nixos/tests/gitea.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / gitea.nix
at 23.11-beta 6.7 kB view raw
  1{ system ? builtins.currentSystem,
  2  config ? {},
  3  giteaPackage ? pkgs.gitea,
  4  pkgs ? import ../.. { inherit system config; }
  5}:
  6
  7with import ../lib/testing-python.nix { inherit system pkgs; };
  8with pkgs.lib;
  9
 10let
 11  ## gpg --faked-system-time='20230301T010000!' --quick-generate-key snakeoil ed25519 sign
 12  signingPrivateKey = ''
 13    -----BEGIN PGP PRIVATE KEY BLOCK-----
 14
 15    lFgEY/6jkBYJKwYBBAHaRw8BAQdADXiZRV8RJUyC9g0LH04wLMaJL9WTc+szbMi7
 16    5fw4yP8AAQCl8EwGfzSLm/P6fCBfA3I9znFb3MEHGCCJhJ6VtKYyRw7ktAhzbmFr
 17    ZW9pbIiUBBMWCgA8FiEE+wUM6VW/NLtAdSixTWQt6LZ4x50FAmP+o5ACGwMFCQPC
 18    ZwAECwkIBwQVCgkIBRYCAwEAAh4FAheAAAoJEE1kLei2eMedFTgBAKQs1oGFZrCI
 19    TZP42hmBTKxGAI1wg7VSdDEWTZxut/2JAQDGgo2sa4VHMfj0aqYGxrIwfP2B7JHO
 20    GCqGCRf9O/hzBA==
 21    =9Uy3
 22    -----END PGP PRIVATE KEY BLOCK-----
 23  '';
 24  signingPrivateKeyId = "4D642DE8B678C79D";
 25
 26  supportedDbTypes = [ "mysql" "postgres" "sqlite3" ];
 27  makeGiteaTest = type: nameValuePair type (makeTest {
 28    name = "${giteaPackage.pname}-${type}";
 29    meta.maintainers = with maintainers; [ aanderse kolaente ma27 ];
 30
 31    nodes = {
 32      server = { config, pkgs, ... }: {
 33        virtualisation.memorySize = 2047;
 34        services.gitea = {
 35          enable = true;
 36          database = { inherit type; };
 37          package = giteaPackage;
 38          metricsTokenFile = (pkgs.writeText "metrics_secret" "fakesecret").outPath;
 39          settings.service.DISABLE_REGISTRATION = true;
 40          settings."repository.signing".SIGNING_KEY = signingPrivateKeyId;
 41          settings.actions.ENABLED = true;
 42          settings.metrics.ENABLED = true;
 43        };
 44        environment.systemPackages = [ giteaPackage pkgs.gnupg pkgs.jq ];
 45        services.openssh.enable = true;
 46
 47        specialisation.runner = {
 48          inheritParentConfig = true;
 49
 50          configuration.services.gitea-actions-runner.instances."test" = {
 51            enable = true;
 52            name = "ci";
 53            url = "http://localhost:3000";
 54            labels = [
 55              # don't require docker/podman
 56              "native:host"
 57            ];
 58            tokenFile = "/var/lib/gitea/runner_token";
 59          };
 60        };
 61      };
 62      client1 = { config, pkgs, ... }: {
 63        environment.systemPackages = [ pkgs.git ];
 64      };
 65      client2 = { config, pkgs, ... }: {
 66        environment.systemPackages = [ pkgs.git ];
 67      };
 68    };
 69
 70    testScript = { nodes, ... }: let
 71      inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey;
 72      serverSystem = nodes.server.system.build.toplevel;
 73    in ''
 74      GIT_SSH_COMMAND = "ssh -i $HOME/.ssh/privk -o StrictHostKeyChecking=no"
 75      REPO = "gitea@server:test/repo"
 76      PRIVK = "${snakeOilPrivateKey}"
 77
 78      start_all()
 79
 80      client1.succeed("mkdir /tmp/repo")
 81      client1.succeed("mkdir -p $HOME/.ssh")
 82      client1.succeed(f"cat {PRIVK} > $HOME/.ssh/privk")
 83      client1.succeed("chmod 0400 $HOME/.ssh/privk")
 84      client1.succeed("git -C /tmp/repo init")
 85      client1.succeed("echo hello world > /tmp/repo/testfile")
 86      client1.succeed("git -C /tmp/repo add .")
 87      client1.succeed("git config --global user.email test@localhost")
 88      client1.succeed("git config --global user.name test")
 89      client1.succeed("git -C /tmp/repo commit -m 'Initial import'")
 90      client1.succeed(f"git -C /tmp/repo remote add origin {REPO}")
 91
 92      server.wait_for_unit("gitea.service")
 93      server.wait_for_open_port(3000)
 94      server.wait_for_open_port(22)
 95      server.succeed("curl --fail http://localhost:3000/")
 96
 97      server.succeed(
 98          "su -l gitea -c 'gpg --homedir /var/lib/gitea/data/home/.gnupg "
 99          + "--import ${toString (pkgs.writeText "gitea.key" signingPrivateKey)}'"
100      )
101
102      assert "BEGIN PGP PUBLIC KEY BLOCK" in server.succeed("curl http://localhost:3000/api/v1/signing-key.gpg")
103
104      server.succeed(
105          "curl --fail http://localhost:3000/user/sign_up | grep 'Registration is disabled. "
106          + "Please contact your site administrator.'"
107      )
108      server.succeed(
109          "su -l gitea -c 'GITEA_WORK_DIR=/var/lib/gitea gitea admin user create "
110          + "--username test --password totallysafe --email test@localhost'"
111      )
112
113      api_token = server.succeed(
114          "curl --fail -X POST http://test:totallysafe@localhost:3000/api/v1/users/test/tokens "
115          + "-H 'Accept: application/json' -H 'Content-Type: application/json' -d "
116          + "'{\"name\":\"token\",\"scopes\":[\"all\"]}' | jq '.sha1' | xargs echo -n"
117      )
118
119      server.succeed(
120          "curl --fail -X POST http://localhost:3000/api/v1/user/repos "
121          + "-H 'Accept: application/json' -H 'Content-Type: application/json' "
122          + f"-H 'Authorization: token {api_token}'"
123          + ' -d \'{"auto_init":false, "description":"string", "license":"mit", "name":"repo", "private":false}\'''
124      )
125
126      server.succeed(
127          "curl --fail -X POST http://localhost:3000/api/v1/user/keys "
128          + "-H 'Accept: application/json' -H 'Content-Type: application/json' "
129          + f"-H 'Authorization: token {api_token}'"
130          + ' -d \'{"key":"${snakeOilPublicKey}","read_only":true,"title":"SSH"}\'''
131      )
132
133      client1.succeed(
134          f"GIT_SSH_COMMAND='{GIT_SSH_COMMAND}' git -C /tmp/repo push origin master"
135      )
136
137      client2.succeed("mkdir -p $HOME/.ssh")
138      client2.succeed(f"cat {PRIVK} > $HOME/.ssh/privk")
139      client2.succeed("chmod 0400 $HOME/.ssh/privk")
140      client2.succeed(f"GIT_SSH_COMMAND='{GIT_SSH_COMMAND}' git clone {REPO}")
141      client2.succeed('test "$(cat repo/testfile | xargs echo -n)" = "hello world"')
142
143      server.wait_until_succeeds(
144          'test "$(curl http://localhost:3000/api/v1/repos/test/repo/commits '
145          + '-H "Accept: application/json" | jq length)" = "1"'
146      )
147
148      with subtest("Testing metrics endpoint"):
149          server.succeed('curl '
150                         + '-H "Authorization: Bearer fakesecret" '
151                         + 'http://localhost:3000/metrics '
152                         + '| grep gitea_accesses')
153
154      with subtest("Testing runner registration"):
155          server.succeed(
156              "su -l gitea -c 'GITEA_WORK_DIR=/var/lib/gitea gitea actions generate-runner-token' | sed 's/^/TOKEN=/' | tee /var/lib/gitea/runner_token"
157          )
158          server.succeed("${serverSystem}/specialisation/runner/bin/switch-to-configuration test")
159          server.wait_for_unit("gitea-runner-test.service")
160          server.succeed("journalctl -o cat -u gitea-runner-test.service | grep -q 'Runner registered successfully'")
161    '';
162  });
163in
164
165listToAttrs (map makeGiteaTest supportedDbTypes)