pyrox.dev
1# This test runs gitlab and checks if it works
2
3let
4 initialRootPassword = "notproduction";
5in
6import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; {
7 name = "gitlab";
8 meta = with pkgs.lib.maintainers; {
9 maintainers = [ globin ];
10 };
11
12 nodes = {
13 gitlab = { ... }: {
14 imports = [ common/user-account.nix ];
15
16 virtualisation.memorySize = if pkgs.stdenv.is64bit then 4096 else 2047;
17 virtualisation.cores = 4;
18 virtualisation.useNixStoreImage = true;
19 systemd.services.gitlab.serviceConfig.Restart = mkForce "no";
20 systemd.services.gitlab-workhorse.serviceConfig.Restart = mkForce "no";
21 systemd.services.gitaly.serviceConfig.Restart = mkForce "no";
22 systemd.services.gitlab-sidekiq.serviceConfig.Restart = mkForce "no";
23
24 services.nginx = {
25 enable = true;
26 recommendedProxySettings = true;
27 virtualHosts = {
28 localhost = {
29 locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
30 };
31 };
32 };
33
34 services.dovecot2 = {
35 enable = true;
36 enableImap = true;
37 };
38
39 systemd.services.gitlab-backup.environment.BACKUP = "dump";
40
41 services.gitlab = {
42 enable = true;
43 databasePasswordFile = pkgs.writeText "dbPassword" "xo0daiF4";
44 initialRootPasswordFile = pkgs.writeText "rootPassword" initialRootPassword;
45 smtp.enable = true;
46 extraConfig = {
47 incoming_email = {
48 enabled = true;
49 mailbox = "inbox";
50 address = "alice@localhost";
51 user = "alice";
52 password = "foobar";
53 host = "localhost";
54 port = 143;
55 };
56 # https://github.com/NixOS/nixpkgs/issues/132295
57 # pages = {
58 # enabled = true;
59 # host = "localhost";
60 # };
61 };
62 secrets = {
63 secretFile = pkgs.writeText "secret" "Aig5zaic";
64 otpFile = pkgs.writeText "otpsecret" "Riew9mue";
65 dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
66 jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
67 };
68 };
69 };
70 };
71
72 testScript = { nodes, ... }:
73 let
74 auth = pkgs.writeText "auth.json" (builtins.toJSON {
75 grant_type = "password";
76 username = "root";
77 password = initialRootPassword;
78 });
79
80 createProject = pkgs.writeText "create-project.json" (builtins.toJSON {
81 name = "test";
82 });
83
84 putFile = pkgs.writeText "put-file.json" (builtins.toJSON {
85 branch = "master";
86 author_email = "author@example.com";
87 author_name = "Firstname Lastname";
88 content = "some content";
89 commit_message = "create a new file";
90 });
91
92 # Wait for all GitLab services to be fully started.
93 waitForServices = ''
94 gitlab.wait_for_unit("gitaly.service")
95 gitlab.wait_for_unit("gitlab-workhorse.service")
96 # https://github.com/NixOS/nixpkgs/issues/132295
97 # gitlab.wait_for_unit("gitlab-pages.service")
98 gitlab.wait_for_unit("gitlab-mailroom.service")
99 gitlab.wait_for_unit("gitlab.service")
100 gitlab.wait_for_unit("gitlab-sidekiq.service")
101 gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/tmp/sockets/gitlab.socket")
102 gitlab.wait_until_succeeds("curl -sSf http://gitlab/users/sign_in")
103 '';
104
105 # The actual test of GitLab. Only push data to GitLab if
106 # `doSetup` is is true.
107 test = doSetup: ''
108 gitlab.succeed(
109 "curl -isSf http://gitlab | grep -i location | grep http://gitlab/users/sign_in"
110 )
111 gitlab.succeed(
112 "${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2"
113 )
114 gitlab.succeed(
115 "echo \"Authorization: Bearer \$(curl -X POST -H 'Content-Type: application/json' -d @${auth} http://gitlab/oauth/token | ${pkgs.jq}/bin/jq -r '.access_token')\" >/tmp/headers"
116 )
117 '' + optionalString doSetup ''
118 gitlab.succeed(
119 "curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${createProject} http://gitlab/api/v4/projects"
120 )
121 gitlab.succeed(
122 "curl -X POST -H 'Content-Type: application/json' -H @/tmp/headers -d @${putFile} http://gitlab/api/v4/projects/1/repository/files/some-file.txt"
123 )
124 '' + ''
125 gitlab.succeed(
126 "curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.gz > /tmp/archive.tar.gz"
127 )
128 gitlab.succeed(
129 "curl -H @/tmp/headers http://gitlab/api/v4/projects/1/repository/archive.tar.bz2 > /tmp/archive.tar.bz2"
130 )
131 gitlab.succeed("test -s /tmp/archive.tar.gz")
132 gitlab.succeed("test -s /tmp/archive.tar.bz2")
133 '';
134
135 in ''
136 gitlab.start()
137 ''
138 + waitForServices
139 + test true
140 + ''
141 gitlab.systemctl("start gitlab-backup.service")
142 gitlab.wait_for_unit("gitlab-backup.service")
143 gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/backup/dump_gitlab_backup.tar")
144 gitlab.systemctl("stop postgresql.service gitlab.target")
145 gitlab.succeed(
146 "find ${nodes.gitlab.config.services.gitlab.statePath} -mindepth 1 -maxdepth 1 -not -name backup -execdir rm -r {} +"
147 )
148 gitlab.succeed("systemd-tmpfiles --create")
149 gitlab.succeed("rm -rf ${nodes.gitlab.config.services.postgresql.dataDir}")
150 gitlab.systemctl("start gitlab-config.service gitaly.service gitlab-postgresql.service")
151 gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/tmp/sockets/gitaly.socket")
152 gitlab.succeed(
153 "sudo -u gitlab -H gitlab-rake gitlab:backup:restore RAILS_ENV=production BACKUP=dump force=yes"
154 )
155 gitlab.systemctl("start gitlab.target")
156 ''
157 + waitForServices
158 + test false;
159})