Adapt to 20.03

- Migrate tests to python-based runner for newer nixpkgs.
 - Adaptations for newer nginx module used in tests
 - Increase memory size for tests

examples/full-nixos/arion-compose.nix

@@ -1,9 +1,11 @@
 {
-  services.webserver = { pkgs, ... }: {
+  services.webserver = { pkgs, lib, ... }: {
     nixos.useSystemd = true;
     nixos.configuration.boot.tmpOnTmpfs = true;
     nixos.configuration.services.nginx.enable = true;
     nixos.configuration.services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual";
+    nixos.configuration.systemd.services.nginx.serviceConfig.AmbientCapabilities = 
+      lib.mkForce [ "CAP_NET_BIND_SERVICE" ];
     service.useHostStore = true;
     service.ports = [
       "8000:80" # host:container

examples/nixos-unit/arion-compose.nix

@@ -28,6 +28,9 @@
         PATH='${config.systemd.services.nginx.environment.PATH}'
         echo nginx:x:${toString config.users.users.nginx.uid}:${toString config.users.groups.nginx.gid}:nginx web server user:/var/empty:/bin/sh >>/etc/passwd
         echo nginx:x:${toString config.users.groups.nginx.gid}:nginx >>/etc/group
+        echo 'nobody:x:65534:65534:Unprivileged account do not use:/var/empty:/run/current-system/sw/bin/nologin' >>/etc/passwd
+        echo 'nogroup:x:65534:' >>/etc/group
+        mkdir -p /run/nginx/ /var/spool/nginx/logs/
         ${config.systemd.services.nginx.runner}
       '';
     };

nix/ci.nix

@@ -6,12 +6,22 @@ in
 
 dimension "Nixpkgs version" {
     "nixos-19_03" = {
-      nixpkgsSource = "nixpkgs";
+      # flyingcircus.io latest long-term support is based off 19.03
-      isReferenceNixpkgs = true;
+      # https://flyingcircus.io/doc/
+      # It is nice to have some level of support for their platform,
+      # but we don't guarantee any support.
+      nixpkgsSource = "nixos-19.03";
       enableDoc = false;
+      nixosTestIsPerl = true;
     };
     "nixos-19_09" = {
       nixpkgsSource = "nixos-19.09";
+      enableDoc = false;
+      nixosTestIsPerl = true;
+    };
+    "nixos-20_03" = {
+      nixpkgsSource = "nixos-20.03";
+      isReferenceNixpkgs = true;
       enableDoc = true;
     };
     "nixos-unstable" = {
@@ -19,7 +29,7 @@ dimension "Nixpkgs version" {
       enableDoc = true;
     };
   } (
-    _name: { nixpkgsSource, isReferenceNixpkgs ? false, enableDoc ? true }:
+    _name: { nixpkgsSource, isReferenceNixpkgs ? false, enableDoc ? true, nixosTestIsPerl ? false }:
 
 
       dimension "System" {
@@ -28,7 +38,10 @@ dimension "Nixpkgs version" {
       } (
         system: { isReferenceTarget ? false, enableNixOSTests ? true }:
           let
-            pkgs = import ./. { inherit system; nixpkgsSrc = sources.${nixpkgsSource}; };
+            pkgs = import ./. {
+              inherit system nixosTestIsPerl;
+              nixpkgsSrc = sources.${nixpkgsSource};
+            };
           in
           {
             inherit (pkgs) arion;

nix/default.nix

@@ -1,7 +1,8 @@
 { sources ? import ./sources.nix
-, nixpkgsName ? "nixos-19.09"
+, nixpkgsName ? "nixos-20.03"
 , nixpkgsSrc ? sources.${nixpkgsName}
 , system ? builtins.currentSystem
+, nixosTestIsPerl ? false
 , ...
 }:
 
@@ -11,6 +12,7 @@ import nixpkgsSrc ({
   };
   overlays = [
     # all the packages are defined there:
+    (_: _: { inherit nixosTestIsPerl; })
     (import ./overlay.nix)
   ];
   inherit system;

nix/sources.json

@@ -11,16 +11,40 @@
         "url": "https://github.com/nmattia/niv/archive/1dd094156b249586b66c16200ecfd365c7428dc0.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
+    "nixos-19.03": {
+        "branch": "nixos-19.03",
+        "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
+        "homepage": "https://github.com/NixOS/nixpkgs",
+        "owner": "NixOS",
+        "repo": "nixpkgs-channels",
+        "rev": "34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59",
+        "sha256": "11z6ajj108fy2q5g8y4higlcaqncrbjm3dnv17pvif6avagw4mcb",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs-channels/archive/34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
     "nixos-19.09": {
         "branch": "nixos-19.09",
         "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
         "homepage": "https://github.com/NixOS/nixpkgs",
         "owner": "NixOS",
         "repo": "nixpkgs-channels",
-        "rev": "3ba0d9f75ccffd41e32cfea4046805f8bbab12f5",
+        "rev": "ce9f1aaa39ee2a5b76a9c9580c859a74de65ead5",
-        "sha256": "0w20drs4mwlq12k1sss1x8adyf5ph5jd52n8wdcgmn4sm60qjmki",
+        "sha256": "1s2b9rvpyamiagvpl5cggdb2nmx4f7lpylipd397wz8f0wngygpi",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs-channels/archive/3ba0d9f75ccffd41e32cfea4046805f8bbab12f5.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs-channels/archive/ce9f1aaa39ee2a5b76a9c9580c859a74de65ead5.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
+    "nixos-20.03": {
+        "branch": "nixos-20.03",
+        "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
+        "homepage": "https://github.com/NixOS/nixpkgs",
+        "owner": "NixOS",
+        "repo": "nixpkgs-channels",
+        "rev": "04aca9ac24ad24c2dbeb37e1cfa94d8453f07a51",
+        "sha256": "152k3aisxqd219yvcy6xr8frh0yrs9ycaw1ik04c2lp49d21b8nh",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs-channels/archive/04aca9ac24ad24c2dbeb37e1cfa94d8453f07a51.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixos-unstable": {
@@ -29,10 +53,10 @@
         "homepage": "https://github.com/NixOS/nixpkgs",
         "owner": "NixOS",
         "repo": "nixpkgs-channels",
-        "rev": "cb4332e3eb6dfdb653f1fc7397a0292df228a533",
+        "rev": "42f0be81ae05a8fe6d6e8e7f1c28652e7746e046",
-        "sha256": "1722wphznqhpfny08rcy19l85r2l893ckjc3h1vfivj6aj64fwjr",
+        "sha256": "1rxb5kmghkzazqcv4d8yczdiv2srs4r7apx4idc276lcikm0hdmf",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs-channels/archive/cb4332e3eb6dfdb653f1fc7397a0292df228a533.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs-channels/archive/42f0be81ae05a8fe6d6e8e7f1c28652e7746e046.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz",
         "version": ""
     },

tests/arion-test-perl/README.md

@@ -0,0 +1,4 @@
+
+This test suite exists only to keep tests around for older versions of NixOS.
+
+This will be removed when 19.09 becomes irrelevant.

tests/arion-test-perl/default.nix

@@ -0,0 +1,60 @@
+{ pkgs, ... }:
+
+let
+  # To make some prebuilt derivations available in the vm
+  preEval = modules: import ../../src/nix/eval-composition.nix {
+    inherit modules;
+    inherit pkgs;
+  };
+in
+{
+  name = "arion-test";
+  machine = { pkgs, lib, ... }: {
+    environment.systemPackages = [
+      pkgs.arion
+    ];
+    virtualisation.docker.enable = true;
+    
+    # no caches, because no internet
+    nix.binaryCaches = lib.mkForce [];
+
+    # FIXME: Sandbox seems broken with current version of NixOS test
+    #        w/ writable store. Error:
+    #        machine# error: linking '/nix/store/7r8z2zvhwda85pgpdn5hzzz6hs1njklc-stdenv-linux.drv.chroot/nix/store/6v3y7s4q4wd16hsw393gjpxvcf9159bv-patch-shebangs.sh' to '/nix/store/6v3y7s4q4wd16hsw393gjpxvcf9159bv-patch-shebangs.sh': Operation not permitted
+    #
+    #        There should be no reason why arion can't run without
+    #        sandboxing, so please re-enable.
+    nix.useSandbox = false;
+
+    virtualisation.writableStore = true;
+    virtualisation.pathsInNixDB = [
+      # Pre-build the image because we don't want to build the world
+      # in the vm.
+      (preEval [ ../../examples/minimal/arion-compose.nix ]).config.out.dockerComposeYaml
+      (preEval [ ../../examples/full-nixos/arion-compose.nix ]).config.out.dockerComposeYaml
+      (preEval [ ../../examples/nixos-unit/arion-compose.nix ]).config.out.dockerComposeYaml
+      pkgs.stdenv
+    ];
+
+    virtualisation.memorySize = 512;
+  };
+  testScript = ''
+    $machine->fail("curl localhost:8000");
+    $machine->succeed("docker --version");
+
+    my $makeSubtest = sub {
+      my ( $subtestName, $exampleSrc ) = @_;
+
+      subtest $subtestName => sub {
+        $machine->succeed("rm -rf work && cp -frT $exampleSrc work && cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion up -d");
+        $machine->waitUntilSucceeds("curl localhost:8000");
+        $machine->succeed("cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion down");
+        $machine->waitUntilFails("curl localhost:8000");
+      };
+    };
+
+    $makeSubtest->("minimal", "${../../examples/minimal}");
+    $makeSubtest->("full-nixos", "${../../examples/full-nixos}");
+    $makeSubtest->("nixos-unit", "${../../examples/nixos-unit}");
+  '';
+}

tests/arion-test/default.nix

@@ -35,27 +35,62 @@ in
       (preEval [ ../../examples/nixos-unit/arion-compose.nix ]).config.out.dockerComposeYaml
       pkgs.stdenv
     ];
+
+    virtualisation.memorySize = 512;
   };
   testScript = ''
-    $machine->fail("curl localhost:8000");
+    machine.fail("curl localhost:8000")
-    $machine->succeed("docker --version");
+    machine.succeed("docker --version")
 
-    my $makeSubtest = sub {
+    # Tests
-      my ( $subtestName, $exampleSrc, @codeRefs ) = @_;
+    #  - arion up
+    #  - arion down
+    #  - examples/minimal
+    with subtest("minimal"):
+        machine.succeed(
+            "rm -rf work && cp -frT ${../../examples/minimal} work && cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion up -d"
+        )
+        machine.wait_until_succeeds("curl localhost:8000")
+        machine.succeed(
+            "cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion down"
+        )
+        machine.wait_until_fails("curl localhost:8000")
 
-      subtest $subtestName => sub {
+    # Tests
-        $machine->succeed("rm -rf work && cp -frT $exampleSrc work && cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion up -d");
+    #  - arion exec
-        $machine->waitUntilSucceeds("curl localhost:8000");
+    #  - examples/full-nixos
-        $_->() for @codeRefs;
+    with subtest("full-nixos"):
-        $machine->succeed("cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion down");
+        machine.succeed(
-        $machine->waitUntilFails("curl localhost:8000");
+            "rm -rf work && cp -frT ${../../examples/full-nixos} work && cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion up -d"
-      };
+        )
-    };
+        machine.wait_until_succeeds("curl localhost:8000")
 
-    $makeSubtest->("minimal", "${../../examples/minimal}");
+        machine.succeed(
-    $makeSubtest->("full-nixos", "${../../examples/full-nixos}", sub {
+            """
-      $machine->succeed("cd work && export NIX_PATH=nixpkgs='${pkgs.path}' && (echo 'nix run -f ~/h/arion arion -c arion exec webserver'; echo 'target=world; echo Hello \$target'; echo exit) | script /dev/null | grep 'Hello world'");
+            set -eux -o pipefail
-    });
+            cd work
-    $makeSubtest->("nixos-unit", "${../../examples/nixos-unit}");
+            export NIX_PATH=nixpkgs='${pkgs.path}'
+            echo 'target=world; echo Hello $target; exit' \
+              | script 'arion exec webserver' \
+              | grep 'Hello world'
+            """
+        ),
+
+        machine.succeed(
+            "cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion down"
+        )
+        machine.wait_until_fails("curl localhost:8000")
+
+    # Tests
+    #  - examples/nixos-unit
+    with subtest("nixos-unit"):
+        machine.succeed(
+            "rm -rf work && cp -frT ${../../examples/nixos-unit} work && cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion up -d"
+        )
+        machine.wait_until_succeeds("curl localhost:8000")
+        machine.succeed(
+            "cd work && NIX_PATH=nixpkgs='${pkgs.path}' arion down"
+        )
+        machine.wait_until_fails("curl localhost:8000")
   '';
 }

tests/default.nix

@@ -1,11 +1,11 @@
-{ pkgs ? import ../pkgs.nix }:
+{ pkgs ? import ../pkgs.nix, nixosTestIsPerl ? false }:
 let
   inherit (pkgs) nixosTest recurseIntoAttrs arion;
 in
 
 recurseIntoAttrs {
 
-  test = nixosTest ./arion-test;
+  test = if nixosTestIsPerl then nixosTest ./arion-test-perl else nixosTest ./arion-test;
 
   testBuild = arion.build {