Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[READY] nix.checks: rework and clean up #803

Merged
merged 9 commits into from
Dec 1, 2024
Merged

[READY] nix.checks: rework and clean up #803

merged 9 commits into from
Dec 1, 2024

Conversation

djacu
Copy link
Contributor

@djacu djacu commented Nov 29, 2024
edited by sarcasticadmin
Loading

Description of PR

Reworks the nix checks to reduce the use of self as a source. Switch to using filesets to limit the scope of what is considered as part of the closure and gets copied into the nix store.

Previous Behavior

  1. Any modification to the repository causes all the check derivations to be rebuilt because their source is the whole repository a.k.a. self.
  2. duplicate-facts uses fish to run a script file. fish tries to find and create config files but cannot because it is running in the sandbox and throws warnings/errors. They do not cause the derivation to fail to build but they do pollute the output.

New Behavior

  1. pytest-facts, duplicate-facts, and perl-switches have restricted source inputs which will limit what causes them to rebuild. openwrt-golden still has the old behavior because I kept getting permission denied errors when gomplate tried to create new directories. `openwrt-golden has restricted source inputs as well.
  2. Added a flag so that fish stops throwing warnings/errors. See c2c6d4e.

Tests

How was this PR tested?

nix flake check

djacu added 6 commits November 28, 2024 16:01
@djacu
nix.checks: create clean facts source
3b5d144 
Adds facts source to the checks code that can be used for several
checks. This is better than coping all of `self` which creates a new
derivation every time anything changes in the repository.
@djacu
nix.checks.pytest-facts: use fileset source and buildInputs
8964af5 
Reworked pytest-facts to use `factsSrc` so it does not rebuild every
time anything changes in the repository. Added the testPython
environment to the build inputs so that `pylint` and `pytest` can be
called directly.
@djacu
nix.checks.duplicates-facts: use fileset source
9fed345 
Rework `duplicates-facts` to use `factsSrc` so it does not rebuild every
time anything changes in the repository.
@djacu
nix.checks.duplicates-facts: fix fish warnings/errors
c2c6d4e 
`fish` was raising warnings and errors because it is running in the
sandbox. It tries to write files as if it had access to the $HOME
directory but it does not. Adding the `--no-config` flag tells it not to
read from a configuration file so it will not go hunting for one or try
to write files where it cannot.

The warnings/errors below are what `fish` was writing to the shell.
These do not show up with this fix.

> duplicates-facts> error: can not save history
> duplicates-facts> warning-path: Unable to locate data directory derived from $HOME: '/homeless-shelter/.local/share/fish'.
> duplicates-facts> warning-path: The error was 'Permission denied'.
> duplicates-facts> warning-path: Please set $HOME to a directory where you have write access.
> duplicates-facts> error: can not save universal variables or functions
> duplicates-facts> warning-path: Unable to locate config directory derived from $HOME: '/homeless-shelter/.config/fish'.
> duplicates-facts> warning-path: The error was 'Permission denied'.
> duplicates-facts> warning-path: Please set $HOME to a directory where you have write access.
@djacu
nix.checks: create clean switch-configuration source
2613d72 
Adds `switchConfigurationSrc` source to checks that can be used for
other checks. This will replace derivations that use `self` for the
source which creates a new derivation every time anything in the
repository changes.
@djacu
nix.checks.perl-switches: use fileset source and mkDerivation
829f75d 
Rework perl-switches test to use `switchConfigurationSrc` so it does not
rebuild every time anything changes in the repository. Cannot use this
with runCommand because it does not set the correct permissions for
source files and directories.
@djacu djacu changed the title nix.checks: rework and clean up [READY] nix.checks: rework and clean up Nov 29, 2024
sarcasticadmin
sarcasticadmin approved these changes Nov 30, 2024
View reviewed changes
Copy link
Member

@sarcasticadmin sarcasticadmin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@djacu looking much better, no rebuilding on every change anywhere in the repo! Had one question for my clarification.

openwrt-golden still has the old behavior because I kept getting permission denied errors when gomplate tried to create new directories.

Hmm let me look at why this is. iirc theres some odd behavior with gomplate that Ive run into before. Id be nice to get all of these tests fixed while its top of mind.

nix/checks/default.nix
# sources

# Used for derivations where facts is the primary directory.
factsSrc = toSource {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the thought here that eventually we might have more (or less) required for the factSrc? Since at the moment they are the same dirs between factsSrc and switchConfigurationSrc

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was just a coincidence that they share the same source. When I started with factSrc, I didn't realize it needed more that the facts directory because the scripts reach up and over into the switch-configuration directory for files. And then the same happened when I made switchConfigurationSrc. I started with it only having the switch-configuration directory but then the scripts failed because they reach into the facts directory.

I moved forward with keeping them separate because I wasn't sure if or how files would be added in new directories or consolidated into fewer. I thought about writing a fileset source in situ for each derivation. I also though about consolidating factSrc and switchConfigurationSrc into a single source. Opted to leave it as is for us to discuss.

Ideally, some time in the future, it would be ideal that these scripts don't reach across parent directories like they do but that can be tackled another day.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm let me look at why this is. iirc theres some odd behavior with gomplate that Ive run into before. Id be nice to get all of these tests fixed while its top of mind.

Yeah I hacked at it for a couple hours and kept running into issues with gomplate. FYI if you want to hack on this, switch to using mkDerivation like I did for perl-switches. It sets write permissions on the source that you don't get with runCommand.

@sarcasticadmin
nix.checks.openwrt: use fileset source and mkDerivation
06e5bf5 
Including a openwrtSrc for any openwrt specific checks that we have.
Additionally, reworking the openwrt-golden test to consume from this new
src.
@sarcasticadmin
nix.checks: remove cleanSource lib
3e47e3a 
All checks have been moved over to their respective fileset sources so
we no longer need to use the cleanSource function against inputs.self.
@sarcasticadmin
Copy link
Member

sarcasticadmin commented Dec 1, 2024
edited
Loading

@djacu This looks like its working as expected now for checks.x86_64-linux.openwrt-golden. I modified an input to the golden test to confirm a failure as well. Heres the result in having an unexpected delta in the test if the templating failed for a specific ssh key:

$ nix build -L .#checks.x86_64-linux.openwrt-golden
path '/home/rherna/workspace/scale-network/nix/checks' does not contain a 'flake.nix', searching up
warning: Git tree '/home/rherna/workspace/scale-network' is dirty
openwrt-golden> Running phase: unpackPhase
openwrt-golden> unpacking source archive /nix/store/yfjc7bc8amws1kg7yfwrbrkjbcg9m4ba-source
openwrt-golden> source root is source
openwrt-golden> Running phase: patchPhase
openwrt-golden> Running phase: updateAutotoolsGnuConfigScriptsPhase
openwrt-golden> Running phase: configurePhase
openwrt-golden> no configure script, doing nothing
openwrt-golden> Running phase: buildPhase
openwrt-golden> diff -u -r golden/ar71xx/root/.ssh/authorized_keys /nix/store/d5pi4hy17j0sb37gr7y7fsp6ab6y638a-openwrt-golden-0.1.0/tmp/ar71xx/root/.ssh/authorized_keys
openwrt-golden> --- golden/ar71xx/root/.ssh/authorized_keys     1970-01-01 00:00:01.000000000 +0000
openwrt-golden> +++ /nix/store/d5pi4hy17j0sb37gr7y7fsp6ab6y638a-openwrt-golden-0.1.0/tmp/ar71xx/root/.ssh/authorized_keys       2024-12-01 16:34:48.186437686 +0000
openwrt-golden> @@ -9,5 +9,5 @@
openwrt-golden>  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMlEPbMnefiPfCTKb9lOzPzfnOVAohO08myWWMm9EJxZ
openwrt-golden>  ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjjcUJLTENGrV6K/nrPOswcBVMMuS4sLSs0UyTRw8wU87PDUzJz8Ht2SgHqeEQJdRm1+b6iLsx2uKOf+/pU8qE= [email protected]
openwrt-golden>  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVZ7n1EOezedsbphq5atGtHm11xeGpLZBzEbgV7eZdb Ryan Hamel - SCALE
openwrt-golden> -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEiESod7DOT2cmT2QEYjBIrzYqTDnJLld1em3doDROq sarcasticadmin
openwrt-golden> +sh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEiESod7DOT2cmT2QEYjBIrzYqTDnJLld1em3doDROq sarcasticadmin
openwrt-golden>  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUeOWNKOfE8kr/i076oG7oSp9CyhI/7I7kw0U2omWN1S7UEZoV/42DYnyakemHIp4Jyg0/Yk88oM+GtQWZYwnbJDETOY7xjA0btfpFoKYHY7TU4crsdTkE2qkekaa9plYRYQi4mZ/hl0/3Qkd+y2lLUzvEFa3RHv3JYMUi5ijv4mscXqSlBwIngX6l1pU7Wz6hexxa8YdKql17UF3oFwcqLLpnvTHmbI415f/EJNy+LSuXD1Au/ajLQbgdrDaOBNFKuyTjFd1VX0LrT+SD0MwwyT0I8vPU5E2WSkhBw6y932gDTFfmtwtDRrsJjz6w6y32cs0pns0miugLWrxwrWvC2tjzhS+QmCxrR00FK6jPHC/sHv21OVh93fyd9USAu6TCbkQ/FzCzqKbfEInoYAR+RaVeePXik5KvBqFqfUt0MMycVXj+XzHjpRAduG9aFA315Bu5k6w45m473BcFgHgq4/FVn88ImfPddXLtyJZN9oHorpI9bhQhMAopGAFyxuI+VjaP11mhylrjm+3+Q87gXPqvN0he9VPDvz/P30Id1S6me5rpsoiYilhFx8xxwiga4kjVQlXmC/NzlldM86dOIMr0PtGh5kGOe3X5ePKkjfstXnvvFfFeqiqUPp40jfX+Ocs68ozFR4PRDUWSqVrPgYVPOMViTH8BHKh1vcAEGQ== steve@loot5a
error: builder for '/nix/store/i6nx73hgcfmmc1jfcbfh7cgvra4jg637-openwrt-golden-0.1.0.drv' failed with exit code 1;
       last 10 log lines:
       > diff -u -r golden/ar71xx/root/.ssh/authorized_keys /nix/store/d5pi4hy17j0sb37gr7y7fsp6ab6y638a-openwrt-golden-0.1.0/tmp/ar71xx/root/.ssh/authorized_keys
       > --- golden/ar71xx/root/.ssh/authorized_keys    1970-01-01 00:00:01.000000000 +0000
       > +++ /nix/store/d5pi4hy17j0sb37gr7y7fsp6ab6y638a-openwrt-golden-0.1.0/tmp/ar71xx/root/.ssh/authorized_keys      2024-12-01 16:34:48.186437686 +0000
       > @@ -9,5 +9,5 @@
       >  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMlEPbMnefiPfCTKb9lOzPzfnOVAohO08myWWMm9EJxZ
       >  ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjjcUJLTENGrV6K/nrPOswcBVMMuS4sLSs0UyTRw8wU87PDUzJz8Ht2SgHqeEQJdRm1+b6iLsx2uKOf+/pU8qE= [email protected]
       >  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVZ7n1EOezedsbphq5atGtHm11xeGpLZBzEbgV7eZdb Ryan Hamel - SCALE
       > -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEiESod7DOT2cmT2QEYjBIrzYqTDnJLld1em3doDROq sarcasticadmin
       > +sh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEiESod7DOT2cmT2QEYjBIrzYqTDnJLld1em3doDROq sarcasticadmin
       >  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUeOWNKOfE8kr/i076oG7oSp9CyhI/7I7kw0U2omWN1S7UEZoV/42DYnyakemHIp4Jyg0/Yk88oM+GtQWZYwnbJDETOY7xjA0btfpFoKYHY7TU4crsdTkE2qkekaa9plYRYQi4mZ/hl0/3Qkd+y2lLUzvEFa3RHv3JYMUi5ijv4mscXqSlBwIngX6l1pU7Wz6hexxa8YdKql17UF3oFwcqLLpnvTHmbI415f/EJNy+LSuXD1Au/ajLQbgdrDaOBNFKuyTjFd1VX0LrT+SD0MwwyT0I8vPU5E2WSkhBw6y932gDTFfmtwtDRrsJjz6w6y32cs0pns0miugLWrxwrWvC2tjzhS+QmCxrR00FK6jPHC/sHv21OVh93fyd9USAu6TCbkQ/FzCzqKbfEInoYAR+RaVeePXik5KvBqFqfUt0MMycVXj+XzHjpRAduG9aFA315Bu5k6w45m473BcFgHgq4/FVn88ImfPddXLtyJZN9oHorpI9bhQhMAopGAFyxuI+VjaP11mhylrjm+3+Q87gXPqvN0he9VPDvz/P30Id1S6me5rpsoiYilhFx8xxwiga4kjVQlXmC/NzlldM86dOIMr0PtGh5kGOe3X5ePKkjfstXnvvFfFeqiqUPp40jfX+Ocs68ozFR4PRDUWSqVrPgYVPOMViTH8BHKh1vcAEGQ== steve@loot5a
       For full logs, run 'nix log /nix/store/i6nx73hgcfmmc1jfcbfh7cgvra4jg637-openwrt-golden-0.1.0.drv'.

@djacu
Copy link
Contributor Author

djacu commented Dec 1, 2024
edited
Loading

@sarcasticadmin now that I see your implementation, I know what I was doing wrong. In the build phase, you have

cd tests/unit/openwrt

and I had

cd $src/tests/unit/openwrt

which does not cd to the same directory.

It was trying to make new files/directories in the source input which is read only.

@sarcasticadmin
Copy link
Member

Ooo yep that'll definitely cause problems 😅 Im glad we know what was going wrong

@djacu
nix.checks.openwrt-golden: change script mode bit
40cf34a 
Makes the test.sh script executable so that bash does not need to be
invoked in the build environment which is already running bash.
@djacu
Copy link
Contributor Author

djacu commented Dec 1, 2024

Alright I pushed one more commit. Check that you are good with it and this should be good to go.

Also I don't have merge authority

@sarcasticadmin sarcasticadmin merged commit 9aa9bc7 into master Dec 1, 2024
3 checks passed
@sarcasticadmin sarcasticadmin deleted the djacu/cleanup-checks branch December 1, 2024 18:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sarcasticadmin sarcasticadmin sarcasticadmin approved these changes

@kylerisse kylerisse Awaiting requested review from kylerisse

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@djacu @sarcasticadmin