Merge pull request #19 from Mic92/macos-ci

2026-01-07 22:27:24 +08:00 · 2020-07-22 23:52:36 +01:00 · 2020-07-22 23:52:36 +01:00 · 298b235f66
commit 298b235f66
parent 3095053dd4 b8d91d61ac
6 changed files with 42 additions and 8 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -11,7 +11,8 @@ jobs:
        nixPath:
          - nixpkgs=channel:nixos-20.03
          - nixpkgs=channel:nixpkgs-unstable
-    runs-on: ubuntu-latest
+        os: [ ubuntu-latest, macos-latest ]
+    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@v2
    - uses: cachix/install-nix-action@v10
@ -28,10 +29,12 @@ jobs:
      run: nix-shell --pure --run "golangci-lint run"
      if: matrix.nixPath == 'nixpkgs=channel:nixpkgs-unstable'
    - name: Build nix packages
-      run: nix run nixpkgs.nix-build-uncached -c nix-build-uncached default.nix
-    - name: Add keys group (needed for go tests)
-      run: sudo groupadd keys
-    - name: Run sops-install-secrets tests
-      run: nix-shell --pure --run "$(command -v sudo) unshare --mount --fork go test ./pkgs/sops-install-secrets"
+      run: nix-build release.nix
    - name: Run sops-pgp-hook tests
      run: nix-shell --pure --run "NIX_PATH=nixpkgs=$(nix-instantiate --find-file nixpkgs) go test ./pkgs/sops-pgp-hook"
+    - name: Add keys group (needed for go tests)
+      run: sudo groupadd keys
+      if: matrix.os == 'ubuntu-latest'
+    - name: Run sops-install-secrets tests
+      run: nix-shell --pure --run "$(command -v sudo) unshare --mount --fork go test ./pkgs/sops-install-secrets"
+      if: matrix.os == 'ubuntu-latest'
--- a/pkgs/sops-install-secrets/default.nix
+++ b/pkgs/sops-install-secrets/default.nix
@ -19,6 +19,6 @@ buildGoModule {
    homepage = "https://github.com/Mic92/sops-nix";
    license = licenses.mit;
    maintainers = with maintainers; [ mic92 ];
-    platforms = platforms.unix;
+    platforms = platforms.linux;
  };
 }
--- a/pkgs/sops-install-secrets/main.go
+++ b/pkgs/sops-install-secrets/main.go
@ -1,3 +1,5 @@
+// +build linux
+
 package main

 import (
--- a/pkgs/sops-install-secrets/main_test.go
+++ b/pkgs/sops-install-secrets/main_test.go
@ -1,3 +1,5 @@
+// +build linux
+
 package main

 import (
--- a/pkgs/ssh-to-pgp/main_test.go
+++ b/pkgs/ssh-to-pgp/main_test.go
@ -20,13 +20,26 @@ func ok(tb testing.TB, err error) {
 	}
 }

+func TempRoot() string {
+	if runtime.GOOS == "darwin" {
+		// macOS make its TEMPDIR long enough for unix socket to break
+		return "/tmp"
+	} else {
+		return os.TempDir()
+	}
+}
+
 func TestCli(t *testing.T) {
 	_, filename, _, _ := runtime.Caller(0)
 	assets := path.Join(path.Dir(filename), "test-assets")
-	tempdir, err := ioutil.TempDir("", "testdir")
+	tempdir, err := ioutil.TempDir(TempRoot(), "testdir")
 	ok(t, err)
 	defer os.RemoveAll(tempdir)

+	gpgHome := path.Join(tempdir, "gpg-home")
+	gpgEnv := append(os.Environ(), fmt.Sprintf("GNUPGHOME=%s", gpgHome))
+	ok(t, os.Mkdir(gpgHome, os.FileMode(0700)))
+
 	out := path.Join(tempdir, "out")
 	privKey := path.Join(assets, "id_rsa")
 	cmds := [][]string{
@ -41,6 +54,7 @@ func TestCli(t *testing.T) {
 		cmd := exec.Command("gpg", "--with-fingerprint", "--show-key", out)
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr
+		cmd.Env = gpgEnv
 		ok(t, cmd.Run())
 	}
 }
--- a/release.nix
+++ b/release.nix
@ -0,0 +1,13 @@
+# This file filters out all the broken packages from your package set.
+# It's what gets built by CI, so if you correctly mark broken packages as
+# broken your CI will not try to build them and the non-broken packages will
+# be added to the cache.
+{ pkgs ? import <nixpkgs> {} }:
+
+pkgs.lib.filter (p:
+  (builtins.isAttrs p)
+  && !((builtins.hasAttr "meta" p)
+    && (((builtins.hasAttr "broken" p.meta) && (p.meta.broken))
+      || (builtins.hasAttr "available" p.meta && !p.meta.available))
+  && !((builtins.hasAttr "disabled" p) && (p.disabled))))
+  (pkgs.lib.collect (pkgs.lib.isDerivation) (import ./default.nix { inherit pkgs; }))