From b4e1c5b5b36ad023d15ff4630daed683848a5e4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Wed, 9 Jul 2025 22:57:52 +0200 Subject: [PATCH] Restrict fileset necessary for deployment tests (#450) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that we won't depend on the flake.nix anymore, we won't depend on all the flake-part.nix files (necessary to evaluate flake.nix) and all the files they depend on etc., so the Nix dependencies of the tests will be drastically reduced, and I will be able to leverage that by introducing a more subtle src. This will make the test not need to re-run if only things outside that reduced src changed (and the previous run is in the Nix store). Reviewed-on: https://git.fediversity.eu/Fediversity/Fediversity/pulls/450 Reviewed-by: kiara Grouwstra Reviewed-by: Valentin Gagarin Co-authored-by: Nicolas “Niols” Jeannerod Co-committed-by: Nicolas “Niols” Jeannerod --- deployment/check/basic/nixosTest.nix | 7 +++- deployment/check/cli/nixosTest.nix | 22 +++++++++++- deployment/check/common/nixosTest.nix | 49 ++++++++++++++++++++++----- deployment/check/panel/nixosTest.nix | 14 ++++++++ 4 files changed, 81 insertions(+), 11 deletions(-) diff --git a/deployment/check/basic/nixosTest.nix b/deployment/check/basic/nixosTest.nix index a5a23be7..93c8ad23 100644 --- a/deployment/check/basic/nixosTest.nix +++ b/deployment/check/basic/nixosTest.nix @@ -1,10 +1,15 @@ -{ inputs, ... }: +{ inputs, lib, ... }: { _class = "nixosTest"; name = "deployment-basic"; + sourceFileset = lib.fileset.unions [ + ./constants.nix + ./deployment.nix + ]; + nodes.deployer = { pkgs, ... }: { diff --git a/deployment/check/cli/nixosTest.nix b/deployment/check/cli/nixosTest.nix index 9bce082e..d171a182 100644 --- a/deployment/check/cli/nixosTest.nix +++ b/deployment/check/cli/nixosTest.nix @@ -1,4 +1,9 @@ -{ inputs, hostPkgs, ... }: +{ + inputs, + hostPkgs, + lib, + ... +}: let ## Some places need a dummy file that will in fact never be used. We create @@ -11,6 +16,21 @@ in name = "deployment-cli"; + sourceFileset = lib.fileset.unions [ + ./constants.nix + ./deployments.nix + + # REVIEW: I would like to be able to grab all of `/deployment` minus + # `/deployment/check`, but I can't because there is a bunch of other files + # in `/deployment`. Maybe we can think of a reorg making things more robust + # here? (comment also in panel test) + ../../default.nix + ../../options.nix + ../../configuration.sample.json + + ../../../services/fediversity + ]; + nodes.deployer = { pkgs, ... }: { diff --git a/deployment/check/common/nixosTest.nix b/deployment/check/common/nixosTest.nix index dab35ea5..cb52ed9f 100644 --- a/deployment/check/common/nixosTest.nix +++ b/deployment/check/common/nixosTest.nix @@ -13,6 +13,7 @@ let toJSON ; inherit (lib) + types fileset mkOption genAttrs @@ -27,14 +28,6 @@ let forConcat = xs: f: concatStringsSep "\n" (map f xs); - ## The whole repository, with the flake at its root. - ## FIXME: We could probably have fileset be the union of ./. with flake.nix - ## and flake.lock - I doubt we need anything else. - src = fileset.toSource { - fileset = config.pathToRoot; - root = config.pathToRoot; - }; - ## We will need to override some inputs by the empty flake, so we make one. emptyFlake = runCommandNoCC "empty-flake" { } '' mkdir $out @@ -53,9 +46,39 @@ in ## FIXME: I wish I could just use `testScript` but with something like ## `mkOrder` to put this module's string before something else. extraTestScript = mkOption { }; + + sourceFileset = mkOption { + ## REVIEW: Upstream to nixpkgs? + type = types.mkOptionType { + name = "fileset"; + description = "fileset"; + descriptionClass = "noun"; + check = (x: (builtins.tryEval (fileset.unions [ x ])).success); + merge = (_: defs: fileset.unions (map (x: x.value) defs)); + }; + description = '' + A fileset that will be copied to the deployer node in the current + working directory. This should contain all the files that are + necessary to run that particular test, such as the NixOS + modules necessary to evaluate a deployment. + ''; + }; }; config = { + sourceFileset = fileset.unions [ + # NOTE: not the flake itself; it will be overridden. + ../../../mkFlake.nix + ../../../flake.lock + ../../../npins + + ./sharedOptions.nix + ./targetNode.nix + ./targetResource.nix + + (config.pathToCwd + "/flake-under-test.nix") + ]; + acmeNodeIP = config.nodes.acme.networking.primaryIPAddress; nodes = @@ -103,8 +126,16 @@ in ${n}.wait_for_unit("multi-user.target") '')} + ## A subset of the repository that is necessary for this test. It will be + ## copied inside the test. The smaller this set, the faster our CI, because we + ## won't need to re-run when things change outside of it. with subtest("Unpacking"): - deployer.succeed("cp -r --no-preserve=mode ${src}/* .") + deployer.succeed("cp -r --no-preserve=mode ${ + fileset.toSource { + root = ../../..; + fileset = config.sourceFileset; + } + }/* .") with subtest("Configure the network"): ${forConcat config.targetMachines ( diff --git a/deployment/check/panel/nixosTest.nix b/deployment/check/panel/nixosTest.nix index 357c9a24..ffcb8e53 100644 --- a/deployment/check/panel/nixosTest.nix +++ b/deployment/check/panel/nixosTest.nix @@ -125,6 +125,20 @@ in name = "deployment-panel"; + sourceFileset = lib.fileset.unions [ + ./constants.nix + ./deployment.nix + + # REVIEW: I would like to be able to grab all of `/deployment` minus + # `/deployment/check`, but I can't because there is a bunch of other files + # in `/deployment`. Maybe we can think of a reorg making things more robust + # here? (comment also in CLI test) + ../../default.nix + ../../options.nix + + ../../../services/fediversity + ]; + ## The panel's module sets `nixpkgs.overlays` which clashes with ## `pkgsReadOnly`. We disable it here. node.pkgsReadOnly = false;