use Cirrus CI
- Make more economic use of the free CI resources by removing redundant build tasks: - Build unstable pkgs in a single separate task ("pkgs_unstable"). - All stable pkgs are implicitly built by the modules tests. - The build script (ci/build.sh) can now be executed locally for easier debugging. - Use an explicit 'cachix push' command instead of helper/wait-for-network-idle.rb. This is simpler and more reliable.
This commit is contained in:
parent
0b12a4b5a1
commit
1c0233c0a8
42
.cirrus.yml
Normal file
42
.cirrus.yml
Normal file
|
@ -0,0 +1,42 @@
|
|||
container:
|
||||
image: nixos/nix
|
||||
# Besides virtualization, this also enables privileged containers which are required for
|
||||
# sandboxed builds
|
||||
kvm: true
|
||||
# Needed for package builds
|
||||
memory: 8G
|
||||
|
||||
environment:
|
||||
CACHIX_SIGNING_KEY: ENCRYPTED[!cec502ed813cbcd0237697d2031f750186ff20eed5815b1ad950ad2f2d701702ae6ba2f0cb4cb1985687a696c8ee492c!]
|
||||
# Save some traffic by excluding the full git history
|
||||
CIRRUS_CLONE_DEPTH: 1
|
||||
|
||||
task:
|
||||
# Use the maximum timeout. Needed when rebuilding packages on a channel update.
|
||||
timeout_in: 120m
|
||||
|
||||
matrix:
|
||||
- name: modules_test
|
||||
environment:
|
||||
nixpkgs: nixpkgs
|
||||
container:
|
||||
# A maximum of 16 CPUs is shared among all concurrent tasks.
|
||||
# https://cirrus-ci.org/faq/#are-there-any-limits
|
||||
cpu: 4
|
||||
matrix:
|
||||
- environment:
|
||||
scenario: default
|
||||
- environment:
|
||||
scenario: netns
|
||||
- environment:
|
||||
scenario: netnsRegtest
|
||||
|
||||
- name: pkgs_unstable
|
||||
environment:
|
||||
nixpkgs: nixpkgs-unstable
|
||||
|
||||
# This script is run as root
|
||||
build_script:
|
||||
- echo "sandbox = true" >> /etc/nix/nix.conf
|
||||
- export NIX_PATH="nixpkgs=$(nix eval --raw -f pkgs/nixpkgs-pinned.nix $nixpkgs)"
|
||||
- nix run -f '<nixpkgs>' bash cachix -c ./ci/build.sh
|
74
.travis.yml
74
.travis.yml
|
@ -1,74 +0,0 @@
|
|||
dist: bionic # needed for KVM
|
||||
language: shell
|
||||
|
||||
install:
|
||||
- curl -L https://nixos.org/nix/install | sh
|
||||
- . /home/travis/.nix-profile/etc/profile.d/nix.sh
|
||||
- if [[ $STABLE == 1 ]]; then export NIX_PATH="nixpkgs=$(nix eval --raw -f pkgs/nixpkgs-pinned.nix nixpkgs)"; fi
|
||||
- if [[ $STABLE == 0 ]]; then export NIX_PATH="nixpkgs=$(nix eval --raw -f pkgs/nixpkgs-pinned.nix nixpkgs-unstable)"; fi
|
||||
- nix-env -iA cachix -f https://cachix.org/api/v1/install
|
||||
- cachix use nix-bitcoin
|
||||
- VER="$(nix eval nixpkgs.lib.version)"
|
||||
env:
|
||||
global:
|
||||
# CACHIX_SIGNING_KEY
|
||||
- secure: "xXCFZ7g+k5YmCGm8R8l3bZElVmt+RD1KscG3kGr5w4HyyDPTzFetPo+sT8bUpysDU0u3HWhfVhHtpog2mhNhwVl3tQwKXea3dHKC1i6ypBg3gjDngmJRR5wo++ocYDpK8qPaU7m/jHQTNFnTA4CbmMcc05GcYx/1Ai/ZGkNwWFjdIcVeOUoiol33gykMOXIGDg2qlXudt33wP53FHbX8L4fxzodWfAuxKK4AoGprxy5eSnU7LCaXxxJmu4HwuV+Ux2U1NfE/E33cvhlUvTQCswVSZFG06mg8rwhMG1ozsDvlL2itZlu/BeUQH5y3XMMlnJIUXUazkRBibf1w/ebVjpOF+anqkqmq8tcbFEa7T+RJeVTIsvP+L8rE8fcmuZtdg9hNmgRnLmaeT0vVwD1L2UqW9HdRyujdoS0jPYuoc1W7f1JQWfAPhBPQ1SrtKyNNqcbVJ34aN7b+4vCzRpQL1JTbmjzQIWhkiKN1qMo1v/wbIydW8yka4hc4JOfdQLaAJEPI1eAC1MLotSAegMnwKWE1dzm66MuPSipksYjZrvsB28cV4aCVUffIuRhrSr1i2afRHwTpNbK9U4/576hah15ftUdR79Sfkcoi1ekSQTFGRvkRIPYtkKLYwFa3jVA41qz7+IIZCf4TsApy3XDdFx91cRub7yPq9BeZ83A+qYQ="
|
||||
jobs:
|
||||
- TestModules=1 STABLE=1 SCENARIO=default
|
||||
- TestModules=1 STABLE=1 SCENARIO=netns
|
||||
- TestModules=1 STABLE=1 SCENARIO=netnsRegtest
|
||||
- PKG=hwi STABLE=1
|
||||
- PKG=hwi STABLE=0
|
||||
- PKG=lightning-charge STABLE=1
|
||||
- PKG=lightning-charge STABLE=0
|
||||
- PKG=nanopos STABLE=1
|
||||
- PKG=nanopos STABLE=0
|
||||
- PKG=spark-wallet STABLE=1
|
||||
- PKG=elementsd STABLE=1
|
||||
- PKG=elementsd STABLE=0
|
||||
- PKG=electrs STABLE=1
|
||||
- PKG=electrs STABLE=0
|
||||
- PKG=liquid-swap STABLE=1
|
||||
- PKG=lightning-loop STABLE=0
|
||||
- PKG=nixops19_09 STABLE=1
|
||||
- PKG=joinmarket STABLE=1
|
||||
- PKG=joinmarket STABLE=0
|
||||
- PKG=clightning-plugins-all STABLE=1
|
||||
script:
|
||||
- printf '%s (%s)\n' "$NIX_PATH" "$VER"
|
||||
- |
|
||||
getBuildExpr() {
|
||||
if [[ $TestModules ]]; then
|
||||
if [[ ! -e /dev/kvm ]]; then
|
||||
>&2 echo "No KVM available on VM Host."
|
||||
exit 1
|
||||
fi
|
||||
sudo chmod go+rw /dev/kvm
|
||||
test/run-tests.sh --scenario $SCENARIO exprForCI
|
||||
else
|
||||
echo "(import ./. {}).$PKG"
|
||||
fi
|
||||
}
|
||||
- buildExpr=$(getBuildExpr)
|
||||
- time nix-instantiate -E "$buildExpr" --add-root ./drv --indirect
|
||||
- outPath=$(nix-store --query ./drv)
|
||||
- |
|
||||
if nix path-info --store https://nix-bitcoin.cachix.org $outPath &>/dev/null; then
|
||||
echo "$outPath" has already been built successfully.
|
||||
travis_terminate 0
|
||||
fi
|
||||
# Travis doesn't expose secrets to pull-request builds,
|
||||
# so skip cache uploading in this case
|
||||
- |
|
||||
if [[ $CACHIX_SIGNING_KEY ]]; then
|
||||
cachix push nix-bitcoin --watch-store &
|
||||
cachixPid=$!
|
||||
fi
|
||||
- nix-build ./drv
|
||||
- |
|
||||
if [[ $CACHIX_SIGNING_KEY ]]; then
|
||||
# Wait until cachix has finished uploading
|
||||
# Run as root because yama/ptrace_scope != 0
|
||||
ruby=$(nix-build '<nixpkgs>' -A ruby)/bin/ruby
|
||||
time sudo $ruby helper/wait-for-network-idle.rb $cachixPid
|
||||
fi
|
|
@ -1,7 +1,7 @@
|
|||
nix-bitcoin
|
||||
===
|
||||
|
||||
[![Build Status](https://travis-ci.org/fort-nix/nix-bitcoin.svg?branch=master)](https://travis-ci.org/fort-nix/nix-bitcoin)
|
||||
[![Build Status](https://api.cirrus-ci.com/github/fort-nix/nix-bitcoin.svg?branch=master)](https://cirrus-ci.com/github/fort-nix/nix-bitcoin)
|
||||
|
||||
Nix packages and nixos modules for easily installing Bitcoin nodes and higher layer protocols with an emphasis on security.
|
||||
This is a work in progress - don't expect it to be bug-free, secure or stable.
|
||||
|
|
14
ci/build.nix
Normal file
14
ci/build.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
let
|
||||
pkgs = import <nixpkgs> {};
|
||||
nbPkgs = import ../pkgs { inherit pkgs; };
|
||||
ciPkgs = with nbPkgs; [
|
||||
electrs
|
||||
elementsd
|
||||
hwi
|
||||
joinmarket
|
||||
lightning-charge
|
||||
lightning-loop
|
||||
nanopos
|
||||
];
|
||||
in
|
||||
pkgs.writeText "ci-pkgs" (pkgs.lib.concatMapStringsSep "\n" toString ciPkgs)
|
75
ci/build.sh
Executable file
75
ci/build.sh
Executable file
|
@ -0,0 +1,75 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# This script can also be run locally for testing:
|
||||
# scenario=default ./build.sh
|
||||
#
|
||||
# WARNING: This script fetches contents from an untrusted $cachixCache to your local nix-store.
|
||||
#
|
||||
# When variable CIRRUS_CI is unset, this script leaves no persistent traces on the host system.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
scenario=${scenario:-}
|
||||
CACHIX_SIGNING_KEY=${CACHIX_SIGNING_KEY:-}
|
||||
cachixCache=nix-bitcoin
|
||||
|
||||
trap 'echo Error at line $LINENO' ERR
|
||||
|
||||
if [[ -v CIRRUS_CI ]]; then
|
||||
tmpDir=/tmp
|
||||
if [[ $scenario ]]; then
|
||||
if [[ ! -e /dev/kvm ]]; then
|
||||
>&2 echo "No KVM available on VM host."
|
||||
exit 1
|
||||
fi
|
||||
# Enable KVM access for nixbld users
|
||||
chmod o+rw /dev/kvm
|
||||
fi
|
||||
else
|
||||
atExit() {
|
||||
rm -rf $tmpDir
|
||||
if [[ -v cachixPid ]]; then kill $cachixPid; fi
|
||||
}
|
||||
tmpDir=$(mktemp -d -p /tmp)
|
||||
trap atExit EXIT
|
||||
# Prevent cachix from writing to HOME
|
||||
export HOME=$tmpDir
|
||||
fi
|
||||
|
||||
cachix use $cachixCache
|
||||
cd "${BASH_SOURCE[0]%/*}"
|
||||
|
||||
## Build
|
||||
|
||||
echo "$NIX_PATH ($(nix eval --raw nixpkgs.lib.version))"
|
||||
|
||||
if [[ $scenario ]]; then
|
||||
buildExpr=$(../test/run-tests.sh --scenario $scenario exprForCI)
|
||||
else
|
||||
buildExpr="import ./build.nix"
|
||||
fi
|
||||
|
||||
time nix-instantiate -E "$buildExpr" --add-root $tmpDir/drv --indirect > /dev/null
|
||||
printf "instantiated "; realpath $tmpDir/drv
|
||||
|
||||
outPath=$(nix-store --query $tmpDir/drv)
|
||||
if nix path-info --store https://$cachixCache.cachix.org $outPath &>/dev/null; then
|
||||
echo "$outPath" has already been built successfully.
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Cirrus doesn't expose secrets to pull-request builds,
|
||||
# so skip cache uploading in this case
|
||||
if [[ $CACHIX_SIGNING_KEY ]]; then
|
||||
# Speed up task by uploading store paths as soon as they are created
|
||||
cachix push $cachixCache --watch-store &
|
||||
cachixPid=$!
|
||||
fi
|
||||
|
||||
nix-build --out-link $tmpDir/result $tmpDir/drv >/dev/null
|
||||
|
||||
if [[ $CACHIX_SIGNING_KEY ]]; then
|
||||
cachix push $cachixCache $outPath
|
||||
fi
|
||||
|
||||
echo $outPath
|
|
@ -1,29 +0,0 @@
|
|||
#!/usr/bin/env ruby
|
||||
require 'open3'
|
||||
|
||||
# Wait until the given PID had no network activity for `Timeout` seconds, then exit.
|
||||
|
||||
pid = ARGV.first
|
||||
Timeout = 2
|
||||
|
||||
stdin, out, err, wait_thread = Open3.popen3("strace -f -e trace=network -s 1 -q -p #{pid}")
|
||||
while IO.select([err], nil, nil, Timeout)
|
||||
begin
|
||||
out = err.read_nonblock(1 << 10)
|
||||
rescue EOFError
|
||||
status = wait_thread.value
|
||||
if status.success?
|
||||
puts "Monitored process #{pid} exited"
|
||||
exit 0
|
||||
else
|
||||
puts "Strace failed with exit code #{status.to_i}. Last output:\n#{out}"
|
||||
# strace often fails with code 256 which looks like success to shells. fail with 1 instead.
|
||||
exit 1
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# If we exit without an explicit kill,
|
||||
# ptrace can fail on reattachment: ptrace(PTRACE_SEIZE, $PID): Operation not permitted
|
||||
# Only relevant for testing.
|
||||
Process.kill("TERM", wait_thread.pid)
|
|
@ -24,8 +24,4 @@ let self = {
|
|||
lib = import ./lib.nix { inherit (pkgs) lib; };
|
||||
|
||||
modulesPkgs = self // self.pinned;
|
||||
|
||||
# Used in ../.travis.yml
|
||||
clightning-plugins-all = pkgs.writeText "clightning-plugins"
|
||||
(pkgs.lib.concatMapStringsSep "\n" toString (builtins.attrValues self.clightning-plugins));
|
||||
}; in self
|
||||
|
|
|
@ -141,7 +141,7 @@ buildTest() {
|
|||
# On continuous integration nodes there are few other processes running alongside the
|
||||
# test, so use more memory here for maximum performance.
|
||||
exprForCI() {
|
||||
memoryMiB=3072
|
||||
memoryMiB=4096
|
||||
memTotalKiB=$(awk '/MemTotal/ { print $2 }' /proc/meminfo)
|
||||
memAvailableKiB=$(awk '/MemAvailable/ { print $2 }' /proc/meminfo)
|
||||
# Round down to nearest multiple of 50 MiB for improved test build caching
|
||||
|
|
Loading…
Reference in New Issue
Block a user