Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: da9c031024bd
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: e20de6b57a7c
Choose a head ref
  • 6 commits
  • 3 files changed
  • 2 contributors

Commits on Jan 19, 2020

  1. nixos/buildkite-agent: add "user" option 

    This allows buildkite-agent to run as another user.

It'll still run builds from /var/lib/buildkite-agent and setup things in
there.
    @flokli
    flokli committed Jan 19, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    rasendubi Oleksii Shmalko
    GPG key ID: DCEF7BCCEB3066C3
    Verified
    Learn about vigilant mode
    Copy the full SHA
    8c6b1c3 View commit details

Commits on Jan 20, 2020

  1. nixos/buildkite: stop using deprecated option

    @flokli
    flokli committed Jan 20, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    rasendubi Oleksii Shmalko
    GPG key ID: DCEF7BCCEB3066C3
    Verified
    Learn about vigilant mode
    Copy the full SHA
    7838f00 View commit details

  2. nixos/buildkite-agent: add gnutar, gzip and git to runtimePackages 

    These are required for nix to do builtins.fetchTarball and
builtins.fetchGit, so most likely we want them to be around.
    @flokli
    flokli committed Jan 20, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    rasendubi Oleksii Shmalko
    GPG key ID: DCEF7BCCEB3066C3
    Verified
    Learn about vigilant mode
    Copy the full SHA
    70308a7 View commit details

  3. nixosTests.buildkite: add test

    @flokli
    flokli committed Jan 20, 2020
    Copy the full SHA
    a208e6e View commit details

  4. nixos/buildkite: make privateSshKeyPath optional 

    When only cloning public repos, or when the ssh key is provided by
different means, we don't need to manage it here.
    @flokli
    flokli committed Jan 20, 2020
    Copy the full SHA
    4b73d3c View commit details

  5. Merge pull request #78045 from flokli/buildkite-agent-user-runtime-test 

    nixos/buildkite: add option to configure user, add nix-required packages to runtime, add test
    @zimbatm
    zimbatm authored Jan 20, 2020
    Copy the full SHA
    e20de6b View commit details
Showing with 52 additions and 16 deletions.
  1. +28 −16 nixos/modules/services/continuous-integration/buildkite-agent.nix
  2. +1 −0 nixos/tests/all-tests.nix
  3. +23 −0 nixos/tests/buildkite-agent.nix
44 changes: 28 additions & 16 deletions nixos/modules/services/continuous-integration/buildkite-agent.nix
View file
Original file line number Diff line number Diff line change
@@ -29,6 +29,8 @@ let
${concatStringsSep "\n" (mapAttrsToList mkHookEntry (filterAttrs (n: v: v != null) cfg.hooks))}
'';

defaultUser = "buildkite-agent";

in

{
@@ -50,12 +52,21 @@ in
};

runtimePackages = mkOption {
default = [ pkgs.bash pkgs.nix ];
defaultText = "[ pkgs.bash pkgs.nix ]";
default = [ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ];
defaultText = "[ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]";
description = "Add programs to the buildkite-agent environment";
type = types.listOf types.package;
};

user = mkOption {
type = types.str;
default = defaultUser;
description = ''
Set this option when you want to run the buildkite agent as something else
than the default user "buildkite-agent".
'';
};

tokenPath = mkOption {
type = types.path;
description = ''
@@ -93,7 +104,8 @@ in
};

privateSshKeyPath = mkOption {
type = types.path;
type = types.nullOr types.path;
default = null;
## maximum care is taken so that secrets (ssh keys and the CI token)
## don't end up in the Nix store.
apply = final: if final == null then null else toString final;
@@ -185,14 +197,14 @@ in
};

config = mkIf config.services.buildkite-agent.enable {
users.users.buildkite-agent =
{ name = "buildkite-agent";
home = cfg.dataDir;
createHome = true;
description = "Buildkite agent user";
extraGroups = [ "keys" ];
isSystemUser = true;
};
users.users.buildkite-agent = mkIf (cfg.user == defaultUser) {
name = "buildkite-agent";
home = cfg.dataDir;
createHome = true;
description = "Buildkite agent user";
extraGroups = [ "keys" ];
isSystemUser = true;
};

environment.systemPackages = [ cfg.package ];

@@ -212,11 +224,11 @@ in
sshDir = "${cfg.dataDir}/.ssh";
tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags);
in
''
optionalString (cfg.privateSshKeyPath != null) ''
mkdir -m 0700 -p "${sshDir}"
cp -f "${toString cfg.openssh.privateKeyPath}" "${sshDir}/id_rsa"
chmod 600 "${sshDir}"/id_rsa*
cp -f "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa"
chmod 600 "${sshDir}"/id_rsa
'' + ''
cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF
token="$(cat ${toString cfg.tokenPath})"
name="${cfg.name}"
@@ -230,7 +242,7 @@ in

serviceConfig =
{ ExecStart = "${cfg.package}/bin/buildkite-agent start --config /var/lib/buildkite-agent/buildkite-agent.cfg";
User = "buildkite-agent";
User = cfg.user;
RestartSec = 5;
Restart = "on-failure";
TimeoutSec = 10;
1 change: 1 addition & 0 deletions nixos/tests/all-tests.nix
View file
Original file line number Diff line number Diff line change
@@ -33,6 +33,7 @@ in
bind = handleTest ./bind.nix {};
bittorrent = handleTest ./bittorrent.nix {};
#blivet = handleTest ./blivet.nix {}; # broken since 2017-07024
buildkite-agent = handleTest ./buildkite-agent.nix {};
boot = handleTestOn ["x86_64-linux"] ./boot.nix {}; # syslinux is unsupported on aarch64
boot-stage1 = handleTest ./boot-stage1.nix {};
borgbackup = handleTest ./borgbackup.nix {};
23 changes: 23 additions & 0 deletions nixos/tests/buildkite-agent.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
import ./make-test-python.nix ({ pkgs, ... }:

{
name = "buildkite-agent";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ flokli ];
};

machine = { pkgs, ... }: {
services.buildkite-agent = {
enable = true;
privateSshKeyPath = (import ./ssh-keys.nix pkgs).snakeOilPrivateKey;
tokenPath = (pkgs.writeText "my-token" "5678");
};
};

testScript = ''
# we can't wait on the unit to start up, as we obviously can't connect to buildkite,
# but we can look whether files are set up correctly
machine.wait_for_file("/var/lib/buildkite-agent/buildkite-agent.cfg")
machine.wait_for_file("/var/lib/buildkite-agent/.ssh/id_rsa")
'';
})