pyrox.dev
1# This test runs gitlab and checks if it works
2
3let
4 initialRootPassword = "notproduction";
5in
6import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; {
7 name = "gitlab";
8 meta = with pkgs.lib.maintainers; {
9 maintainers = [ globin ];
10 };
11
12 nodes = {
13 gitlab = { ... }: {
14 imports = [ common/user-account.nix ];
15
16 virtualisation.memorySize = if pkgs.stdenv.is64bit then 4096 else 2047;
17 systemd.services.gitlab.serviceConfig.Restart = mkForce "no";
18 systemd.services.gitlab-workhorse.serviceConfig.Restart = mkForce "no";
19 systemd.services.gitaly.serviceConfig.Restart = mkForce "no";
20 systemd.services.gitlab-sidekiq.serviceConfig.Restart = mkForce "no";
21
22 services.nginx = {
23 enable = true;
24 recommendedProxySettings = true;
25 virtualHosts = {
26 localhost = {
27 locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
28 };
29 };
30 };
31
32 services.dovecot2 = {
33 enable = true;
34 enableImap = true;
35 };
36
37 systemd.services.gitlab-backup.environment.BACKUP = "dump";
38
39 services.gitlab = {
40 enable = true;
41 databasePasswordFile = pkgs.writeText "dbPassword" "xo0daiF4";
42 initialRootPasswordFile = pkgs.writeText "rootPassword" initialRootPassword;
43 smtp.enable = true;
44 extraConfig = {
45 incoming_email = {
46 enabled = true;
47 mailbox = "inbox";
48 address = "alice@localhost";
49 user = "alice";
50 password = "foobar";
51 host = "localhost";
52 port = 143;
53 };
54 pages = {
55 enabled = true;
56 host = "localhost";
57 };
58 };
59 secrets = {
60 secretFile = pkgs.writeText "secret" "Aig5zaic";
61 otpFile = pkgs.writeText "otpsecret" "Riew9mue";
62 dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
63 jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
64 };
65 };
66 };
67 };
68
69 testScript = { nodes, ... }:
70 let
71 auth = pkgs.writeText "auth.json" (builtins.toJSON {
72 grant_type = "password";
73 username = "root";
74 password = initialRootPassword;
75 });
76
77 createProject = pkgs.writeText "create-project.json" (builtins.toJSON {
78 name = "test";
79 });
80
81 putFile = pkgs.writeText "put-file.json" (builtins.toJSON {
82 branch = "master";
83 author_email = "author@example.com";
84 author_name = "Firstname Lastname";
85 content = "some content";
86 commit_message = "create a new file";
87 });
88
89 # Wait for all GitLab services to be fully started.
90 waitForServices = ''
91 gitlab.wait_for_unit("gitaly.service")
92 gitlab.wait_for_unit("gitlab-workhorse.service")
93 gitlab.wait_for_unit("gitlab-pages.service")
94 gitlab.wait_for_unit("gitlab-mailroom.service")
95 gitlab.wait_for_unit("gitlab.service")
96 gitlab.wait_for_unit("gitlab-sidekiq.service")
97 gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/tmp/sockets/gitlab.socket")
98 gitlab.wait_until_succeeds("curl -sSf http://gitlab/users/sign_in")
99 '';
100
101 # The actual test of GitLab. Only push data to GitLab if
102 # `doSetup` is is true.
103 test = doSetup: ''
104 gitlab.succeed(
105 "curl -isSf http://gitlab | grep -i location | grep -q http://gitlab/users/sign_in"
106 )
107 gitlab.succeed(
108 "${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2"
109 )
110 gitlab.succeed(
111 "echo \"Authorization: Bearer \$(curl -X POST -H 'Content-Type: application/json' -d @${auth} http://gitlab/oauth/token | ${pkgs.jq}/bin/jq -r '.access_token')\" >/tmp/headers"
112 )
113 '' + optionalString doSetup ''
114 gitlab.succeed(
115 "curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${createProject} http://gitlab/api/v4/projects"
116 )
117 gitlab.succeed(
118 "curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${putFile} http://gitlab/api/v4/projects/1/repository/files/some-file.txt"
119 )
120 '' + ''
121 gitlab.succeed(
122 "curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.gz > /tmp/archive.tar.gz"
123 )
124 gitlab.succeed(
125 "curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.bz2 > /tmp/archive.tar.bz2"
126 )
127 gitlab.succeed("test -s /tmp/archive.tar.gz")
128 gitlab.succeed("test -s /tmp/archive.tar.bz2")
129 '';
130
131 in ''
132 gitlab.start()
133 ''
134 + waitForServices
135 + test true
136 + ''
137 gitlab.systemctl("start gitlab-backup.service")
138 gitlab.wait_for_unit("gitlab-backup.service")
139 gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/backup/dump_gitlab_backup.tar")
140 gitlab.systemctl("stop postgresql.service gitlab.target")
141 gitlab.succeed(
142 "find ${nodes.gitlab.config.services.gitlab.statePath} -mindepth 1 -maxdepth 1 -not -name backup -execdir rm -r {} +"
143 )
144 gitlab.succeed("systemd-tmpfiles --create")
145 gitlab.succeed("rm -rf ${nodes.gitlab.config.services.postgresql.dataDir}")
146 gitlab.systemctl("start gitlab-config.service gitlab-postgresql.service")
147 gitlab.succeed(
148 "sudo -u gitlab -H gitlab-rake gitlab:backup:restore RAILS_ENV=production BACKUP=dump force=yes"
149 )
150 gitlab.systemctl("start gitlab.target")
151 ''
152 + waitForServices
153 + test false;
154})