pyrox.dev
1# verifies:
2# 1. jenkins service starts on master node
3# 2. jenkins user can be extended on both master and slave
4# 3. jenkins service not started on slave node
5# 4. declarative jobs can be added and removed
6
7{ config, lib, ... }:
8{
9 name = "jenkins";
10 meta = with lib.maintainers; {
11 maintainers = [
12 bjornfor
13 ];
14 };
15
16 nodes = {
17
18 master =
19 { ... }:
20 {
21 services.jenkins = {
22 enable = true;
23 jobBuilder = {
24 enable = true;
25 nixJobs = [
26 {
27 job = {
28 name = "job-1";
29 builders = [
30 {
31 shell = ''
32 echo "Running job-1"
33 '';
34 }
35 ];
36 };
37 }
38
39 {
40 job = {
41 name = "folder-1";
42 project-type = "folder";
43 };
44 }
45
46 {
47 job = {
48 name = "folder-1/job-2";
49 builders = [
50 {
51 shell = ''
52 echo "Running job-2"
53 '';
54 }
55 ];
56 };
57 }
58 ];
59 };
60 };
61
62 specialisation.noJenkinsJobs.configuration = {
63 services.jenkins.jobBuilder.nixJobs = lib.mkForce [ ];
64 };
65
66 # should have no effect
67 services.jenkinsSlave.enable = true;
68
69 users.users.jenkins.extraGroups = [ "users" ];
70
71 systemd.services.jenkins.serviceConfig.TimeoutStartSec = "6min";
72
73 # Increase disk space to prevent this issue:
74 #
75 # WARNING h.n.DiskSpaceMonitorDescriptor#markNodeOfflineOrOnline: Making Built-In Node offline temporarily due to the lack of disk space
76 virtualisation.diskSize = 2 * 1024;
77 };
78
79 slave =
80 { ... }:
81 {
82 services.jenkinsSlave.enable = true;
83
84 users.users.jenkins.extraGroups = [ "users" ];
85 };
86
87 };
88
89 testScript =
90 { nodes, ... }:
91 let
92 pkgs = config.node.pkgs;
93 configWithoutJobs = "${nodes.master.system.build.toplevel}/specialisation/noJenkinsJobs";
94 jenkinsPort = nodes.master.services.jenkins.port;
95 jenkinsUrl = "http://localhost:${toString jenkinsPort}";
96 in
97 ''
98 start_all()
99
100 master.wait_for_unit("default.target")
101
102 assert "Authentication required" in master.succeed("curl http://localhost:8080")
103
104 for host in master, slave:
105 groups = host.succeed("sudo -u jenkins groups")
106 assert "jenkins" in groups
107 assert "users" in groups
108
109 slave.fail("systemctl is-enabled jenkins.service")
110
111 slave.succeed("java -fullversion")
112
113 with subtest("jobs are declarative"):
114 # Check that jobs are created on disk.
115 master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/job-1/config.xml")
116 master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/config.xml")
117 master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")
118
119 # Verify that jenkins also sees the jobs.
120 out = master.succeed("${pkgs.jenkins}/bin/jenkins-cli -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")
121 jobs = [x.strip() for x in out.splitlines()]
122 # Seeing jobs inside folders requires the Folders plugin
123 # (https://plugins.jenkins.io/cloudbees-folder/), which we don't have
124 # in this vanilla jenkins install, so limit ourself to non-folder jobs.
125 assert jobs == ['job-1'], f"jobs != ['job-1']: {jobs}"
126
127 master.succeed(
128 "${configWithoutJobs}/bin/switch-to-configuration test >&2"
129 )
130
131 # Check that jobs are removed from disk.
132 master.wait_until_fails("test -f /var/lib/jenkins/jobs/job-1/config.xml")
133 master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/config.xml")
134 master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")
135
136 # Verify that jenkins also sees the jobs as removed.
137 out = master.succeed("${pkgs.jenkins}/bin/jenkins-cli -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")
138 jobs = [x.strip() for x in out.splitlines()]
139 assert jobs == [], f"jobs != []: {jobs}"
140 '';
141}