Stop using Docker and start using the fully-configured testing grid

3201e531 · Jean-Paul Calderone · dee264ae · 3201e531 · 3201e531
Commit 3201e531 authored 3 years ago by Jean-Paul Calderone
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -21,67 +21,35 @@ unit-tests:
    - "nix-shell --run 'nix-build nixos/unit-tests.nix' && cat result"

 .morph-build: &MORPH_BUILD
-  tags:
-    # Run this job in a Docker container so that it won't have the system
-    # /nix/store so that it has to build everything.  This is necessary so
-    # that the logic below that chooses what to send to cachix catches all our
-    # stuff.  Anything that exists in /nix/store at the beginning of the job
-    # won't be cached.  Also there are issues with any concurrent builds
-    # sharing /nix/store.
-    #
-    # This is far from ideal but maybe it's a tolerable hack for now.
-    - "nixos"
-    - "docker"
-
-  image: "nixos/nix:latest"
-
  stage: "test"
-  variables: &MORPH_BUILD_VARIABLES
-    # CACHIX_AUTH_TOKEN, which lets us push to cachix, is supplied by GitLab
-    # thanks to project-level configuration.
-    CACHIX_NAME: "privatestorage-opensource"
-
-  before_script:
-    - |
-      nix-env -iA nixpkgs.cachix nixpkgs.bash
-      cachix use privatestorage-opensource
-      nix path-info --all > /tmp/store-path-pre-build

  script:
    - |
      # GRID is set in one of the "instantiations" of this job template.
-      nix-shell --command "morph build morph/grid/${GRID}/grid.nix"
-
-  after_script:
-    - |
-      bash -c "comm -13 <(sort /tmp/store-path-pre-build | grep -v '\.drv$') <(nix path-info --all | grep -v '\.drv$' | sort) | cachix push $CACHIX_NAME"
+      "nix-shell --command "morph build morph/grid/${GRID}/grid.nix"


 morph-build-localdev:
  <<: *MORPH_BUILD
  variables:
-    <<: *MORPH_BUILD_VARIABLES
    GRID: "local"


 morph-build-testing:
  <<: *MORPH_BUILD
  variables:
-    <<: *MORPH_BUILD_VARIABLES
    GRID: "testing"


 morph-build-production:
  <<: *MORPH_BUILD
  variables:
-    <<: *MORPH_BUILD_VARIABLES
    GRID: "production"


 vulnerability-scan:
  stage: "test"
  script:
-    - "sed -i 's/undefined/\"unundefined\"/' morph/grid/local/public-keys/users.nix"
    - "ci-tools/vulnerability-scan security-report.json"
    - "ci-tools/count-vulnerabilities <security-report.json"
  artifacts:

--- a/ci-tools/vulnerability-scan
+++ b/ci-tools/vulnerability-scan
@@ -21,7 +21,7 @@ OUTPUT=$1
 [ -e scan-target ] && rm -v scan-target
 nix-shell --run '
 set -x
-if morph_result=$(morph build morph/grid/local/grid.nix 2>&1); then
+if morph_result=$(morph build morph/grid/testing/grid.nix 2>&1); then
  object=$(echo "$morph_result" | tail -n 1)
  ln -s "$object" scan-target
 else