vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / jenkins.nix
blobd7394c866c1432c4922f33d1d89e472355c186d1
1 # verifies:
2 #   1. jenkins service starts on master node
3 #   2. jenkins user can be extended on both master and slave
4 #   3. jenkins service not started on slave node
5 #   4. declarative jobs can be added and removed
7 import ./make-test-python.nix ({ pkgs, ...} : {
8   name = "jenkins";
9   meta = with pkgs.lib.maintainers; {
10     maintainers = [ bjornfor coconnor domenkozar ];
11   };
13   nodes = {
15     master =
16       { ... }:
17       { services.jenkins = {
18           enable = true;
19           jobBuilder = {
20             enable = true;
21             nixJobs = [
22               { job = {
23                   name = "job-1";
24                   builders = [
25                     { shell = ''
26                         echo "Running job-1"
27                       '';
28                     }
29                   ];
30                 };
31               }
33               { job = {
34                   name = "folder-1";
35                   project-type = "folder";
36                 };
37               }
39               { job = {
40                   name = "folder-1/job-2";
41                   builders = [
42                     { shell = ''
43                         echo "Running job-2"
44                       '';
45                     }
46                   ];
47                 };
48               }
49             ];
50           };
51         };
53         specialisation.noJenkinsJobs.configuration = {
54           services.jenkins.jobBuilder.nixJobs = pkgs.lib.mkForce [];
55         };
57         # should have no effect
58         services.jenkinsSlave.enable = true;
60         users.users.jenkins.extraGroups = [ "users" ];
62         systemd.services.jenkins.serviceConfig.TimeoutStartSec = "6min";
63       };
65     slave =
66       { ... }:
67       { services.jenkinsSlave.enable = true;
69         users.users.jenkins.extraGroups = [ "users" ];
70       };
72   };
74   testScript = { nodes, ... }:
75     let
76       configWithoutJobs = "${nodes.master.system.build.toplevel}/specialisation/noJenkinsJobs";
77       jenkinsPort = nodes.master.services.jenkins.port;
78       jenkinsUrl = "http://localhost:${toString jenkinsPort}";
79     in ''
80     start_all()
82     master.wait_for_unit("default.target")
84     assert "Authentication required" in master.succeed("curl http://localhost:8080")
86     for host in master, slave:
87         groups = host.succeed("sudo -u jenkins groups")
88         assert "jenkins" in groups
89         assert "users" in groups
91     slave.fail("systemctl is-enabled jenkins.service")
93     slave.succeed("java -fullversion")
95     with subtest("jobs are declarative"):
96         # Check that jobs are created on disk.
97         master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/job-1/config.xml")
98         master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/config.xml")
99         master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")
101         # Verify that jenkins also sees the jobs.
102         out = master.succeed("${pkgs.jenkins}/bin/jenkins-cli -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")
103         jobs = [x.strip() for x in out.splitlines()]
104         # Seeing jobs inside folders requires the Folders plugin
105         # (https://plugins.jenkins.io/cloudbees-folder/), which we don't have
106         # in this vanilla jenkins install, so limit ourself to non-folder jobs.
107         assert jobs == ['job-1'], f"jobs != ['job-1']: {jobs}"
109         master.succeed(
110             "${configWithoutJobs}/bin/switch-to-configuration test >&2"
111         )
113         # Check that jobs are removed from disk.
114         master.wait_until_fails("test -f /var/lib/jenkins/jobs/job-1/config.xml")
115         master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/config.xml")
116         master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")
118         # Verify that jenkins also sees the jobs as removed.
119         out = master.succeed("${pkgs.jenkins}/bin/jenkins-cli -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")
120         jobs = [x.strip() for x in out.splitlines()]
121         assert jobs == [], f"jobs != []: {jobs}"
122   '';