nixos/tests/jenkins.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / jenkins.nix
at 22.05-pre 4.9 kB view raw
  1# verifies:
  2#   1. jenkins service starts on master node
  3#   2. jenkins user can be extended on both master and slave
  4#   3. jenkins service not started on slave node
  5#   4. declarative jobs can be added and removed
  6
  7import ./make-test-python.nix ({ pkgs, ...} : {
  8  name = "jenkins";
  9  meta = with pkgs.lib.maintainers; {
 10    maintainers = [ bjornfor coconnor domenkozar eelco ];
 11  };
 12
 13  nodes = {
 14
 15    master =
 16      { ... }:
 17      { services.jenkins = {
 18          enable = true;
 19          jobBuilder = {
 20            enable = true;
 21            nixJobs = [
 22              { job = {
 23                  name = "job-1";
 24                  builders = [
 25                    { shell = ''
 26                        echo "Running job-1"
 27                      '';
 28                    }
 29                  ];
 30                };
 31              }
 32
 33              { job = {
 34                  name = "folder-1";
 35                  project-type = "folder";
 36                };
 37              }
 38
 39              { job = {
 40                  name = "folder-1/job-2";
 41                  builders = [
 42                    { shell = ''
 43                        echo "Running job-2"
 44                      '';
 45                    }
 46                  ];
 47                };
 48              }
 49            ];
 50          };
 51        };
 52
 53        specialisation.noJenkinsJobs.configuration = {
 54          services.jenkins.jobBuilder.nixJobs = pkgs.lib.mkForce [];
 55        };
 56
 57        # should have no effect
 58        services.jenkinsSlave.enable = true;
 59
 60        users.users.jenkins.extraGroups = [ "users" ];
 61
 62        systemd.services.jenkins.serviceConfig.TimeoutStartSec = "6min";
 63      };
 64
 65    slave =
 66      { ... }:
 67      { services.jenkinsSlave.enable = true;
 68
 69        users.users.jenkins.extraGroups = [ "users" ];
 70      };
 71
 72  };
 73
 74  testScript = { nodes, ... }:
 75    let
 76      configWithoutJobs = "${nodes.master.config.system.build.toplevel}/specialisation/noJenkinsJobs";
 77      jenkinsPort = nodes.master.config.services.jenkins.port;
 78      jenkinsUrl = "http://localhost:${toString jenkinsPort}";
 79    in ''
 80    start_all()
 81
 82    master.wait_for_unit("jenkins")
 83
 84    assert "Authentication required" in master.succeed("curl http://localhost:8080")
 85
 86    for host in master, slave:
 87        groups = host.succeed("sudo -u jenkins groups")
 88        assert "jenkins" in groups
 89        assert "users" in groups
 90
 91    slave.fail("systemctl is-enabled jenkins.service")
 92
 93    with subtest("jobs are declarative"):
 94        # Check that jobs are created on disk.
 95        master.wait_for_unit("jenkins-job-builder")
 96        master.wait_until_fails("systemctl is-active jenkins-job-builder")
 97        master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/job-1/config.xml")
 98        master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/config.xml")
 99        master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")
100
101        # Wait until jenkins is ready, reload configuration and verify it also
102        # sees the jobs.
103        master.succeed("curl --fail ${jenkinsUrl}/cli")
104        master.succeed("curl ${jenkinsUrl}/jnlpJars/jenkins-cli.jar -O")
105        master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) reload-configuration")
106        out = master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")
107        jobs = [x.strip() for x in out.splitlines()]
108        # Seeing jobs inside folders requires the Folders plugin
109        # (https://plugins.jenkins.io/cloudbees-folder/), which we don't have
110        # in this vanilla jenkins install, so limit ourself to non-folder jobs.
111        assert jobs == ['job-1'], f"jobs != ['job-1']: {jobs}"
112
113        master.succeed(
114            "${configWithoutJobs}/bin/switch-to-configuration test >&2"
115        )
116
117        # Check that jobs are removed from disk.
118        master.wait_for_unit("jenkins-job-builder")
119        master.wait_until_fails("systemctl is-active jenkins-job-builder")
120        master.wait_until_fails("test -f /var/lib/jenkins/jobs/job-1/config.xml")
121        master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/config.xml")
122        master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")
123
124        # Reload jenkins' configuration and verify it also sees the jobs as removed.
125        master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) reload-configuration")
126        out = master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")
127        jobs = [x.strip() for x in out.splitlines()]
128        assert jobs == [], f"jobs != []: {jobs}"
129  '';
130})