nixpkgs/nixos/tests/jenkins.nix

# verifies:
#   1. jenkins service starts on master node
#   2. jenkins user can be extended on both master and slave
#   3. jenkins service not started on slave node
#   4. declarative jobs can be added and removed

import ./make-test-python.nix ({ pkgs, ...} : {
  name = "jenkins";
  meta = with pkgs.lib.maintainers; {
    maintainers = [ bjornfor coconnor domenkozar eelco ];
  };

  nodes = {

    master =
      { ... }:
      { services.jenkins = {
          enable = true;
          jobBuilder = {
            enable = true;
            nixJobs = [
              { job = {
                  name = "job-1";
                  builders = [
                    { shell = ''
                        echo "Running job-1"
                      '';
                    }
                  ];
                };
              }

              { job = {
                  name = "folder-1";
                  project-type = "folder";
                };
              }

              { job = {
                  name = "folder-1/job-2";
                  builders = [
                    { shell = ''
                        echo "Running job-2"
                      '';
                    }
                  ];
                };
              }
            ];
          };
        };

        specialisation.noJenkinsJobs.configuration = {
          services.jenkins.jobBuilder.nixJobs = pkgs.lib.mkForce [];
        };

        # should have no effect
        services.jenkinsSlave.enable = true;

        users.users.jenkins.extraGroups = [ "users" ];

        systemd.services.jenkins.serviceConfig.TimeoutStartSec = "6min";
      };

    slave =
      { ... }:
      { services.jenkinsSlave.enable = true;

        users.users.jenkins.extraGroups = [ "users" ];
      };

  };

  testScript = { nodes, ... }:
    let
      configWithoutJobs = "${nodes.master.config.system.build.toplevel}/specialisation/noJenkinsJobs";
      jenkinsPort = nodes.master.config.services.jenkins.port;
      jenkinsUrl = "http://localhost:${toString jenkinsPort}";
    in ''
    start_all()

    master.wait_for_unit("jenkins")

    assert "Authentication required" in master.succeed("curl http://localhost:8080")

    for host in master, slave:
        groups = host.succeed("sudo -u jenkins groups")
        assert "jenkins" in groups
        assert "users" in groups

    slave.fail("systemctl is-enabled jenkins.service")

    with subtest("jobs are declarative"):
        # Check that jobs are created on disk.
        master.wait_for_unit("jenkins-job-builder")
        master.wait_until_fails("systemctl is-active jenkins-job-builder")
        master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/job-1/config.xml")
        master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/config.xml")
        master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")

        # Wait until jenkins is ready, reload configuration and verify it also
        # sees the jobs.
        master.succeed("curl --fail ${jenkinsUrl}/cli")
        master.succeed("curl ${jenkinsUrl}/jnlpJars/jenkins-cli.jar -O")
        master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) reload-configuration")
        out = master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")
        jobs = [x.strip() for x in out.splitlines()]
        # Seeing jobs inside folders requires the Folders plugin
        # (https://plugins.jenkins.io/cloudbees-folder/), which we don't have
        # in this vanilla jenkins install, so limit ourself to non-folder jobs.
        assert jobs == ['job-1'], f"jobs != ['job-1']: {jobs}"

        master.succeed(
            "${configWithoutJobs}/bin/switch-to-configuration test >&2"
        )

        # Check that jobs are removed from disk.
        master.wait_for_unit("jenkins-job-builder")
        master.wait_until_fails("systemctl is-active jenkins-job-builder")
        master.wait_until_fails("test -f /var/lib/jenkins/jobs/job-1/config.xml")
        master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/config.xml")
        master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")

        # Reload jenkins' configuration and verify it also sees the jobs as removed.
        master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) reload-configuration")
        out = master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")
        jobs = [x.strip() for x in out.splitlines()]
        assert jobs == [], f"jobs != []: {jobs}"
  '';
})
remove users.jenkins config start on slave config. Uses standard NixOS user config merging. Work in progress: The slave config does not actually start the slave agent. This just configures a jenkins user if required. Bare minimum to enable a nice jenkins SSH slave. 2014-03-06 10:06:53 -08:00			`# verifies:`
			`# 1. jenkins service starts on master node`
			`# 2. jenkins user can be extended on both master and slave`
			`# 3. jenkins service not started on slave node`
nixos/jenkins: test declarative jobs (cherry picked from commit a655b712015f1a37466371234620b8958887e9bf) 2021-05-29 18:17:36 +02:00			`# 4. declarative jobs can be added and removed`
Fix tests broken due to the firewall being enabled by default 2014-04-11 17:15:56 +02:00
nixosTests.jenkins: port to python 2019-11-24 20:54:10 +01:00			`import ./make-test-python.nix ({ pkgs, ...} : {`
name nixos tests, close #3078 2014-06-28 16:04:49 +02:00			`name = "jenkins";`
treewide: simplify pkgs.stdenv.lib -> pkgs.lib The library does not depend on stdenv, that `stdenv` exposes `lib` is an artifact of the ancient origins of nixpkgs. 2021-01-10 20:08:30 +01:00			`meta = with pkgs.lib.maintainers; {`
Remove myself as maintainer from packages I'm currently not maintaining any packages. 2019-02-22 16:14:13 +01:00			`maintainers = [ bjornfor coconnor domenkozar eelco ];`
all tests: added meta.maintainers section 2015-07-12 12:09:40 +02:00			`};`
Make it easier to run the tests You can now run a test in the nixos/tests directory directly using nix-build, e.g. $ nix-build '<nixos/tests/login.nix>' -A test This gets rid of having to add the test to nixos/tests/default.nix. (Of course, you still need to add it to nixos/release.nix if you want Hydra to run the test.) 2014-04-14 14:02:44 +02:00
Add jenkins continuous integration server and user. By default the jenkins server is executed under the user "jenkins". Which can be configured using users.jenkins.* options. If a different user is requested by changing services.jenkins.user then none of the users.jenkins options apply. This patch does not include jenkins slave configuration. Some config options will probably change when this is implemented. Aspects like the user and environment are typically identical between slave and master. The service configs are different. The design is for users.jenkins to cover the shared aspects while services.jenkins and services.jenkins-slave cover the master and slave specific aspects, respectively. Another option would be to place everything under services.jenkins and have a config that selects master vs slave. 2014-02-10 12:07:12 -08:00			`nodes = {`
Fix tests broken due to the firewall being enabled by default 2014-04-11 17:15:56 +02:00
			`master =`
[bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00			`{ ... }:`
nixos/jenkins: test declarative jobs (cherry picked from commit a655b712015f1a37466371234620b8958887e9bf) 2021-05-29 18:17:36 +02:00			`{ services.jenkins = {`
			`enable = true;`
			`jobBuilder = {`
			`enable = true;`
			`nixJobs = [`
			`{ job = {`
			`name = "job-1";`
			`builders = [`
			`{ shell = ''`
			`echo "Running job-1"`
			`'';`
			`}`
			`];`
			`};`
			`}`

			`{ job = {`
			`name = "folder-1";`
			`project-type = "folder";`
			`};`
			`}`

			`{ job = {`
			`name = "folder-1/job-2";`
			`builders = [`
			`{ shell = ''`
			`echo "Running job-2"`
			`'';`
			`}`
			`];`
			`};`
			`}`
			`];`
			`};`
			`};`

			`specialisation.noJenkinsJobs.configuration = {`
			`services.jenkins.jobBuilder.nixJobs = pkgs.lib.mkForce [];`
			`};`
remove users.jenkins config start on slave config. Uses standard NixOS user config merging. Work in progress: The slave config does not actually start the slave agent. This just configures a jenkins user if required. Bare minimum to enable a nice jenkins SSH slave. 2014-03-06 10:06:53 -08:00
			`# should have no effect`
			`services.jenkinsSlave.enable = true;`

nixos/tests: users.(extraUsers\|extraGroup->users\|group) 2018-06-30 01:55:42 +02:00			`users.users.jenkins.extraGroups = [ "users" ];`
Increase systemd timeout on Jenkins and Munin tests These were timing out a lot. http://hydra.nixos.org/build/13991108 http://hydra.nixos.org/build/13991107 2014-09-05 15:50:55 +02:00
nixos/tests/jenkins: increase timeout to 6 minutes Fixes the test failure, at least on my system. 2015-02-10 16:49:47 +01:00			`systemd.services.jenkins.serviceConfig.TimeoutStartSec = "6min";`
remove users.jenkins config start on slave config. Uses standard NixOS user config merging. Work in progress: The slave config does not actually start the slave agent. This just configures a jenkins user if required. Bare minimum to enable a nice jenkins SSH slave. 2014-03-06 10:06:53 -08:00			`};`
Fix tests broken due to the firewall being enabled by default 2014-04-11 17:15:56 +02:00
			`slave =`
[bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00			`{ ... }:`
Fix tests broken due to the firewall being enabled by default 2014-04-11 17:15:56 +02:00			`{ services.jenkinsSlave.enable = true;`
remove users.jenkins config start on slave config. Uses standard NixOS user config merging. Work in progress: The slave config does not actually start the slave agent. This just configures a jenkins user if required. Bare minimum to enable a nice jenkins SSH slave. 2014-03-06 10:06:53 -08:00
nixos/tests: users.(extraUsers\|extraGroup->users\|group) 2018-06-30 01:55:42 +02:00			`users.users.jenkins.extraGroups = [ "users" ];`
Add jenkins continuous integration server and user. By default the jenkins server is executed under the user "jenkins". Which can be configured using users.jenkins.* options. If a different user is requested by changing services.jenkins.user then none of the users.jenkins options apply. This patch does not include jenkins slave configuration. Some config options will probably change when this is implemented. Aspects like the user and environment are typically identical between slave and master. The service configs are different. The design is for users.jenkins to cover the shared aspects while services.jenkins and services.jenkins-slave cover the master and slave specific aspects, respectively. Another option would be to place everything under services.jenkins and have a config that selects master vs slave. 2014-02-10 12:07:12 -08:00			`};`
Fix tests broken due to the firewall being enabled by default 2014-04-11 17:15:56 +02:00
Add jenkins continuous integration server and user. By default the jenkins server is executed under the user "jenkins". Which can be configured using users.jenkins.* options. If a different user is requested by changing services.jenkins.user then none of the users.jenkins options apply. This patch does not include jenkins slave configuration. Some config options will probably change when this is implemented. Aspects like the user and environment are typically identical between slave and master. The service configs are different. The design is for users.jenkins to cover the shared aspects while services.jenkins and services.jenkins-slave cover the master and slave specific aspects, respectively. Another option would be to place everything under services.jenkins and have a config that selects master vs slave. 2014-02-10 12:07:12 -08:00			`};`

nixos/jenkins: test declarative jobs (cherry picked from commit a655b712015f1a37466371234620b8958887e9bf) 2021-05-29 18:17:36 +02:00			`testScript = { nodes, ... }:`
			`let`
			`configWithoutJobs = "${nodes.master.config.system.build.toplevel}/specialisation/noJenkinsJobs";`
			`jenkinsPort = nodes.master.config.services.jenkins.port;`
			`jenkinsUrl = "http://localhost:${toString jenkinsPort}";`
			`in ''`
nixosTests.jenkins: port to python 2019-11-24 20:54:10 +01:00			`start_all()`
Add jenkins continuous integration server and user. By default the jenkins server is executed under the user "jenkins". Which can be configured using users.jenkins.* options. If a different user is requested by changing services.jenkins.user then none of the users.jenkins options apply. This patch does not include jenkins slave configuration. Some config options will probably change when this is implemented. Aspects like the user and environment are typically identical between slave and master. The service configs are different. The design is for users.jenkins to cover the shared aspects while services.jenkins and services.jenkins-slave cover the master and slave specific aspects, respectively. Another option would be to place everything under services.jenkins and have a config that selects master vs slave. 2014-02-10 12:07:12 -08:00
nixosTests.jenkins: port to python 2019-11-24 20:54:10 +01:00			`master.wait_for_unit("jenkins")`
nixos/tests/jenkins: check if jenkins is available 2017-12-14 16:01:09 +01:00
nixosTests.jenkins: port to python 2019-11-24 20:54:10 +01:00			`assert "Authentication required" in master.succeed("curl http://localhost:8080")`
nixos/tests/jenkins: check if jenkins is available 2017-12-14 16:01:09 +01:00
nixosTests.jenkins: port to python 2019-11-24 20:54:10 +01:00			`for host in master, slave:`
			`groups = host.succeed("sudo -u jenkins groups")`
			`assert "jenkins" in groups`
			`assert "users" in groups`
remove users.jenkins config start on slave config. Uses standard NixOS user config merging. Work in progress: The slave config does not actually start the slave agent. This just configures a jenkins user if required. Bare minimum to enable a nice jenkins SSH slave. 2014-03-06 10:06:53 -08:00
nixosTests.jenkins: port to python 2019-11-24 20:54:10 +01:00			`slave.fail("systemctl is-enabled jenkins.service")`
nixos/jenkins: test declarative jobs (cherry picked from commit a655b712015f1a37466371234620b8958887e9bf) 2021-05-29 18:17:36 +02:00
			`with subtest("jobs are declarative"):`
			`# Check that jobs are created on disk.`
			`master.wait_for_unit("jenkins-job-builder")`
			`master.wait_until_fails("systemctl is-active jenkins-job-builder")`
			`master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/job-1/config.xml")`
			`master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/config.xml")`
			`master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")`

			`# Wait until jenkins is ready, reload configuration and verify it also`
			`# sees the jobs.`
			`master.succeed("curl --fail ${jenkinsUrl}/cli")`
			`master.succeed("curl ${jenkinsUrl}/jnlpJars/jenkins-cli.jar -O")`
			`master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) reload-configuration")`
			`out = master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")`
			`jobs = [x.strip() for x in out.splitlines()]`
			`# Seeing jobs inside folders requires the Folders plugin`
			`# (https://plugins.jenkins.io/cloudbees-folder/), which we don't have`
			`# in this vanilla jenkins install, so limit ourself to non-folder jobs.`
			`assert jobs == ['job-1'], f"jobs != ['job-1']: {jobs}"`

			`master.succeed(`
			`"${configWithoutJobs}/bin/switch-to-configuration test >&2"`
			`)`

			`# Check that jobs are removed from disk.`
			`master.wait_for_unit("jenkins-job-builder")`
			`master.wait_until_fails("systemctl is-active jenkins-job-builder")`
			`master.wait_until_fails("test -f /var/lib/jenkins/jobs/job-1/config.xml")`
			`master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/config.xml")`
			`master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml")`

			`# Reload jenkins' configuration and verify it also sees the jobs as removed.`
			`master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) reload-configuration")`
			`out = master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs")`
			`jobs = [x.strip() for x in out.splitlines()]`
			`assert jobs == [], f"jobs != []: {jobs}"`
Add jenkins continuous integration server and user. By default the jenkins server is executed under the user "jenkins". Which can be configured using users.jenkins.* options. If a different user is requested by changing services.jenkins.user then none of the users.jenkins options apply. This patch does not include jenkins slave configuration. Some config options will probably change when this is implemented. Aspects like the user and environment are typically identical between slave and master. The service configs are different. The design is for users.jenkins to cover the shared aspects while services.jenkins and services.jenkins-slave cover the master and slave specific aspects, respectively. Another option would be to place everything under services.jenkins and have a config that selects master vs slave. 2014-02-10 12:07:12 -08:00			`'';`
nixos/tests/jenkins: check if jenkins is available 2017-12-14 16:01:09 +01:00			`})`