mynix
/
agenix
mirror of https://github.com/ryantm/agenix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #232 from ryantm/rtm-12-23-test 

dev: reland add direct tests for agenix
This commit is contained in:
Ryan Mulligan 2023-12-24 08:04:03 -08:00 committed by GitHub
parent 457669db42 a23aa271be
commit 417caa847f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 51 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/ci.yaml vendored
View File

@ -9,7 +9,9 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22 - uses: cachix/install-nix-action@v22
with: with:
extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm" extra_nix_config: |
system-features = nixos-test recursive-nix benchmark big-parallel kvm
extra-experimental-features = recursive-nix nix-command flakes
- run: nix build - run: nix build
- run: nix build .#doc - run: nix build .#doc
- run: nix fmt . -- --check - run: nix fmt . -- --check

71
pkgs/agenix.nix
View File

@ -9,29 +9,54 @@
substituteAll, substituteAll,
ageBin ? "${age}/bin/age", ageBin ? "${age}/bin/age",
shellcheck, shellcheck,
}: }: let
stdenv.mkDerivation rec { bin = "${placeholder "out"}/bin/agenix";
pname = "agenix"; in
version = "0.15.0"; stdenv.mkDerivation rec {
src = substituteAll { pname = "agenix";
inherit ageBin version; version = "0.15.0";
jqBin = "${jq}/bin/jq"; src = substituteAll {
nixInstantiate = "${nix}/bin/nix-instantiate"; inherit ageBin version;
mktempBin = "${mktemp}/bin/mktemp"; jqBin = "${jq}/bin/jq";
diffBin = "${diffutils}/bin/diff"; nixInstantiate = "${nix}/bin/nix-instantiate";
src = ./agenix.sh; mktempBin = "${mktemp}/bin/mktemp";
}; diffBin = "${diffutils}/bin/diff";
dontUnpack = true; src = ./agenix.sh;
};
dontUnpack = true;
doInstallCheck = true;
installCheckInputs = [shellcheck];
postInstallCheck = ''
shellcheck ${bin}
${bin} -h | grep ${version}
doCheck = true; HOME=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
checkInputs = [shellcheck]; function cleanup {
postCheck = '' rm -rf $HOME
shellcheck $src }
''; trap "cleanup" 0 2 3 15
installPhase = '' mkdir -p $HOME/.ssh
install -D $src ${placeholder "out"}/bin/agenix cp -r "${../example}" $HOME/secrets
''; chmod -R u+rw $HOME/secrets
(
umask u=rw,g=r,o=r
cp ${../example_keys/user1.pub} $HOME/.ssh/id_ed25519.pub
chown $UID $HOME/.ssh/id_ed25519.pub
)
(
umask u=rw,g=,o=
cp ${../example_keys/user1} $HOME/.ssh/id_ed25519
chown $UID $HOME/.ssh/id_ed25519
)
meta.description = "age-encrypted secrets for NixOS"; cd $HOME/secrets
} test $(${bin} -d secret1.age) = "hello"
'';
installPhase = ''
install -D $src ${bin}
'';
meta.description = "age-encrypted secrets for NixOS";
}