Merge pull request #181 from Mic92/ci

Ci
2025-12-26 22:24:59 +08:00 · 2022-05-15 07:34:37 +01:00 · 2022-05-15 07:34:37 +01:00 · 0a848870c7
commit 0a848870c7
parent 0c20c6257b c8e0dd83f8
9 changed files with 84 additions and 55 deletions
--- a/default.nix
+++ b/default.nix
@ -1,7 +1,9 @@
 { pkgs ? import <nixpkgs> {} }: let
  vendorSha256 = "sha256-nqA2zzCsWXCllpsss0tjjo4ivi3MVuEM3W6dEZc5KAc=";

+  buildGoModule = if pkgs.lib.versionOlder pkgs.go.version "1.17" then pkgs.buildGo117Module else pkgs.buildGoModule;
  sops-install-secrets = pkgs.callPackage ./pkgs/sops-install-secrets {
+    inherit buildGoModule;
    inherit vendorSha256;
  };
 in rec {
@ -16,42 +18,18 @@ in rec {
  inherit (pkgs) ssh-to-pgp;

  # used in the CI only
-  sops-pgp-hook-test = pkgs.buildGoModule {
-    name = "sops-pgp-hook-test";
-    src = ./.;
+  sops-pgp-hook-test = pkgs.callPackage ./pkgs/sops-pgp-hook-test.nix {
    inherit vendorSha256;
-    buildPhase = ''
-      go test -c ./pkgs/sops-pgp-hook
-      install -D sops-pgp-hook.test $out/bin/sops-pgp-hook.test
-    '';
  };
-  unit-tests = pkgs.callPackage ./unit-tests.nix {};
+  unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix {};
 } // (pkgs.lib.optionalAttrs pkgs.stdenv.isLinux {
  inherit sops-install-secrets;

-  lint = sops-install-secrets.overrideAttrs (old: {
-    name = "golangci-lint";
-    nativeBuildInputs = old.nativeBuildInputs ++ [ pkgs.golangci-lint ];
-    buildPhase = ''
-      HOME=$TMPDIR golangci-lint run --timeout 360s
-    '';
-    doCheck = false;
-    installPhase = ''
-      touch $out $unittest
-    '';
-    fixupPhase = ":";
-  });
+  lint = pkgs.callPackage ./pkgs/lint.nix {
+    inherit sops-install-secrets;
+  };

-  cross-build = sops-install-secrets.overrideAttrs (old: {
-    name = "cross-build";
-    nativeBuildInputs = old.nativeBuildInputs ++ [ pkgs.gox ];
-    buildPhase = ''
-      (cd pkgs/sops-install-secrets && gox -os linux)
-    '';
-    doCheck = false;
-    installPhase = ''
-      touch $out $unittest
-    '';
-    fixupPhase = ":";
-  });
+  cross-build = pkgs.callPackage ./pkgs/cross-build.nix {
+    inherit sops-install-secrets;
+  };
 })
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1652252629,
-        "narHash": "sha256-SvT64apetqc8P5nYp1/fOZvUmHUPdPFUZbhSpKy+1aI=",
+        "lastModified": 1652541622,
+        "narHash": "sha256-Z9BuUCS0IocoRahFvFDJNU5Q+xM5/lS8Ng4JJFH3+UU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d2fc6856824cb87742177eefc8dd534bdb6c3439",
+        "rev": "f7a22851667ac89ac1863ede0d8c386fc6eb12a0",
        "type": "github"
      },
      "original": {
@ -16,9 +16,26 @@
        "type": "github"
      }
    },
+    "nixpkgs-21_11": {
+      "locked": {
+        "lastModified": 1652559422,
+        "narHash": "sha256-jPVTNImBTUIFdtur+d4IVot6eXmsvtOcBm0TzxmhWPk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8b3398bc7587ebb79f93dfeea1b8c574d3c6dba1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-21.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-21_11": "nixpkgs-21_11"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -1,11 +1,13 @@
 {
  description = "Integrates sops into nixos";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+  inputs.nixpkgs-21_11.url = "github:NixOS/nixpkgs/release-21.11";
  nixConfig.extra-substituters = ["https://cache.garnix.io"];
  nixConfig.extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="];
  outputs = {
    self,
    nixpkgs,
+    nixpkgs-21_11
  }: let
    systems = [
      "x86_64-linux"
@ -17,6 +19,7 @@
      "armv7l-linux"
    ];
    forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
+    suffix-21_11 = attrs: nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + "-21_11") value) attrs;
  in {
    overlay = final: prev: let
      localPkgs = import ./default.nix {pkgs = final;};
@ -31,16 +34,22 @@
      import ./default.nix {
        pkgs = import nixpkgs {inherit system;};
      });
-    checks =
-      nixpkgs.lib.genAttrs ["x86_64-linux" "aarch64-linux"]
-      (system: self.packages.${system}.sops-install-secrets.tests);
+    checks = nixpkgs.lib.genAttrs ["x86_64-linux" "aarch64-linux"]
+      (system: let
+        tests = self.packages.${system}.sops-install-secrets.tests;
+        packages-21_11 = import ./default.nix {
+          pkgs = import nixpkgs-21_11 {inherit system;};
+        };
+        tests-21_11 = packages-21_11.sops-install-secrets.tests;
+      in tests // (suffix-21_11 tests-21_11) // (suffix-21_11 packages-21_11));
+
    defaultPackage = forAllSystems (system: self.packages.${system}.sops-init-gpg-key);
    devShell = forAllSystems (
      system:
        nixpkgs.legacyPackages.${system}.callPackage ./shell.nix {}
    );
    devShells = forAllSystems (system: {
-      unit-tests = nixpkgs.legacyPackages.${system}.callPackage ./unit-tests.nix {};
+      unit-tests = nixpkgs.legacyPackages.${system}.callPackage ./pkgs/unit-tests.nix {};
    });
  };
 }
--- a/pkgs/cross-build.nix
+++ b/pkgs/cross-build.nix
@ -0,0 +1,14 @@
+{ sops-install-secrets, gox }:
+
+sops-install-secrets.overrideAttrs (old: {
+  name = "cross-build";
+  nativeBuildInputs = old.nativeBuildInputs ++ [ gox ];
+  buildPhase = ''
+    (cd pkgs/sops-install-secrets && gox -os linux)
+  '';
+  doCheck = false;
+  installPhase = ''
+    touch $out $unittest
+  '';
+  fixupPhase = ":";
+})
--- a/pkgs/lint.nix
+++ b/pkgs/lint.nix
@ -0,0 +1,13 @@
+{ sops-install-secrets, golangci-lint }:
+sops-install-secrets.overrideAttrs (old: {
+  name = "golangci-lint";
+  nativeBuildInputs = old.nativeBuildInputs ++ [ golangci-lint ];
+  buildPhase = ''
+    HOME=$TMPDIR golangci-lint run --timeout 360s
+  '';
+  doCheck = false;
+  installPhase = ''
+    touch $out $unittest
+  '';
+  fixupPhase = ":";
+})
--- a/pkgs/sops-pgp-hook-test.nix
+++ b/pkgs/sops-pgp-hook-test.nix
@ -0,0 +1,11 @@
+{ buildGoModule, vendorSha256 }:
+
+buildGoModule {
+  name = "sops-pgp-hook-test";
+  src = ../.;
+  inherit vendorSha256;
+  buildPhase = ''
+    go test -c ./pkgs/sops-pgp-hook
+    install -D sops-pgp-hook.test $out/bin/sops-pgp-hook.test
+  '';
+}
--- a/pkgs/unit-tests.nix
+++ b/pkgs/unit-tests.nix
@ -1,7 +1,7 @@
 { pkgs ? import <nixpkgs> {}
 }:
 let
-  sopsPkgs = import ./. { inherit pkgs; };
+  sopsPkgs = import ../. { inherit pkgs; };
 in pkgs.stdenv.mkDerivation {
  name = "env";
  nativeBuildInputs = with pkgs; [
--- a/release.nix
+++ b/release.nix
@ -1,13 +0,0 @@
-# This file filters out all the broken packages from your package set.
-# It's what gets built by CI, so if you correctly mark broken packages as
-# broken your CI will not try to build them and the non-broken packages will
-# be added to the cache.
-{ pkgs ? import <nixpkgs> {} }:
-
-pkgs.lib.filter (p:
-  (builtins.isAttrs p)
-  && !((builtins.hasAttr "meta" p)
-    && (((builtins.hasAttr "broken" p.meta) && (p.meta.broken))
-      || (builtins.hasAttr "available" p.meta && !p.meta.available))
-  && !((builtins.hasAttr "disabled" p) && (p.disabled))))
-  (pkgs.lib.collect (pkgs.lib.isDerivation) (import ./default.nix { inherit pkgs; }))
--- a/shell.nix
+++ b/shell.nix
@ -6,7 +6,7 @@ pkgs.mkShell {
    delve
    gnupg
    utillinux
-    nix
+    nixFlakes
    golangci-lint
  ];
  # delve does not compile with hardening enabled