ci: add test-demo workflow

imincik · imincik · commit 411704af0af3 · 2025-04-07T14:37:12.000+02:00
Closes: ngi-nix#698
diff --git a/.github/workflows/test-demo.yaml b/.github/workflows/test-demo.yaml
@@ -0,0 +1,81 @@
+name: Test VM demo
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: 'actions/checkout@v4'
+
+      # - name: Install Nix
+      #   run: |
+      #     sudo apt update
+      #     sudo apt install --yes nix git
+
+      # - name: Add Nix trusted user
+      #   run: |
+      #     echo "trusted-users = root $USER" | sudo tee -a /etc/nix/nix.conf
+
+      #     sudo usermod -a -G nix-users $USER
+      #     sudo newgrp nix-users
+      #     sudo systemctl restart nix-daemon.service
+
+      # FIXME: Failing on
+      #  /usr/bin/bash -c nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install
+      # error: getting status of /nix/var/nix/daemon-socket/socket: Permission denied
+      # Error: Action failed with error: Error: The process '/usr/bin/bash' failed with exit code 1
+      # - uses: cachix/cachix-action@v14
+      #   with: { name: 'ngi' }
+
+      # TODO: enable overview build
+      # - name: Build overview
+      #   run: nix build .#overview
+
+      # TODO: download this file from overview
+      - name: Create default.nix file
+        run: |
+          cat <<EOF >default.nix
+          {
+            ngipkgs ?
+              import
+                (fetchTarball "https://github.com/eljamm/ngipkgs/tarball/init-project-demos/8eb7f038fd62fd6490e017d78e6a30e7b64a13fa")
+                { },
+          }:
+          let
+            servicePort = 9000;
+            domainName = "localhost:\${toString servicePort}";
+          in
+          ngipkgs.demo {
+            services.cryptpad = {
+              enable = true;
+              settings = {
+                httpPort = servicePort;
+                httpAddress = "0.0.0.0";
+                httpUnsafeOrigin = "http://\${domainName}";
+                httpSafeOrigin = "http://\${domainName}";
+              };
+            };
+
+            networking.firewall.allowedTCPPorts = [ servicePort ];
+            networking.firewall.allowedUDPPorts = [ servicePort ];
+          }
+          EOF
+
+      - name: Create test script
+        run: |
+          cat <<EOF >test-script.sh
+          apt update
+          apt install --yes curl git nix
+          nix-build --option binary-caches 'https://cache.nixos.org/ https://ngi.cachix.org/' --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ngi.cachix.org-1:n+CAL72ROC3qQuLxIHpV+Tw5t42WhXmMhprAGkRSrOw= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=' /root/default.nix
+          ./result &
+          curl --retry 10 --fail localhost:9000 | grep CryptPad
+          EOF
+
+      - name: Run and test VM
+        run: docker run --privileged --volume ./default.nix:/default.nix --volume ./test-script.sh:/test-script.sh ubuntu:25.04 /bin/bash -c "/test-script.sh"
