Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Z
ZKAPAuthorizer
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
This is an archived project. Repository and other project resources are read-only.
Show more breadcrumbs
Administrator
ZKAPAuthorizer
Commits
e65cd7c8
Commit
e65cd7c8
authored
4 years ago
by
Jean-Paul Calderone
Browse files
Options
Downloads
Plain Diff
Merge remote-tracking branch 'origin/master' into 206.morepassesrequired-logging
parents
4241cfe4
1d8d1c6f
Branches
Branches containing commit
No related tags found
1 merge request
!207
Add a `__str__` to MorePassesRequired
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
.circleci/config.yml
+26
-94
26 additions, 94 deletions
.circleci/config.yml
with
26 additions
and
94 deletions
.circleci/config.yml
+
26
−
94
View file @
e65cd7c8
...
@@ -137,9 +137,12 @@ jobs:
...
@@ -137,9 +137,12 @@ jobs:
linux-tests
:
&LINUX_TESTS
linux-tests
:
&LINUX_TESTS
docker
:
docker
:
# Run in a highly Nix-capable environment.
# Run in a highly Nix-capable environment.
-
image
:
"
nixo
rg
/nix:
circleci
"
-
image
:
"
nixo
s
/nix:
latest
"
environment
:
environment
:
# CACHIX_AUTH_TOKEN is manually set in the CircleCI web UI and allows us to push to CACHIX_NAME.
CACHIX_NAME
:
"
privatestorage-opensource"
# Specify a revision of PrivateStorageio/nixpkgs to run against. This
# Specify a revision of PrivateStorageio/nixpkgs to run against. This
# essentially pins the majority of the software involved in the build.
# essentially pins the majority of the software involved in the build.
# This revision is selected arbitrarily (it's just new enough to define
# This revision is selected arbitrarily (it's just new enough to define
...
@@ -147,75 +150,18 @@ jobs:
...
@@ -147,75 +150,18 @@ jobs:
# somewhat current as of the time of this comment. We can bump it to a
# somewhat current as of the time of this comment. We can bump it to a
# newer version when that makes sense. Meanwhile, the platform won't
# newer version when that makes sense. Meanwhile, the platform won't
# shift around beneath us unexpectedly.
# shift around beneath us unexpectedly.
NIX
PKGS_REV
:
"
730129887a84a8f84f3b78ffac7add72aeb551b6"
NIX
_PATH
:
"
nixpkgs=https://github.com/PrivateStorageio/nixpkgs/archive/
730129887a84a8f84f3b78ffac7add72aeb551b6
.tar.gz
"
steps
:
steps
:
-
run
:
-
run
:
# Get NIX_PATH set for the rest of the job so that the revision of
name
:
"
Set
up
Cachix"
# nixpkgs we selected will be used everywhere Nix pulls in software.
# There is no way to set an environment variable containing the
# value of another environment variable on CircleCI except to use
# the `BASE_ENV` feature as we do here.
name
:
"
Setup
NIX_PATH
Environment
Variable"
command
:
|
command
:
|
echo "export NIX_PATH=nixpkgs=https://github.com/PrivateStorageio/nixpkgs/archive/$NIXPKGS_REV.tar.gz" >> $BASH_ENV
nix-env -iA nixpkgs.cachix nixpkgs.bash
cachix use "${CACHIX_NAME}"
nix path-info --all > /tmp/store-path-pre-build
-
"
checkout"
-
"
checkout"
-
"
run"
:
# CircleCI won't let us interpolate NIXPKGS_REV into a cache key.
# Only CircleCI's own environment variables or variables set via the
# web interface in a "context" can be interpolated into cache keys.
# However, we can interpolate the checksum of a file... Since we
# don't care about the exact revision, we just care that a new
# revision gives us a new string, we can write the revision to a
# file and then put the checksum of that file into the cache key.
# This way, we don't have to maintain the nixpkgs revision in two
# places and risk having them desynchronize.
name
:
"
Prepare
For
Cache
Key"
command
:
|
echo "${NIXPKGS_REV}" > nixpkgs.rev
-
restore_cache
:
# Get all of Nix's state relating to the particular revision of
# nixpkgs we're using. It will always be the same. CircleCI
# artifacts and nixpkgs store objects are probably mostly hosted in
# the same place (S3) so there's not a lot of difference for
# anything that's pre-built. For anything we end up building
# ourselves, though, this saves us all of the build time (less the
# download time).
#
# Read about caching dependencies: https://circleci.com/docs/2.0/caching/
name
:
"
Restore
Nix
Store
Paths"
keys
:
# Construct cache keys that allow sharing as long as nixpkgs
# revision is unchanged.
#
# If nixpkgs changes then potentially a lot of cached packages for
# the base system will be invalidated so we may as well drop them
# and make a new cache with the new packages.
-
zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}-ourdeps
-
zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}-
-
zkapauthorizer-nix-store-v4-
-
run
:
name
:
"
Build
challenge-bypass-ristretto"
command
:
|
# Pre-build this because doing so is somewhat memory intensive and
# we want to turn off concurrency for this part. We want to be
# able to leave concurrency on for the rest of the build, though,
# where it doesn't cause problems and speeds things up.
nix-build --cores 1 --max-jobs 1 \
--arg callPackage '(import <nixpkgs> { }).callPackage' \
./python-challenge-bypass-ristretto.nix
-
save_cache
:
name
:
"
Cache
Nix
Store
Paths"
when
:
"
always"
key
:
zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}
paths
:
-
"
/nix"
-
run
:
-
run
:
name
:
"
Run
Test
Suite"
name
:
"
Run
Test
Suite"
command
:
|
command
:
|
...
@@ -234,28 +180,30 @@ jobs:
...
@@ -234,28 +180,30 @@ jobs:
--arg collectCoverage true \
--arg collectCoverage true \
--attr doc
--attr doc
-
save_cache
:
-
run
:
name
:
"
Cache
Nix
Store
Paths
"
name
:
"
Push
to
Cachix
"
when
:
"
always"
when
:
"
always"
key
:
zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}-ourdeps
command
:
|
paths
:
# Cribbed from
-
"
/nix"
# https://circleci.com/blog/managing-secrets-when-you-have-pull-requests-from-outside-contributors/
if [ -n "$CIRCLE_PR_NUMBER" ]; then
# I'm sure you're thinking "CIRCLE_PR_NUMBER must just be the
# number of the PR being built". Sorry, dear reader, you have
# guessed poorly. It is also conditionally set based on whether
# this is a PR from a fork or not.
#
# https://circleci.com/docs/2.0/env-vars/#built-in-environment-variables
echo "Skipping Cachix push for forked PR."
else
# https://docs.cachix.org/continuous-integration-setup/circleci.html
bash -c "comm -13 <(sort /tmp/store-path-pre-build | grep -v '\.drv$') <(nix path-info --all | grep -v '\.drv$' | sort) | cachix push $CACHIX_NAME"
fi
-
run
:
-
run
:
name
:
"
Report
Coverage"
name
:
"
Report
Coverage"
command
:
|
command
:
|
./.circleci/report-coverage.sh
./.circleci/report-coverage.sh
# A variation of linux-tests that is only run once a week and is given
# enough resources that it can build not only ZKAPAuthorizer but all its
# dependencies within the limited time period imposed by CircleCI.
linux-tests-big
:
# Everything is the same as the linux-tests job ...
<<
:
*LINUX_TESTS
# ... except more resources from the platform.
resource_class
:
"
xlarge"
workflows
:
workflows
:
version
:
2
version
:
2
everything
:
everything
:
...
@@ -272,19 +220,3 @@ workflows:
...
@@ -272,19 +220,3 @@ workflows:
# https://circleci.com/docs/2.0/testing-ios/#supported-xcode-versions
# https://circleci.com/docs/2.0/testing-ios/#supported-xcode-versions
-
"
12.3.0"
-
"
12.3.0"
-
"
11.7.0"
-
"
11.7.0"
refresh-cache
:
jobs
:
-
"
linux-tests-big"
triggers
:
-
schedule
:
# Run the job once a week. CircleCI caches expired after 15 days so
# this should always keep the latest version of our cache fresh and
# prevent us from actually having to rebuild it very often.
#
# https://circleci.com/docs/2.0/workflows/#specifying-a-valid-schedule
cron
:
"
40
6
*
*
4"
filters
:
branches
:
only
:
-
"
master"
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment