pyrox.dev
1# verifies:
2# 1. jenkins service starts on master node
3# 2. jenkins user can be extended on both master and slave
4# 3. jenkins service not started on slave node
5# 4. declarative jobs can be added and removed
6
7import ./make-test-python.nix ({ pkgs, ...} : {
8 name = "jenkins";
9 meta = with pkgs.lib.maintainers; {
10 maintainers = [ bjornfor coconnor domenkozar eelco ];
11 };
12
13 nodes = {
14
15 master =
16 { ... }:
17 { services.jenkins = {
18 enable = true;
19 jobBuilder = {
20 enable = true;
21 nixJobs = [
22 { job = {
23 name = "job-1";
24 builders = [
25 { shell = ''
26 echo "Running job-1"
27 '';
28 }
29 ];
30 };
31 }
32
33 { job = {
34 name = "folder-1";
35 project-type = "folder";
36 };
37 }
38
39 { job = {
40 name = "folder-1/job-2";
41 builders = [
42 { shell = ''
43 echo "Running job-2"
44 '';
45 }
46 ];
47 };
48 }
49 ];
50 };
51 };
52
53 specialisation.noJenkinsJobs.configuration = {
54 services.jenkins.jobBuilder.nixJobs = pkgs.lib.mkForce [];
55 };
56
57 # should have no effect
58 services.jenkinsSlave.enable = true;
59
60 users.users.jenkins.extraGroups = [ "users" ];
61
62 systemd.services.jenkins.serviceConfig.TimeoutStartSec = "6min";
63 };
64
65 slave =
66 { ... }:
67 { services.jenkinsSlave.enable = true;
68
69 users.users.jenkins.extraGroups = [ "users" ];
70 };
71
72 };
73
74 testScript = { nodes, ... }:
75 let
76 configWithoutJobs = "${nodes.master.config.system.build.toplevel}/specialisation/noJenkinsJobs";
77 jenkinsPort = nodes.master.config.services.jenkins.port;
78 jenkinsUrl = "http://localhost:${toString jenkinsPort}";
79 in ''
80 start_all()
81
82 master.wait_for_unit("default.target")
83
84 assert "Authentication required" in master.succeed("curl http://localhost:8080")
85
86 for host in master, slave:
87 groups = host.succeed("sudo -u jenkins groups")
88 assert "jenkins" in groups
89 assert "users" in groups
90
91 slave.fail("systemctl is-enabled jenkins.service")
92
93 slave.succeed("java -fullversion")
94
95 with subtest("jobs are declarative"):
96 # Check that jobs are created on disk.
97 master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/job-1/config.xml")
98 master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/config.xml")
99 master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")
100
101 # Verify that jenkins also sees the jobs.
102 out = master.succeed("${pkgs.jenkins}/bin/jenkins-cli -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")
103 jobs = [x.strip() for x in out.splitlines()]
104 # Seeing jobs inside folders requires the Folders plugin
105 # (https://plugins.jenkins.io/cloudbees-folder/), which we don't have
106 # in this vanilla jenkins install, so limit ourself to non-folder jobs.
107 assert jobs == ['job-1'], f"jobs != ['job-1']: {jobs}"
108
109 master.succeed(
110 "${configWithoutJobs}/bin/switch-to-configuration test >&2"
111 )
112
113 # Check that jobs are removed from disk.
114 master.wait_until_fails("test -f /var/lib/jenkins/jobs/job-1/config.xml")
115 master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/config.xml")
116 master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")
117
118 # Verify that jenkins also sees the jobs as removed.
119 out = master.succeed("${pkgs.jenkins}/bin/jenkins-cli -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")
120 jobs = [x.strip() for x in out.splitlines()]
121 assert jobs == [], f"jobs != []: {jobs}"
122 '';
123})