Re: Gitlab CI

[divoplade]

Hello Jérémy,

The problem is that guix-install.sh asks you whether you want to
authorize the substitutes, but it can't because it is not used
interactively, so it fails.

There are other traps to avoid (do not forget to install ntp, call
guix-daemon with --disable-chroot because you are in an unprivileged
container, cache things to avoid pulling the world at each commit). I
have a solution based on caching a guix pack containing all your
packages: https://framagit.org/divoplade/guix-project

variables:
  GUIX_REF: "--branch=master"
  PACKAGES: "guile-hall hello"

before_script:
  - test -f cache.tar.gz || apt -qq update
  - test -f cache.tar.gz || apt -qq install -y wget gpg xz-utils ntp
  - test -f cache.tar.gz || wget 
https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --
import -
  - test -f cache.tar.gz || wget 
https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
  - test -f cache.tar.gz || chmod ugo+x guix-install.sh
  - test -f cache.tar.gz || (echo "" ; echo "y") | ./guix-install.sh ||
echo "Assume OK"
  - test -f cache.tar.gz || source
/root/.config/guix/current/etc/profile
  - test -f cache.tar.gz || guix-daemon --build-users-group=guixbuild
--disable-chroot &
  - test -f cache.tar.gz || guix pull $GUIX_REF
  - test -f cache.tar.gz || cp $(guix pack -C gzip $PACKAGES
-S/opt/bin=bin) cache.tar.gz
  - cp cache.tar.gz /
  - (cd / && tar xf cache.tar.gz)
  - export PATH=/opt/bin:$PATH

cache:
  key: "$GUIX_REF $PACKAGES"
  paths:
    - cache.tar.gz

job:
  script:
    - hello
    - hall --help

After a very long set up (1/2 hour with a somewhat fast runner), you
will leverage the cached guix pack to run the jobs instantly, with the
default gitlab runner (unprivileged, debian-based).

If you want to update, clear the runner caches, or change the GUIX_REF
variable. You can pin a specific commit (better for reproducibility,
not so great for releases) with --commit=COMMIT.

I could not get guix to run within the job, even with "guix" added to
PACKAGES: it would need this in the script:

    - apt -qq update
    - apt -qq install -y ntp
    - (groupadd --system guixbuild && for i in $(seq 1 10) ; do useradd
-g guixbuild -G guixbuild -d /var/empty -s $(which nologin) -c "Guix
build user $i" --system guixbuilder$i; done) || true
    - guix-daemon --build-users-group=guixbuild --disable-chroot &
    - guix archive --authorize < $(dirname $(readlink
/usr/local/bin/guix))/../share/guix/ci.guix.info.pub

However, if you try it, you will notice a crash.

I am looking forward to having guix shipped as a debian package, it
will be way easier.

divoplade

Le samedi 20 juin 2020 à 10:42 +0200, Jérémy Korwin-Zmijowski a écrit :
> Hey Guixters !
> 
> I am experimenting with Gitlab CI for a Guile project I am working
> on.
> It is managed with Hall and I would like to benefit the Guix
> features.
> 
> Currently, I struggle to run Guix inside the default Debian stable
> docker image (framagit.org).
> 
> Here is my .gitlab-ci.yml :
> 
>    before_script:
>     - apt -qq update
>     - apt -qq install -y wget gpg xz-utils
>     - wget 
>    
> https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
>  - chmod +x guix-install.sh
>  - wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - |
> gpg --import -
>  - printf '\n' | ./guix-install.sh
>  - /root/.config/guix/current/bin/guix-daemon --build-users-
> group=guixbuild
>  - guix pull
> 
> stages:
>   - bootstrap
>   - configure
>   - build
>   - test
> 
> job:bootstrap:
>   stage: bootstrap
>   script: autoreconf -vfi
> 
> What I get :
> 
>    [1592641832.155]: [ FAIL ] unsupported init system; run the daemon
>    manually:
>       /root/.config/guix/current/bin/guix-daemon --build-users-
>    group=guixbuild
>    [1592641832.155]: [ INFO ] making the guix command available to
>    other users
> 
> Does anyone has done that before ?
> Is there a way to get a Guix docker image instead of the Debian one ?
> 
> Have a nice weekend !
> 
> Jérémy
> 
>