# Copyright 2019 PrivateStorage.io, LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
version: 2.1
aliases:
- &PREPARE_VIRTUALENV
run:
name: "Prepare virtualenv"
command: |
virtualenv venv
. venv/bin/activate
pip install --upgrade certifi pip
pip install ${PIP_REQUIREMENTS}
jobs:
documentation:
docker:
- image: "circleci/python:3.7"
environment:
PIP_REQUIREMENTS: "-r docs/requirements.txt"
steps:
- "checkout"
- <<: *PREPARE_VIRTUALENV
- run:
name: "Sphinx Documentation Build"
command: |
. venv/bin/activate
sphinx-build docs/source docs/build
- store_artifacts:
path: "docs/build"
destination: "docs"
macos-tests:
parameters:
py-version:
type: "string"
xcode-version:
type: "string"
macos:
xcode: << parameters.xcode-version >>
steps:
- "checkout"
- restore_cache:
keys:
# when setup.cfg changes, use increasingly general patterns to
# restore cache
- pip-packages-v1-{{ .Branch }}-{{ checksum "setup.cfg" }}
- pip-packages-v1-{{ .Branch }}-
- pip-packages-v1-
- run:
name: "Get Pip"
command: |
# The CircleCI macOS environment has curl and Python but does not
# have pip. So, for starters, use curl and Python to get pip.
if [ "<< parameters.py-version >>" == "2.7" ]; then
curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py
else
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
fi
python<< parameters.py-version >> get-pip.py
- run:
name: "Create Virtualenv"
command: |
# The CircleCI macOS Python environment has some Python libraries
# in it which conflict with ZKAPAuthorizer's requirements. So
# install virtualenv and use it to create an environment for
# ZKAPAuthorizer so it can have all its own versions of its
# dependencies.
python<< parameters.py-version >> -m pip install virtualenv
# Make sure virtualenv creates a Python 2 environment!
virtualenv --python=python<< parameters.py-version >> venv
# Get the newest pip we can because who knows what came along with
# that virtualenv.
venv/bin/pip install --find-links file://${PWD}/wheelhouse --upgrade pip
- run:
name: "Populate Wheelhouse"
command: |
# Get wheels for all the Python packages we depend on - either
# directly via the ZKAPAuthorizer distutils configuration *or*
# because some other tool depends on it. For example, pip has a
# bunch of dependencies it is nice to have around, and using the
# wheels depends on the wheel package.
venv/bin/pip wheel --wheel-dir wheelhouse pip wheel .[test]
- save_cache:
paths:
- "wheelhouse"
key: pip-packages-v1-{{ .Branch }}-{{ checksum "setup.cfg" }}
- run:
name: "Install"
command: |
# Now we can install ZKAPAuthorizer and its dependencies and test
# dependencies into the environment.
venv/bin/pip install --no-index --find-links file://${PWD}/wheelhouse .[test]
- run:
name: "Test"
command: |
# The test suite might leak file descriptors. macOS defaults to a
# limit of 256. This should be fixed, but not now ...
ulimit -Sn 1024
# And finally we can run the tests. We'll run them with 4 jobs
# because the resource class documented at
# https://support.circleci.com/hc/en-us/articles/360009144794-macOS-resources
# says "Medium: 4 vCPUs, 8GB RAM".
venv/bin/python -m twisted.trial --jobs 4 --rterrors _zkapauthorizer
environment:
ZKAPAUTHORIZER_HYPOTHESIS_PROFILE: "ci"
linux-tests: &LINUX_TESTS
docker:
# Run in a highly Nix-capable environment.
- image: "nixos/nix:latest"
environment:
# CACHIX_AUTH_TOKEN is manually set in the CircleCI web UI and allows us to push to CACHIX_NAME.
CACHIX_NAME: "privatestorage-opensource"
# Specify a revision of PrivateStorageio/nixpkgs to run against. This
# essentially pins the majority of the software involved in the build.
# This revision is selected arbitrarily (it's just new enough to define
# all of the PrivateStorage stuff that ZKAPAuthorizer depends on). It's
# somewhat current as of the time of this comment. We can bump it to a
# newer version when that makes sense. Meanwhile, the platform won't
# shift around beneath us unexpectedly.
NIX_PATH: "nixpkgs=https://github.com/PrivateStorageio/nixpkgs/archive/730129887a84a8f84f3b78ffac7add72aeb551b6.tar.gz"
steps:
- run:
name: "Set up Cachix"
command: |
nix-env -iA nixpkgs.cachix nixpkgs.bash
cachix use "${CACHIX_NAME}"
nix path-info --all > /tmp/store-path-pre-build
- "checkout"
- run:
name: "Run Test Suite"
command: |
# Building the package has, as a side effect, running the test
# suite. If the test suite fails, so does the build.
#
# Pass in a couple args here to control how the test suite is run
# - configure Hypothesis so it can behave appropriately in a CI
# environment (where resources are scarce, competetion with other
# tenants is high, etc) and collect coverage information.
#
# Further, we want the "doc" output built as well because that's
# where the coverage data ends up.
nix-build \
--argstr hypothesisProfile ci \
--arg collectCoverage true \
--attr doc
- run:
name: Early return if this build is from a forked PR
command: |
if [ -n "$CIRCLE_PR_NUMBER" ]; then
echo "Nothing to do for forked PRs, so marking this step successful"
circleci step halt
fi
- run:
name: "Push to Cachix"
when: "always"
command: |
# https://docs.cachix.org/continuous-integration-setup/circleci.html
bash -c "comm -13 <(sort /tmp/store-path-pre-build | grep -v '\.drv$') <(nix path-info --all | grep -v '\.drv$' | sort) | cachix push $CACHIX_NAME"
- run:
name: "Report Coverage"
command: |
./.circleci/report-coverage.sh
workflows:
version: 2
everything:
jobs:
- "documentation"
- "linux-tests"
- "macos-tests":
matrix:
parameters:
py-version:
- "2.7"
xcode-version:
# https://circleci.com/docs/2.0/testing-ios/#supported-xcode-versions
- "12.3.0"
- "11.7.0"