding packages on a channel update.
|
||||||
|
timeout_in: 120m
|
||||||
|
|
||||||
|
matrix:
|
||||||
|
- name: modules_test
|
||||||
|
environment:
|
||||||
|
nixpkgs: nixpkgs
|
||||||
|
container:
|
||||||
|
# A maximum of 16 CPUs is shared among all concurrent tasks.
|
||||||
|
# https://cirrus-ci.org/faq/#are-there-any-limits
|
||||||
|
cpu: 4
|
||||||
|
matrix:
|
||||||
|
- environment:
|
||||||
|
scenario: default
|
||||||
|
- environment:
|
||||||
|
scenario: netns
|
||||||
|
- environment:
|
||||||
|
scenario: netnsRegtest
|
||||||
|
|
||||||
|
- name: pkgs_unstable
|
||||||
|
environment:
|
||||||
|
nixpkgs: nixpkgs-unstable
|
||||||
|
|
||||||
|
# This script is run as root
|
||||||
|
build_script:
|
||||||
|
- echo "sandbox = true" >> /etc/nix/nix.conf
|
||||||
|
- export NIX_PATH="nixpkgs=$(nix eval --raw -f pkgs/nixpkgs-pinned.nix $nixpkgs)"
|
||||||
|
- nix run -f '<nixpkgs>' bash cachix -c ./ci/build.sh
|
74
.travis.yml
74
.travis.yml
|
@ -1,74 +0,0 @@
|
||||||
dist: bionic # needed for KVM
|
|
||||||
language: shell
|
|
||||||
|
|
||||||
install:
|
|
||||||
- curl -L https://nixos.org/nix/install | sh
|
|
||||||
- . /home/travis/.nix-profile/etc/profile.d/nix.sh
|
|
||||||
- if [[ $STABLE == 1 ]]; then export NIX_PATH="nixpkgs=$(nix eval --raw -f pkgs/nixpkgs-pinned.nix nixpkgs)"; fi
|
|
||||||
- if [[ $STABLE == 0 ]]; then export NIX_PATH="nixpkgs=$(nix eval --raw -f pkgs/nixpkgs-pinned.nix nixpkgs-unstable)"; fi
|
|
||||||
- nix-env -iA cachix -f https://cachix.org/api/v1/install
|
|
||||||
- cachix use nix-bitcoin
|
|
||||||
- VER="$(nix eval nixpkgs.lib.version)"
|
|
||||||
env:
|
|
||||||
global:
|
|
||||||
# CACHIX_SIGNING_KEY
|
|
||||||
- secure: "xXCFZ7g+k5YmCGm8R8l3bZElVmt+RD1KscG3kGr5w4HyyDPTzFetPo+sT8bUpysDU0u3HWhfVhHtpog2mhNhwVl3tQwKXea3dHKC1i6ypBg3gjDngmJRR5wo++ocYDpK8qPaU7m/jHQTNFnTA4CbmMcc05GcYx/1Ai/ZGkNwWFjdIcVeOUoiol33gykMOXIGDg2qlXudt33wP53FHbX8L4fxzodWfAuxKK4AoGprxy5eSnU7LCaXxxJmu4HwuV+Ux2U1NfE/E33cvhlUvTQCswVSZFG06mg8rwhMG1ozsDvlL2itZlu/BeUQH5y3XMMlnJIUXUazkRBibf1w/ebVjpOF+anqkqmq8tcbFEa7T+RJeVTIsvP+L8rE8fcmuZtdg9hNmgRnLmaeT0vVwD1L2UqW9HdRyujdoS0jPYuoc1W7f1JQWfAPhBPQ1SrtKyNNqcbVJ34aN7b+4vCzRpQL1JTbmjzQIWhkiKN1qMo1v/wbIydW8yka4hc4JOfdQLaAJEPI1eAC1MLotSAegMnwKWE1dzm66MuPSipksYjZrvsB28cV4aCVUffIuRhrSr1i2afRHwTpNbK9U4/576hah15ftUdR79Sfkcoi1ekSQTFGRvkRIPYtkKLYwFa3jVA41qz7+IIZCf4TsApy3XDdFx91cRub7yPq9BeZ83A+qYQ="
|
|
||||||
jobs:
|
|
||||||
- TestModules=1 STABLE=1 SCENARIO=default
|
|
||||||
- TestModules=1 STABLE=1 SCENARIO=netns
|
|
||||||
- TestModules=1 STABLE=1 SCENARIO=netnsRegtest
|
|
||||||
- PKG=hwi STABLE=1
|
|
||||||
- PKG=hwi STABLE=0
|
|
||||||
- PKG=lightning-charge STABLE=1
|
|
||||||
- PKG=lightning-charge STABLE=0
|
|
||||||
- PKG=nanopos STABLE=1
|
|
||||||
- PKG=nanopos STABLE=0
|
|
||||||
- PKG=spark-wallet STABLE=1
|
|
||||||
- PKG=elementsd STABLE=1
|
|
||||||
- PKG=elementsd STABLE=0
|
|
||||||
- PKG=electrs STABLE=1
|
|
||||||
- PKG=electrs STABLE=0
|
|
||||||
- PKG=liquid-swap STABLE=1
|
|
||||||
- PKG=lightning-loop STABLE=0
|
|
||||||
- PKG=nixops19_09 STABLE=1
|
|
||||||
- PKG=joinmarket STABLE=1
|
|
||||||
- PKG=joinmarket STABLE=0
|
|
||||||
- PKG=clightning-plugins-all STABLE=1
|
|
||||||
script:
|
|
||||||
- printf '%s (%s)\n' "$NIX_PATH" "$VER"
|
|
||||||
- |
|
|
||||||
getBuildExpr() {
|
|
||||||
if [[ $TestModules ]]; then
|
|
||||||
if [[ ! -e /dev/kvm ]]; then
|
|
||||||
>&2 echo "No KVM available on VM Host."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
sudo chmod go+rw /dev/kvm
|
|
||||||
test/run-tests.sh --scenario $SCENARIO exprForCI
|
|
||||||
else
|
|
||||||
echo "(import ./. {}).$PKG"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
- buildExpr=$(getBuildExpr)
|
|
||||||
- time nix-instantiate -E "$buildExpr" --add-root ./drv --indirect
|
|
||||||
- outPath=$(nix-store --query ./drv)
|
|
||||||
- |
|
|
||||||
if nix path-info --store https://nix-bitcoin.cachix.org $outPath &>/dev/null; then
|
|
||||||
echo "$outPath" has already been built successfully.
|
|
||||||
travis_terminate 0
|
|
||||||
fi
|
|
||||||
# Travis doesn't expose secrets to pull-request builds,
|
|
||||||
# so skip cache uploading in this case
|
|
||||||
- |
|
|
||||||
if [[ $CACHIX_SIGNING_KEY ]]; then
|
|
||||||
cachix push nix-bitcoin --watch-store &
|
|
||||||
cachixPid=$!
|
|
||||||
fi
|
|
||||||
- nix-build ./drv
|
|
||||||
- |
|
|
||||||
if [[ $CACHIX_SIGNING_KEY ]]; then
|
|
||||||
# Wait until cachix has finished uploading
|
|
||||||
# Run as root because yama/ptrace_scope != 0
|
|
||||||
ruby=$(nix-build '<nixpkgs>' -A ruby)/bin/ruby
|
|
||||||
time sudo $ruby helper/wait-for-network-idle.rb $cachixPid
|
|
||||||
fi
|
|
|
@ -1,7 +1,7 @@
|
||||||
nix-bitcoin
|
nix-bitcoin
|
||||||
===
|
===
|
||||||
|
|
||||||
[![Build Status](https://travis-ci.org/fort-nix/nix-bitcoin.svg?branch=master)](https://travis-ci.org/fort-nix/nix-bitcoin)
|
[![Build Status](https://api.cirrus-ci.com/github/fort-nix/nix-bitcoin.svg?branch=master)](https://cirrus-ci.com/github/fort-nix/nix-bitcoin)
|
||||||
|
|
||||||
Nix packages and nixos modules for easily installing Bitcoin nodes and higher layer protocols with an emphasis on security.
|
Nix packages and nixos modules for easily installing Bitcoin nodes and higher layer protocols with an emphasis on security.
|
||||||
This is a work in progress - don't expect it to be bug-free, secure or stable.
|
This is a work in progress - don't expect it to be bug-free, secure or stable.
|
||||||
|
|
14
ci/build.nix
Normal file
14
ci/build.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
let
|
||||||
|
pkgs = import <nixpkgs> {};
|
||||||
|
nbPkgs = import ../pkgs { inherit pkgs; };
|
||||||
|
ciPkgs = with nbPkgs; [
|
||||||
|
electrs
|
||||||
|
elementsd
|
||||||
|
hwi
|
||||||
|
joinmarket
|
||||||
|
lightning-charge
|
||||||
|
lightning-loop
|
||||||
|
nanopos
|
||||||
|
];
|
||||||
|
in
|
||||||
|
pkgs.writeText "ci-pkgs" (pkgs.lib.concatMapStringsSep "\n" toString ciPkgs)
|
75
ci/build.sh
Executable file
75
ci/build.sh
Executable file
|
@ -0,0 +1,75 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# This script can also be run locally for testing:
|
||||||
|
# scenario=default ./build.sh
|
||||||
|
#
|
||||||
|
# WARNING: This script fetches contents from an untrusted $cachixCache to your local nix-store.
|
||||||
|
#
|
||||||
|
# When variable CIRRUS_CI is unset, this script leaves no persistent traces on the host system.
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
scenario=${scenario:-}
|
||||||
|
CACHIX_SIGNING_KEY=${CACHIX_SIGNING_KEY:-}
|
||||||
|
cachixCache=nix-bitcoin
|
||||||
|
|
||||||
|
trap 'echo Error at line $LINENO' ERR
|
||||||
|
|
||||||
|
if [[ -v CIRRUS_CI ]]; then
|
||||||
|
tmpDir=/tmp
|
||||||
|
if [[ $scenario ]]; then
|
||||||
|
if [[ ! -e /dev/kvm ]]; then
|
||||||
|
>&2 echo "No KVM available on VM host."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
# Enable KVM access for nixbld users
|
||||||
|
chmod o+rw /dev/kvm
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
atExit() {
|
||||||
|
rm -rf $tmpDir
|
||||||
|
if [[ -v cachixPid ]]; then kill $cachixPid; fi
|
||||||
|
}
|
||||||
|
tmpDir=$(mktemp -d -p /tmp)
|
||||||
|
trap atExit EXIT
|
||||||
|
# Prevent cachix from writing to HOME
|
||||||
|
export HOME=$tmpDir
|
||||||
|
fi
|
||||||
|
|
||||||
|
cachix use $cachixCache
|
||||||
|
cd "${BASH_SOURCE[0]%/*}"
|
||||||
|
|
||||||
|
## Build
|
||||||
|
|
||||||
|
echo "$NIX_PATH ($(nix eval --raw nixpkgs.lib.version))"
|
||||||
|
|
||||||
|
if [[ $scenario ]]; then
|
||||||
|
buildExpr=$(../test/run-tests.sh --scenario $scenario exprForCI)
|
||||||
|
else
|
||||||
|
buildExpr="import ./build.nix"
|
||||||
|
fi
|
||||||
|
|
||||||
|
time nix-instantiate -E "$buildExpr" --add-root $tmpDir/drv --indirect > /dev/null
|
||||||
|
printf "instantiated "; realpath $tmpDir/drv
|
||||||
|
|
||||||
|
outPath=$(nix-store --query $tmpDir/drv)
|
||||||
|
if nix path-info --store https://$cachixCache.cachix.org $outPath &>/dev/null; then
|
||||||
|
echo "$outPath" has already been built successfully.
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Cirrus doesn't expose secrets to pull-request builds,
|
||||||
|
# so skip cache uploading in this case
|
||||||
|
if [[ $CACHIX_SIGNING_KEY ]]; then
|
||||||
|
# Speed up task by uploading store paths as soon as they are created
|
||||||
|
cachix push $cachixCache --watch-store &
|
||||||
|
cachixPid=$!
|
||||||
|
fi
|
||||||
|
|
||||||
|
nix-build --out-link $tmpDir/result $tmpDir/drv >/dev/null
|
||||||
|
|
||||||
|
if [[ $CACHIX_SIGNING_KEY ]]; then
|
||||||
|
cachix push $cachixCache $outPath
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo $outPath
|
|
@ -1,29 +0,0 @@
|
||||||
#!/usr/bin/env ruby
|
|
||||||
require 'open3'
|
|
||||||
|
|
||||||
# Wait until the given PID had no network activity for `Timeout` seconds, then exit.
|
|
||||||
|
|
||||||
pid = ARGV.first
|
|
||||||
Timeout = 2
|
|
||||||
|
|
||||||
stdin, out, err, wait_thread = Open3.popen3("strace -f -e trace=network -s 1 -q -p #{pid}")
|
|
||||||
while IO.select([err], nil, nil, Timeout)
|
|
||||||
begin
|
|
||||||
out = err.read_nonblock(1 << 10)
|
|
||||||
rescue EOFError
|
|
||||||
status = wait_thread.value
|
|
||||||
if status.success?
|
|
||||||
puts "Monitored process #{pid} exited"
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
puts "Strace failed with exit code #{status.to_i}. Last output:\n#{out}"
|
|
||||||
# strace often fails with code 256 which looks like success to shells. fail with 1 instead.
|
|
||||||
exit 1
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# If we exit without an explicit kill,
|
|
||||||
# ptrace can fail on reattachment: ptrace(PTRACE_SEIZE, $PID): Operation not permitted
|
|
||||||
# Only relevant for testing.
|
|
||||||
Process.kill("TERM", wait_thread.pid)
|
|
|
@ -24,8 +24,4 @@ let self = {
|
||||||
lib = import ./lib.nix { inherit (pkgs) lib; };
|
lib = import ./lib.nix { inherit (pkgs) lib; };
|
||||||
|
|
||||||
modulesPkgs = self // self.pinned;
|
modulesPkgs = self // self.pinned;
|
||||||
|
|
||||||
# Used in ../.travis.yml
|
|
||||||
clightning-plugins-all = pkgs.writeText "clightning-plugins"
|
|
||||||
(pkgs.lib.concatMapStringsSep "\n" toString (builtins.attrValues self.clightning-plugins));
|
|
||||||
}; in self
|
}; in self
|
||||||
|
|
|
@ -141,7 +141,7 @@ buildTest() {
|
||||||
# On continuous integration nodes there are few other processes running alongside the
|
# On continuous integration nodes there are few other processes running alongside the
|
||||||
# test, so use more memory here for maximum performance.
|
# test, so use more memory here for maximum performance.
|
||||||
exprForCI() {
|
exprForCI() {
|
||||||
memoryMiB=3072
|
memoryMiB=4096
|
||||||
memTotalKiB=$(awk '/MemTotal/ { print $2 }' /proc/meminfo)
|
memTotalKiB=$(awk '/MemTotal/ { print $2 }' /proc/meminfo)
|
||||||
memAvailableKiB=$(awk '/MemAvailable/ { print $2 }' /proc/meminfo)
|
memAvailableKiB=$(awk '/MemAvailable/ { print $2 }' /proc/meminfo)
|
||||||
# Round down to nearest multiple of 50 MiB for improved test build caching
|
# Round down to nearest multiple of 50 MiB for improved test build caching
|
||||||
|
|
Loading…
Reference in New Issue
Block a user