From abd4c8fedae52fd1ccaadeceb8f2ba13f888ffdc Mon Sep 17 00:00:00 2001 From: Astro Date: Tue, 2 Jan 2024 23:17:14 +0100 Subject: [PATCH 01/25] .github/workflows/ci: init --- .github/workflows/ci.yml | 48 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..a9ae1581 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,48 @@ +name: "Continuous Integration" + +on: + workflow_dispatch: # allows manual triggering + push: + +jobs: + eval: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.eval-jobs.outputs.matrix }} + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v20 + - name: Evaluate hydraJobs + id: eval-jobs + run: | + MATRIX=$(nix eval \ + --accept-flake-config \ + --json \ + .#hydraJobs.x86_64-linux --apply builtins.attrNames \ + ) + echo "matrix=$MATRIX" >> $GITHUB_OUTPUT + + build: + name: ${{ matrix.check }} + needs: eval + strategy: + fail-fast: false + matrix: + check: ${{ fromJson(needs.eval.outputs.matrix) }} + runs-on: ubuntu-latest + env: + NIX_ATTR: 'hydraJobs.x86_64-linux.${{ matrix.check }}' + steps: + - name: Enable KVM group perms + run: | + echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules + sudo udevadm control --reload-rules + sudo udevadm trigger --name-match=kvm + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v20 + - name: Build ${{ matrix.check }} + run: | + nix build \ + -vL \ + --accept-flake-config \ + ".#$NIX_ATTR" From 555d2966d804810e3666255b8f01a88d4a4041e4 Mon Sep 17 00:00:00 2001 From: Astro Date: Tue, 9 Jan 2024 00:12:59 +0100 Subject: [PATCH 02/25] checks/iperf: perform network configuration with systemd-networkd for it being less dependending on interface names --- checks/iperf.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/checks/iperf.nix b/checks/iperf.nix index 0cbe9a7d..43978bd8 100644 --- a/checks/iperf.nix +++ b/checks/iperf.nix @@ -6,6 +6,8 @@ nixpkgs.lib.optionalAttrs (builtins.elem hypervisor self.lib.hypervisorsWithNetw name = "vm-${hypervisor}-iperf"; nodes.vm = { imports = [ self.nixosModules.host ]; + # TODO: this is a farce of a flake. replace with declarative + # microvm. microvm.vms."${hypervisor}-iperf-server".flake = nixpkgs.legacyPackages.${system}.runCommand "${hypervisor}-iperf-server.flake" { passthru.nixosConfigurations."${hypervisor}-iperf-server" = nixpkgs.lib.nixosSystem { inherit system; @@ -21,16 +23,14 @@ nixpkgs.lib.optionalAttrs (builtins.elem hypervisor self.lib.hypervisorsWithNetw } ]; }; networking.hostName = "${hypervisor}-microvm"; - networking = { - interfaces.eth0 = { - useDHCP = false; - ipv4.addresses = [ { - address = "10.0.0.1"; - prefixLength = 24; - } ]; + systemd.network = { + enable = true; + networks."10-eth" = { + matchConfig.Type = "ether"; + address = [ "10.0.0.1/24" ]; }; - firewall.enable = false; }; + networking.firewall.enable = false; services.iperf3.enable = true; } ]; From 3c40d20416706c4e7a35abf6b053ed7c1fa5e934 Mon Sep 17 00:00:00 2001 From: Astro Date: Tue, 9 Jan 2024 19:22:24 +0100 Subject: [PATCH 03/25] checks/shutdown-command: fix microvm-shutdown --- checks/shutdown-command.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/checks/shutdown-command.nix b/checks/shutdown-command.nix index bc42e551..cb862604 100644 --- a/checks/shutdown-command.nix +++ b/checks/shutdown-command.nix @@ -34,6 +34,7 @@ builtins.mapAttrs (_: nixos: } '' set -m microvm-run > $out & + export MAINPID=$! sleep 10 echo Now shutting down From 773714c42f0ec6f2cbb55e711b34ce235c4d00e2 Mon Sep 17 00:00:00 2001 From: Astro Date: Tue, 9 Jan 2024 20:15:33 +0100 Subject: [PATCH 04/25] checks/iperf: write output to $GITHUB_STEP_SUMMARY --- .github/workflows/ci.yml | 3 +++ checks/iperf.nix | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a9ae1581..fc84337c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,3 +46,6 @@ jobs: -vL \ --accept-flake-config \ ".#$NIX_ATTR" + if [ -e result/summary.md ]; then + cat result/summary.md >> $GITHUB_STEP_SUMMARY + fi diff --git a/checks/iperf.nix b/checks/iperf.nix index 43978bd8..94b2a77b 100644 --- a/checks/iperf.nix +++ b/checks/iperf.nix @@ -59,10 +59,19 @@ nixpkgs.lib.optionalAttrs (builtins.elem hypervisor self.lib.hypervisorsWithNetw }; }; testScript = '' + import os + vm.wait_for_unit("microvm@${hypervisor}-iperf-server.service", timeout = 900) vm.succeed("ip addr add 10.0.0.2/24 dev microvm") + result = vm.wait_until_succeeds("iperf -c 10.0.0.1", timeout = 180) print(result) + + path = "{}/summary.md".format(os.environ.get("out")) + with open(path, 'w') as file: + file.write("```\n") + file.write(result) + file.write("```\n") ''; meta.timeout = 1800; }) { inherit system; pkgs = nixpkgs.legacyPackages.${system}; }; From 72fabd8d5af648e2b3a4fbb01b2c0f797cae24c7 Mon Sep 17 00:00:00 2001 From: Astro Date: Tue, 9 Jan 2024 21:48:14 +0100 Subject: [PATCH 05/25] firecracker: set null cpu_template --- lib/runners/firecracker.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/runners/firecracker.nix b/lib/runners/firecracker.nix index f4c71b63..c6689140 100644 --- a/lib/runners/firecracker.nix +++ b/lib/runners/firecracker.nix @@ -30,6 +30,8 @@ let # Without this, starting of firecracker fails with an error message: # Enabling simultaneous multithreading is not supported on aarch64 smt = system != "aarch64-linux"; + # Run even on old CPUs + cpu_template = null; }; drives = [ { drive_id = "store"; From e274a374e251574eaad042032238f792aa0be9ea Mon Sep 17 00:00:00 2001 From: Astro Date: Tue, 9 Jan 2024 21:51:55 +0100 Subject: [PATCH 06/25] checks/iperf: wiggle timeouts --- checks/iperf.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/checks/iperf.nix b/checks/iperf.nix index 94b2a77b..324c7f79 100644 --- a/checks/iperf.nix +++ b/checks/iperf.nix @@ -61,10 +61,10 @@ nixpkgs.lib.optionalAttrs (builtins.elem hypervisor self.lib.hypervisorsWithNetw testScript = '' import os - vm.wait_for_unit("microvm@${hypervisor}-iperf-server.service", timeout = 900) + vm.wait_for_unit("microvm@${hypervisor}-iperf-server.service", timeout = 600) vm.succeed("ip addr add 10.0.0.2/24 dev microvm") - result = vm.wait_until_succeeds("iperf -c 10.0.0.1", timeout = 180) + result = vm.wait_until_succeeds("iperf -c 10.0.0.1", timeout = 1200) print(result) path = "{}/summary.md".format(os.environ.get("out")) From 870a749d70a4b2078f8bc602bbb754e025cc6ba9 Mon Sep 17 00:00:00 2001 From: Astro Date: Tue, 9 Jan 2024 22:08:58 +0100 Subject: [PATCH 07/25] checks/default: add stratovirt --- checks/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/checks/default.nix b/checks/default.nix index 7cb48c88..3274d496 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -52,6 +52,11 @@ let modules = [ { microvm.hypervisor = "alioth"; } ]; + } { + id = "stratovirt"; + modules = [ { + microvm.hypervisor = "stratovirt"; + } ]; } ] # ro-store [ { From c450ee032ce5c0505620204caf7dab86124c00fb Mon Sep 17 00:00:00 2001 From: Astro Date: Wed, 10 Jan 2024 00:39:18 +0100 Subject: [PATCH 08/25] checks/startup-shutdown: add stratovirt --- checks/startup-shutdown.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/checks/startup-shutdown.nix b/checks/startup-shutdown.nix index 52290f7e..25819b79 100644 --- a/checks/startup-shutdown.nix +++ b/checks/startup-shutdown.nix @@ -34,6 +34,7 @@ let crosvm = "reboot"; kvmtool = "reboot"; alioth = "poweroff"; + stratovirt = "reboot"; }.${config.microvm.hypervisor}; in '' ${pkgs.coreutils}/bin/uname > /output/kernel-name From 28a2fded4733c0fae4aa72dd3f87dc51c7953115 Mon Sep 17 00:00:00 2001 From: Astro Date: Wed, 10 Jan 2024 00:40:57 +0100 Subject: [PATCH 09/25] checks/default: filter known good --- checks/default.nix | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/checks/default.nix b/checks/default.nix index 3274d496..3faa286e 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -75,7 +75,8 @@ let } ]; testing.enableTest = builtins.elem config.microvm.hypervisor [ # Hypervisors that support 9p - "qemu" "crosvm" "kvmtool" + "qemu" "kvmtool" + # "crosvm" ]; }; }) ]; @@ -88,13 +89,19 @@ let # overlay volume id = "overlay"; modules = [ ({ config, ... }: { - microvm.writableStoreOverlay = "/nix/.rw-store"; - microvm.volumes = [ { - image = "nix-store-overlay.img"; + microvm = { + writableStoreOverlay = "/nix/.rw-store"; + volumes = [ { + image = "nix-store-overlay.img"; label = "nix-store"; - mountPoint = config.microvm.writableStoreOverlay; - size = 128; - } ]; + mountPoint = config.microvm.writableStoreOverlay; + size = 128; + } ]; + testing.enableTest = builtins.elem config.microvm.hypervisor [ + # Known good + "qemu" "cloud-hypervisor" "firecracker" + ]; + }; }) ]; } ] # boot.systemd @@ -105,6 +112,7 @@ let boot.initrd.systemd.enable = false; } ]; } { + # yes id = "systemd"; modules = [ { boot.initrd.systemd.enable = true; From bf22e9db40adab8b3b30b4c2df676a26bb5817bd Mon Sep 17 00:00:00 2001 From: Astro Date: Thu, 11 Jan 2024 20:58:26 +0100 Subject: [PATCH 10/25] checks/default: disable systemd tests for crosvm and kvmtool --- checks/default.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/checks/default.nix b/checks/default.nix index 3faa286e..a912472f 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -114,9 +114,14 @@ let } { # yes id = "systemd"; - modules = [ { + modules = [ ({ config, ... }: { boot.initrd.systemd.enable = true; - } ]; + microvm.testing.enableTest = ! builtins.elem config.microvm.hypervisor [ + # Known broken + "crosvm" + "kvmtool" + ]; + }) ]; } ] # hardened profile [ { From cbfd7d253dfdfdd792eb3a1db517986daf2fbd09 Mon Sep 17 00:00:00 2001 From: Astro Date: Mon, 22 Jan 2024 00:30:36 +0100 Subject: [PATCH 11/25] checks/shutdown-command: bump sleep --- checks/shutdown-command.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/shutdown-command.nix b/checks/shutdown-command.nix index cb862604..8348e6e5 100644 --- a/checks/shutdown-command.nix +++ b/checks/shutdown-command.nix @@ -36,7 +36,7 @@ builtins.mapAttrs (_: nixos: microvm-run > $out & export MAINPID=$! - sleep 10 + sleep 30 echo Now shutting down microvm-shutdown '' From cac5d46c85a3755e0e3679ab411172d3e810a060 Mon Sep 17 00:00:00 2001 From: Astro Date: Mon, 22 Jan 2024 01:28:43 +0100 Subject: [PATCH 12/25] .github/workflows/ci: exclude known broken --- .github/workflows/ci.yml | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fc84337c..60b8c382 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,6 +29,42 @@ jobs: fail-fast: false matrix: check: ${{ fromJson(needs.eval.outputs.matrix) }} + exclude: + # Cannot cross-build on Github CI + - check: qemu-tcg-9pstore-overlay-shutdown-command + - check: qemu-tcg-9pstore-overlay-startup-shutdown + - check: qemu-tcg-9pstore-overlay-systemd-shutdown-command + - check: qemu-tcg-9pstore-overlay-systemd-startup-shutdown + - check: qemu-tcg-9pstore-shutdown-command + - check: qemu-tcg-9pstore-startup-shutdown + - check: qemu-tcg-9pstore-systemd-shutdown-command + - check: qemu-tcg-9pstore-systemd-startup-shutdown + - check: qemu-tcg-overlay-shutdown-command + - check: qemu-tcg-overlay-startup-shutdown + - check: qemu-tcg-overlay-systemd-shutdown-command + - check: qemu-tcg-overlay-systemd-startup-shutdown + - check: qemu-tcg-shutdown-command + - check: qemu-tcg-startup-shutdown + - check: qemu-tcg-systemd-shutdown-command + - check: qemu-tcg-systemd-startup-shutdown + # Known broken + - check: cloud-hypervisor-overlay-startup-shutdown + - check: cloud-hypervisor-overlay-shutdown-command + - check: cloud-hypervisor-overlay-systemd-startup-shutdown + - check: cloud-hypervisor-overlay-systemd-shutdown-command + - check: firecracker-overlay-shutdown-command + - check: firecracker-overlay-startup-shutdown + - check: firecracker-overlay-overlay-startup-shutdown + - check: stratovirt-startup-shutdown + - check: stratovirt-shutdown-command + - check: stratovirt-systemd-startup-shutdown + - check: vm-firecracker + - check: vm-firecracker-iperf + - check: vm-stratovirt-iperf + # Not finishing + - check: firecracker-overlay-systemd-startup-shutdown + - check: qemu-overlay-startup-shutdown + - check: qemu-overlay-systemd-startup-shutdown runs-on: ubuntu-latest env: NIX_ATTR: 'hydraJobs.x86_64-linux.${{ matrix.check }}' @@ -43,7 +79,7 @@ jobs: - name: Build ${{ matrix.check }} run: | nix build \ - -vL \ + -L \ --accept-flake-config \ ".#$NIX_ATTR" if [ -e result/summary.md ]; then From 571a98058719834f21bfdeb3a06a7a3fab1adb69 Mon Sep 17 00:00:00 2001 From: Astro Date: Thu, 25 Jan 2024 02:21:08 +0100 Subject: [PATCH 13/25] checks/{vm,iperf}: extend systemd timeouts for slow Github CI --- checks/iperf.nix | 4 ++++ checks/vm.nix | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/checks/iperf.nix b/checks/iperf.nix index 324c7f79..1527674e 100644 --- a/checks/iperf.nix +++ b/checks/iperf.nix @@ -32,6 +32,10 @@ nixpkgs.lib.optionalAttrs (builtins.elem hypervisor self.lib.hypervisorsWithNetw }; networking.firewall.enable = false; services.iperf3.enable = true; + # Hack for slow Github CI + systemd.extraConfig = '' + DefaultTimeoutStartSec=600 + ''; } ]; }; diff --git a/checks/vm.nix b/checks/vm.nix index 3e4b30e9..2b19a6b7 100644 --- a/checks/vm.nix +++ b/checks/vm.nix @@ -16,6 +16,10 @@ ]; # Must be big enough for the store overlay volume virtualisation.diskSize = 4096; + # Hack for slow Github CI + systemd.extraConfig = '' + DefaultTimeoutStartSec=600 + ''; microvm.vms."${system}-${hypervisor}-example".flake = self; }; From 95cac403281330c31acff4a9211e8d695883635b Mon Sep 17 00:00:00 2001 From: Astro Date: Fri, 26 Jan 2024 00:31:32 +0100 Subject: [PATCH 14/25] qemu: only run with kvm when intended --- lib/runners/qemu.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/runners/qemu.nix b/lib/runners/qemu.nix index 1afe818e..fcab0a16 100644 --- a/lib/runners/qemu.nix +++ b/lib/runners/qemu.nix @@ -64,7 +64,7 @@ let accel = if microvmConfig.cpu == null - then "kvm:tcg" + then "kvm" else "tcg"; # PCI required by vfio-pci for PCI passthrough From 41ecc7b390d7d4d0793630b96660780a6229add7 Mon Sep 17 00:00:00 2001 From: Astro Date: Fri, 26 Jan 2024 00:31:46 +0100 Subject: [PATCH 15/25] checks/iperf: quelch stderr output --- checks/iperf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/iperf.nix b/checks/iperf.nix index 1527674e..036d6c40 100644 --- a/checks/iperf.nix +++ b/checks/iperf.nix @@ -68,7 +68,7 @@ nixpkgs.lib.optionalAttrs (builtins.elem hypervisor self.lib.hypervisorsWithNetw vm.wait_for_unit("microvm@${hypervisor}-iperf-server.service", timeout = 600) vm.succeed("ip addr add 10.0.0.2/24 dev microvm") - result = vm.wait_until_succeeds("iperf -c 10.0.0.1", timeout = 1200) + result = vm.wait_until_succeeds("iperf -c 10.0.0.1 2>/dev/null", timeout = 1200) print(result) path = "{}/summary.md".format(os.environ.get("out")) From 685d00d3fc8ab1b569300f211963cb216457ab73 Mon Sep 17 00:00:00 2001 From: Astro Date: Fri, 26 Jan 2024 00:33:09 +0100 Subject: [PATCH 16/25] .github/workflows/ci: add magic-nix-cache-action --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 60b8c382..fdca62d9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -76,6 +76,7 @@ jobs: sudo udevadm trigger --name-match=kvm - uses: actions/checkout@v3 - uses: cachix/install-nix-action@v20 + - uses: DeterminateSystems/magic-nix-cache-action@v2 - name: Build ${{ matrix.check }} run: | nix build \ From 5c90b9e5f727b9f0c43cd75c3d4abd5a39ec2990 Mon Sep 17 00:00:00 2001 From: Astro Date: Fri, 26 Jan 2024 21:09:40 +0100 Subject: [PATCH 17/25] checks/iperf: always run qemu with kvm --- checks/iperf.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/checks/iperf.nix b/checks/iperf.nix index 036d6c40..69d93568 100644 --- a/checks/iperf.nix +++ b/checks/iperf.nix @@ -54,6 +54,7 @@ nixpkgs.lib.optionalAttrs (builtins.elem hypervisor self.lib.hypervisorsWithNetw # # keep the store paths built inside the VM across reboots # writableStoreUseTmpfs = false; qemu.options = [ + "-M" "q35,accel=kvm" "-cpu" { "aarch64-linux" = "cortex-a72"; From eea658afffe05bc342cce62cfa23bc9afe874f22 Mon Sep 17 00:00:00 2001 From: Astro Date: Mon, 26 Feb 2024 00:50:12 +0100 Subject: [PATCH 18/25] .github/workflows/ci: remove stratovirt from excludes --- .github/workflows/ci.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fdca62d9..8dd08da6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,12 +55,8 @@ jobs: - check: firecracker-overlay-shutdown-command - check: firecracker-overlay-startup-shutdown - check: firecracker-overlay-overlay-startup-shutdown - - check: stratovirt-startup-shutdown - - check: stratovirt-shutdown-command - - check: stratovirt-systemd-startup-shutdown - check: vm-firecracker - check: vm-firecracker-iperf - - check: vm-stratovirt-iperf # Not finishing - check: firecracker-overlay-systemd-startup-shutdown - check: qemu-overlay-startup-shutdown From 7e3fea2bf6ce57578bc42bba441956c03273df18 Mon Sep 17 00:00:00 2001 From: Astro Date: Mon, 26 Feb 2024 01:09:20 +0100 Subject: [PATCH 19/25] .github/workflows/ci: update uses --- .github/workflows/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8dd08da6..18aad4cc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,8 +10,8 @@ jobs: outputs: matrix: ${{ steps.eval-jobs.outputs.matrix }} steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v25 - name: Evaluate hydraJobs id: eval-jobs run: | @@ -70,9 +70,9 @@ jobs: echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules sudo udevadm control --reload-rules sudo udevadm trigger --name-match=kvm - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 - - uses: DeterminateSystems/magic-nix-cache-action@v2 + - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v25 + - uses: DeterminateSystems/magic-nix-cache-action@v3 - name: Build ${{ matrix.check }} run: | nix build \ From 8b29a2ab6a2bf9b0127bc45848c742ab80543711 Mon Sep 17 00:00:00 2001 From: Astro Date: Mon, 26 Feb 2024 01:14:31 +0100 Subject: [PATCH 20/25] flake.nix: restore checks --- .github/workflows/ci.yml | 6 +++--- flake.nix | 5 ++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 18aad4cc..caff26ca 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,13 +12,13 @@ jobs: steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v25 - - name: Evaluate hydraJobs + - name: Evaluate checks id: eval-jobs run: | MATRIX=$(nix eval \ --accept-flake-config \ --json \ - .#hydraJobs.x86_64-linux --apply builtins.attrNames \ + .#checks.x86_64-linux --apply builtins.attrNames \ ) echo "matrix=$MATRIX" >> $GITHUB_OUTPUT @@ -63,7 +63,7 @@ jobs: - check: qemu-overlay-systemd-startup-shutdown runs-on: ubuntu-latest env: - NIX_ATTR: 'hydraJobs.x86_64-linux.${{ matrix.check }}' + NIX_ATTR: 'checks.x86_64-linux.${{ matrix.check }}' steps: - name: Enable KVM group perms run: | diff --git a/flake.nix b/flake.nix index c9c53139..6f0e3562 100644 --- a/flake.nix +++ b/flake.nix @@ -135,15 +135,14 @@ else result ) {} (builtins.attrNames self.nixosConfigurations); - # Takes too much memory in `nix flake show` - # checks = import ./checks { inherit self nixpkgs system; }; + checks = import ./checks { inherit self nixpkgs system; }; # hydraJobs are checks hydraJobs = builtins.mapAttrs (_: check: (nixpkgs.lib.recursiveUpdate check { meta.timeout = 12 * 60 * 60; }) - ) (import ./checks { inherit self nixpkgs system; }); + ) self.checks.${system}; }) // { lib = import ./lib { inherit (nixpkgs) lib; }; From 978ff41bc13ed8a9fa9f5611746fdbe1fde6015c Mon Sep 17 00:00:00 2001 From: Astro Date: Sat, 6 Apr 2024 03:28:11 +0200 Subject: [PATCH 21/25] .github/workflows/ci: exclude qemu-tcg-*-hardened-* --- .github/workflows/ci.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index caff26ca..866c471c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -47,6 +47,22 @@ jobs: - check: qemu-tcg-startup-shutdown - check: qemu-tcg-systemd-shutdown-command - check: qemu-tcg-systemd-startup-shutdown + - check: qemu-tcg-9pstore-overlay-hardened-startup-shutdown + - check: qemu-tcg-9pstore-hardened-shutdown-command + - check: qemu-tcg-9pstore-hardened-startup-shutdown + - check: qemu-tcg-9pstore-systemd-hardened-shutdown-command + - check: qemu-tcg-9pstore-overlay-systemd-hardened-shutdown-command + - check: qemu-tcg-9pstore-overlay-hardened-shutdown-command + - check: qemu-tcg-9pstore-overlay-systemd-hardened-startup-shutdown + - check: qemu-tcg-overlay-hardened-startup-shutdown + - check: qemu-tcg-9pstore-systemd-hardened-startup-shutdown + - check: qemu-tcg-hardened-shutdown-command + - check: qemu-tcg-overlay-systemd-hardened-shutdown-command + - check: qemu-tcg-hardened-startup-shutdown + - check: qemu-tcg-overlay-hardened-shutdown-command + - check: qemu-tcg-systemd-hardened-shutdown-command + - check: qemu-tcg-overlay-systemd-hardened-startup-shutdown + - check: qemu-tcg-systemd-hardened-startup-shutdown # Known broken - check: cloud-hypervisor-overlay-startup-shutdown - check: cloud-hypervisor-overlay-shutdown-command From a5319ed0da494682b7212bc801092f11575fb0eb Mon Sep 17 00:00:00 2001 From: Astro Date: Sat, 13 Apr 2024 01:33:00 +0200 Subject: [PATCH 22/25] .gitea: yolo --- .gitea | 1 + 1 file changed, 1 insertion(+) create mode 120000 .gitea diff --git a/.gitea b/.gitea new file mode 120000 index 00000000..821c19db --- /dev/null +++ b/.gitea @@ -0,0 +1 @@ +.github \ No newline at end of file From 61b7ea4b5b055fd7c2f5526d282be65aa052723d Mon Sep 17 00:00:00 2001 From: Astro Date: Sat, 13 Apr 2024 01:37:31 +0200 Subject: [PATCH 23/25] .github/workflows/ci: run on nix --- .github/workflows/ci.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 866c471c..84d8b909 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,12 +6,11 @@ on: jobs: eval: - runs-on: ubuntu-latest + runs-on: nix outputs: matrix: ${{ steps.eval-jobs.outputs.matrix }} steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v25 - name: Evaluate checks id: eval-jobs run: | @@ -77,7 +76,7 @@ jobs: - check: firecracker-overlay-systemd-startup-shutdown - check: qemu-overlay-startup-shutdown - check: qemu-overlay-systemd-startup-shutdown - runs-on: ubuntu-latest + runs-on: nix env: NIX_ATTR: 'checks.x86_64-linux.${{ matrix.check }}' steps: @@ -87,8 +86,6 @@ jobs: sudo udevadm control --reload-rules sudo udevadm trigger --name-match=kvm - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v25 - - uses: DeterminateSystems/magic-nix-cache-action@v3 - name: Build ${{ matrix.check }} run: | nix build \ From 0f9848bfa0f4c92866e003cb1d63a0dc70c8b437 Mon Sep 17 00:00:00 2001 From: Astro Date: Sun, 27 Oct 2024 00:27:40 +0200 Subject: [PATCH 24/25] checks: don't run w/o hardening to reduce test cases for garnix-ci --- checks/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/checks/default.nix b/checks/default.nix index a912472f..55c007cf 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -125,9 +125,9 @@ let } ] # hardened profile [ { - # no - id = null; - } { + # # no + # id = null; + # } { id = "hardened"; modules = [ ({ modulesPath, ... }: { imports = [ "${modulesPath}/profiles/hardened.nix" ]; From b1f49b2c68cc52f04eb312558449063e5ce91c5b Mon Sep 17 00:00:00 2001 From: Astro Date: Sun, 27 Oct 2024 00:38:20 +0200 Subject: [PATCH 25/25] checks: don't run rw-store test cases for garnix-ci --- checks/default.nix | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/checks/default.nix b/checks/default.nix index 55c007cf..95ae21c0 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -81,29 +81,29 @@ let }; }) ]; } ] - # rw-store - [ { - # none - id = null; - } { - # overlay volume - id = "overlay"; - modules = [ ({ config, ... }: { - microvm = { - writableStoreOverlay = "/nix/.rw-store"; - volumes = [ { - image = "nix-store-overlay.img"; - label = "nix-store"; - mountPoint = config.microvm.writableStoreOverlay; - size = 128; - } ]; - testing.enableTest = builtins.elem config.microvm.hypervisor [ - # Known good - "qemu" "cloud-hypervisor" "firecracker" - ]; - }; - }) ]; - } ] + # # rw-store + # [ { + # # none + # id = null; + # } { + # # overlay volume + # id = "overlay"; + # modules = [ ({ config, ... }: { + # microvm = { + # writableStoreOverlay = "/nix/.rw-store"; + # volumes = [ { + # image = "nix-store-overlay.img"; + # label = "nix-store"; + # mountPoint = config.microvm.writableStoreOverlay; + # size = 128; + # } ]; + # testing.enableTest = builtins.elem config.microvm.hypervisor [ + # # Known good + # "qemu" "cloud-hypervisor" "firecracker" + # ]; + # }; + # }) ]; + # } ] # boot.systemd [ { # no