Newer
Older
# Copyright 2019 PrivateStorage.io, LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
aliases:
- &PREPARE_VIRTUALENV
run:
name: "Prepare virtualenv"
command: |
virtualenv venv
. venv/bin/activate
pip install --upgrade certifi pip
pip install ${PIP_REQUIREMENTS}
documentation:
docker:
- image: "circleci/python:3.7"
environment:
PIP_REQUIREMENTS: "-r docs/requirements.txt"
steps:
- "checkout"
- <<: *PREPARE_VIRTUALENV
- run:
name: "Sphinx Documentation Build"
command: |
sphinx-build docs/source docs/build
- store_artifacts:
path: "docs/build"
destination: "docs"
parameters:
py-version:
type: "string"
xcode-version:
type: "string"
xcode: << parameters.xcode-version >>
steps:
- "checkout"
- restore_cache:
keys:
# when setup.cfg changes, use increasingly general patterns to
# restore cache
- pip-packages-v1-{{ .Branch }}-{{ checksum "setup.cfg" }}
- pip-packages-v1-{{ .Branch }}-
- pip-packages-v1-
- run:
name: "Get Pip"
command: |
# The CircleCI macOS environment has curl and Python but does not
# have pip. So, for starters, use curl and Python to get pip.
if [ "<< parameters.py-version >>" == "2.7" ]; then
curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py
else
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
fi
python<< parameters.py-version >> get-pip.py
- run:
name: "Create Virtualenv"
command: |
# The CircleCI macOS Python environment has some Python libraries
# in it which conflict with ZKAPAuthorizer's requirements. So
# install virtualenv and use it to create an environment for
# ZKAPAuthorizer so it can have all its own versions of its
# dependencies.
python<< parameters.py-version >> -m pip install virtualenv
# Make sure virtualenv creates a Python 2 environment!
virtualenv --python=python<< parameters.py-version >> venv
# Get the newest pip we can because who knows what came along with
# that virtualenv.
venv/bin/pip install --find-links file://${PWD}/wheelhouse --upgrade pip
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
- run:
name: "Populate Wheelhouse"
command: |
# Get wheels for all the Python packages we depend on - either
# directly via the ZKAPAuthorizer distutils configuration *or*
# because some other tool depends on it. For example, pip has a
# bunch of dependencies it is nice to have around, and using the
# wheels depends on the wheel package.
venv/bin/pip wheel --wheel-dir wheelhouse pip wheel .[test]
- save_cache:
paths:
- "wheelhouse"
key: pip-packages-v1-{{ .Branch }}-{{ checksum "setup.cfg" }}
- run:
name: "Install"
command: |
# Now we can install ZKAPAuthorizer and its dependencies and test
# dependencies into the environment.
venv/bin/pip install --no-index --find-links file://${PWD}/wheelhouse .[test]
- run:
name: "Test"
command: |
# The test suite might leak file descriptors. macOS defaults to a
# limit of 256. This should be fixed, but not now ...
ulimit -Sn 1024
# And finally we can run the tests. We'll run them with 4 jobs
# because the resource class documented at
# https://support.circleci.com/hc/en-us/articles/360009144794-macOS-resources
# says "Medium: 4 vCPUs, 8GB RAM".
venv/bin/python -m twisted.trial --jobs 4 --rterrors _zkapauthorizer
environment:
ZKAPAUTHORIZER_HYPOTHESIS_PROFILE: "ci"
parameters:
tahoe-lafs-source:
# The name of a niv source in nix/sources.json which corresponds to
# a Tahoe-LAFS version. This is the version that will be declared as a
# dependency of the Nix package of ZKAPAuthorizer (and therefore used
# in the test run and pulled in should you install this package).
type: "string"
# Run in a highly Nix-capable environment. We used to use `latest` but
# one day someone pushed a bad revision to it and our CI broke. So now
# we just pin some recent version. Who would have thought a floating
# dependency would cause build instability?
- image: "nixos/nix:2.3.16"
# Tahoe-LAFS requires more memory than we get from the default resource
# class and sometimes we have to build it.
resource_class: "large"
environment:
# CACHIX_AUTH_TOKEN is manually set in the CircleCI web UI and allows us to push to CACHIX_NAME.
CACHIX_NAME: "privatestorage-opensource"
# Pin a NixOS 21.11 revision. Most of the software involved in the
# build process is pinned by nix/sources.json with niv but a few things
# need to work before we get that far. This pin is for those things.
# This pin has no particular bearing on what version of our dependencies
# we are testing against, what version of Python we support, etc. It is
# part of CI infrastructure.
Jean-Paul Calderone
committed
NIXPKGS: "https://github.com/NixOS/nixpkgs/archive/28abc4e43a24d28729509e2d83f5c4f3b3418189.tar.gz"
nix-env -f $NIXPKGS -iA cachix bash
nix path-info --all > /tmp/store-path-pre-build
name: "Run Test Suite"
command: |
# Building the package has, as a side effect, running the test
# suite. If the test suite fails, so does the build.
#
# Pass in a couple args here to control how the test suite is run
# - configure Hypothesis so it can behave appropriately in a CI
# environment (where resources are scarce, competetion with other
# tenants is high, etc) and collect coverage information.
#
# Further, we want the "doc" output built as well because that's
# where the coverage data ends up.
--argstr hypothesisProfile ci \
--arg collectCoverage true \
--argstr tahoe-lafs-source << parameters.tahoe-lafs-source >>
- run:
name: "Push to Cachix"
when: "always"
command: |
# Cribbed from
# https://circleci.com/blog/managing-secrets-when-you-have-pull-requests-from-outside-contributors/
if [ -n "$CIRCLE_PR_NUMBER" ]; then
# I'm sure you're thinking "CIRCLE_PR_NUMBER must just be the
# number of the PR being built". Sorry, dear reader, you have
# guessed poorly. It is also conditionally set based on whether
# this is a PR from a fork or not.
#
# https://circleci.com/docs/2.0/env-vars/#built-in-environment-variables
echo "Skipping Cachix push for forked PR."
else
# https://docs.cachix.org/continuous-integration-setup/circleci.html
bash -c "comm -13 <(sort /tmp/store-path-pre-build | grep -v '\.drv$') <(nix path-info --all | grep -v '\.drv$' | sort) | cachix push $CACHIX_NAME"
fi
name: "Report Coverage"
command: |
./.circleci/report-coverage.sh
workflows:
version: 2
everything:
jobs:
- "linux-tests":
matrix:
parameters:
tahoe-lafs-source:
- "macos-tests":
matrix:
parameters:
py-version:
- "2.7"
xcode-version:
# https://circleci.com/docs/2.0/testing-ios/#supported-xcode-versions
- "12.3.0"
- "11.7.0"