diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 91eb1f55..00000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,152 +0,0 @@ -stages: - - ci - - artifacts - - publish - -variables: - # Makes some things print in color - TERM: ansi - # Faster cache and artifact compression / decompression - FF_USE_FASTZIP: true - # Print progress reports for cache and artifact transfers - TRANSFER_METER_FREQUENCY: 5s - NIX_CONFIG: | - show-trace = true - extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://conduwuit.cachix.org - extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg= - experimental-features = nix-command flakes - extra-experimental-features = nix-command flakes - accept-flake-config = true - -# Avoid duplicate pipelines -# See: https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines -workflow: - rules: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" - - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS - when: never - - if: $CI - -before_script: - # Enable nix-command and flakes - - if command -v nix > /dev/null; then echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi - - if command -v nix > /dev/null; then echo "extra-experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi - # Accept flake config from "untrusted" users - - if command -v nix > /dev/null; then echo "accept-flake-config = true" >> /etc/nix/nix.conf; fi - - # Add conduwuit binary cache - - if command -v nix > /dev/null; then echo "extra-substituters = https://attic.kennel.juneis.dog/conduwuit" >> /etc/nix/nix.conf; fi - - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE=" >> /etc/nix/nix.conf; fi - - - if command -v nix > /dev/null; then echo "extra-substituters = https://attic.kennel.juneis.dog/conduit" >> /etc/nix/nix.conf; fi - - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk=" >> /etc/nix/nix.conf; fi - - # Add alternate binary cache - - if command -v nix > /dev/null && [ -n "$ATTIC_ENDPOINT" ]; then echo "extra-substituters = $ATTIC_ENDPOINT" >> /etc/nix/nix.conf; fi - - if command -v nix > /dev/null && [ -n "$ATTIC_PUBLIC_KEY" ]; then echo "extra-trusted-public-keys = $ATTIC_PUBLIC_KEY" >> /etc/nix/nix.conf; fi - - # Add crane binary cache - - if command -v nix > /dev/null; then echo "extra-substituters = https://crane.cachix.org" >> /etc/nix/nix.conf; fi - - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=" >> /etc/nix/nix.conf; fi - - # Add nix-community binary cache - - if command -v nix > /dev/null; then echo "extra-substituters = https://nix-community.cachix.org" >> /etc/nix/nix.conf; fi - - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" >> /etc/nix/nix.conf; fi - - - if command -v nix > /dev/null; then echo "extra-substituters = https://aseipp-nix-cache.freetls.fastly.net" >> /etc/nix/nix.conf; fi - - # Install direnv and nix-direnv - - if command -v nix > /dev/null; then nix-env -iA nixpkgs.direnv nixpkgs.nix-direnv; fi - - # Allow .envrc - - if command -v nix > /dev/null; then direnv allow; fi - - # Set CARGO_HOME to a cacheable path - - export CARGO_HOME="$(git rev-parse --show-toplevel)/.gitlab-ci.d/cargo" - -ci: - stage: ci - image: nixos/nix:2.24.9 - script: - # Cache CI dependencies - - ./bin/nix-build-and-cache ci - - - direnv exec . engage - cache: - key: nix - paths: - - target - - .gitlab-ci.d - rules: - # CI on upstream runners (only available for maintainers) - - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $IS_UPSTREAM_CI == "true" - # Manual CI on unprotected branches that are not MRs - - if: $CI_PIPELINE_SOURCE != "merge_request_event" && $CI_COMMIT_REF_PROTECTED == "false" - when: manual - # Manual CI on forks - - if: $IS_UPSTREAM_CI != "true" - when: manual - - if: $CI - interruptible: true - -artifacts: - stage: artifacts - image: nixos/nix:2.24.9 - script: - - ./bin/nix-build-and-cache just .#static-x86_64-linux-musl - - cp result/bin/conduit x86_64-linux-musl - - - mkdir -p target/release - - cp result/bin/conduit target/release - - direnv exec . cargo deb --no-build --no-strip - - mv target/debian/*.deb x86_64-linux-musl.deb - - # Since the OCI image package is based on the binary package, this has the - # fun side effect of uploading the normal binary too. Conduit users who are - # deploying with Nix can leverage this fact by adding our binary cache to - # their systems. - # - # Note that although we have an `oci-image-x86_64-linux-musl` - # output, we don't build it because it would be largely redundant to this - # one since it's all containerized anyway. - - ./bin/nix-build-and-cache just .#oci-image - - cp result oci-image-amd64.tar.gz - - - ./bin/nix-build-and-cache just .#static-aarch64-linux-musl - - cp result/bin/conduit aarch64-linux-musl - - - ./bin/nix-build-and-cache just .#oci-image-aarch64-linux-musl - - cp result oci-image-arm64v8.tar.gz - - - ./bin/nix-build-and-cache just .#book - # We can't just copy the symlink, we need to dereference it https://gitlab.com/gitlab-org/gitlab/-/issues/19746 - - cp -r --dereference result public - artifacts: - paths: - - x86_64-linux-musl - - aarch64-linux-musl - - x86_64-linux-musl.deb - - oci-image-amd64.tar.gz - - oci-image-arm64v8.tar.gz - - public - rules: - # CI required for all MRs - - if: $CI_PIPELINE_SOURCE == "merge_request_event" - # Optional CI on forks - - if: $IS_UPSTREAM_CI != "true" - when: manual - allow_failure: true - - if: $CI - interruptible: true - -pages: - stage: publish - dependencies: - - artifacts - only: - - next - script: - - "true" - artifacts: - paths: - - public diff --git a/bin/complement b/bin/complement deleted file mode 100755 index c437503e..00000000 --- a/bin/complement +++ /dev/null @@ -1,95 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# Path to Complement's source code -# -# The `COMPLEMENT_SRC` environment variable is set in the Nix dev shell, which -# points to a store path containing the Complement source code. It's likely you -# want to just pass that as the first argument to use it here. -COMPLEMENT_SRC="${COMPLEMENT_SRC:-$1}" - -# A `.jsonl` file to write test logs to -LOG_FILE="${2:-complement_test_logs.jsonl}" - -# A `.jsonl` file to write test results to -RESULTS_FILE="${3:-complement_test_results.jsonl}" - -COMPLEMENT_BASE_IMAGE="${COMPLEMENT_BASE_IMAGE:-complement-conduwuit:main}" - -# Complement tests that are skipped due to flakiness/reliability issues or we don't implement such features and won't for a long time -SKIPPED_COMPLEMENT_TESTS='TestPartialStateJoin.*|TestRoomDeleteAlias/Parallel/Regular_users_can_add_and_delete_aliases_when_m.*|TestRoomDeleteAlias/Parallel/Can_delete_canonical_alias|TestUnbanViaInvite.*|TestRoomState/Parallel/GET_/publicRooms_lists.*"|TestRoomDeleteAlias/Parallel/Users_with_sufficient_power-level_can_delete_other.*' - -# $COMPLEMENT_SRC needs to be a directory to Complement source code -if [ -f "$COMPLEMENT_SRC" ]; then - echo "\$COMPLEMENT_SRC must be a directory/path to Complement source code" - exit 1 -fi - -# quick test to make sure we can actually write to $LOG_FILE and $RESULTS_FILE -touch $LOG_FILE && rm -v $LOG_FILE -touch $RESULTS_FILE && rm -v $RESULTS_FILE - -toplevel="$(git rev-parse --show-toplevel)" - -pushd "$toplevel" > /dev/null - -if [ ! -f "complement_oci_image.tar.gz" ]; then - echo "building complement conduwuit image" - - # if using macOS, use linux-complement - #bin/nix-build-and-cache just .#linux-complement - bin/nix-build-and-cache just .#complement - #nix build -L .#complement - - echo "complement conduwuit image tar.gz built at \"result\"" - - echo "loading into docker" - docker load < result - popd > /dev/null -else - echo "skipping building a complement conduwuit image as complement_oci_image.tar.gz was already found, loading this" - - docker load < complement_oci_image.tar.gz - popd > /dev/null -fi - -echo "" -echo "running go test with:" -echo "\$COMPLEMENT_SRC: $COMPLEMENT_SRC" -echo "\$COMPLEMENT_BASE_IMAGE: $COMPLEMENT_BASE_IMAGE" -echo "\$RESULTS_FILE: $RESULTS_FILE" -echo "\$LOG_FILE: $LOG_FILE" -echo "" - -# It's okay (likely, even) that `go test` exits nonzero -# `COMPLEMENT_ENABLE_DIRTY_RUNS=1` reuses the same complement container for faster complement, at the possible expense of test environment pollution -set +o pipefail -env \ - -C "$COMPLEMENT_SRC" \ - COMPLEMENT_BASE_IMAGE="$COMPLEMENT_BASE_IMAGE" \ - go test -tags="conduwuit_blacklist" -skip="$SKIPPED_COMPLEMENT_TESTS" -v -timeout 1h -json ./tests/... | tee "$LOG_FILE" -set -o pipefail - -# Post-process the results into an easy-to-compare format, sorted by Test name for reproducible results -cat "$LOG_FILE" | jq -s -c 'sort_by(.Test)[]' | jq -c ' - select( - (.Action == "pass" or .Action == "fail" or .Action == "skip") - and .Test != null - ) | {Action: .Action, Test: .Test} - ' > "$RESULTS_FILE" - -#if command -v gotestfmt &> /dev/null; then -# echo "using gotestfmt on $LOG_FILE" -# grep '{"Time":' "$LOG_FILE" | gotestfmt > "complement_test_logs_gotestfmt.log" -#fi - -echo "" -echo "" -echo "complement logs saved at $LOG_FILE" -echo "complement results saved at $RESULTS_FILE" -#if command -v gotestfmt &> /dev/null; then -# echo "complement logs in gotestfmt pretty format outputted at complement_test_logs_gotestfmt.log (use an editor/terminal/pager that interprets ANSI colours and UTF-8 emojis)" -#fi -echo "" -echo "" diff --git a/bin/nix-build-and-cache b/bin/nix-build-and-cache deleted file mode 100755 index ac64ff23..00000000 --- a/bin/nix-build-and-cache +++ /dev/null @@ -1,110 +0,0 @@ -#!/usr/bin/env bash - -set -eo pipefail - -toplevel="$(git rev-parse --show-toplevel)" - -# Build just the single installable and forward any other arguments too -just() { - # uses nix-output-monitor (nom) if available - if command -v nom &> /dev/null; then - nom build "$@" - else - nix build -L "$@" - fi - - if [ -z "$ATTIC_TOKEN" ]; then - echo "\$ATTIC_TOKEN is unset, skipping uploading to the binary cache" - return - fi - - # historical "conduit" store for compatibility purposes, same as conduwuit - nix run --inputs-from "$toplevel" attic -- \ - login \ - conduit \ - "${ATTIC_ENDPOINT:-https://attic.kennel.juneis.dog/conduit}" \ - "$ATTIC_TOKEN" - - # Find all output paths of the installables and their build dependencies - #readarray -t derivations < <(nix path-info --derivation "$@") - derivations=() - while IFS=$'\n' read derivation; do - derivations+=("$derivation") - done < <(nix path-info --derivation "$@") - - cache=() - for derivation in "${derivations[@]}"; do - cache+=( - "$(nix-store --query --requisites --include-outputs "$derivation")" - ) - done - - withattic() { - nix shell --inputs-from "$toplevel" attic --command xargs attic push "$@" <<< "${cache[*]}" - } - # Upload them to Attic (conduit store) - # - # Use `xargs` and a here-string because something would probably explode if - # several thousand arguments got passed to a command at once. Hopefully no - # store paths include a newline in them. - ( - IFS=$'\n' - withattic conduit || withattic conduit || withattic conduit || true - ) - - # main "conduwuit" store - nix run --inputs-from "$toplevel" attic -- \ - login \ - conduwuit \ - "${ATTIC_ENDPOINT:-https://attic.kennel.juneis.dog/conduwuit}" \ - "$ATTIC_TOKEN" - - # Upload them to Attic (conduwuit store) and Cachix - # - # Use `xargs` and a here-string because something would probably explode if - # several thousand arguments got passed to a command at once. Hopefully no - # store paths include a newline in them. - ( - IFS=$'\n' - withattic conduwuit || withattic conduwuit || withattic conduwuit || true - - # push to cachix if available - if [ "$CACHIX_AUTH_TOKEN" ]; then - nix shell --inputs-from "$toplevel" cachix -c xargs \ - cachix push conduwuit <<< "${cache[*]}" - fi - ) -} - -# Build and cache things needed for CI -ci() { - cache=( - --inputs-from "$toplevel" - - # Keep sorted - #"$toplevel#devShells.x86_64-linux.default" - #"$toplevel#devShells.x86_64-linux.all-features" - attic#default - cachix#default - nixpkgs#direnv - nixpkgs#jq - nixpkgs#nix-direnv - ) - - just "${cache[@]}" -} - -# Build and cache *all* the package outputs from the flake.nix -packages() { - declare -a cache="($( - nix flake show --json 2> /dev/null | - nix run --inputs-from "$toplevel" nixpkgs#jq -- \ - -r \ - '.packages."x86_64-linux" | keys | map("'"$toplevel"'#" + .) | @sh' - ))" - - just "${cache[@]}" -} - - -eval "$@"