Skip to content
Snippets Groups Projects
Commit e65cd7c8 authored by Jean-Paul Calderone's avatar Jean-Paul Calderone
Browse files

Merge remote-tracking branch 'origin/master' into 206.morepassesrequired-logging

parents 4241cfe4 1d8d1c6f
Branches
No related tags found
1 merge request!207Add a `__str__` to MorePassesRequired
...@@ -137,9 +137,12 @@ jobs: ...@@ -137,9 +137,12 @@ jobs:
linux-tests: &LINUX_TESTS linux-tests: &LINUX_TESTS
docker: docker:
# Run in a highly Nix-capable environment. # Run in a highly Nix-capable environment.
- image: "nixorg/nix:circleci" - image: "nixos/nix:latest"
environment: environment:
# CACHIX_AUTH_TOKEN is manually set in the CircleCI web UI and allows us to push to CACHIX_NAME.
CACHIX_NAME: "privatestorage-opensource"
# Specify a revision of PrivateStorageio/nixpkgs to run against. This # Specify a revision of PrivateStorageio/nixpkgs to run against. This
# essentially pins the majority of the software involved in the build. # essentially pins the majority of the software involved in the build.
# This revision is selected arbitrarily (it's just new enough to define # This revision is selected arbitrarily (it's just new enough to define
...@@ -147,75 +150,18 @@ jobs: ...@@ -147,75 +150,18 @@ jobs:
# somewhat current as of the time of this comment. We can bump it to a # somewhat current as of the time of this comment. We can bump it to a
# newer version when that makes sense. Meanwhile, the platform won't # newer version when that makes sense. Meanwhile, the platform won't
# shift around beneath us unexpectedly. # shift around beneath us unexpectedly.
NIXPKGS_REV: "730129887a84a8f84f3b78ffac7add72aeb551b6" NIX_PATH: "nixpkgs=https://github.com/PrivateStorageio/nixpkgs/archive/730129887a84a8f84f3b78ffac7add72aeb551b6.tar.gz"
steps: steps:
- run: - run:
# Get NIX_PATH set for the rest of the job so that the revision of name: "Set up Cachix"
# nixpkgs we selected will be used everywhere Nix pulls in software.
# There is no way to set an environment variable containing the
# value of another environment variable on CircleCI except to use
# the `BASE_ENV` feature as we do here.
name: "Setup NIX_PATH Environment Variable"
command: | command: |
echo "export NIX_PATH=nixpkgs=https://github.com/PrivateStorageio/nixpkgs/archive/$NIXPKGS_REV.tar.gz" >> $BASH_ENV nix-env -iA nixpkgs.cachix nixpkgs.bash
cachix use "${CACHIX_NAME}"
nix path-info --all > /tmp/store-path-pre-build
- "checkout" - "checkout"
- "run":
# CircleCI won't let us interpolate NIXPKGS_REV into a cache key.
# Only CircleCI's own environment variables or variables set via the
# web interface in a "context" can be interpolated into cache keys.
# However, we can interpolate the checksum of a file... Since we
# don't care about the exact revision, we just care that a new
# revision gives us a new string, we can write the revision to a
# file and then put the checksum of that file into the cache key.
# This way, we don't have to maintain the nixpkgs revision in two
# places and risk having them desynchronize.
name: "Prepare For Cache Key"
command: |
echo "${NIXPKGS_REV}" > nixpkgs.rev
- restore_cache:
# Get all of Nix's state relating to the particular revision of
# nixpkgs we're using. It will always be the same. CircleCI
# artifacts and nixpkgs store objects are probably mostly hosted in
# the same place (S3) so there's not a lot of difference for
# anything that's pre-built. For anything we end up building
# ourselves, though, this saves us all of the build time (less the
# download time).
#
# Read about caching dependencies: https://circleci.com/docs/2.0/caching/
name: "Restore Nix Store Paths"
keys:
# Construct cache keys that allow sharing as long as nixpkgs
# revision is unchanged.
#
# If nixpkgs changes then potentially a lot of cached packages for
# the base system will be invalidated so we may as well drop them
# and make a new cache with the new packages.
- zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}-ourdeps
- zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}-
- zkapauthorizer-nix-store-v4-
- run:
name: "Build challenge-bypass-ristretto"
command: |
# Pre-build this because doing so is somewhat memory intensive and
# we want to turn off concurrency for this part. We want to be
# able to leave concurrency on for the rest of the build, though,
# where it doesn't cause problems and speeds things up.
nix-build --cores 1 --max-jobs 1 \
--arg callPackage '(import <nixpkgs> { }).callPackage' \
./python-challenge-bypass-ristretto.nix
- save_cache:
name: "Cache Nix Store Paths"
when: "always"
key: zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}
paths:
- "/nix"
- run: - run:
name: "Run Test Suite" name: "Run Test Suite"
command: | command: |
...@@ -234,28 +180,30 @@ jobs: ...@@ -234,28 +180,30 @@ jobs:
--arg collectCoverage true \ --arg collectCoverage true \
--attr doc --attr doc
- save_cache: - run:
name: "Cache Nix Store Paths" name: "Push to Cachix"
when: "always" when: "always"
key: zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}-ourdeps command: |
paths: # Cribbed from
- "/nix" # https://circleci.com/blog/managing-secrets-when-you-have-pull-requests-from-outside-contributors/
if [ -n "$CIRCLE_PR_NUMBER" ]; then
# I'm sure you're thinking "CIRCLE_PR_NUMBER must just be the
# number of the PR being built". Sorry, dear reader, you have
# guessed poorly. It is also conditionally set based on whether
# this is a PR from a fork or not.
#
# https://circleci.com/docs/2.0/env-vars/#built-in-environment-variables
echo "Skipping Cachix push for forked PR."
else
# https://docs.cachix.org/continuous-integration-setup/circleci.html
bash -c "comm -13 <(sort /tmp/store-path-pre-build | grep -v '\.drv$') <(nix path-info --all | grep -v '\.drv$' | sort) | cachix push $CACHIX_NAME"
fi
- run: - run:
name: "Report Coverage" name: "Report Coverage"
command: | command: |
./.circleci/report-coverage.sh ./.circleci/report-coverage.sh
# A variation of linux-tests that is only run once a week and is given
# enough resources that it can build not only ZKAPAuthorizer but all its
# dependencies within the limited time period imposed by CircleCI.
linux-tests-big:
# Everything is the same as the linux-tests job ...
<<: *LINUX_TESTS
# ... except more resources from the platform.
resource_class: "xlarge"
workflows: workflows:
version: 2 version: 2
everything: everything:
...@@ -272,19 +220,3 @@ workflows: ...@@ -272,19 +220,3 @@ workflows:
# https://circleci.com/docs/2.0/testing-ios/#supported-xcode-versions # https://circleci.com/docs/2.0/testing-ios/#supported-xcode-versions
- "12.3.0" - "12.3.0"
- "11.7.0" - "11.7.0"
refresh-cache:
jobs:
- "linux-tests-big"
triggers:
- schedule:
# Run the job once a week. CircleCI caches expired after 15 days so
# this should always keep the latest version of our cache fresh and
# prevent us from actually having to rebuild it very often.
#
# https://circleci.com/docs/2.0/workflows/#specifying-a-valid-schedule
cron: "40 6 * * 4"
filters:
branches:
only:
- "master"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment