Skip to content
Snippets Groups Projects
config.yml 8.69 KiB
Newer Older
  • Learn to ignore specific revisions
  • # Copyright 2019 PrivateStorage.io, LLC
    #
    # Licensed under the Apache License, Version 2.0 (the "License");
    # you may not use this file except in compliance with the License.
    # You may obtain a copy of the License at
    #
    #     http://www.apache.org/licenses/LICENSE-2.0
    #
    # Unless required by applicable law or agreed to in writing, software
    # distributed under the License is distributed on an "AS IS" BASIS,
    # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    # See the License for the specific language governing permissions and
    # limitations under the License.
    
    
    version: 2.1
    
    aliases:
      - &PREPARE_VIRTUALENV
        run:
          name: "Prepare virtualenv"
          command: |
            virtualenv venv
            . venv/bin/activate
    
            pip install --upgrade certifi pip
            pip install ${PIP_REQUIREMENTS}
    
      documentation:
        docker:
          - image: "circleci/python:3.7"
    
          PIP_REQUIREMENTS: "-r docs/requirements.txt"
    
          - run:
              name: "Sphinx Documentation Build"
              command: |
    
                . venv/bin/activate
    
                sphinx-build docs/source docs/build
    
          - store_artifacts:
              path: "docs/build"
              destination: "docs"
    
    
        parameters:
          py-version:
            type: "string"
    
          xcode-version:
            type: "string"
    
          xcode: << parameters.xcode-version >>
    
    
        steps:
          - "checkout"
    
          - restore_cache:
              keys:
              # when setup.cfg changes, use increasingly general patterns to
              # restore cache
              - pip-packages-v1-{{ .Branch }}-{{ checksum "setup.cfg" }}
              - pip-packages-v1-{{ .Branch }}-
              - pip-packages-v1-
    
          - run:
              name: "Get Pip"
              command: |
    
                # The CircleCI macOS environment has curl and Python but does not
                # have pip.  So, for starters, use curl and Python to get pip.
                if [ "<< parameters.py-version >>" == "2.7" ]; then
    
    Jean-Paul Calderone's avatar
    Jean-Paul Calderone committed
    
                  curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py
    
                else
                  curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
                fi
                python<< parameters.py-version >> get-pip.py
    
    
          - run:
              name: "Create Virtualenv"
              command: |
    
                # The CircleCI macOS Python environment has some Python libraries
                # in it which conflict with ZKAPAuthorizer's requirements.  So
                # install virtualenv and use it to create an environment for
                # ZKAPAuthorizer so it can have all its own versions of its
                # dependencies.
                python<< parameters.py-version >> -m pip install virtualenv
    
    
                # Make sure virtualenv creates a Python 2 environment!
    
                virtualenv --python=python<< parameters.py-version >> venv
    
    
                # Get the newest pip we can because who knows what came along with
                # that virtualenv.
    
                venv/bin/pip install --find-links file://${PWD}/wheelhouse --upgrade pip
    
    
          - run:
              name: "Populate Wheelhouse"
              command: |
                # Get wheels for all the Python packages we depend on - either
                # directly via the ZKAPAuthorizer distutils configuration *or*
                # because some other tool depends on it.  For example, pip has a
                # bunch of dependencies it is nice to have around, and using the
                # wheels depends on the wheel package.
                venv/bin/pip wheel --wheel-dir wheelhouse pip wheel .[test]
    
          - save_cache:
              paths:
              - "wheelhouse"
              key: pip-packages-v1-{{ .Branch }}-{{ checksum "setup.cfg" }}
    
          - run:
              name: "Install"
              command: |
                # Now we can install ZKAPAuthorizer and its dependencies and test
                # dependencies into the environment.
                venv/bin/pip install --no-index --find-links file://${PWD}/wheelhouse .[test]
    
          - run:
              name: "Test"
              command: |
    
                # The test suite might leak file descriptors.  macOS defaults to a
                # limit of 256.  This should be fixed, but not now ...
                ulimit -Sn 1024
    
                # And finally we can run the tests.  We'll run them with 4 jobs
                # because the resource class documented at
                # https://support.circleci.com/hc/en-us/articles/360009144794-macOS-resources
                # says "Medium: 4 vCPUs, 8GB RAM".
                venv/bin/python -m twisted.trial --jobs 4 --rterrors _zkapauthorizer
    
              environment:
                ZKAPAUTHORIZER_HYPOTHESIS_PROFILE: "ci"
    
      linux-tests: &LINUX_TESTS
    
        parameters:
          tahoe-lafs-source:
            # The name of a niv source in nix/sources.json which corresponds to
            # a Tahoe-LAFS version. This is the version that will be declared as a
            # dependency of the Nix package of ZKAPAuthorizer (and therefore used
            # in the test run and pulled in should you install this package).
            type: "string"
    
    
          # Run in a highly Nix-capable environment.  We used to use `latest` but
          # one day someone pushed a bad revision to it and our CI broke.  So now
          # we just pin some recent version.  Who would have thought a floating
          # dependency would cause build instability?
    
        # Tahoe-LAFS requires more memory than we get from the default resource
        # class and sometimes we have to build it.
        resource_class: "large"
    
    
          # CACHIX_AUTH_TOKEN is manually set in the CircleCI web UI and allows us to push to CACHIX_NAME.
          CACHIX_NAME: "privatestorage-opensource"
    
    
          # Pin a NixOS 21.11 revision.  Most of the software involved in the
          # build process is pinned by nix/sources.json with niv but a few things
          # need to work before we get that far.  This pin is for those things.
          # This pin has no particular bearing on what version of our dependencies
          # we are testing against, what version of Python we support, etc.  It is
          # part of CI infrastructure.
    
          NIXPKGS: "https://github.com/NixOS/nixpkgs/archive/28abc4e43a24d28729509e2d83f5c4f3b3418189.tar.gz"
    
              name: "Set up Cachix"
    
              command: |
    
                nix-env -f $NIXPKGS -iA cachix bash
    
                cachix use "${CACHIX_NAME}"
    
                nix path-info --all > /tmp/store-path-pre-build
    
              name: "Run Test Suite"
              command: |
    
                # Building the package has, as a side effect, running the test
                # suite.  If the test suite fails, so does the build.
                #
                # Pass in a couple args here to control how the test suite is run
                # - configure Hypothesis so it can behave appropriately in a CI
                # environment (where resources are scarce, competetion with other
                # tenants is high, etc) and collect coverage information.
    
                #
                # Further, we want the "doc" output built as well because that's
                # where the coverage data ends up.
    
    Tom Prince's avatar
    Tom Prince committed
                nix-build tests.nix \
    
                  --argstr hypothesisProfile ci \
                  --arg collectCoverage true \
    
    Tom Prince's avatar
    Tom Prince committed
                  --argstr tahoe-lafs-source << parameters.tahoe-lafs-source >>
    
    
          - run:
              name: "Push to Cachix"
              when: "always"
              command: |
    
                # Cribbed from
                # https://circleci.com/blog/managing-secrets-when-you-have-pull-requests-from-outside-contributors/
                if [ -n "$CIRCLE_PR_NUMBER" ]; then
                  # I'm sure you're thinking "CIRCLE_PR_NUMBER must just be the
                  # number of the PR being built".  Sorry, dear reader, you have
                  # guessed poorly.  It is also conditionally set based on whether
                  # this is a PR from a fork or not.
                  #
                  # https://circleci.com/docs/2.0/env-vars/#built-in-environment-variables
                  echo "Skipping Cachix push for forked PR."
                else
                  # https://docs.cachix.org/continuous-integration-setup/circleci.html
                  bash -c "comm -13 <(sort /tmp/store-path-pre-build | grep -v '\.drv$') <(nix path-info --all | grep -v '\.drv$' | sort) | cachix push $CACHIX_NAME"
                fi
    
              name: "Report Coverage"
              command: |
    
                ./.circleci/report-coverage.sh
    
    
    workflows:
      version: 2
      everything:
        jobs:
    
        - "documentation"
    
        - "linux-tests":
            matrix:
              parameters:
                tahoe-lafs-source:
    
                - "tahoe-lafs-1.17.0"
    
        - "macos-tests":
            matrix:
              parameters:
                py-version:
                - "2.7"
    
                xcode-version:
    
                # https://circleci.com/docs/2.0/testing-ios/#supported-xcode-versions