studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

ci: Add nix build w/ smoketest. (closes #111)

Browse Source 
docker: Add target for nix build. (#111)

Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
2025-09-25 08:29:40 +00:00
parent 6d3ed09a2b
commit aac5006bf5
5 changed files with 205 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/main.yml vendored
View File

@@ -40,6 +40,7 @@ jobs:
machines: ${{vars.MACHINES || env.default_machines}} machines: ${{vars.MACHINES || env.default_machines}}
package: ${{vars.PACKAGE || !contains(github.ref, 'refs/pull/')}} package: ${{vars.PACKAGE || !contains(github.ref, 'refs/pull/')}}
publish: ${{vars.PUBLISH || !contains(github.ref, 'refs/pull/')}} publish: ${{vars.PUBLISH || !contains(github.ref, 'refs/pull/')}}
build_nix: ${{vars.BUILD_NIX || !contains(github.ref, 'refs/pull/')}}
build_pkgs: ${{vars.BUILD_PKGS || github.ref == 'refs/heads/main' || contains(github.ref, 'tags/v')}} build_pkgs: ${{vars.BUILD_PKGS || github.ref == 'refs/heads/main' || contains(github.ref, 'tags/v')}}
check_pkgs: ${{vars.CHECK_PKGS || 'false'}} check_pkgs: ${{vars.CHECK_PKGS || 'false'}}
complement: ${{vars.COMPLEMENT || 'true'}} complement: ${{vars.COMPLEMENT || 'true'}}
@@ -168,6 +169,7 @@ jobs:
needs: [init, lint] needs: [init, lint]
uses: ./.github/workflows/test.yml uses: ./.github/workflows/test.yml
with: with:
build_nix: ${{fromJSON(needs.init.outputs.build_nix)}}
rust_sdk_integration: ${{fromJSON(needs.init.outputs.rust_sdk_integration)}} rust_sdk_integration: ${{fromJSON(needs.init.outputs.rust_sdk_integration)}}
complement: ${{fromJSON(needs.init.outputs.complement)}} complement: ${{fromJSON(needs.init.outputs.complement)}}
complement_runner: ${{needs.init.outputs.complement_runner}} complement_runner: ${{needs.init.outputs.complement_runner}}
@@ -223,6 +225,7 @@ jobs:
release_url: ${{needs.init.outputs.release_url}} release_url: ${{needs.init.outputs.release_url}}
check_pkgs: ${{needs.init.outputs.check_pkgs}} check_pkgs: ${{needs.init.outputs.check_pkgs}}
build_pkgs: ${{needs.init.outputs.build_pkgs}} build_pkgs: ${{needs.init.outputs.build_pkgs}}
build_nix: ${{fromJSON(needs.init.outputs.build_nix)}}
cargo_profiles: ${{needs.init.outputs.cargo_profiles}} cargo_profiles: ${{needs.init.outputs.cargo_profiles}}
feat_sets: ${{needs.init.outputs.feat_sets}} feat_sets: ${{needs.init.outputs.feat_sets}}
rust_toolchains: ${{needs.init.outputs.rust_toolchains}} rust_toolchains: ${{needs.init.outputs.rust_toolchains}}

38
.github/workflows/package.yml vendored
View File

@@ -44,6 +44,9 @@ on:
check_pkgs: check_pkgs:
type: string type: string
default: 'false' default: 'false'
build_nix:
type: string
default: 'true'
jobs: jobs:
book: book:
@@ -144,6 +147,41 @@ jobs:
} }
} }
nix:
if: >
!failure() && !cancelled()
&& contains(fromJSON(inputs.feat_sets), fromJSON('["all"]')[0])
&& contains(fromJSON(inputs.cargo_profiles), fromJSON('["release"]')[0])
&& contains(fromJSON(inputs.rust_toolchains), fromJSON('["stable"]')[0])
&& fromJSON(inputs.build_pkgs)
&& fromJSON(inputs.build_nix)
&& false
name: NixOS Package
uses: ./.github/workflows/bake.yml
with:
bake_targets: '["nix"]'
cargo_profiles: '["release"]'
feat_sets: '["all"]'
rust_toolchains: '["stable"]'
sys_names: ${{inputs.sys_names}}
sys_versions: ${{inputs.sys_versions}}
rust_targets: ${{inputs.rust_targets}}
sys_targets: ${{inputs.sys_targets}}
machines: ${{inputs.machines}}
excludes: ${{inputs.excludes}}
includes: ${{inputs.includes}}
release_url: ${{inputs.release_url}}
artifact: >
{
"nix": {
"dst": "tuwunel.drv.tar.zst",
"src": "/opt/tuwunel/tuwunel.drv"
"mime": "application/zstd",
"zstd": 6,
},
}
pkgs: pkgs:
if: > if: >
!failure() && !cancelled() !failure() && !cancelled()

27
.github/workflows/test.yml vendored
View File

@@ -46,6 +46,9 @@ on:
rust_sdk_integration: rust_sdk_integration:
type: boolean type: boolean
default: true default: true
build_nix:
type: boolean
default: true
jobs: jobs:
docs: docs:
@@ -163,6 +166,30 @@ jobs:
{"sys_target": "x86_64-v4-linux-gnu", "bake_target": "smoke-valgrind"}, {"sys_target": "x86_64-v4-linux-gnu", "bake_target": "smoke-valgrind"},
] ]
nix:
if: >
!failure() && !cancelled()
&& contains(fromJSON(inputs.cargo_profiles), fromJSON('["release"]')[0])
&& contains(fromJSON(inputs.complement_feat_sets), fromJSON('["all"]')[0])
&& contains(fromJSON(inputs.rust_toolchains), fromJSON('["stable"]')[0])
&& contains(fromJSON(inputs.sys_targets), fromJSON('["x86_64-v1-linux-gnu"]')[0])
&& fromJSON(inputs.build_nix)
name: Smoke NixOS
uses: ./.github/workflows/bake.yml
with:
bake_targets: '["smoke-nix"]'
cargo_profiles: '["release"]'
feat_sets: '["all"]'
rust_toolchains: '["stable"]'
sys_names: ${{inputs.sys_names}}
sys_versions: ${{inputs.sys_versions}}
rust_targets: ${{inputs.rust_targets}}
sys_targets: '["x86_64-v1-linux-gnu"]'
machines: ${{inputs.machines}}
excludes: ${{inputs.excludes}}
includes: ${{inputs.includes}}
rust-sdk-integration: rust-sdk-integration:
if: > if: >
!failure() && !cancelled() !failure() && !cancelled()

87
docker/Dockerfile.nix Normal file
View File

@@ -0,0 +1,87 @@
# syntax = docker/dockerfile:1.11-labs
FROM input AS nix-base
ARG sys_name
ARG sys_version
ARG sys_target
WORKDIR /
COPY --link --from=input . .
RUN \
--mount=type=cache,dst=/nix,sharing=shared \
--mount=type=cache,dst=/root/.cache/nix,sharing=shared \
--mount=type=cache,dst=/root/.local/state/nix,sharing=shared \
<<EOF
set -eux
curl --proto '=https' --tlsv1.2 -L https://nixos.org/nix/install > nix-install
sh ./nix-install --daemon
rm nix-install
EOF
FROM nix-base AS build-nix
ARG sys_name
ARG sys_version
ARG sys_target
WORKDIR /usr/src/tuwunel
COPY --link --from=source /usr/src/tuwunel .
RUN \
--mount=type=cache,dst=/nix,sharing=shared \
--mount=type=cache,dst=/root/.cache/nix,sharing=shared \
--mount=type=cache,dst=/root/.local/state/nix,sharing=shared \
<<EOF
set -eux
nix-build \
--cores 0 \
--max-jobs $(nproc) \
--log-format raw \
.
cp -afRL --copy-contents result /opt/tuwunel
EOF
FROM build-nix AS smoke-nix
ARG sys_name
ARG sys_version
ARG sys_target
WORKDIR /
COPY --link --from=build-nix . .
WORKDIR /opt/tuwunel
ENV TUWUNEL_DATABASE_PATH="/tmp/smoketest.db"
ENV TUWUNEL_LOG="info"
RUN \
--mount=type=cache,dst=/nix,sharing=shared \
--mount=type=cache,dst=/root/.cache/nix,sharing=shared \
--mount=type=cache,dst=/root/.local/state/nix,sharing=shared \
<<EOF
set -eux
bin/tuwunel \
-Otest='["smoke"]' \
-Oserver_name=\"localhost\" \
-Odatabase_path=\"${TUWUNEL_DATABASE_PATH}\"
rm -rf "${TUWUNEL_DATABASE_PATH}"
EOF
FROM build-nix AS nix-pkg
ARG sys_name
ARG sys_version
ARG sys_target
WORKDIR /
COPY --link --from=build-nix . .
WORKDIR /usr/src/tuwunel
RUN \
--mount=type=cache,dst=/nix,sharing=shared \
--mount=type=cache,dst=/root/.cache/nix,sharing=shared \
--mount=type=cache,dst=/root/.local/state/nix,sharing=shared \
<<EOF
set -eux
#TODO: extract derivation?
EOF

50
docker/bake.hcl
View File

@@ -471,11 +471,26 @@ group "smoke" {
targets = [ targets = [
"smoke-version", "smoke-version",
"smoke-startup", "smoke-startup",
#"smoke-nix",
#"smoke-valgrind", #"smoke-valgrind",
#"smoke-perf", #"smoke-perf",
] ]
} }
target "smoke-nix" {
name = elem("smoke-nix", [sys_name, sys_version, sys_target])
tags = [
elem_tag("smoke-nix", [sys_name, sys_version, sys_target], "latest"),
]
output = ["type=cacheonly,compression=zstd,mode=min,compression-level=${cache_compress_level}"]
dockerfile = "${docker_dir}/Dockerfile.nix"
target = "smoke-nix"
matrix = sys
inherits = [
elem("build-nix", [sys_name, sys_version, sys_target]),
]
}
target "smoke-valgrind" { target "smoke-valgrind" {
name = elem("smoke-valgrind", [cargo_profile, rust_toolchain, rust_target, feat_set, sys_name, sys_version, sys_target]) name = elem("smoke-valgrind", [cargo_profile, rust_toolchain, rust_target, feat_set, sys_name, sys_version, sys_target])
tags = [ tags = [
@@ -712,6 +727,7 @@ target "install" {
group "pkg" { group "pkg" {
targets = [ targets = [
"nix",
"deb", "deb",
"rpm", "rpm",
"deb-install", "deb-install",
@@ -823,6 +839,39 @@ target "build-deb" {
} }
} }
target "nix" {
name = elem("nix", [sys_name, sys_version, sys_target])
tags = [
elem_tag("nix", [sys_name, sys_version, sys_target], "latest"),
]
output = ["type=docker,compression=zstd,mode=min,compression-level=${zstd_image_compress_level}"]
target = "nix-pkg"
matrix = sys
inherits = [
elem("build-nix", [sys_name, sys_version, sys_target]),
]
}
target "build-nix" {
name = elem("build-nix", [sys_name, sys_version, sys_target])
tags = [
elem_tag("build-nix", [sys_name, sys_version, sys_target], "latest"),
]
output = ["type=cacheonly,compression=zstd,mode=min,compression-level=${cache_compress_level}"]
cache_to = ["type=local,compression=zstd,mode=max,compression-level=${cache_compress_level}"]
dockerfile = "${docker_dir}/Dockerfile.nix"
target = "build-nix"
matrix = sys
inherits = [
elem("builder", [sys_name, sys_version, sys_target]),
elem("source", [sys_name, sys_version, sys_target]),
]
contexts = {
input = elem("target:builder", [sys_name, sys_version, sys_target]),
source = elem("target:source", [sys_name, sys_version, sys_target]),
}
}
# #
# Unit tests # Unit tests
# #
@@ -1654,6 +1703,7 @@ kitchen_packages = [
"libssl-dev", "libssl-dev",
"libsqlite3-dev", "libsqlite3-dev",
"make", "make",
"nix-bin",
"openssl", "openssl",
"pkg-config", "pkg-config",
"pkgconf", "pkgconf",