contrib: add direct tests for agenix

These tests are MUCH faster than the NixOS tests.
ryantm · Dec 20, 2023 · 097aa18 · 097aa18
1 parent 564595d
commit 097aa18
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 25 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -9,7 +9,9 @@ jobs:
     - uses: actions/checkout@v3
     - uses: cachix/install-nix-action@v22
       with:
-        extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm"
+        extra_nix_config: |
+          system-features = nixos-test recursive-nix benchmark big-parallel kvm
+          extra-experimental-features = recursive-nix nix-command flakes
     - run: nix build
     - run: nix build .#doc
     - run: nix fmt . -- --check
@@ -20,7 +22,9 @@ jobs:
     - uses: actions/checkout@v3
     - uses: cachix/install-nix-action@v22
       with:
-        extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm"
+        extra_nix_config: |
+          system-features = nixos-test recursive-nix benchmark big-parallel kvm
+          extra-experimental-features = recursive-nix nix-command flakes
     - run: nix build
     - run: nix build .#doc
     - run: nix fmt . -- --check

diff --git a/pkgs/agenix.nix b/pkgs/agenix.nix
@@ -9,29 +9,49 @@
   substituteAll,
   ageBin ? "${rage}/bin/rage",
   shellcheck,
-}:
-stdenv.mkDerivation rec {
-  pname = "agenix";
-  version = "0.15.0";
-  src = substituteAll {
-    inherit ageBin version;
-    jqBin = "${jq}/bin/jq";
-    nixInstantiate = "${nix}/bin/nix-instantiate";
-    mktempBin = "${mktemp}/bin/mktemp";
-    diffBin = "${diffutils}/bin/diff";
-    src = ./agenix.sh;
-  };
-  dontUnpack = true;
+}: let
+  bin = "${placeholder "out"}/bin/agenix";
+in
+  stdenv.mkDerivation rec {
+    pname = "agenix";
+    version = "0.15.0";
+    src = substituteAll {
+      inherit ageBin version;
+      jqBin = "${jq}/bin/jq";
+      nixInstantiate = "${nix}/bin/nix-instantiate";
+      mktempBin = "${mktemp}/bin/mktemp";
+      diffBin = "${diffutils}/bin/diff";
+      src = ./agenix.sh;
+    };
+    dontUnpack = true;
+    doInstallCheck = true;
+    installCheckInputs = [shellcheck];
+    postInstallCheck = ''
+      shellcheck ${bin}
+      ${bin} -h | grep ${version}
 
-  doCheck = true;
-  checkInputs = [shellcheck];
-  postCheck = ''
-    shellcheck $src
-  '';
+      mkdir -p /tmp/home/.ssh
+      cp -r "${../example}" /tmp/home/secrets
+      chmod -R u+rw /tmp/home/secrets
+      export HOME=/tmp/home
+      (
+      umask u=rw,g=r,o=r
+      cp ${../example_keys/user1.pub} $HOME/.ssh/id_ed25519.pub
+      chown $UID $HOME/.ssh/id_ed25519.pub
+      )
+      (
+      umask u=rw,g=,o=
+      cp ${../example_keys/user1} $HOME/.ssh/id_ed25519
+      chown $UID $HOME/.ssh/id_ed25519
+      )
 
-  installPhase = ''
-    install -D $src ${placeholder "out"}/bin/agenix
-  '';
+      cd /tmp/home/secrets
+      test $(${bin} -d secret1.age) = "hello"
+    '';
 
-  meta.description = "age-encrypted secrets for NixOS";
-}
+    installPhase = ''
+      install -D $src ${bin}
+    '';
+
+    meta.description = "age-encrypted secrets for NixOS";
+  }