Merge fort-nix/nix-bitcoin#531: ShellCheck for various helper bash scripts
91a03ce7d2
shellcheck: fix lint of scripts in /helper (Otto Sabart)f184bb34e6
shellcheck: fix lint of scripts in tests (Otto Sabart)a59c3b4b8a
shellcheck: fix lint of package helper bash scripts (Otto Sabart)9a92d29111
tests: add shellcheck (Otto Sabart)b625325487
ci/modules_test: use flake-enabled nix (Erik Arvstedt) Pull request description: ACKs for top commit: erikarvstedt: ACK91a03ce7d2
jonasnick: ACK91a03ce7d2
Tree-SHA512: 6ece237a6160d9c1c80d93d86aaa9a3b7ad5e2ca6c3b0b47f87e12e739fc3b34ac1e21f6bcf6f483c440aa98650ac6b8672ce80fa62717fa8352b4c0a9903d3e
This commit is contained in:
commit
1ca8b3d7b9
15
.cirrus.yml
15
.cirrus.yml
@ -7,11 +7,13 @@ task:
|
|||||||
# Use the maximum timeout. Needed when rebuilding packages on a channel update.
|
# Use the maximum timeout. Needed when rebuilding packages on a channel update.
|
||||||
timeout_in: 120m
|
timeout_in: 120m
|
||||||
|
|
||||||
|
container:
|
||||||
|
# Defined in https://github.com/nix-community/docker-nixpkgs
|
||||||
|
image: nixpkgs/nix-flakes:nixos-22.05
|
||||||
|
|
||||||
matrix:
|
matrix:
|
||||||
- name: modules_test
|
- name: modules_test
|
||||||
container:
|
container:
|
||||||
# Use Nix release 2.3.x, the default on NixOS stable
|
|
||||||
image: nixos/nix:2.3.12
|
|
||||||
# Besides virtualization, this also enables privileged containers which are required for
|
# Besides virtualization, this also enables privileged containers which are required for
|
||||||
# sandboxed builds
|
# sandboxed builds
|
||||||
kvm: true
|
kvm: true
|
||||||
@ -28,12 +30,13 @@ task:
|
|||||||
# This script is run as root
|
# This script is run as root
|
||||||
build_script:
|
build_script:
|
||||||
- echo "sandbox = true" >> /etc/nix/nix.conf
|
- echo "sandbox = true" >> /etc/nix/nix.conf
|
||||||
- export NIX_PATH="nixpkgs=$(nix eval --raw -f pkgs/nixpkgs-pinned.nix nixpkgs)"
|
- nix shell --inputs-from . nixpkgs#{bash,coreutils,gawk,cachix} -c ./test/ci/build.sh
|
||||||
- nix run -f '<nixpkgs>' bash coreutils cachix -c ./test/ci/build.sh
|
|
||||||
|
|
||||||
- name: flake
|
- name: flake
|
||||||
container:
|
|
||||||
image: nixpkgs/nix-flakes
|
|
||||||
build_script:
|
build_script:
|
||||||
- nix flake check
|
- nix flake check
|
||||||
- ./test/nixos-search/ci-test.sh
|
- ./test/nixos-search/ci-test.sh
|
||||||
|
|
||||||
|
- name: shellcheck
|
||||||
|
build_script:
|
||||||
|
- nix shell --inputs-from . nixpkgs#{shellcheck,findutils,gnugrep} -c ./test/shellcheck.sh
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
if [[ ! -v NIX_BITCOIN_EXAMPLES_DIR ]]; then
|
if [[ ! -v NIX_BITCOIN_EXAMPLES_DIR ]]; then
|
||||||
echo "Running script in nix shell env..."
|
echo "Running script in nix shell env..."
|
||||||
@ -9,16 +10,16 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
tmpDir=$(mktemp -d /tmp/nix-bitcoin-minimal-container.XXX)
|
tmpDir=$(mktemp -d /tmp/nix-bitcoin-minimal-container.XXX)
|
||||||
trap "rm -rf $tmpDir" EXIT
|
trap 'rm -rf $tmpDir' EXIT
|
||||||
|
|
||||||
# Modify importable-configuration.nix to use the local <nix-bitcoin>
|
# Modify importable-configuration.nix to use the local <nix-bitcoin>
|
||||||
# source instead of fetchTarball
|
# source instead of fetchTarball
|
||||||
<importable-configuration.nix sed '
|
<importable-configuration.nix sed '
|
||||||
s|nix-bitcoin = .*|nix-bitcoin = toString <nix-bitcoin>;|;
|
s|nix-bitcoin = .*|nix-bitcoin = toString <nix-bitcoin>;|;
|
||||||
s|system.extraDependencies = .*||
|
s|system.extraDependencies = .*||
|
||||||
' > $tmpDir/importable-configuration.nix
|
' > "$tmpDir/importable-configuration.nix"
|
||||||
|
|
||||||
cat > $tmpDir/configuration.nix <<EOF
|
cat > "$tmpDir/configuration.nix" <<EOF
|
||||||
{
|
{
|
||||||
imports = [ $tmpDir/importable-configuration.nix ];
|
imports = [ $tmpDir/importable-configuration.nix ];
|
||||||
users.users.main = {
|
users.users.main = {
|
||||||
@ -30,4 +31,4 @@ cat > $tmpDir/configuration.nix <<EOF
|
|||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
"${BASH_SOURCE[0]%/*}/deploy-container.sh" $tmpDir/configuration.nix "$@"
|
"${BASH_SOURCE[0]%/*}/deploy-container.sh" "$tmpDir/configuration.nix" "$@"
|
||||||
|
@ -75,7 +75,7 @@ fi
|
|||||||
# Build container.
|
# Build container.
|
||||||
# Learn more: https://github.com/erikarvstedt/extra-container
|
# Learn more: https://github.com/erikarvstedt/extra-container
|
||||||
#
|
#
|
||||||
read -d '' src <<EOF || true
|
read -rd '' src <<EOF || true
|
||||||
{ pkgs, lib, ... }: {
|
{ pkgs, lib, ... }: {
|
||||||
containers.demo-node = {
|
containers.demo-node = {
|
||||||
extra.addressPrefix = "10.250.0";
|
extra.addressPrefix = "10.250.0";
|
||||||
|
@ -24,7 +24,7 @@ source qemu-vm/run-vm.sh
|
|||||||
|
|
||||||
echo "Building the target VM"
|
echo "Building the target VM"
|
||||||
# Build the initial VM to which the nix-bitcoin node is deployed via krops
|
# Build the initial VM to which the nix-bitcoin node is deployed via krops
|
||||||
nix-build --out-link $tmpDir/vm - <<'EOF'
|
nix-build --out-link "$tmpDir/vm" - <<'EOF'
|
||||||
(import <nixpkgs/nixos> {
|
(import <nixpkgs/nixos> {
|
||||||
configuration = { config, lib, ... }: {
|
configuration = { config, lib, ... }: {
|
||||||
imports = [ <qemu-vm/vm-config.nix> ];
|
imports = [ <qemu-vm/vm-config.nix> ];
|
||||||
@ -43,11 +43,11 @@ vmNumCPUs=4
|
|||||||
vmMemoryMiB=2048
|
vmMemoryMiB=2048
|
||||||
sshPort=60734
|
sshPort=60734
|
||||||
# Start the VM in the background
|
# Start the VM in the background
|
||||||
runVM $tmpDir/vm $vmNumCPUs $vmMemoryMiB $sshPort
|
runVM "$tmpDir/vm" "$vmNumCPUs" "$vmMemoryMiB" "$sshPort"
|
||||||
|
|
||||||
# Build the krops deploy script
|
# Build the krops deploy script
|
||||||
export sshPort
|
export sshPort
|
||||||
nix-build --out-link $tmpDir/krops-deploy - <<'EOF'
|
nix-build --out-link "$tmpDir/krops-deploy" - <<'EOF'
|
||||||
let
|
let
|
||||||
krops = (import <nix-bitcoin> {}).krops;
|
krops = (import <nix-bitcoin> {}).krops;
|
||||||
|
|
||||||
@ -85,7 +85,7 @@ EOF
|
|||||||
|
|
||||||
echo "Building the nix-bitcoin node"
|
echo "Building the nix-bitcoin node"
|
||||||
# Pre-build the nix-bitcoin node outside of the VM to save some time
|
# Pre-build the nix-bitcoin node outside of the VM to save some time
|
||||||
nix-build --out-link $tmpDir/store-paths -E '
|
nix-build --out-link "$tmpDir/store-paths" -E '
|
||||||
let
|
let
|
||||||
system = (import <nixpkgs/nixos> { configuration = <krops-vm-configuration.nix>; }).system;
|
system = (import <nixpkgs/nixos> { configuration = <krops-vm-configuration.nix>; }).system;
|
||||||
pkgsUnstable = (import <nix-bitcoin/pkgs/nixpkgs-pinned.nix>).nixpkgs-unstable;
|
pkgsUnstable = (import <nix-bitcoin/pkgs/nixpkgs-pinned.nix>).nixpkgs-unstable;
|
||||||
@ -98,7 +98,7 @@ vmWaitForSSH
|
|||||||
|
|
||||||
# Add the store paths that include the nix-bitcoin node
|
# Add the store paths that include the nix-bitcoin node
|
||||||
# to the nix store db in the VM
|
# to the nix store db in the VM
|
||||||
c "nix-store --load-db < $(realpath $tmpDir/store-paths)/registration"
|
c "nix-store --load-db < $(realpath "$tmpDir/store-paths")/registration"
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "Generate secrets"
|
echo "Generate secrets"
|
||||||
@ -106,7 +106,7 @@ nix-shell --run generate-secrets
|
|||||||
|
|
||||||
echo
|
echo
|
||||||
echo "Deploy with krops"
|
echo "Deploy with krops"
|
||||||
$tmpDir/krops-deploy
|
"$tmpDir/krops-deploy"
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "Bitcoind service:"
|
echo "Bitcoind service:"
|
||||||
|
@ -22,7 +22,7 @@ fi
|
|||||||
source qemu-vm/run-vm.sh
|
source qemu-vm/run-vm.sh
|
||||||
|
|
||||||
echo "Building VM"
|
echo "Building VM"
|
||||||
nix-build --out-link $tmpDir/vm - <<'EOF'
|
nix-build --out-link "$tmpDir/vm" - <<'EOF'
|
||||||
(import <nixpkgs/nixos> {
|
(import <nixpkgs/nixos> {
|
||||||
configuration = {
|
configuration = {
|
||||||
imports = [
|
imports = [
|
||||||
@ -37,7 +37,7 @@ EOF
|
|||||||
vmNumCPUs=4
|
vmNumCPUs=4
|
||||||
vmMemoryMiB=2048
|
vmMemoryMiB=2048
|
||||||
sshPort=60734
|
sshPort=60734
|
||||||
runVM $tmpDir/vm $vmNumCPUs $vmMemoryMiB $sshPort
|
runVM "$tmpDir/vm" "$vmNumCPUs" "$vmMemoryMiB" "$sshPort"
|
||||||
|
|
||||||
vmWaitForSSH
|
vmWaitForSSH
|
||||||
printf "Waiting until services are ready"
|
printf "Waiting until services are ready"
|
||||||
|
@ -1,22 +1,23 @@
|
|||||||
qemuDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
|
qemuDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
|
||||||
|
|
||||||
|
# shellcheck disable=SC1091
|
||||||
source "$qemuDir/wait-until.sh"
|
source "$qemuDir/wait-until.sh"
|
||||||
|
|
||||||
tmpDir=/tmp/nix-bitcoin-qemu-vm
|
tmpDir=/tmp/nix-bitcoin-qemu-vm
|
||||||
mkdir -p $tmpDir
|
mkdir -p "$tmpDir"
|
||||||
|
|
||||||
# Cleanup on exit
|
# Cleanup on exit
|
||||||
cleanup() {
|
cleanup() {
|
||||||
set +eu
|
set +eu
|
||||||
if [[ $qemuPID ]]; then
|
if [[ $qemuPID ]]; then
|
||||||
kill -9 $qemuPID
|
kill -9 "$qemuPID"
|
||||||
fi
|
fi
|
||||||
rm -rf $tmpDir
|
rm -rf "$tmpDir"
|
||||||
}
|
}
|
||||||
trap "cleanup" EXIT
|
trap "cleanup" EXIT
|
||||||
|
|
||||||
identityFile=$qemuDir/id-vm
|
identityFile=$qemuDir/id-vm
|
||||||
chmod 0600 $identityFile
|
chmod 0600 "$identityFile"
|
||||||
|
|
||||||
runVM() {
|
runVM() {
|
||||||
vm=$1
|
vm=$1
|
||||||
@ -24,9 +25,10 @@ runVM() {
|
|||||||
vmMemoryMiB=$3
|
vmMemoryMiB=$3
|
||||||
sshPort=$4
|
sshPort=$4
|
||||||
|
|
||||||
export NIX_DISK_IMAGE=$tmpDir/img
|
export NIX_DISK_IMAGE="$tmpDir/img"
|
||||||
export QEMU_NET_OPTS=hostfwd=tcp::$sshPort-:22
|
export QEMU_NET_OPTS="hostfwd=tcp::${sshPort}-:22"
|
||||||
</dev/null $vm/bin/run-*-vm -m $vmMemoryMiB -smp $vmNumCPUs &>/dev/null &
|
# shellcheck disable=SC2211
|
||||||
|
</dev/null "$vm"/bin/run-*-vm -m "$vmMemoryMiB" -smp "$vmNumCPUs" &>/dev/null &
|
||||||
qemuPID=$!
|
qemuPID=$!
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -39,7 +41,7 @@ vmWaitForSSH() {
|
|||||||
|
|
||||||
# Run command in VM
|
# Run command in VM
|
||||||
c() {
|
c() {
|
||||||
ssh -p $sshPort -i $identityFile -o ConnectTimeout=1 \
|
ssh -p "$sshPort" -i "$identityFile" -o ConnectTimeout=1 \
|
||||||
-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR \
|
-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR \
|
||||||
-o ControlMaster=auto -o ControlPath=$tmpDir/ssh-connection -o ControlPersist=60 \
|
-o ControlMaster=auto -o ControlPath=$tmpDir/ssh-connection -o ControlPersist=60 \
|
||||||
root@127.0.0.1 "$@"
|
root@127.0.0.1 "$@"
|
||||||
|
@ -11,6 +11,8 @@ c systemctl status bitcoind
|
|||||||
|
|
||||||
# BASH_ENVIRONMENT contains definitions of read-only variables like 'BASHOPTS' that
|
# BASH_ENVIRONMENT contains definitions of read-only variables like 'BASHOPTS' that
|
||||||
# cause warnings on evaluation. Suppress these warnings while sourcing.
|
# cause warnings on evaluation. Suppress these warnings while sourcing.
|
||||||
|
#
|
||||||
|
# shellcheck disable=SC2016
|
||||||
BASH_ENVIRONMENT=<(declare -p; declare -pf) \
|
BASH_ENVIRONMENT=<(declare -p; declare -pf) \
|
||||||
USAGE_INFO="$USAGE_INFO" \
|
USAGE_INFO="$USAGE_INFO" \
|
||||||
bash --rcfile <(echo '
|
bash --rcfile <(echo '
|
||||||
|
@ -12,10 +12,10 @@ if [[ ! -v version ]]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
TMPDIR=$(mktemp -d)
|
TMPDIR=$(mktemp -d)
|
||||||
trap "rm -rf $TMPDIR" EXIT
|
trap 'rm -rf $TMPDIR' EXIT
|
||||||
|
|
||||||
export GNUPGHOME=$TMPDIR/gpg-home
|
export GNUPGHOME=$TMPDIR/gpg-home
|
||||||
mkdir -p -m 700 "$GNUPGHOME"
|
mkdir -m 700 "$GNUPGHOME"
|
||||||
|
|
||||||
# Import key
|
# Import key
|
||||||
gpg --import "$scriptDir/key-jonasnick.bin" &> /dev/null
|
gpg --import "$scriptDir/key-jonasnick.bin" &> /dev/null
|
||||||
@ -25,10 +25,10 @@ gpg --import "$scriptDir/key-jonasnick.bin" &> /dev/null
|
|||||||
gpg --list-keys "36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366" > /dev/null
|
gpg --list-keys "36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366" > /dev/null
|
||||||
|
|
||||||
# Fetch nar-hash of release
|
# Fetch nar-hash of release
|
||||||
cd $TMPDIR
|
cd "$TMPDIR"
|
||||||
baseUrl=https://github.com/$repo/releases/download/v$version
|
baseUrl=https://github.com/$repo/releases/download/v$version
|
||||||
curl -fsS -L -O $baseUrl/nar-hash.txt
|
curl -fsS -L -O "$baseUrl/nar-hash.txt"
|
||||||
curl -fsS -L -O $baseUrl/nar-hash.txt.asc
|
curl -fsS -L -O "$baseUrl/nar-hash.txt.asc"
|
||||||
|
|
||||||
# Verify signature for nar-hash
|
# Verify signature for nar-hash
|
||||||
gpg --verify nar-hash.txt.asc &> /dev/null || {
|
gpg --verify nar-hash.txt.asc &> /dev/null || {
|
||||||
|
@ -37,11 +37,11 @@ fi
|
|||||||
cd "${BASH_SOURCE[0]%/*}"
|
cd "${BASH_SOURCE[0]%/*}"
|
||||||
|
|
||||||
RESPONSE=$(curl https://api.github.com/repos/$REPO/releases/latest 2> /dev/null)
|
RESPONSE=$(curl https://api.github.com/repos/$REPO/releases/latest 2> /dev/null)
|
||||||
echo "Latest release" $(echo $RESPONSE | jq -r '.tag_name' | tail -c +2)
|
echo "Latest release" "$(echo "$RESPONSE" | jq -r '.tag_name' | tail -c +2)"
|
||||||
|
|
||||||
if [[ ! $DRY_RUN ]]; then
|
if [[ ! $DRY_RUN ]]; then
|
||||||
while true; do
|
while true; do
|
||||||
read -p "Create release $TAG_NAME? [yn] " yn
|
read -rp "Create release ${TAG_NAME}? [yn] " yn
|
||||||
case $yn in
|
case $yn in
|
||||||
[Yy]* ) break;;
|
[Yy]* ) break;;
|
||||||
[Nn]* ) exit;;
|
[Nn]* ) exit;;
|
||||||
@ -51,22 +51,22 @@ if [[ ! $DRY_RUN ]]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
TMPDIR=$(mktemp -d)
|
TMPDIR=$(mktemp -d)
|
||||||
if [[ ! $DRY_RUN ]]; then trap "rm -rf $TMPDIR" EXIT; fi
|
if [[ ! $DRY_RUN ]]; then trap 'rm -rf $TMPDIR' EXIT; fi
|
||||||
ARCHIVE_NAME=nix-bitcoin-$TAG_NAME.tar.gz
|
ARCHIVE_NAME=nix-bitcoin-$TAG_NAME.tar.gz
|
||||||
ARCHIVE=$TMPDIR/$ARCHIVE_NAME
|
ARCHIVE=$TMPDIR/$ARCHIVE_NAME
|
||||||
|
|
||||||
# Need to be in the repo root directory for archiving
|
# Need to be in the repo root directory for archiving
|
||||||
(cd $(git rev-parse --show-toplevel); git archive --format=tar.gz -o $ARCHIVE $BRANCH)
|
(cd "$(git rev-parse --show-toplevel)"; git archive --format=tar.gz -o "$ARCHIVE" "$BRANCH")
|
||||||
|
|
||||||
SHA256SUMS=$TMPDIR/SHA256SUMS.txt
|
SHA256SUMS=$TMPDIR/SHA256SUMS.txt
|
||||||
# Use relative path with sha256sums because it'll output the first
|
# Use relative path with sha256sums because it'll output the first
|
||||||
# argument
|
# argument
|
||||||
(cd $TMPDIR; sha256sum $ARCHIVE_NAME > $SHA256SUMS)
|
(cd "$TMPDIR"; sha256sum "$ARCHIVE_NAME" > "$SHA256SUMS")
|
||||||
gpg -o $SHA256SUMS.asc -a --detach-sig $SHA256SUMS
|
gpg -o "$SHA256SUMS.asc" -a --detach-sig "$SHA256SUMS"
|
||||||
|
|
||||||
pushd $TMPDIR >/dev/null
|
pushd "$TMPDIR" >/dev/null
|
||||||
|
|
||||||
nix hash to-sri --type sha256 $(nix-prefetch-url --unpack file://$ARCHIVE 2> /dev/null) > nar-hash.txt
|
nix hash to-sri --type sha256 "$(nix-prefetch-url --unpack "file://$ARCHIVE" 2> /dev/null)" > nar-hash.txt
|
||||||
gpg -o nar-hash.txt.asc -a --detach-sig nar-hash.txt
|
gpg -o nar-hash.txt.asc -a --detach-sig nar-hash.txt
|
||||||
|
|
||||||
if [[ $DRY_RUN ]]; then
|
if [[ $DRY_RUN ]]; then
|
||||||
@ -76,7 +76,7 @@ fi
|
|||||||
|
|
||||||
POST_DATA="{ \"tag_name\": \"v$TAG_NAME\", \"name\": \"nix-bitcoin-$TAG_NAME\", \"body\": \"nix-bitcoin-$TAG_NAME\", \"target_comitish\": \"$BRANCH\" }"
|
POST_DATA="{ \"tag_name\": \"v$TAG_NAME\", \"name\": \"nix-bitcoin-$TAG_NAME\", \"body\": \"nix-bitcoin-$TAG_NAME\", \"target_comitish\": \"$BRANCH\" }"
|
||||||
RESPONSE=$(curl -H "Authorization: token $OAUTH_TOKEN" -d "$POST_DATA" https://api.github.com/repos/$REPO/releases 2> /dev/null)
|
RESPONSE=$(curl -H "Authorization: token $OAUTH_TOKEN" -d "$POST_DATA" https://api.github.com/repos/$REPO/releases 2> /dev/null)
|
||||||
ID=$(echo $RESPONSE | jq -r '.id')
|
ID=$(echo "$RESPONSE" | jq -r '.id')
|
||||||
if [[ $ID == null ]]; then
|
if [[ $ID == null ]]; then
|
||||||
echo "Failed to create release with $POST_DATA"
|
echo "Failed to create release with $POST_DATA"
|
||||||
exit 1
|
exit 1
|
||||||
@ -85,20 +85,20 @@ fi
|
|||||||
post_asset() {
|
post_asset() {
|
||||||
GH_ASSET="https://uploads.github.com/repos/$REPO/releases/$ID/assets?name="
|
GH_ASSET="https://uploads.github.com/repos/$REPO/releases/$ID/assets?name="
|
||||||
curl -H "Authorization: token $OAUTH_TOKEN" --data-binary "@$1" -H "Content-Type: application/octet-stream" \
|
curl -H "Authorization: token $OAUTH_TOKEN" --data-binary "@$1" -H "Content-Type: application/octet-stream" \
|
||||||
$GH_ASSET/$(basename $1) &> /dev/null
|
"$GH_ASSET/$(basename "$1")" &> /dev/null
|
||||||
}
|
}
|
||||||
post_asset nar-hash.txt
|
post_asset nar-hash.txt
|
||||||
post_asset nar-hash.txt.asc
|
post_asset nar-hash.txt.asc
|
||||||
# Post additional assets for backwards compatibility.
|
# Post additional assets for backwards compatibility.
|
||||||
# This allows older nix-bitcoin installations to upgrade via `fetch-release`.
|
# This allows older nix-bitcoin installations to upgrade via `fetch-release`.
|
||||||
post_asset $ARCHIVE
|
post_asset "$ARCHIVE"
|
||||||
post_asset $SHA256SUMS
|
post_asset "$SHA256SUMS"
|
||||||
post_asset $SHA256SUMS.asc
|
post_asset "$SHA256SUMS.asc"
|
||||||
|
|
||||||
popd >/dev/null
|
popd >/dev/null
|
||||||
|
|
||||||
if [[ ! $DRY_RUN ]]; then
|
if [[ ! $DRY_RUN ]]; then
|
||||||
git push $GIT_REMOTE $BRANCH:release
|
git push "$GIT_REMOTE" "${BRANCH}:release"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Successfully created" $(echo $POST_DATA | jq -r .tag_name)
|
echo "Successfully created" "$(echo "$POST_DATA" | jq -r .tag_name)"
|
||||||
|
@ -7,10 +7,10 @@ flakeOutput=$2
|
|||||||
# A pattern in a line preceding the hash that should be updated
|
# A pattern in a line preceding the hash that should be updated
|
||||||
patternPrecedingHash=$3
|
patternPrecedingHash=$3
|
||||||
|
|
||||||
sed -i "/$patternPrecedingHash/,/hash/ s|hash = .*|hash = \"\";|" $file
|
sed -i "/$patternPrecedingHash/,/hash/ s|hash = .*|hash = \"\";|" "$file"
|
||||||
# Display stderr and capture it. stdbuf is required to disable output buffering.
|
# Display stderr and capture it. stdbuf is required to disable output buffering.
|
||||||
stderr=$(
|
stderr=$(
|
||||||
nix build --no-link -L .#$flakeOutput |&
|
nix build --no-link -L ".#$flakeOutput" |&
|
||||||
stdbuf -oL grep -v '\berror:.*failed to build$' |
|
stdbuf -oL grep -v '\berror:.*failed to build$' |
|
||||||
tee /dev/stderr || :
|
tee /dev/stderr || :
|
||||||
)
|
)
|
||||||
@ -20,5 +20,5 @@ if [[ ! $hash ]]; then
|
|||||||
echo "Error: No hash in build output."
|
echo "Error: No hash in build output."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
sed -i "/$patternPrecedingHash/,/hash/ s|hash = .*|hash = \"$hash\";|" $file
|
sed -i "/$patternPrecedingHash/,/hash/ s|hash = .*|hash = \"$hash\";|" "$file"
|
||||||
echo "(Note: The above hash mismatch message is not an error. It is part of the fetching process.)"
|
echo "(Note: The above hash mismatch message is not an error. It is part of the fetching process.)"
|
||||||
|
@ -11,4 +11,4 @@ archive_hash () {
|
|||||||
echo "Fetching latest lightningd/plugins release"
|
echo "Fetching latest lightningd/plugins release"
|
||||||
latest=$(git ls-remote https://github.com/lightningd/plugins master | cut -f 1)
|
latest=$(git ls-remote https://github.com/lightningd/plugins master | cut -f 1)
|
||||||
echo "rev = \"${latest}\";"
|
echo "rev = \"${latest}\";"
|
||||||
echo "sha256 = \"$(archive_hash lightningd/plugins $latest)\";"
|
echo "sha256 = \"$(archive_hash lightningd/plugins "$latest")\";"
|
||||||
|
@ -8,18 +8,18 @@ repo=https://github.com/Ride-The-Lightning/c-lightning-REST
|
|||||||
scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
|
scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
|
||||||
|
|
||||||
updateSrc() {
|
updateSrc() {
|
||||||
TMPDIR="$(mktemp -d /tmp/clightning-rest.XXX)"
|
TMPDIR=$(mktemp -d /tmp/clightning-rest.XXX)
|
||||||
trap "rm -rf $TMPDIR" EXIT
|
trap 'rm -rf $TMPDIR' EXIT
|
||||||
|
|
||||||
# Fetch and verify source tarball
|
# Fetch and verify source tarball
|
||||||
export GNUPGHOME=$TMPDIR
|
export GNUPGHOME=$TMPDIR
|
||||||
# Fetch saubyk's key
|
# Fetch saubyk's key
|
||||||
gpg --keyserver hkps://keyserver.ubuntu.com --recv-key 3E9BD4436C288039CA827A9200C9E2BC2E45666F
|
gpg --keyserver hkps://keyserver.ubuntu.com --recv-key 3E9BD4436C288039CA827A9200C9E2BC2E45666F
|
||||||
file=v${version}.tar.gz
|
file=v${version}.tar.gz
|
||||||
wget -P $TMPDIR $repo/archive/refs/tags/$file
|
wget -P "$TMPDIR" "${repo}/archive/refs/tags/${file}"
|
||||||
wget -P $TMPDIR $repo/releases/download/v${version}/$file.asc
|
wget -P "$TMPDIR" "${repo}/releases/download/v${version}/${file}.asc"
|
||||||
gpg --verify $TMPDIR/$file.asc $TMPDIR/$file
|
gpg --verify "${TMPDIR}/${file}.asc" "${TMPDIR}/${file}"
|
||||||
hash=$(nix hash file $TMPDIR/$file)
|
hash=$(nix hash file "${TMPDIR}/${file}")
|
||||||
|
|
||||||
sed -i "
|
sed -i "
|
||||||
s|\bversion = .*;|version = \"$version\";|
|
s|\bversion = .*;|version = \"$version\";|
|
||||||
@ -28,7 +28,7 @@ updateSrc() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
updateNodeModulesHash() {
|
updateNodeModulesHash() {
|
||||||
$scriptDir/../../helper/update-fixed-output-derivation.sh ./default.nix clightning-rest.nodeModules nodeModules
|
"$scriptDir/../../helper/update-fixed-output-derivation.sh" ./default.nix clightning-rest.nodeModules nodeModules
|
||||||
}
|
}
|
||||||
|
|
||||||
if [[ $# == 0 ]]; then
|
if [[ $# == 0 ]]; then
|
||||||
@ -36,5 +36,5 @@ if [[ $# == 0 ]]; then
|
|||||||
updateSrc
|
updateSrc
|
||||||
updateNodeModulesHash
|
updateNodeModulesHash
|
||||||
else
|
else
|
||||||
eval "$@"
|
"$@"
|
||||||
fi
|
fi
|
||||||
|
@ -3,23 +3,23 @@
|
|||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
TMPDIR="$(mktemp -d -p /tmp)"
|
TMPDIR="$(mktemp -d -p /tmp)"
|
||||||
trap "rm -rf $TMPDIR" EXIT
|
trap 'rm -rf $TMPDIR' EXIT
|
||||||
cd $TMPDIR
|
cd "$TMPDIR"
|
||||||
|
|
||||||
echo "Fetching latest release"
|
echo "Fetching latest release"
|
||||||
git clone https://github.com/joinmarket-org/joinmarket-clientserver 2> /dev/null
|
git clone https://github.com/joinmarket-org/joinmarket-clientserver 2> /dev/null
|
||||||
cd joinmarket-clientserver
|
cd joinmarket-clientserver
|
||||||
latest=$(git describe --tags `git rev-list --tags --max-count=1`)
|
latest=$(git describe --tags "$(git rev-list --tags --max-count=1)")
|
||||||
echo "Latest release is ${latest}"
|
echo "Latest release is $latest"
|
||||||
|
|
||||||
# GPG verification
|
# GPG verification
|
||||||
export GNUPGHOME=$TMPDIR
|
export GNUPGHOME=$TMPDIR
|
||||||
echo "Fetching Adam Gibson's key"
|
echo "Fetching Adam Gibson's key"
|
||||||
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 2B6FC204D9BF332D062B461A141001A1AF77F20B 2> /dev/null
|
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 2B6FC204D9BF332D062B461A141001A1AF77F20B 2> /dev/null
|
||||||
echo "Verifying latest release"
|
echo "Verifying latest release"
|
||||||
git verify-tag ${latest}
|
git verify-tag "$latest"
|
||||||
|
|
||||||
echo "tag: ${latest}"
|
echo "tag: $latest"
|
||||||
# The prefix option is necessary because GitHub prefixes the archive contents in this format
|
# The prefix option is necessary because GitHub prefixes the archive contents in this format
|
||||||
echo "sha256: $(nix-hash --type sha256 --flat --base32 \
|
echo "sha256: $(nix-hash --type sha256 --flat --base32 \
|
||||||
<(git archive --format tar.gz --prefix=joinmarket-clientserver-"${latest//v}"/ ${latest}))"
|
<(git archive --format tar.gz --prefix=joinmarket-clientserver-"${latest//v}"/ "$latest"))"
|
||||||
|
@ -14,4 +14,4 @@ version=$(
|
|||||||
| sed -E 's|refs/tags/||g; s|((v)?(.*))|\1 \3|g' | sort -k 2 -V | tail -1 | cut -f 1 -d' '
|
| sed -E 's|refs/tags/||g; s|((v)?(.*))|\1 \3|g' | sort -k 2 -V | tail -1 | cut -f 1 -d' '
|
||||||
)
|
)
|
||||||
echo "rev: ${version}"
|
echo "rev: ${version}"
|
||||||
echo "sha256: $(archive_hash krebs/krops $version)"
|
echo "sha256: $(archive_hash krebs/krops "$version")"
|
||||||
|
@ -2,15 +2,15 @@
|
|||||||
#! nix-shell -i bash -p git gnupg curl jq
|
#! nix-shell -i bash -p git gnupg curl jq
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
TMPDIR="$(mktemp -d -p /tmp)"
|
TMPDIR=$(mktemp -d -p /tmp)
|
||||||
trap "rm -rf $TMPDIR" EXIT
|
trap 'rm -rf $TMPDIR' EXIT
|
||||||
cd $TMPDIR
|
cd "$TMPDIR"
|
||||||
|
|
||||||
echo "Fetching latest release"
|
echo "Fetching latest release"
|
||||||
repo=lightninglabs/lndinit
|
repo=lightninglabs/lndinit
|
||||||
latest=$(curl -fsS https://api.github.com/repos/$repo/releases/latest | jq -r .tag_name)
|
latest=$(curl -fsS "https://api.github.com/repos/$repo/releases/latest" | jq -r .tag_name)
|
||||||
echo "Latest release is $latest"
|
echo "Latest release is $latest"
|
||||||
git clone --depth 1 --branch $latest https://github.com/lightninglabs/lndinit 2>/dev/null
|
git clone --depth 1 --branch "$latest" https://github.com/lightninglabs/lndinit 2>/dev/null
|
||||||
cd lndinit
|
cd lndinit
|
||||||
|
|
||||||
# GPG verification
|
# GPG verification
|
||||||
@ -18,9 +18,9 @@ export GNUPGHOME=$TMPDIR
|
|||||||
echo "Fetching Oliver Gugger's key"
|
echo "Fetching Oliver Gugger's key"
|
||||||
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720 2> /dev/null
|
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720 2> /dev/null
|
||||||
echo "Verifying latest release"
|
echo "Verifying latest release"
|
||||||
git verify-tag $latest
|
git verify-tag "$latest"
|
||||||
|
|
||||||
echo "tag: $latest"
|
echo "tag: $latest"
|
||||||
git checkout -q tags/$latest
|
git checkout -q "tags/$latest"
|
||||||
rm -rf .git
|
rm -rf .git
|
||||||
nix hash path .
|
nix hash path .
|
||||||
|
@ -2,9 +2,9 @@
|
|||||||
#! nix-shell -i bash -p git gnupg
|
#! nix-shell -i bash -p git gnupg
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
TMPDIR="$(mktemp -d -p /tmp)"
|
TMPDIR=$(mktemp -d -p /tmp)
|
||||||
trap "rm -rf $TMPDIR" EXIT
|
trap 'rm -rf $TMPDIR' EXIT
|
||||||
cd $TMPDIR
|
cd "$TMPDIR"
|
||||||
|
|
||||||
echo "Fetching latest release"
|
echo "Fetching latest release"
|
||||||
git clone https://github.com/simplexum/python-bitcointx 2> /dev/null
|
git clone https://github.com/simplexum/python-bitcointx 2> /dev/null
|
||||||
@ -17,8 +17,8 @@ export GNUPGHOME=$TMPDIR
|
|||||||
echo "Fetching Dimitry Pethukov's Key"
|
echo "Fetching Dimitry Pethukov's Key"
|
||||||
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys B17A35BBA187395784E2A6B32301D26BDC15160D 2> /dev/null
|
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys B17A35BBA187395784E2A6B32301D26BDC15160D 2> /dev/null
|
||||||
echo "Verifying latest release"
|
echo "Verifying latest release"
|
||||||
git verify-commit ${latest}
|
git verify-commit "$latest"
|
||||||
|
|
||||||
echo "tag: ${latest}"
|
echo "tag: $latest"
|
||||||
# The prefix option is necessary because GitHub prefixes the archive contents in this format
|
# The prefix option is necessary because GitHub prefixes the archive contents in this format
|
||||||
echo "sha256: $(git archive --format tar.gz --prefix=python-bitcointx-"${latest}"/ ${latest} | sha256sum | cut -d\ -f1)"
|
echo "sha256: $(git archive --format tar.gz --prefix=python-bitcointx-"$latest"/ "$latest" | sha256sum | cut -d\ -f1)"
|
||||||
|
@ -8,18 +8,19 @@ repo=https://github.com/Ride-The-Lightning/RTL
|
|||||||
scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
|
scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
|
||||||
|
|
||||||
updateSrc() {
|
updateSrc() {
|
||||||
TMPDIR="$(mktemp -d /tmp/rtl.XXX)"
|
TMPDIR=$(mktemp -d /tmp/rtl.XXX)
|
||||||
trap "rm -rf $TMPDIR" EXIT
|
trap 'rm -rf $TMPDIR' EXIT
|
||||||
|
|
||||||
# Fetch and verify source tarball
|
# Fetch and verify source tarball
|
||||||
export GNUPGHOME=$TMPDIR
|
export GNUPGHOME=$TMPDIR
|
||||||
|
|
||||||
# Fetch saubyk's key
|
# Fetch saubyk's key
|
||||||
gpg --keyserver hkps://keyserver.ubuntu.com --recv-key 3E9BD4436C288039CA827A9200C9E2BC2E45666F
|
gpg --keyserver hkps://keyserver.ubuntu.com --recv-key 3E9BD4436C288039CA827A9200C9E2BC2E45666F
|
||||||
file=v${version}.tar.gz
|
file=v$version.tar.gz
|
||||||
wget -P $TMPDIR $repo/archive/refs/tags/$file
|
wget -P "$TMPDIR" "$repo/archive/refs/tags/$file"
|
||||||
wget -P $TMPDIR $repo/releases/download/v${version}/$file.asc
|
wget -P "$TMPDIR" "$repo/releases/download/v$version/$file.asc"
|
||||||
gpg --verify $TMPDIR/$file.asc $TMPDIR/$file
|
gpg --verify "$TMPDIR/$file.asc" "$TMPDIR/$file"
|
||||||
hash=$(nix hash file $TMPDIR/$file)
|
hash=$(nix hash file "$TMPDIR/$file")
|
||||||
|
|
||||||
sed -i "
|
sed -i "
|
||||||
s|\bversion = .*;|version = \"$version\";|
|
s|\bversion = .*;|version = \"$version\";|
|
||||||
@ -28,7 +29,7 @@ updateSrc() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
updateNodeModulesHash() {
|
updateNodeModulesHash() {
|
||||||
$scriptDir/../../helper/update-fixed-output-derivation.sh ./default.nix rtl.nodeModules nodeModules
|
"$scriptDir/../../helper/update-fixed-output-derivation.sh" ./default.nix rtl.nodeModules nodeModules
|
||||||
}
|
}
|
||||||
|
|
||||||
if [[ $# == 0 ]]; then
|
if [[ $# == 0 ]]; then
|
||||||
@ -36,5 +37,5 @@ if [[ $# == 0 ]]; then
|
|||||||
updateSrc
|
updateSrc
|
||||||
updateNodeModulesHash
|
updateNodeModulesHash
|
||||||
else
|
else
|
||||||
eval "$@"
|
"$@"
|
||||||
fi
|
fi
|
||||||
|
@ -2,44 +2,45 @@
|
|||||||
#! nix-shell -i bash -p nodePackages.node2nix gnupg wget jq moreutils gnused
|
#! nix-shell -i bash -p nodePackages.node2nix gnupg wget jq moreutils gnused
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
TMPDIR="$(mktemp -d -p /tmp)"
|
TMPDIR=$(mktemp -d -p /tmp)
|
||||||
trap "rm -rf $TMPDIR" EXIT
|
trap 'rm -rf $TMPDIR' EXIT
|
||||||
|
|
||||||
version="0.3.1"
|
version="0.3.1"
|
||||||
repo=https://github.com/shesek/spark-wallet
|
repo=https://github.com/shesek/spark-wallet
|
||||||
|
|
||||||
# Fetch and verify source tarball
|
# Fetch and verify source tarball
|
||||||
file=spark-wallet-${version}-npm.tgz
|
file=spark-wallet-${version}-npm.tgz
|
||||||
url=$repo/releases/download/v$version/$file
|
url=$repo/releases/download/v${version}/$file
|
||||||
export GNUPGHOME=$TMPDIR
|
export GNUPGHOME=$TMPDIR
|
||||||
gpg --keyserver hkps://keyserver.ubuntu.com --recv-key FCF19B67866562F08A43AAD681F6104CD0F150FC
|
gpg --keyserver hkps://keyserver.ubuntu.com --recv-key FCF19B67866562F08A43AAD681F6104CD0F150FC
|
||||||
wget -P $TMPDIR $url
|
wget -P "$TMPDIR" "$url"
|
||||||
wget -P $TMPDIR $repo/releases/download/v$version/SHA256SUMS.asc
|
wget -P "$TMPDIR" "$repo/releases/download/v${version}/SHA256SUMS.asc"
|
||||||
gpg --verify $TMPDIR/SHA256SUMS.asc
|
gpg --verify "$TMPDIR/SHA256SUMS.asc"
|
||||||
(cd $TMPDIR; sha256sum --check --ignore-missing SHA256SUMS.asc)
|
(cd "$TMPDIR"; sha256sum --check --ignore-missing SHA256SUMS.asc)
|
||||||
hash=$(nix hash file $TMPDIR/$file)
|
hash=$(nix hash file "$TMPDIR/$file")
|
||||||
|
|
||||||
# Extract source
|
# Extract source
|
||||||
src=$TMPDIR/src
|
src=$TMPDIR/src
|
||||||
mkdir $src
|
mkdir "$src"
|
||||||
tar xvf $TMPDIR/$file -C $src --strip-components 1 >/dev/null
|
tar xvf "$TMPDIR/$file" -C "$src" --strip-components 1 >/dev/null
|
||||||
|
|
||||||
# Make qrcode-terminal a strict dependency so that node2nix includes it in the package derivation.
|
# Make qrcode-terminal a strict dependency so that node2nix includes it in the package derivation.
|
||||||
jq '.dependencies["qrcode-terminal"] = .optionalDependencies["qrcode-terminal"]' $src/package.json | sponge $src/package.json
|
jq '.dependencies["qrcode-terminal"] = .optionalDependencies["qrcode-terminal"]' "$src/package.json" | sponge "$src/package.json"
|
||||||
|
|
||||||
node2nix \
|
node2nix \
|
||||||
--nodejs-14 \
|
--nodejs-14 \
|
||||||
--input $src/package.json \
|
--input "$src/package.json" \
|
||||||
--lock $src/npm-shrinkwrap.json \
|
--lock "$src/npm-shrinkwrap.json" \
|
||||||
--composition composition.nix \
|
--composition composition.nix \
|
||||||
--no-copy-node-env
|
--no-copy-node-env
|
||||||
|
|
||||||
# Use node-env.nix from nixpkgs
|
# Use node-env.nix from nixpkgs
|
||||||
|
# shellcheck disable=SC2016
|
||||||
nodeEnvImport='import "${toString pkgs.path}/pkgs/development/node-packages/node-env.nix"'
|
nodeEnvImport='import "${toString pkgs.path}/pkgs/development/node-packages/node-env.nix"'
|
||||||
sed -i "s|import ./node-env.nix|$nodeEnvImport|" composition.nix
|
sed -i "s|import ./node-env.nix|$nodeEnvImport|" composition.nix
|
||||||
|
|
||||||
# Use the verified package src
|
# Use the verified package src
|
||||||
read -d '' fetchurl <<EOF || :
|
read -rd '' fetchurl <<EOF || :
|
||||||
fetchurl {
|
fetchurl {
|
||||||
url = "$url";
|
url = "$url";
|
||||||
hash = "$hash";
|
hash = "$hash";
|
||||||
|
@ -6,21 +6,21 @@
|
|||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
CACHIX_SIGNING_KEY=${CACHIX_SIGNING_KEY:-}
|
CACHIX_SIGNING_KEY="${CACHIX_SIGNING_KEY:-}"
|
||||||
cachixCache=nix-bitcoin
|
cachixCache=nix-bitcoin
|
||||||
|
|
||||||
trap 'echo Error at line $LINENO' ERR
|
trap 'echo Error at line $LINENO' ERR
|
||||||
|
|
||||||
tmpDir=$(mktemp -d -p /tmp)
|
tmpDir=$(mktemp -d -p /tmp)
|
||||||
trap "rm -rf $tmpDir" EXIT
|
trap 'rm -rf $tmpDir' EXIT
|
||||||
|
|
||||||
## Instantiate
|
## Instantiate
|
||||||
|
|
||||||
time nix-instantiate "$@" --add-root $tmpDir/drv --indirect > /dev/null
|
time nix-instantiate "$@" --add-root "$tmpDir/drv" --indirect > /dev/null
|
||||||
printf "instantiated "; realpath $tmpDir/drv
|
printf "instantiated "; realpath "$tmpDir/drv"
|
||||||
|
|
||||||
outPath=$(nix-store --query $tmpDir/drv)
|
outPath=$(nix-store --query "$tmpDir/drv")
|
||||||
if nix path-info --store https://$cachixCache.cachix.org $outPath &>/dev/null; then
|
if nix path-info --store "https://${cachixCache}.cachix.org" "$outPath" &>/dev/null; then
|
||||||
echo "$outPath has already been built successfully."
|
echo "$outPath has already been built successfully."
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
@ -28,7 +28,7 @@ fi
|
|||||||
## Build
|
## Build
|
||||||
|
|
||||||
if [[ -v CIRRUS_CI ]]; then
|
if [[ -v CIRRUS_CI ]]; then
|
||||||
cachix use $cachixCache
|
cachix use "$cachixCache"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $CACHIX_SIGNING_KEY ]]; then
|
if [[ $CACHIX_SIGNING_KEY ]]; then
|
||||||
@ -38,10 +38,10 @@ else
|
|||||||
buildCmd=nix-build
|
buildCmd=nix-build
|
||||||
fi
|
fi
|
||||||
|
|
||||||
$buildCmd --out-link $tmpDir/result $tmpDir/drv >/dev/null
|
$buildCmd --out-link "$tmpDir/result" "$tmpDir/drv" >/dev/null
|
||||||
|
|
||||||
if [[ $CACHIX_SIGNING_KEY ]]; then
|
if [[ $CACHIX_SIGNING_KEY ]]; then
|
||||||
cachix push $cachixCache $outPath
|
cachix push "$cachixCache" "$outPath"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo $outPath
|
echo "$outPath"
|
||||||
|
@ -16,6 +16,5 @@ if [[ -v CIRRUS_CI ]]; then
|
|||||||
chmod o+rw /dev/kvm
|
chmod o+rw /dev/kvm
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "$NIX_PATH ($(nix eval --raw nixpkgs.lib.version))"
|
# shellcheck disable=SC2154
|
||||||
|
"${BASH_SOURCE[0]%/*}/../run-tests.sh" --ci --scenario "$scenario"
|
||||||
"${BASH_SOURCE[0]%/*}/../run-tests.sh" --ci --scenario $scenario
|
|
||||||
|
@ -4,15 +4,18 @@
|
|||||||
tmp=$(mktemp -d '/tmp/nix-bitcoin-src.XXXXX')
|
tmp=$(mktemp -d '/tmp/nix-bitcoin-src.XXXXX')
|
||||||
|
|
||||||
# Move source cache if it exists (atomic)
|
# Move source cache if it exists (atomic)
|
||||||
mv /tmp/nix-bitcoin-src $tmp/src 2>/dev/null || true
|
mv /tmp/nix-bitcoin-src "$tmp/src" 2>/dev/null || true
|
||||||
|
|
||||||
atExit() {
|
atExit() {
|
||||||
# Set the current src as the source cache (atomic)
|
# Set the current src as the source cache (atomic)
|
||||||
mv -T $tmp/src /tmp/nix-bitcoin-src 2>/dev/null || true
|
mv -T "$tmp/src" /tmp/nix-bitcoin-src 2>/dev/null || true
|
||||||
rm -rf $tmp
|
rm -rf "$tmp"
|
||||||
}
|
}
|
||||||
trap "atExit" EXIT
|
trap "atExit" EXIT
|
||||||
|
|
||||||
rsync -a --delete --exclude='.git*' "$scriptDir/../" $tmp/src
|
# shellcheck disable=SC2154
|
||||||
|
rsync -a --delete --exclude='.git*' "$scriptDir/../" "$tmp/src"
|
||||||
echo "Copied src"
|
echo "Copied src"
|
||||||
_nixBitcoinInCopiedSrc=1 $tmp/src/test/run-tests.sh "${args[@]}"
|
|
||||||
|
# shellcheck disable=SC2154
|
||||||
|
_nixBitcoinInCopiedSrc=1 "$tmp/src/test/run-tests.sh" "${args[@]}"
|
||||||
|
@ -1,13 +1,15 @@
|
|||||||
# Create and maintain a minimal git repo at the root of the copied src
|
# Create and maintain a minimal git repo at the root of the copied src
|
||||||
(
|
(
|
||||||
|
# shellcheck disable=SC2154,SC2164
|
||||||
cd "$scriptDir/.."
|
cd "$scriptDir/.."
|
||||||
amend=--amend
|
amend=--amend
|
||||||
|
|
||||||
if [[ ! -e .git ]]; then
|
if [[ ! -e .git ]]; then
|
||||||
git init
|
git init
|
||||||
amend=
|
amend=
|
||||||
fi
|
fi
|
||||||
git add .
|
git add .
|
||||||
if ! git diff --quiet --cached; then
|
if ! git diff --quiet --cached; then
|
||||||
git commit -a $amend -m -
|
git commit -a "$amend" -m -
|
||||||
fi
|
fi
|
||||||
) >/dev/null
|
) >/dev/null
|
||||||
|
@ -57,6 +57,8 @@ if [[ $EUID != 0 ]]; then
|
|||||||
# NixOS containers require root permissions.
|
# NixOS containers require root permissions.
|
||||||
# By using sudo here and not at the user's call-site extra-container can detect if it is running
|
# By using sudo here and not at the user's call-site extra-container can detect if it is running
|
||||||
# inside an existing shell session (by checking an internal environment variable).
|
# inside an existing shell session (by checking an internal environment variable).
|
||||||
|
#
|
||||||
|
# shellcheck disable=SC2154
|
||||||
exec sudo scenario="$scenario" scriptDir="$scriptDir" NIX_PATH="$NIX_PATH" PATH="$PATH" \
|
exec sudo scenario="$scenario" scriptDir="$scriptDir" NIX_PATH="$NIX_PATH" PATH="$PATH" \
|
||||||
scenarioOverridesFile="${scenarioOverridesFile:-}" "$scriptDir/lib/make-container.sh" "$@"
|
scenarioOverridesFile="${scenarioOverridesFile:-}" "$scriptDir/lib/make-container.sh" "$@"
|
||||||
fi
|
fi
|
||||||
@ -64,7 +66,7 @@ fi
|
|||||||
export containerName=nb-test
|
export containerName=nb-test
|
||||||
containerCommand=shell
|
containerCommand=shell
|
||||||
|
|
||||||
while [[ $# > 0 ]]; do
|
while [[ $# -gt 0 ]]; do
|
||||||
case $1 in
|
case $1 in
|
||||||
--command|-c)
|
--command|-c)
|
||||||
shift
|
shift
|
||||||
@ -77,14 +79,14 @@ while [[ $# > 0 ]]; do
|
|||||||
done
|
done
|
||||||
|
|
||||||
containerBin=$(type -P extra-container) || true
|
containerBin=$(type -P extra-container) || true
|
||||||
if [[ ! ($containerBin && $(realpath $containerBin) == *extra-container-0.10*) ]]; then
|
if [[ ! ($containerBin && $(realpath "$containerBin") == *extra-container-0.10*) ]]; then
|
||||||
echo "Building extra-container. Skip this step by adding extra-container 0.10 to PATH."
|
echo "Building extra-container. Skip this step by adding extra-container 0.10 to PATH."
|
||||||
nix-build --out-link /tmp/extra-container "$scriptDir"/../pkgs \
|
nix-build --out-link /tmp/extra-container "$scriptDir"/../pkgs \
|
||||||
-A pinned.extra-container >/dev/null
|
-A pinned.extra-container >/dev/null
|
||||||
export PATH="/tmp/extra-container/bin${PATH:+:}$PATH"
|
export PATH="/tmp/extra-container/bin${PATH:+:}$PATH"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
read -d '' src <<EOF || true
|
read -rd '' src <<EOF || true
|
||||||
((import "$scriptDir/tests.nix" {}).getTest "$scenario").container
|
((import "$scriptDir/tests.nix" {}).getTest "$scenario").container
|
||||||
EOF
|
EOF
|
||||||
exec extra-container $containerCommand -E "$src" "$@"
|
exec extra-container "$containerCommand" -E "$src" "$@"
|
||||||
|
@ -16,9 +16,9 @@ let
|
|||||||
fixedTest = test.overrideAttrs (_: {
|
fixedTest = test.overrideAttrs (_: {
|
||||||
# See `runTests` in nixpkgs/nixos/lib/testing-python.nix for the original definition of `buildCommand`
|
# See `runTests` in nixpkgs/nixos/lib/testing-python.nix for the original definition of `buildCommand`
|
||||||
buildCommand = ''
|
buildCommand = ''
|
||||||
mkdir $out
|
mkdir "$out"
|
||||||
LOGFILE=$out/output.xml tests='exec(os.environ["testScript"])' ${test.driver}/bin/nixos-test-driver
|
LOGFILE=$out/output.xml tests='exec(os.environ["testScript"])' ${test.driver}/bin/nixos-test-driver
|
||||||
ln -s ${test.driver} $out/driver
|
ln -s ${test.driver} "$out/driver"
|
||||||
'';
|
'';
|
||||||
});
|
});
|
||||||
in
|
in
|
||||||
|
@ -6,15 +6,17 @@ cd "${BASH_SOURCE[0]%/*}"
|
|||||||
# Use cachix to cache the `flake-info` build
|
# Use cachix to cache the `flake-info` build
|
||||||
cachixCache=nix-bitcoin
|
cachixCache=nix-bitcoin
|
||||||
|
|
||||||
nix run .#cachix -- use $cachixCache
|
nix run .#cachix -- use "$cachixCache"
|
||||||
|
|
||||||
# We're running in a basic, unprivileged container that doesn't support sandboxing.
|
# We're running in a basic, unprivileged container that doesn't support sandboxing.
|
||||||
# Sandboxing is unnneeded because we're only building the 3rd-party `flake-info` tool.
|
# Sandboxing is unnneeded because we're only building the 3rd-party `flake-info` tool.
|
||||||
echo "sandbox = false" >> /etc/nix/nix.conf
|
echo "sandbox = false" >> /etc/nix/nix.conf
|
||||||
export PATH=$(nix shell -L .#flake-info .#cachix -c sh -c 'echo $PATH')
|
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
PATH=$(nix shell -L .#flake-info .#cachix -c sh -c 'echo $PATH')
|
||||||
|
|
||||||
if [[ ${CACHIX_SIGNING_KEY:-} ]]; then
|
if [[ ${CACHIX_SIGNING_KEY:-} ]]; then
|
||||||
cachix push $cachixCache $(type -P flake-info);
|
cachix push "$cachixCache" "$(type -P flake-info)";
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Running flake-info (nixos-search)"
|
echo "Running flake-info (nixos-search)"
|
||||||
|
@ -109,14 +109,18 @@ numCPUs=${numCPUs:-$(nproc)}
|
|||||||
# Min. 800 MiB needed to avoid 'out of memory' errors
|
# Min. 800 MiB needed to avoid 'out of memory' errors
|
||||||
memoryMiB=${memoryMiB:-2048}
|
memoryMiB=${memoryMiB:-2048}
|
||||||
|
|
||||||
export NIX_PATH=nixpkgs=$(nix eval --raw -f "$scriptDir/../pkgs/nixpkgs-pinned.nix" nixpkgs):nix-bitcoin=$(realpath "$scriptDir/..")
|
NIX_PATH=nixpkgs=$(nix eval --raw -f "$scriptDir/../pkgs/nixpkgs-pinned.nix" nixpkgs):nix-bitcoin=$(realpath "$scriptDir/..")
|
||||||
|
export NIX_PATH
|
||||||
|
|
||||||
runAtExit=
|
runAtExit=
|
||||||
trap 'eval "$runAtExit"' EXIT
|
trap 'eval "$runAtExit"' EXIT
|
||||||
|
|
||||||
# Support explicit scenario definitions
|
# Support explicit scenario definitions
|
||||||
if [[ $scenario = *' '* ]]; then
|
if [[ $scenario = *' '* ]]; then
|
||||||
export scenarioOverridesFile=$(mktemp ${XDG_RUNTIME_DIR:-/tmp}/nb-scenario.XXX)
|
scenarioOverridesFile=$(mktemp "${XDG_RUNTIME_DIR:-/tmp}/nb-scenario.XXX")
|
||||||
|
export scenarioOverridesFile
|
||||||
|
|
||||||
|
# shellcheck disable=SC2016
|
||||||
runAtExit+='rm -f "$scenarioOverridesFile";'
|
runAtExit+='rm -f "$scenarioOverridesFile";'
|
||||||
echo "{ scenarios, pkgs, lib }: with lib; { tmp = $scenario; }" > "$scenarioOverridesFile"
|
echo "{ scenarios, pkgs, lib }: with lib; { tmp = $scenario; }" > "$scenarioOverridesFile"
|
||||||
scenario=tmp
|
scenario=tmp
|
||||||
@ -125,10 +129,11 @@ fi
|
|||||||
# Run the test. No temporary files are left on the host system.
|
# Run the test. No temporary files are left on the host system.
|
||||||
run() {
|
run() {
|
||||||
# TMPDIR is also used by the test driver for VM tmp files
|
# TMPDIR is also used by the test driver for VM tmp files
|
||||||
export TMPDIR=$(mktemp -d /tmp/nix-bitcoin-test.XXX)
|
TMPDIR=$(mktemp -d /tmp/nix-bitcoin-test.XXX)
|
||||||
runAtExit+="rm -rf $TMPDIR;"
|
export TMPDIR
|
||||||
|
runAtExit+="rm -rf ${TMPDIR};"
|
||||||
|
|
||||||
nix-build --out-link $TMPDIR/driver -E "((import \"$scriptDir/tests.nix\" {}).getTest \"$scenario\").vm" -A driver
|
nix-build --out-link "$TMPDIR/driver" -E "((import \"$scriptDir/tests.nix\" {}).getTest \"$scenario\").vm" -A driver
|
||||||
|
|
||||||
# Variable 'tests' contains the Python code that is executed by the driver on startup
|
# Variable 'tests' contains the Python code that is executed by the driver on startup
|
||||||
if [[ $1 == --interactive ]]; then
|
if [[ $1 == --interactive ]]; then
|
||||||
@ -150,14 +155,14 @@ run() {
|
|||||||
|
|
||||||
echo "VM stats: CPUs: $numCPUs, memory: $memoryMiB MiB"
|
echo "VM stats: CPUs: $numCPUs, memory: $memoryMiB MiB"
|
||||||
[[ $NB_TEST_ENABLE_NETWORK ]] || QEMU_NET_OPTS='restrict=on'
|
[[ $NB_TEST_ENABLE_NETWORK ]] || QEMU_NET_OPTS='restrict=on'
|
||||||
cd $TMPDIR # The VM creates a VDE control socket in $PWD
|
cd "$TMPDIR" # The VM creates a VDE control socket in $PWD
|
||||||
env -i \
|
env -i \
|
||||||
NIX_PATH="$NIX_PATH" \
|
NIX_PATH="$NIX_PATH" \
|
||||||
TMPDIR="$TMPDIR" \
|
TMPDIR="$TMPDIR" \
|
||||||
USE_TMPDIR=1 \
|
USE_TMPDIR=1 \
|
||||||
QEMU_OPTS="-smp $numCPUs -m $memoryMiB -nographic $QEMU_OPTS" \
|
QEMU_OPTS="-smp $numCPUs -m $memoryMiB -nographic $QEMU_OPTS" \
|
||||||
QEMU_NET_OPTS="$QEMU_NET_OPTS" \
|
QEMU_NET_OPTS="$QEMU_NET_OPTS" \
|
||||||
$TMPDIR/driver/bin/nixos-test-driver <(echo "$tests")
|
"$TMPDIR/driver/bin/nixos-test-driver" <(echo "$tests")
|
||||||
}
|
}
|
||||||
|
|
||||||
debug() {
|
debug() {
|
||||||
@ -179,18 +184,20 @@ container() {
|
|||||||
|
|
||||||
# Run a regular NixOS VM
|
# Run a regular NixOS VM
|
||||||
vm() {
|
vm() {
|
||||||
export TMPDIR=$(mktemp -d /tmp/nix-bitcoin-vm.XXX)
|
TMPDIR=$(mktemp -d /tmp/nix-bitcoin-vm.XXX)
|
||||||
|
export TMPDIR
|
||||||
runAtExit+="rm -rf $TMPDIR;"
|
runAtExit+="rm -rf $TMPDIR;"
|
||||||
|
|
||||||
nix-build --out-link $TMPDIR/vm -E "((import \"$scriptDir/tests.nix\" {}).getTest \"$scenario\").vmWithoutTests"
|
nix-build --out-link "$TMPDIR/vm" -E "((import \"$scriptDir/tests.nix\" {}).getTest \"$scenario\").vmWithoutTests"
|
||||||
|
|
||||||
echo "VM stats: CPUs: $numCPUs, memory: $memoryMiB MiB"
|
echo "VM stats: CPUs: $numCPUs, memory: $memoryMiB MiB"
|
||||||
[[ $NB_TEST_ENABLE_NETWORK ]] || export QEMU_NET_OPTS="restrict=on,$QEMU_NET_OPTS"
|
[[ $NB_TEST_ENABLE_NETWORK ]] || export QEMU_NET_OPTS="restrict=on,$QEMU_NET_OPTS"
|
||||||
|
|
||||||
|
# shellcheck disable=SC2211
|
||||||
USE_TMPDIR=1 \
|
USE_TMPDIR=1 \
|
||||||
NIX_DISK_IMAGE=$TMPDIR/img.qcow2 \
|
NIX_DISK_IMAGE=$TMPDIR/img.qcow2 \
|
||||||
QEMU_OPTS="-smp $numCPUs -m $memoryMiB -nographic $QEMU_OPTS" \
|
QEMU_OPTS="-smp $numCPUs -m $memoryMiB -nographic $QEMU_OPTS" \
|
||||||
$TMPDIR/vm/bin/run-*-vm
|
"$TMPDIR"/vm/bin/run-*-vm
|
||||||
}
|
}
|
||||||
|
|
||||||
doBuild() {
|
doBuild() {
|
||||||
@ -223,6 +230,7 @@ vmTestNixExpr() {
|
|||||||
memTotalKiB=$(awk '/MemTotal/ { print $2 }' /proc/meminfo)
|
memTotalKiB=$(awk '/MemTotal/ { print $2 }' /proc/meminfo)
|
||||||
memAvailableKiB=$(awk '/MemAvailable/ { print $2 }' /proc/meminfo)
|
memAvailableKiB=$(awk '/MemAvailable/ { print $2 }' /proc/meminfo)
|
||||||
# Round down to nearest multiple of 50 MiB for improved test build caching
|
# Round down to nearest multiple of 50 MiB for improved test build caching
|
||||||
|
# shellcheck disable=SC2017
|
||||||
((memAvailableMiB = memAvailableKiB / (1024 * 50) * 50))
|
((memAvailableMiB = memAvailableKiB / (1024 * 50) * 50))
|
||||||
((memAvailableMiB < memoryMiB)) && memoryMiB=$memAvailableMiB
|
((memAvailableMiB < memoryMiB)) && memoryMiB=$memAvailableMiB
|
||||||
>&2 echo "VM stats: CPUs: $numCPUs, memory: $memoryMiB MiB"
|
>&2 echo "VM stats: CPUs: $numCPUs, memory: $memoryMiB MiB"
|
||||||
@ -276,10 +284,10 @@ nixosSearch() {
|
|||||||
|
|
||||||
if [[ $outLinkPrefix ]]; then
|
if [[ $outLinkPrefix ]]; then
|
||||||
# Add gcroots for flake-info
|
# Add gcroots for flake-info
|
||||||
nix build $scriptDir/nixos-search#flake-info -o "$outLinkPrefix-flake-info"
|
nix build "$scriptDir/nixos-search#flake-info" -o "$outLinkPrefix-flake-info"
|
||||||
fi
|
fi
|
||||||
echo "Running flake-info (nixos-search)"
|
echo "Running flake-info (nixos-search)"
|
||||||
nix run $scriptDir/nixos-search#flake-info -- flake "$scriptDir/.."
|
nix run "$scriptDir/nixos-search#flake-info" -- flake "$scriptDir/.."
|
||||||
}
|
}
|
||||||
|
|
||||||
# A basic subset of tests to keep the total runtime within
|
# A basic subset of tests to keep the total runtime within
|
||||||
@ -312,8 +320,14 @@ examples() {
|
|||||||
(cd "$scriptDir/../examples" && nix-shell --run "$script")
|
(cd "$scriptDir/../examples" && nix-shell --run "$script")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
shellcheck() {
|
||||||
|
if ! checkFlakeSupport "shellcheck"; then return; fi
|
||||||
|
nix shell --inputs-from "$scriptDir/.." nixpkgs#shellcheck -c "$scriptDir/shellcheck.sh"
|
||||||
|
}
|
||||||
|
|
||||||
all() {
|
all() {
|
||||||
buildable
|
buildable "$@"
|
||||||
|
shellcheck
|
||||||
examples
|
examples
|
||||||
flake
|
flake
|
||||||
nixosSearch
|
nixosSearch
|
||||||
@ -324,7 +338,7 @@ build() {
|
|||||||
buildTest "$@"
|
buildTest "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
if [[ $# > 0 && $1 != -* ]]; then
|
if [[ $# -gt 0 && $1 != -* ]]; then
|
||||||
# An explicit command was provided
|
# An explicit command was provided
|
||||||
command=$1
|
command=$1
|
||||||
shift
|
shift
|
||||||
|
19
test/shellcheck.sh
Executable file
19
test/shellcheck.sh
Executable file
@ -0,0 +1,19 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
cd "${BASH_SOURCE[0]%/*}/.."
|
||||||
|
{
|
||||||
|
# Skip .git dir in all find commands
|
||||||
|
find . -type f ! -path './.git/*' -name '*.sh'
|
||||||
|
# Find files without extensions that have a shell shebang
|
||||||
|
find . -type f ! -path './.git/*' ! -name "*.*" -exec grep -lP '\A^#! */usr/bin/env (?:nix-shell|bash)' {} \;
|
||||||
|
} | while IFS= read -r path; do
|
||||||
|
echo "$path"
|
||||||
|
file=${path##*/}
|
||||||
|
dir=${path%/*}
|
||||||
|
# Switch working directory so that shellcheck can access external sources
|
||||||
|
# (via arg `--external-sources`)
|
||||||
|
pushd "$dir" > /dev/null
|
||||||
|
shellcheck --external-sources --shell bash "$file"
|
||||||
|
popd > /dev/null
|
||||||
|
done
|
Loading…
Reference in New Issue
Block a user