diff options
| -rw-r--r-- | .github/workflows/build.yml | 14 | ||||
| -rw-r--r-- | flake.nix | 28 | ||||
| -rw-r--r-- | nixos/tests/README.md | 14 | ||||
| -rw-r--r-- | nixos/tests/all-tests.nix | 129 | ||||
| -rw-r--r-- | nixos/tests/dsl.nix | 327 | ||||
| -rw-r--r-- | nixos/tests/scope-fun.nix | 32 | 
6 files changed, 544 insertions, 0 deletions
| diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4285978..936d055 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,3 +22,17 @@ jobs:      - uses: DeterminateSystems/magic-nix-cache-action@v7      - name: Build some-pkgs        run: nix run github:Mic92/nix-fast-build -- --skip-cached --no-nom --flake ".#packages" +  nix-flake-check: +    strategy: +      fail-fast: false +      matrix: +        os: [ ubuntu-latest ] +    runs-on: ${{ matrix.os }} +    steps: +    - name: Checkout repository +      uses: actions/checkout@v4 +    - name: Install Nix +      uses: DeterminateSystems/nix-installer-action@v13 +    - uses: DeterminateSystems/magic-nix-cache-action@v7 +    - name: Build the checks +      run: nix run github:Mic92/nix-fast-build -- --skip-cached --no-nom --flake ".#checks.$(nix eval --raw --impure --expr builtins.currentSystem)" @@ -27,6 +27,7 @@              inputsFrom = [ self.packages.${system}.evanix ];              packages = with pkgs; [ +              nixfmt-rfc-style                gdb                ccls                valgrind @@ -34,6 +35,8 @@                flamegraph                nix-eval-jobs                linuxKernel.packages.linux_6_6.perf +              hyperfine +              nix-eval-jobs              ];              shellHook = '' @@ -69,5 +72,30 @@              });          }        ); +      legacyPackages = forAllSystems ( +        { pkgs, ... }: +        { +          nixosTests = pkgs.callPackage ./nixos/tests/all-tests.nix { }; +        } +      ); +      checks = forAllSystems ( +        { system, pkgs, ... }: +        let +          inherit (pkgs.lib) +            filterAttrs +            isDerivation +            mapAttrs' +            nameValuePair +            pipe +            ; +        in +        pipe self.legacyPackages.${system}.nixosTests [ +          (filterAttrs (_: p: isDerivation p)) +          (mapAttrs' (name: nameValuePair "nixosTests-${name}")) +        ] +        // { +          inherit (self.packages.${system}) evanix evanix-py; +        } +      );      };  } diff --git a/nixos/tests/README.md b/nixos/tests/README.md new file mode 100644 index 0000000..e568e57 --- /dev/null +++ b/nixos/tests/README.md @@ -0,0 +1,14 @@ +Synthetic integration tests for "real" nix stores and substituters + +Usage +--- + +```console +$ nix build .#nixosTests.diamond-unbuilt-2 +``` + +Development +--- + +The `.#nixosTests` attrset is defined in [`all-tests.nix`](./all-tests.nix). +In [dsl.nix](./dsl.nix) we define the helper for generating NixOS tests from DAGs. diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix new file mode 100644 index 0000000..b79b198 --- /dev/null +++ b/nixos/tests/all-tests.nix @@ -0,0 +1,129 @@ +{ lib, testers }: + +let +  dsl = ./dsl.nix; +  diamond.dag = { +    nodes.a = { }; +    nodes.b.inputs.a = { }; # b->a +    nodes.c.inputs.a = { }; # c->a +    nodes.d.inputs.b = { }; # d->b +    nodes.d.inputs.c = { }; # d->c +  }; + +  #   A   B   C     D   E +  #   \   |  /      |   | +  #     U  V        W   X +  sunset.dag = { +    nodes = +      let +        goalDependsOn = inputs: { +          goal = true; +          inputs = lib.genAttrs inputs (_: { }); +        }; +      in +      { +        a = goalDependsOn [ "u" "v" ]; +        b = goalDependsOn [ "u" "v" ]; +        c = goalDependsOn [ "u" "v" ]; +        d = goalDependsOn [ "w" ]; +        e = goalDependsOn [ "x" ]; + +        u = { }; +        v = { }; +        w = { }; +        x = { }; +      }; +  }; +in +builtins.mapAttrs +  ( +    name: value: +    testers.runNixOSTest ( +      { +        inherit name; +        imports = value.imports ++ [ dsl ]; +        testScript = +          value.testScriptPre or "" +          + '' +            start_all() +            substituter.wait_for_unit("nix-serve.service") +            builder.succeed("dag-test") +          '' +          + value.testScriptPost or ""; +      } +      // builtins.removeAttrs value [ +        "imports" +        "testScriptPre" +        "testScriptPost" +      ] +    ) +  ) +  { +    diamond-unbuilt-0 = { +      imports = [ +        { +          dag.test.unconstrained.builds = 0; +          dag.test.unconstrained.downloads = 0; +        } +        diamond +      ]; +    }; +    diamond-unbuilt-2 = { +      imports = [ +        { +          dag.nodes.a.cache = "remote"; +          dag.nodes.b.cache = "remote"; +          dag.nodes.d.goal = true; +          dag.test.unconstrained.builds = 2; +          dag.test.unconstrained.downloads = 2; +        } +        diamond +      ]; +    }; +    diamond-unbuilt-4 = { +      imports = [ +        { +          dag.nodes.d.goal = true; +          dag.test.unconstrained.builds = 4; +          dag.test.unconstrained.downloads = 0; +        } +        diamond +      ]; +    }; + +    sunset-unbuilt-9 = { +      imports = [ +        { +          dag = { +            test.unconstrained.builds = 9; + +            constraints.builds = 5; +            test.constrained.builds = 3; + +            nodes = { +              a.test = { +                chosen = true; +                needed = true; +              }; +              b.test = { +                chosen = true; +                needed = true; +              }; +              c.test = { +                chosen = true; +                needed = true; +              }; + +              d.test.needed = true; +              e.test.needed = true; +              u.test.needed = true; +              v.test.needed = true; +              w.test.needed = true; +              x.test.needed = true; +            }; +          }; +        } +        sunset +      ]; +    }; +  } diff --git a/nixos/tests/dsl.nix b/nixos/tests/dsl.nix new file mode 100644 index 0000000..d2a4420 --- /dev/null +++ b/nixos/tests/dsl.nix @@ -0,0 +1,327 @@ +{ lib, config, ... }: + +let +  Dependency = +    { name, ... }: +    { +      options.name = lib.mkOption { +        type = lib.types.str; +        default = name; +      }; +      options.runtime = lib.mkEnableOption "Keep a reference in the output store path to retain a runtime dependency"; +    }; +  Node = ( +    { name, ... }: +    { +      options.name = lib.mkOption { +        type = lib.types.str; +        default = name; +      }; +      options.goal = lib.mkEnableOption ''Mark for building (node is a "goal", "target")''; +      options.test.needed = lib.mkOption { +        type = with lib.types; nullOr bool; +        default = null; +        description = "Verify `nix-build --dry-run` reports node as any of to-be built or to-be fetched"; +      }; +      options.test.chosen = lib.mkOption { +        type = with lib.types; nullOr bool; +        default = null; +        description = "Whether the node is included in the build plan (i.t. it's `needed` and fitted into budget)"; +      }; +      options.cache = lib.mkOption { +        type = lib.types.enum [ +          "unbuilt" +          "remote" +          "local" +        ]; +        description = '' +          Whether the dependency is pre-built and available in the local /nix/store ("local"), can be substituted ("remote"), or has to be built ("none") +        ''; +        default = "unbuilt"; +      }; +      options.inputs = lib.mkOption { +        type = lib.types.attrsOf (lib.types.submodule Dependency); +        default = { }; +      }; +    } +  ); +  Nodes = lib.types.attrsOf (lib.types.submodule Node); +  scope-fun = import ./scope-fun.nix { +    inherit lib; +    inherit (config.dag) nodes; +  }; +in +{ +  options.dag = { +    nodes = lib.mkOption { +      type = Nodes; +      description = "Derivation DAG, including cache status and references."; +    }; +    test.unconstrained.builds = lib.mkOption { +      type = with lib.types; nullOr int; +      default = null; +      description = "How many builds are required to satisfy all targets. Null disables the test"; +    }; +    test.unconstrained.downloads = lib.mkOption { +      type = with lib.types; nullOr int; +      default = null; +      description = "How many downloads are required to satisfy all targets. Null disables the test"; +    }; +    test.constrained.builds = lib.mkOption { +      type = with lib.types; nullOr int; +      default = null; +      description = "How many builds we expect evanix to choose to satisfy the maximum number of targets within the given budget. Null disables the test"; +    }; +    test.constrained.downloads = lib.mkOption { +      type = with lib.types; nullOr int; +      default = null; +      description = "How many downloads we expect evanix to choose to satisfy the maximum number of targets within the given budget. Null disables the test"; +    }; +    constraints.builds = lib.mkOption { +      type = with lib.types; nullOr int; +      default = null; +      description = "How many builds evanix is allowed to choose. Null means no constraint"; +    }; +    constraints.downloads = lib.mkOption { +      type = with lib.types; nullOr int; +      default = null; +      description = "How many downloads evanix is allowed to choose. Null means no constraint"; +    }; +  }; + +  config.nodes.builder = +    { pkgs, ... }: +    let +      evanix = pkgs.callPackage ../../package.nix { }; + +      scope = pkgs.lib.makeScope pkgs.newScope scope-fun; +      configJson = (pkgs.formats.json { }).generate "nix-dag.json" config.dag; +      allPackages = pkgs.writeText "guest-scope.nix" '' +        let +          pkgs = import ${pkgs.path} { }; +          config = builtins.fromJSON (builtins.readFile ${configJson}); +        in +          pkgs.lib.makeScope pkgs.newScope (pkgs.callPackage ${./scope-fun.nix} { inherit (pkgs) lib; inherit (config) nodes; }) +      ''; +      targets = pkgs.writeText "guest-request-scope.nix" '' +        let +          inherit (pkgs) lib; +          pkgs = import ${pkgs.path} { }; +          config = builtins.fromJSON (builtins.readFile ${configJson}); +          all = import ${allPackages}; +          subset = lib.pipe all [ +            (lib.filterAttrs (name: node: lib.isDerivation node)) +            (lib.filterAttrs (name: node: config.nodes.''${name}.goal)) +          ]; +        in +          subset +      ''; + +      tester = pkgs.writers.writePython3Bin "dag-test" { } '' +        # flake8: noqa + +        import json +        import re +        import subprocess +        import sys + + +        with open("${configJson}", "r") as f: +          config = json.load(f) + + +        nodes = config["nodes"] +        print(f"config={config}", file=sys.stderr) + + +        def path_to_name(path: str) -> str: +          return re.sub(r"^[ ]*${builtins.storeDir}/[a-z0-9]*-([a-zA-Z0-9_-]+)(\.drv)?", r"\1", path) + +        def parse_evanix_dry_run(output): +          to_build = [ ] + +          for line in output.split("\n"): +            if not re.match("nix-build --out-link .*$", line): +              continue + +            drv = re.sub(r"^nix-build --out-link result-([a-zA-Z0-9_-]+).*$", r"\1", line) +            to_build.append(drv) + +          return to_build + +        def parse_dry_run(output): +          to_fetch = [ ] +          to_build = [ ] + +          bin = "undefined" +          for line in output.split("\n"): + +            if not line: +              continue + +            if re.match("^.*will be built:$", line): +              bin = "to_build" +              continue +            elif re.match("^.*will be fetched.*:$", line): +              bin = "to_fetch" +              continue + +            if not re.match("^[ ]*${builtins.storeDir}", line): +              print(f"Skipping line: {line}", file=sys.stderr) +              continue + +            line = path_to_name(line) + +            if bin == "to_build": +              to_build.append(line) +            elif bin == "to_fetch": +              to_fetch.append(line) +            else: +              raise RuntimeError("nix-build --dry-run produced invalid output", line) +          return to_fetch, to_build + +        drv_to_schedule = {} +        for name, node in nodes.items(): +          p = subprocess.run(["nix-build", "${allPackages}", "--dry-run", "--show-trace", "-A", name], check=True, stderr=subprocess.PIPE) +          output = p.stderr.decode("utf-8") +          to_fetch, to_build = parse_dry_run(output) +          drv_to_schedule[name] = (to_fetch, to_build) + +        drv_to_action = {} +        for (to_fetch, to_build) in drv_to_schedule.values(): +          for dep in to_fetch: +            name = path_to_name(dep) +            if name not in drv_to_action: +              drv_to_action[name] = "fetch" +            assert drv_to_action[name] == "fetch", f"Conflicting plan for {dep}" +          for dep in to_build: +            name = path_to_name(dep) +            if name not in drv_to_action: +              drv_to_action[name] = "build" +            assert drv_to_action[name] == "build", f"Conflicting plan for {dep}" + +        print(f"Schedule: {drv_to_action}", file=sys.stderr) +        print(f"Per-derivation schedules: {drv_to_schedule}", file=sys.stderr) + +        for name, node in nodes.items(): +          error_msg = f"Wrong plan for {name}" +          action = drv_to_action.get(name, None) +          if node["cache"] == "local": +            assert action is None, error_msg +          elif node["cache"] == "remote": +            assert action == "fetch", error_msg +          elif node["cache"] == "unbuilt": +            assert action == "build", error_msg +          else: +            raise AssertionError('cache is not in [ "local", "remote", "unbuilt" ]') + +        need_builds: set[str] = set() +        need_dls: set[str] = set() +        for name, node in nodes.items(): +          if node["goal"]: +            need_dls.update(drv_to_schedule[name][0]) +            need_builds.update(drv_to_schedule[name][1]) + +        if (expected_need_dls := config["test"]["unconstrained"]["downloads"]) is not None: +          assert len(need_dls) == expected_need_dls, f"{len(need_dls)} != {expected_need_dls}; building {need_dls}" +          print("Verified `needDownloads`", file=sys.stderr) + +        if (expected_need_builds := config["test"]["unconstrained"]["builds"]) is not None: +          assert len(need_builds) == expected_need_builds, f"{len(need_builds)} != {expected_need_builds}; building {need_builds}" +          print("Verified `needBuilds`", file=sys.stderr) + +        for name, node in nodes.items(): +          if node["test"]["needed"]: +            assert name in need_builds or name in need_dls, f"{name}.test.needed violated" + + +        evanix_args = ["evanix", "${targets}", "--dry-run", "--close-unused-fd", "false"] +        if (allow_builds := config["constraints"]["builds"]) is not None: +          evanix_args.extend(["--solver=highs", "--max-build", str(allow_builds)]) + +        expect_chosen_nodes = set(name for name, node in nodes.items() if node["test"]["chosen"]) +        expect_n_chosen_builds = config["test"]["constrained"]["builds"] +        expect_n_chosen_downloads = config["test"]["constrained"]["downloads"] + +        # TODO: Add option +        if expect_n_chosen_downloads is not None and expect_n_chosen_builds is not None: +          expect_n_chosen_nodes = expect_n_chosen_builds + expect_n_chosen_downloads +        else: +          expect_n_chosen_nodes = None + +        if expect_chosen_nodes or expect_n_chosen_nodes is not None: +          evanix = subprocess.run(evanix_args, check=True, stdout=subprocess.PIPE) +          evanix_output = evanix.stdout.decode("utf-8") +          evanix_choices = parse_evanix_dry_run(evanix_output) +        else: +          evanix_choices = set() + +        evanix_builds, evanix_downloads = [], [] +        for choice in evanix_choices: +          if drv_to_action[choice] == "build": +            evanix_builds.append(choice) +          elif drv_to_action[choice] == "fetch": +            evanix_downloads.append(choice) + +        if expect_n_chosen_nodes is not None: +          assert len(evanix_choices) == expect_n_chosen_nodes, f"len({evanix_builds}) != choseNodes" +          print("Verified `choseNodes`", file=sys.stderr) + +        if expect_chosen_nodes: +          for name in expect_chosen_nodes: +            assert name in evanix_choices, f"{name}.test.chosen failed; choices: {evanix_choices}" +          print("Verified `expect_chosen_nodes`", file=sys.stderr) + +        assert expect_n_chosen_builds is None or len(evanix_builds) == expect_n_chosen_builds, f"{expect_n_chosen_builds=} {len(evanix_builds)=}" +        assert expect_n_chosen_downloads is None or len(evanix_downloads) == expect_n_chosen_downloads, f"{expect_n_chosen_downloads=} {len(evanix_downloads)=}" +      ''; +    in +    { +      system.extraDependencies = +        lib.pipe config.dag.nodes [ +          builtins.attrValues +          (builtins.filter ({ cache, ... }: cache == "local")) +          (builtins.map ({ name, ... }: scope.${name})) +        ] +        ++ [ +          pkgs.path + +          # Cache runCommand's dependencies such as runtimeShell +          (pkgs.runCommand "any-run-command" { } "").inputDerivation +        ]; +      networking.hostName = "builder"; +      networking.domain = "evanix-tests.local"; +      nix.settings.substituters = lib.mkForce [ "http://substituter" ]; +      systemd.tmpfiles.settings."10-expressions" = { +        "/run/dag-test/nix-dag-test.json"."L+".argument = "${configJson}"; +        "/run/dag-test/all-packages.nix"."L+".argument = "${allPackages}"; +        "/run/dag-test/targets.nix"."L+".argument = "${targets}"; +      }; + +      environment.systemPackages = [ +        tester +        evanix +      ]; +    }; +  config.nodes.substituter = +    { pkgs, ... }: +    let +      scope = pkgs.lib.makeScope pkgs.newScope scope-fun; +    in +    { +      system.extraDependencies = lib.pipe config.dag.nodes [ +        builtins.attrValues +        (builtins.filter ({ cache, ... }: cache == "remote")) +        (builtins.map ({ name, ... }: scope.${name})) +      ]; +      services.nix-serve.enable = true; +      services.nix-serve.port = 80; +      services.nix-serve.openFirewall = true; + +      # Allow listening on 80 +      systemd.services.nix-serve.serviceConfig.User = lib.mkForce "root"; +      networking.hostName = "substituter"; + +      networking.domain = "evanix-tests.local"; +    }; +} diff --git a/nixos/tests/scope-fun.nix b/nixos/tests/scope-fun.nix new file mode 100644 index 0000000..9dc0cf0 --- /dev/null +++ b/nixos/tests/scope-fun.nix @@ -0,0 +1,32 @@ +{ lib, nodes }: +assert builtins.isAttrs nodes; +self: +let +  mkBuildInputs = +    propagated: +    lib.flip lib.pipe [ +      builtins.attrValues +      (builtins.filter ({ runtime, ... }: (propagated && runtime) || (!propagated && !runtime))) +      (map ({ name, ... }: self.${name})) +    ]; +in +builtins.mapAttrs ( +  name: node: +  assert builtins.isString name; +  assert builtins.isAttrs node; +  let +    inherit (node) inputs; +  in +  self.callPackage ( +    { runCommand }: +    runCommand name +      { +        buildInputs = mkBuildInputs false inputs; +        propagatedBuildInputs = mkBuildInputs true inputs; +      } +      '' +        mkdir $out  +        echo ${name} > $out/name +      '' +  ) { } +) nodes | 
