nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-04 12:03:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
7dc78efeae
nixpkgs/nixos/tests/radicle.nix
Silvan Mosberger 4f0dadbf38 treewide: format all inactive Nix files 
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.

Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.

A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.

This commit was automatically created and can be verified using

    nix-build a08b3a4d19.tar.gz \
      --argstr baseRev b32a094368
    result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:26:33 +01:00

223 lines
7.7 KiB
Nix
Raw Blame History

# This test runs the radicle-node and radicle-httpd services on a seed host,
# and verifies that an alice peer can host a repository on the seed,
# and that a bob peer can send alice a patch via the seed.
{ pkgs, ... }:
let
# The Node ID depends on nodes.seed.services.radicle.privateKeyFile
seed-nid = "z6Mkg52RcwDrPKRzzHaYgBkHH3Gi5p4694fvPstVE9HTyMB6";
seed-ssh-keys = import ./ssh-keys.nix pkgs;
seed-tls-certs = import common/acme/server/snakeoil-certs.nix;
commonHostConfig =
{
nodes,
config,
pkgs,
...
}:
{
environment.systemPackages = [
config.services.radicle.package
pkgs.curl
pkgs.gitMinimal
pkgs.jq
];
environment.etc."gitconfig".text = ''
[init]
defaultBranch = main
[user]
email = root@${config.networking.hostName}
name = ${config.networking.hostName}
'';
networking = {
extraHosts = ''
${nodes.seed.networking.primaryIPAddress} ${nodes.seed.services.radicle.httpd.nginx.serverName}
'';
};
security.pki.certificateFiles = [
seed-tls-certs.ca.cert
];
};
radicleConfig =
{ nodes, ... }:
alias:
pkgs.writeText "config.json" (
builtins.toJSON {
preferredSeeds = [
"${seed-nid}@seed:${toString nodes.seed.services.radicle.node.listenPort}"
];
node = {
inherit alias;
relay = "never";
seedingPolicy = {
default = "block";
};
};
}
);
in
{
name = "radicle";
meta = with pkgs.lib.maintainers; {
maintainers = [
julm
lorenzleutgeb
];
};
nodes = {
seed =
{ pkgs, config, ... }:
{
imports = [ commonHostConfig ];
services.radicle = {
enable = true;
privateKeyFile = seed-ssh-keys.snakeOilEd25519PrivateKey;
publicKey = seed-ssh-keys.snakeOilEd25519PublicKey;
node = {
openFirewall = true;
};
httpd = {
enable = true;
nginx = {
serverName = seed-tls-certs.domain;
addSSL = true;
sslCertificate = seed-tls-certs.${seed-tls-certs.domain}.cert;
sslCertificateKey = seed-tls-certs.${seed-tls-certs.domain}.key;
};
};
settings = {
preferredSeeds = [ ];
node = {
relay = "always";
seedingPolicy = {
default = "allow";
scope = "all";
};
};
};
};
services.nginx = {
enable = true;
};
networking.firewall.allowedTCPPorts = [ 443 ];
};
alice = {
imports = [ commonHostConfig ];
};
bob = {
imports = [ commonHostConfig ];
};
};
testScript =
{ nodes, ... }@args:
''
start_all()
with subtest("seed can run radicle-node"):
# The threshold and/or hardening may have to be changed with new features/checks
print(seed.succeed("systemd-analyze security radicle-node.service --threshold=10 --no-pager"))
seed.wait_for_unit("radicle-node.service")
seed.wait_for_open_port(${toString nodes.seed.services.radicle.node.listenPort})
with subtest("seed can run radicle-httpd"):
# The threshold and/or hardening may have to be changed with new features/checks
print(seed.succeed("systemd-analyze security radicle-httpd.service --threshold=10 --no-pager"))
seed.wait_for_unit("radicle-httpd.service")
seed.wait_for_open_port(${toString nodes.seed.services.radicle.httpd.listenPort})
seed.wait_for_open_port(443)
assert alice.succeed("curl -sS 'https://${nodes.seed.services.radicle.httpd.nginx.serverName}/api/v1' | jq -r .nid") == "${seed-nid}\n"
assert bob.succeed("curl -sS 'https://${nodes.seed.services.radicle.httpd.nginx.serverName}/api/v1' | jq -r .nid") == "${seed-nid}\n"
with subtest("alice can create a Node ID"):
alice.succeed("rad auth --alias alice --stdin </dev/null")
alice.copy_from_host("${radicleConfig args "alice"}", "/root/.radicle/config.json")
with subtest("alice can run a node"):
alice.succeed("rad node start")
with subtest("alice can create a Git repository"):
alice.succeed(
"mkdir /tmp/repo",
"git -C /tmp/repo init",
"echo hello world > /tmp/repo/testfile",
"git -C /tmp/repo add .",
"git -C /tmp/repo commit -m init"
)
with subtest("alice can create a Repository ID"):
alice.succeed(
"cd /tmp/repo && rad init --name repo --description descr --default-branch main --public"
)
alice_repo_rid=alice.succeed("cd /tmp/repo && rad inspect --rid").rstrip("\n")
with subtest("alice can send a repository to the seed"):
alice.succeed(f"rad sync --seed ${seed-nid} {alice_repo_rid}")
with subtest(f"seed can receive the repository {alice_repo_rid}"):
seed.wait_until_succeeds("test 1 = \"$(rad-system stats | jq .local.repos)\"")
with subtest("bob can create a Node ID"):
bob.succeed("rad auth --alias bob --stdin </dev/null")
bob.copy_from_host("${radicleConfig args "bob"}", "/root/.radicle/config.json")
bob.succeed("rad node start")
with subtest("bob can clone alice's repository from the seed"):
bob.succeed(f"rad clone {alice_repo_rid} /tmp/repo")
assert bob.succeed("cat /tmp/repo/testfile") == "hello world\n"
with subtest("bob can clone alice's repository from the seed through the HTTP gateway"):
bob.succeed(f"git clone https://${nodes.seed.services.radicle.httpd.nginx.serverName}/{alice_repo_rid[4:]}.git /tmp/repo-http")
assert bob.succeed("cat /tmp/repo-http/testfile") == "hello world\n"
with subtest("alice can push the main branch to the rad remote"):
alice.succeed(
"echo hello bob > /tmp/repo/testfile",
"git -C /tmp/repo add .",
"git -C /tmp/repo commit -m 'hello to bob'",
"git -C /tmp/repo push rad main"
)
with subtest("bob can sync bob's repository from the seed"):
bob.succeed(
"cd /tmp/repo && rad sync --seed ${seed-nid}",
"cd /tmp/repo && git pull"
)
assert bob.succeed("cat /tmp/repo/testfile") == "hello bob\n"
with subtest("bob can push a patch"):
bob.succeed(
"echo hello alice > /tmp/repo/testfile",
"git -C /tmp/repo checkout -b for-alice",
"git -C /tmp/repo add .",
"git -C /tmp/repo commit -m 'hello to alice'",
"git -C /tmp/repo push -o patch.message='hello for alice' rad HEAD:refs/patches"
)
bob_repo_patch1_pid=bob.succeed("cd /tmp/repo && git branch --remotes | sed -ne 's:^ *rad/patches/::'p").rstrip("\n")
with subtest("alice can receive the patch"):
alice.wait_until_succeeds("test 1 = \"$(rad stats | jq .local.patches)\"")
alice.succeed(
f"cd /tmp/repo && rad patch show {bob_repo_patch1_pid} | grep 'opened by bob'",
f"cd /tmp/repo && rad patch checkout {bob_repo_patch1_pid}"
)
assert alice.succeed("cat /tmp/repo/testfile") == "hello alice\n"
with subtest("alice can comment the patch"):
alice.succeed(
f"cd /tmp/repo && rad patch comment {bob_repo_patch1_pid} -m thank-you"
)
with subtest("alice can merge the patch"):
alice.succeed(
"git -C /tmp/repo checkout main",
f"git -C /tmp/repo merge patch/{bob_repo_patch1_pid[:7]}",
"git -C /tmp/repo push rad main",
"cd /tmp/repo && rad patch list | grep -qxF 'Nothing to show.'"
)
'';
}
Reference in New Issue View Git Blame Copy Permalink