From 5ee7f3d73e854d979b2c1f5743ca1f8d5d2ca434 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 12 Jul 2020 17:33:08 +0100 Subject: [PATCH 1/7] add ci --- .github/workflows/test.yml | 28 +++++++++++++++++++++++++++ pkgs/sops-install-secrets/default.nix | 2 +- 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..91ae942 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,28 @@ +name: "Test" +on: + pull_request: + push: + schedule: + - cron: '51 2 * * *' +jobs: + tests: + strategy: + matrix: + nixPath: + - nixpkgs=channel:nixos-20.03 + - nixpkgs=channel:nixpkgs-unstable + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v10 + with: + nix_path: "${{ matrix.nixPath }}" + - name: Setup cachix + uses: cachix/cachix-action@v6 + with: + name: mic92 + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Show nixpkgs version + run: nix-instantiate --eval -E '(import {}).lib.version' + - name: Build nix packages + run: nix run nixpkgs.nix-build-uncached -c nix-build-uncached default.nix diff --git a/pkgs/sops-install-secrets/default.nix b/pkgs/sops-install-secrets/default.nix index 0c0bfa6..bf7025f 100644 --- a/pkgs/sops-install-secrets/default.nix +++ b/pkgs/sops-install-secrets/default.nix @@ -1,4 +1,4 @@ -{ buildGoModule, path, pkgs, vendorSha256 }: +{ stdenv, buildGoModule, path, pkgs, vendorSha256 }: buildGoModule { pname = "sops-install-secrets"; version = "0.0.1"; From 1745bb9f95ba0aa1e849b0807808e7c934874ef7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 12 Jul 2020 17:43:23 +0100 Subject: [PATCH 2/7] build nixos tests on CI. --- default.nix | 5 ++++- pkgs/sops-install-secrets/nixos-test.nix | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/default.nix b/default.nix index 188c403..289f5e1 100644 --- a/default.nix +++ b/default.nix @@ -1,6 +1,6 @@ { pkgs ? import {} }: let vendorSha256 = "sha256-O0z+oEffOOZa/bn2gV9onLVbPBHsNDH2yq1CZPi8w58="; -in { +in rec { sops-init-gpg-key = pkgs.callPackage ./pkgs/sops-init-gpg-key {}; sops-install-secrets = pkgs.callPackage ./pkgs/sops-install-secrets { inherit vendorSha256; @@ -9,4 +9,7 @@ in { ssh-to-pgp = pkgs.callPackage ./pkgs/ssh-to-pgp { inherit vendorSha256; }; + + nixos-tests-ssh-keys = sops-install-secrets.tests.ssh-keys; + nixos-tests-pgp-keys = sops-install-secrets.tests.pgp-keys; } diff --git a/pkgs/sops-install-secrets/nixos-test.nix b/pkgs/sops-install-secrets/nixos-test.nix index 86d3654..de5d2cd 100644 --- a/pkgs/sops-install-secrets/nixos-test.nix +++ b/pkgs/sops-install-secrets/nixos-test.nix @@ -21,7 +21,7 @@ inherit pkgs; }; - gpg-keys = makeTest { + pgp-keys = makeTest { nodes.server = { pkgs, lib, ... }: { imports = [ ../../modules/sops ]; sops.gnupgHome = "/run/gpghome"; From 7bd84011ef7575b2d36d94d944e6bc1aa3f56140 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 12 Jul 2020 17:48:37 +0100 Subject: [PATCH 3/7] fix sops nixos module --- modules/sops/default.nix | 2 +- pkgs/sops-install-secrets/nixos-test.nix | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/sops/default.nix b/modules/sops/default.nix index bfb44d3..f972866 100644 --- a/modules/sops/default.nix +++ b/modules/sops/default.nix @@ -5,7 +5,7 @@ with lib; let cfg = config.sops; users = config.users.users; - sops-install-secrets = pkgs.callPackage ../../pkgs/sops-install-secrets {}; + sops-install-secrets = (pkgs.callPackage ../.. {}).sops-install-secrets; secretType = types.submodule ({ config, ... }: { options = { name = mkOption { diff --git a/pkgs/sops-install-secrets/nixos-test.nix b/pkgs/sops-install-secrets/nixos-test.nix index de5d2cd..b4ef967 100644 --- a/pkgs/sops-install-secrets/nixos-test.nix +++ b/pkgs/sops-install-secrets/nixos-test.nix @@ -1,6 +1,7 @@ { makeTest ? import , pkgs ? import }: { ssh-keys = makeTest { + name = "sops-ssh-keys"; nodes.server = { ... }: { imports = [ ../../modules/sops ]; services.openssh.enable = true; @@ -22,6 +23,7 @@ }; pgp-keys = makeTest { + name = "sops-pgp-keys"; nodes.server = { pkgs, lib, ... }: { imports = [ ../../modules/sops ]; sops.gnupgHome = "/run/gpghome"; From 66ce9aa7ba40b5577003f2c4fbb0ca4e47b120e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 12 Jul 2020 21:14:27 +0100 Subject: [PATCH 4/7] add buildkite --- .buildkite/pipeline.yml | 5 +++++ default.nix | 3 --- 2 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 .buildkite/pipeline.yml diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml new file mode 100644 index 0000000..15fc1ad --- /dev/null +++ b/.buildkite/pipeline.yml @@ -0,0 +1,5 @@ +steps: + - name: "NixOS tests (unstable)" + command: "nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixpkgs-unstable.tar.gz -A sops-install-secrets.tests" + - name: "NixOS tests (20.03)" + command: "nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixpkgs-unstable.tar.gz -A sops-install-secrets.tests" diff --git a/default.nix b/default.nix index 289f5e1..ca7f6d7 100644 --- a/default.nix +++ b/default.nix @@ -9,7 +9,4 @@ in rec { ssh-to-pgp = pkgs.callPackage ./pkgs/ssh-to-pgp { inherit vendorSha256; }; - - nixos-tests-ssh-keys = sops-install-secrets.tests.ssh-keys; - nixos-tests-pgp-keys = sops-install-secrets.tests.pgp-keys; } From b4bd621de893ebaa64b79831ea74ef86e6ea63c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 12 Jul 2020 22:04:29 +0100 Subject: [PATCH 5/7] run go tests --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 91ae942..7b2d594 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -26,3 +26,5 @@ jobs: run: nix-instantiate --eval -E '(import {}).lib.version' - name: Build nix packages run: nix run nixpkgs.nix-build-uncached -c nix-build-uncached default.nix + - name: Run go tests + run: sudo unshare --mount --fork go test ./pkgs/sops-install-secrets From a4b3bb2f7ea4bbeb59637316b7bb551517de260d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 12 Jul 2020 22:06:12 +0100 Subject: [PATCH 6/7] add MIT license --- LICENSE | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9d3e7f6 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2020 Jörg Thalheim + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. From d4b01f686d36577b36f775d3c35e2d841dde7207 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 12 Jul 2020 22:10:56 +0100 Subject: [PATCH 7/7] wrap go tests in nix-shell --- .github/workflows/test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7b2d594..fe0aa40 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -26,5 +26,7 @@ jobs: run: nix-instantiate --eval -E '(import {}).lib.version' - name: Build nix packages run: nix run nixpkgs.nix-build-uncached -c nix-build-uncached default.nix + - name: Add keys group (needed for go tests) + run: sudo groupadd keys - name: Run go tests - run: sudo unshare --mount --fork go test ./pkgs/sops-install-secrets + run: nix-shell --run "sudo unshare --mount --fork go test ./pkgs/sops-install-secrets"