diff --git a/src/usr/local/buildpack/tools/nix.sh b/src/usr/local/buildpack/tools/nix.sh deleted file mode 100644 index 527fa55ace..0000000000 --- a/src/usr/local/buildpack/tools/nix.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env bash - -set -e - -require_root -check_semver "${TOOL_VERSION}" - -if [[ ! "${MAJOR}" || ! "${MINOR}" || ! "${PATCH}" ]]; then - echo Invalid version: "${TOOL_VERSION}" - exit 1 -fi - -echo "max-jobs = auto" | tee -a /tmp/nix.conf >/dev/null -echo "trusted-users = root ${USER_NAME}" | tee -a /tmp/nix.conf >/dev/null - -installer_options=( - --nix-extra-conf-file /tmp/nixd.conf -) - -curl -sSL "https://nixos.org/releases/nix/nix-${TOOL_VERSION}/nix-${TOOL_VERSION}-x86_64-linux.tar.xz" --output nix.txz -tar xJf nix.txz -rm nix.txz - -mkdir -m 0755 /etc/nix -chown -R "${USER_ID}" /etc/nix -echo "sandbox = false" > /etc/nix/nix.conf - -mkdir -m 0755 /nix -chown -R "${USER_ID}" /nix - - -su "${USER_NAME}" -c "./nix-${TOOL_VERSION}-x86_64-linux/install ${installer_options[*]}" -ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/ - -rm -r nix-"${TOOL_VERSION}"-x86_64-linux* - -export_path "${USER_HOME}/.nix-profile/bin" -export_env NIX_PATH "/nix/var/nix/profiles/per-user/${USER_NAME}/channels" - -nix-collect-garbage --delete-old -nix-store --optimise -nix-store --verify --check-contents - -nix --version diff --git a/src/usr/local/buildpack/tools/v2/nix.sh b/src/usr/local/buildpack/tools/v2/nix.sh new file mode 100644 index 0000000000..2e0a4d6030 --- /dev/null +++ b/src/usr/local/buildpack/tools/v2/nix.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash + +function check_tool_requirements() { + check_semver "$TOOL_VERSION" "minor" + TOOL_VERSION=${MAJOR}.${MINOR} +} + +function install_tool() { + local versioned_tool_path + local file + local ARCH + + versioned_tool_path=$(create_versioned_tool_path) + ARCH=$(uname -m) + + file=$(get_from_url "https://hydra.nixos.org/job/nix/maintenance-${TOOL_VERSION}/buildStatic.${ARCH}-linux/latest/download-by-type/file/binary-dist") + + create_folder "${versioned_tool_path}/bin" + cp "${file}" "${versioned_tool_path}/bin/nix" + chmod +x "${versioned_tool_path}/bin/nix" +} + +function link_tool() { + local versioned_tool_path + versioned_tool_path=$(find_versioned_tool_path) + + shell_wrapper "${TOOL_NAME}" "${versioned_tool_path}/bin" + nix --version +} diff --git a/test/Dockerfile.bionic b/test/Dockerfile.bionic index 5a8cba3e32..5b03bc5e3f 100644 --- a/test/Dockerfile.bionic +++ b/test/Dockerfile.bionic @@ -53,8 +53,8 @@ RUN install-tool java 17.0.5+8 # renovate: datasource=gradle-version packageName=gradle versioning=gradle RUN install-tool gradle 7.5.1 -# renovate: datasource=github-releases packageName=NixOS/nix -RUN install-tool nix 2.3.10 +# renovate: datasource=github-tags packageName=NixOS/nix +RUN install-tool nix 2.11.1 # renovate: datasource=node RUN install-tool node v16.18.0 diff --git a/test/Dockerfile.jammy b/test/Dockerfile.jammy index 088f045248..a1b6244b7b 100644 --- a/test/Dockerfile.jammy +++ b/test/Dockerfile.jammy @@ -53,8 +53,8 @@ RUN install-tool java 17.0.5+8 # renovate: datasource=gradle-version packageName=gradle versioning=gradle RUN install-tool gradle 7.5.1 -# renovate: datasource=github-releases packageName=NixOS/nix -RUN install-tool nix 2.3.10 +# renovate: datasource=github-tags packageName=NixOS/nix +RUN install-tool nix 2.11.1 # renovate: datasource=node RUN install-tool node v18.12.0 diff --git a/test/bash/tools/nix.bats b/test/bash/tools/nix.bats new file mode 100644 index 0000000000..d7fd78f184 --- /dev/null +++ b/test/bash/tools/nix.bats @@ -0,0 +1,157 @@ +setup_file() { + export TEST_DIR="$(cd "$(dirname "$BATS_TEST_FILENAME")" >/dev/null 2>&1 && pwd)" + + # set up the cache + load "$TEST_DIR/../cache.sh" + export BUILDPACK_CACHE_DIR="$(create_temp_dir TEST_CACHE_DIR)" +} + +setup() { + load '../../../node_modules/bats-support/load' + load '../../../node_modules/bats-assert/load' + + TEST_ROOT_DIR=$(mktemp -u) + USER_NAME=testuser + + load "$TEST_DIR/../../../src/usr/local/buildpack/util.sh" + + # load v2 overwrites + load "$TEST_DIR/../../../src/usr/local/buildpack/utils/v2/overrides.sh" + + # load test overwrites + load "$TEST_DIR/../util.sh" + + setup_directories + + # set default test user + TEST_ROOT_USER=1000 + + # load nix + load "$TEST_DIR/../../../src/usr/local/buildpack/tools/v2/nix.sh" + +} + +teardown() { + rm -rf "${TEST_ROOT_DIR}" +} + +teardown_file() { + clean_temp_dir $BUILDPACK_CACHE_DIR TEST_CACHE_DIR +} + +@test "nix: check_tool_requirements" { + TOOL_NAME=nix + + TOOL_VERSION=foobar \ + run check_tool_requirements + assert_failure + + TOOL_VERSION=2.11 \ + run check_tool_requirements + assert_success +} + +@test "nix: check_tool_installed" { + local TOOL_NAME=nix + local TOOL_VERSION + + # renovate: datasource=github-tags packageName=NixOS/nix + TOOL_VERSION=2.11.1 + + run check_tool_installed + assert_failure + + check_tool_requirements + + run install_tool + assert_success + + run check_tool_installed + assert_success +} + +@test "nix: install_tool" { + local TOOL_NAME=nix + local TOOL_VERSION + + # renovate: datasource=github-tags packageName=NixOS/nix + TOOL_VERSION=2.11.1 + + check_tool_requirements + + run install_tool + assert_success + + local versioned_tool_path=$(find_versioned_tool_path) + + PATH="${versioned_tool_path}/bin" \ + run nix --version + assert_success + assert_output --partial "${TOOL_VERSION}" + + # don't update + TOOL_VERSION=2.10.3 + + check_tool_requirements + + run install_tool + assert_success + + local versioned_tool_path=$(find_versioned_tool_path) + + PATH="${versioned_tool_path}/bin" \ + run nix --version + assert_success + assert_output --partial "${TOOL_VERSION}" +} + +@test "nix: link_tool" { + local TOOL_NAME=nix + local TOOL_VERSION + local bin_path=$(get_bin_path) + + # renovate: datasource=github-tags packageName=NixOS/nix + TOOL_VERSION=2.11.1 + + check_tool_requirements + + run install_tool + assert_success + + PATH="${bin_path}:$PATH" \ + run link_tool + assert_success + assert_output --partial "${TOOL_VERSION}" + + PATH="${bin_path}" \ + run nix --version + assert_success + assert_output --partial "${TOOL_VERSION}" + + local versioned_tool_path=$(find_versioned_tool_path) + + PATH="${versioned_tool_path}/bin" \ + run nix --version + assert_success + assert_output --partial "${TOOL_VERSION}" + + # don't update + TOOL_VERSION=2.11.1 + + check_tool_requirements + + run install_tool + assert_success + + PATH="${bin_path}:$PATH" \ + run link_tool + assert_success + assert_output --partial "${TOOL_VERSION}" + + local versioned_tool_path=$(find_versioned_tool_path) + + PATH="${versioned_tool_path}/bin" \ + run nix --version + assert_success + assert_output --partial "${TOOL_VERSION}" +} diff --git a/test/nix/Dockerfile b/test/nix/Dockerfile index 05ea45c732..c3013f4266 100644 --- a/test/nix/Dockerfile +++ b/test/nix/Dockerfile @@ -1,5 +1,45 @@ ARG IMAGE=containerbase/buildpack -FROM ${IMAGE} as build +FROM ${IMAGE} as base + +RUN touch /.dummy + +COPY --chown=1000:0 test test + +WORKDIR /test + +#-------------------------------------- +# test: nix 2.10 +#-------------------------------------- +FROM base as testa + +ARG APT_HTTP_PROXY + +# old nix version, not for renovating +RUN install-tool nix 2.11.1 + +USER 1000 + +RUN set -ex; \ + nix --version + +RUN set -ex; \ + cd a; \ + nix \ + --extra-experimental-features nix-command \ + --extra-experimental-features flakes \ + eval --impure --expr '{example = import ./flake.nix;}' + +RUN set -ex; \ + cd a; \ + nix \ + --extra-experimental-features nix-command \ + --extra-experimental-features flakes \ + flake update + +#-------------------------------------- +# test: nix 2.11 +#-------------------------------------- +FROM base as testb ARG APT_HTTP_PROXY @@ -12,7 +52,23 @@ RUN set -ex; \ nix --version RUN set -ex; \ - nix-instantiate --eval -E '(import {}).lib.version' + cd a; \ + nix \ + --extra-experimental-features nix-command \ + --extra-experimental-features flakes \ + eval --impure --expr '{example = import ./flake.nix;}' RUN set -ex; \ - nix-instantiate --eval -E 'with import {}; glibc.version' + cd a; \ + nix \ + --extra-experimental-features nix-command \ + --extra-experimental-features flakes \ + flake update + +#-------------------------------------- +# final +#-------------------------------------- +FROM base + +COPY --from=testa /.dummy /.dummy +COPY --from=testb /.dummy /.dummy diff --git a/test/nix/test/a/flake.lock b/test/nix/test/a/flake.lock new file mode 100644 index 0000000000..2375087f29 --- /dev/null +++ b/test/nix/test/a/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1659131907, + "narHash": "sha256-8bz4k18M/FuVC+EVcI4aREN2PsEKT7LGmU2orfjnpCg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8d435fca5c561da8168abb30270788d2da2a7951", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/test/nix/test/a/flake.nix b/test/nix/test/a/flake.nix new file mode 100644 index 0000000000..74864bd8c3 --- /dev/null +++ b/test/nix/test/a/flake.nix @@ -0,0 +1,30 @@ +{ + description = "update-flake-lock"; + + inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + outputs = + { self + , nixpkgs + }: + let + nameValuePair = name: value: { inherit name value; }; + genAttrs = names: f: builtins.listToAttrs (map (n: nameValuePair n (f n)) names); + + allSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; + forAllSystems = f: genAttrs allSystems + (system: f { + inherit system; + pkgs = import nixpkgs { inherit system; }; + }); + in + { + devShell = forAllSystems + ({ system, pkgs, ... }: + pkgs.stdenv.mkDerivation { + name = "update-flake-lock-devshell"; + buildInputs = [ pkgs.shellcheck ]; + src = self; + }); + }; +}