blob: d7394c866c1432c4922f33d1d89e472355c186d1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
# verifies:
# 1. jenkins service starts on master node
# 2. jenkins user can be extended on both master and slave
# 3. jenkins service not started on slave node
# 4. declarative jobs can be added and removed
import ./make-test-python.nix ({ pkgs, ...} : {
name = "jenkins";
meta = with pkgs.lib.maintainers; {
maintainers = [ bjornfor coconnor domenkozar ];
};
nodes = {
master =
{ ... }:
{ services.jenkins = {
enable = true;
jobBuilder = {
enable = true;
nixJobs = [
{ job = {
name = "job-1";
builders = [
{ shell = ''
echo "Running job-1"
'';
}
];
};
}
{ job = {
name = "folder-1";
project-type = "folder";
};
}
{ job = {
name = "folder-1/job-2";
builders = [
{ shell = ''
echo "Running job-2"
'';
}
];
};
}
];
};
};
specialisation.noJenkinsJobs.configuration = {
services.jenkins.jobBuilder.nixJobs = pkgs.lib.mkForce [];
};
# should have no effect
services.jenkinsSlave.enable = true;
users.users.jenkins.extraGroups = [ "users" ];
systemd.services.jenkins.serviceConfig.TimeoutStartSec = "6min";
};
slave =
{ ... }:
{ services.jenkinsSlave.enable = true;
users.users.jenkins.extraGroups = [ "users" ];
};
};
testScript = { nodes, ... }:
let
configWithoutJobs = "${nodes.master.system.build.toplevel}/specialisation/noJenkinsJobs";
jenkinsPort = nodes.master.services.jenkins.port;
jenkinsUrl = "http://localhost:${toString jenkinsPort}";
in ''
start_all()
master.wait_for_unit("default.target")
assert "Authentication required" in master.succeed("curl http://localhost:8080")
for host in master, slave:
groups = host.succeed("sudo -u jenkins groups")
assert "jenkins" in groups
assert "users" in groups
slave.fail("systemctl is-enabled jenkins.service")
slave.succeed("java -fullversion")
with subtest("jobs are declarative"):
# Check that jobs are created on disk.
master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/job-1/config.xml")
master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/config.xml")
master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")
# Verify that jenkins also sees the jobs.
out = master.succeed("${pkgs.jenkins}/bin/jenkins-cli -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")
jobs = [x.strip() for x in out.splitlines()]
# Seeing jobs inside folders requires the Folders plugin
# (https://plugins.jenkins.io/cloudbees-folder/), which we don't have
# in this vanilla jenkins install, so limit ourself to non-folder jobs.
assert jobs == ['job-1'], f"jobs != ['job-1']: {jobs}"
master.succeed(
"${configWithoutJobs}/bin/switch-to-configuration test >&2"
)
# Check that jobs are removed from disk.
master.wait_until_fails("test -f /var/lib/jenkins/jobs/job-1/config.xml")
master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/config.xml")
master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")
# Verify that jenkins also sees the jobs as removed.
out = master.succeed("${pkgs.jenkins}/bin/jenkins-cli -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")
jobs = [x.strip() for x in out.splitlines()]
assert jobs == [], f"jobs != []: {jobs}"
'';
})
|
