run complement against docker:dind

2025-04-21 05:47:13 +02:00 · 2025-04-21 05:47:13 +02:00 · 304f44a11b
commit 304f44a11b
parent 23cc6e7f12
3 changed files with 59 additions and 17 deletions
--- a/.forgejo/workflows/ci.yml
+++ b/.forgejo/workflows/ci.yml
@ -43,15 +43,47 @@ env:
    WEB_UPLOAD_SSH_USERNAME: ${{ secrets.WEB_UPLOAD_SSH_USERNAME }}
    GH_REF_NAME: ${{ github.ref_name }}
    WEBSERVER_DIR_NAME: ${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}
+    DOCKER_HOST: "tcp://docker:2375"
+    DOCKER_TLS_CERTDIR: ""

 permissions: {}

 jobs:
+    dind-test:
+        name: dind-${{ matrix.runner }}
+        strategy:
+          matrix:
+            runner:
+              - jade
+              - tom
+              - ubuntu-22.04
+        runs-on: ${{ matrix.runner }}
+        services:
+          dind:
+            env:
+              DOCKER_HOST: unix:///var/run/dind.socket
+              DOCKER_TLS_CERTDIR: ""
+            image: docker:dind
+            options: >-
+              --tty
+              --restart always
+        steps:
+          - name: curl
+            run: |-
+              sleep 30
+              curl dind:2375 || true
    tests:
        name: Test
-        runs-on: [tom, dind, nix]
+        runs-on: [tom, nix]
+        services:
+          dind:
+              image: docker:dind
+              options: >-
+                  --privileged
+              env:
+                  DOCKER_TLS_CERTDIR: ""
+                  DOCKER_HOST: unix:///var/run/dind.socket
        container:
-          network: host
          image: catthehacker/ubuntu:act-latest
          volumes:
            - /nix/store:/nix/store
@ -111,8 +143,8 @@ jobs:
            - name: Nom
              if: ${{ env.ACT_EXEC }}
              run: |
-                  echo "aaaa"
-                  nix profile install nixpkgs#nix-output-monitor -v
+                  echo "Installing nix output monitor"
+                  nix profile install nixpkgs#nix-output-monitor -Lv
                  sudo cp $(which nom) /usr/bin/nom-nix
                  file $(which nom)
                  lsblk
@ -127,7 +159,8 @@ jobs:
                    sudo cp $(which nix) /usr/bin/nom-or-nix
                  fi
                  echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
-                  nix profile install -v --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv nixpkgs#nodejs
+                  nix profile install -v --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv nixpkgs#nodejs nixpkgs#iproute2 nixpkgs#nettools nixpkgs#bind
+                  ip a
                  direnv allow

                  if type nom &> /dev/null; then
@ -160,14 +193,23 @@ jobs:
              run: |
                  direnv exec . engage > >(tee -a test_output.log)

+            - name: Build complement image
+              run: |
+                  bin/nix-build-and-cache just .#complement
+
            - name: Run Complement tests
              shell: bash
              env:
+                DOCKER_HOST: tcp://dind:2375
                CARGO_PROFILE: "test"
              run: |
+                  addr=$(ip -brief address show eth0 | awk '{print $3}' | awk -F/ '{print $1}')
+                  export COMPLEMENT_HS_PORT_BINDING_IP=$(dig +short dind)
+                  export COMPLEMENT_HOSTNAME_RUNNING_COMPLEMENT=dind
                  # the nix devshell sets $COMPLEMENT_SRC, so "/dev/null" is no-op
                  direnv exec . bin/complement "/dev/null" complement_test_logs.jsonl complement_test_results.jsonl > >(tee -a test_output.log)
                  cp -v -f result complement_oci_image.tar.gz
+                  netstat -tnlp

            - name: Upload Complement OCI image
              uses: actions/upload-artifact@v4
@ -216,7 +258,7 @@ jobs:

    build:
        name: Build
-        runs-on: [tom, nix, dind]
+        runs-on: [tom, nix]
        container:
            image: catthehacker/ubuntu:js-latest
            volumes:
--- a/flake.lock
+++ b/flake.lock
@ -80,18 +80,18 @@
    "complement": {
      "flake": false,
      "locked": {
-        "lastModified": 1741891349,
-        "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=",
-        "owner": "girlbossceo",
-        "repo": "complement",
-        "rev": "e587b3df569cba411aeac7c20b6366d03c143745",
-        "type": "github"
+        "lastModified": 1745202855,
+        "narHash": "sha256-Jr4625Gp5SzL1teCAEkIBiwIhWBZ3UlPXa//I+6Ncyk=",
+        "ref": "morguldir/hs-ip",
+        "rev": "d44afcb142a0d1e3d877e3f2e38115910f7f062c",
+        "revCount": 860,
+        "type": "git",
+        "url": "https://forgejo.ellis.link/continuwuation/complement"
      },
      "original": {
-        "owner": "girlbossceo",
-        "ref": "main",
-        "repo": "complement",
-        "type": "github"
+        "ref": "morguldir/hs-ip",
+        "type": "git",
+        "url": "https://forgejo.ellis.link/continuwuation/complement"
      }
    },
    "crane": {
--- a/flake.nix
+++ b/flake.nix
@ -2,7 +2,7 @@
  inputs = {
    attic.url = "github:zhaofengli/attic?ref=main";
    cachix.url = "github:cachix/cachix?ref=master";
-    complement = { url = "github:girlbossceo/complement?ref=main"; flake = false; };
+    complement = { url = "git+https://forgejo.ellis.link/continuwuation/complement?ref=morguldir/hs-ip"; flake = false; };
    crane = { url = "github:ipetkov/crane?ref=master"; };
    fenix = { url = "github:nix-community/fenix?ref=main"; inputs.nixpkgs.follows = "nixpkgs"; };
    flake-compat = { url = "github:edolstra/flake-compat?ref=master"; flake = false; };