From 3201e531b91d2c9fb4bf23e60a77adbd84ece1f5 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Wed, 30 Jun 2021 15:04:31 -0400
Subject: [PATCH] Stop using Docker and start using the fully-configured
 testing grid

---
 .gitlab-ci.yml              | 34 +---------------------------------
 ci-tools/vulnerability-scan |  2 +-
 2 files changed, 2 insertions(+), 34 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2f8911aa..a6607041 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -21,67 +21,35 @@ unit-tests:
     - "nix-shell --run 'nix-build nixos/unit-tests.nix' && cat result"
 
 .morph-build: &MORPH_BUILD
-  tags:
-    # Run this job in a Docker container so that it won't have the system
-    # /nix/store so that it has to build everything.  This is necessary so
-    # that the logic below that chooses what to send to cachix catches all our
-    # stuff.  Anything that exists in /nix/store at the beginning of the job
-    # won't be cached.  Also there are issues with any concurrent builds
-    # sharing /nix/store.
-    #
-    # This is far from ideal but maybe it's a tolerable hack for now.
-    - "nixos"
-    - "docker"
-
-  image: "nixos/nix:latest"
-
   stage: "test"
-  variables: &MORPH_BUILD_VARIABLES
-    # CACHIX_AUTH_TOKEN, which lets us push to cachix, is supplied by GitLab
-    # thanks to project-level configuration.
-    CACHIX_NAME: "privatestorage-opensource"
-
-  before_script:
-    - |
-      nix-env -iA nixpkgs.cachix nixpkgs.bash
-      cachix use privatestorage-opensource
-      nix path-info --all > /tmp/store-path-pre-build
 
   script:
     - |
       # GRID is set in one of the "instantiations" of this job template.
-      nix-shell --command "morph build morph/grid/${GRID}/grid.nix"
-
-  after_script:
-    - |
-      bash -c "comm -13 <(sort /tmp/store-path-pre-build | grep -v '\.drv$') <(nix path-info --all | grep -v '\.drv$' | sort) | cachix push $CACHIX_NAME"
+      "nix-shell --command "morph build morph/grid/${GRID}/grid.nix"
 
 
 morph-build-localdev:
   <<: *MORPH_BUILD
   variables:
-    <<: *MORPH_BUILD_VARIABLES
     GRID: "local"
 
 
 morph-build-testing:
   <<: *MORPH_BUILD
   variables:
-    <<: *MORPH_BUILD_VARIABLES
     GRID: "testing"
 
 
 morph-build-production:
   <<: *MORPH_BUILD
   variables:
-    <<: *MORPH_BUILD_VARIABLES
     GRID: "production"
 
 
 vulnerability-scan:
   stage: "test"
   script:
-    - "sed -i 's/undefined/\"unundefined\"/' morph/grid/local/public-keys/users.nix"
     - "ci-tools/vulnerability-scan security-report.json"
     - "ci-tools/count-vulnerabilities <security-report.json"
   artifacts:
diff --git a/ci-tools/vulnerability-scan b/ci-tools/vulnerability-scan
index 3162e495..48bf51e0 100755
--- a/ci-tools/vulnerability-scan
+++ b/ci-tools/vulnerability-scan
@@ -21,7 +21,7 @@ OUTPUT=$1
 [ -e scan-target ] && rm -v scan-target
 nix-shell --run '
 set -x
-if morph_result=$(morph build morph/grid/local/grid.nix 2>&1); then
+if morph_result=$(morph build morph/grid/testing/grid.nix 2>&1); then
   object=$(echo "$morph_result" | tail -n 1)
   ln -s "$object" scan-target
 else
-- 
GitLab