ci: add go build and nix build workflows (#6)

* ci: add go build and nix build workflows * ci: add end-to-end test with tailscale
jnsgruk · Dec 15, 2023 · 9eb8a9c · 9eb8a9c
1 parent 6648650
commit 9eb8a9c
Show file tree

Hide file tree

Showing 2 changed files with 116 additions and 0 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -0,0 +1,50 @@
+name: Build
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  go-build:
+    name: Go
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: "go.mod"
+
+      - name: Setup Hugo
+        uses: peaceiris/actions-hugo@v2
+        with:
+          hugo-version: "latest"
+          extended: true
+
+      - name: Build
+        run: |
+          go generate -mod=mod
+          go build -mod=mod -o libations main.go
+
+  nix-build:
+    name: Nix
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@v9
+
+      - name: Setup magic-nix-cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: Build
+        run: nix build .#libations
+
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -0,0 +1,66 @@
+name: Test
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@v9
+
+      - name: Setup magic-nix-cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: "go.mod"
+
+      - name: Tailscale
+        uses: tailscale/github-action@v2
+        with:
+          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
+          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
+          tags: tag:libations-ci
+
+      - name: Build Libations
+        run: |
+          nix build .#libations
+  
+      - name: Run Libations
+        env:
+          TS_API_CLIENT_ID: ${{ secrets.TS_OAUTH_CLIENT_ID }}
+          TS_API_CLIENT_SECRET: ${{ secrets.TS_OAUTH_SECRET }}
+        run: |
+          # Issue a new tailscale authkey for libations
+          export TS_AUTHKEY="$(go run tailscale.com/cmd/get-authkey@main -tags tag:libations-ci -ephemeral -preauth 2>/dev/null)"
+          
+          # Start Libations in the background
+          ./result/bin/libations -hostname "libations-$HOSTNAME" &>~/libations.log &
+
+          # Long timeout to allow a chance to issue HTTPs certs
+          curl --connect-timeout 30 --retry 300 --retry-delay 5 "https://libations-$HOSTNAME.tailnet-d5da.ts.net"
+          curl --connect-timeout 30 --retry 300 --retry-delay 5 "http://libations-$HOSTNAME.tailnet-d5da.ts.net"
+
+      - name: Dump Libations logs
+        run: |
+          cat ~/libations.log
+      
+      - name: Remove libations from tsnet
+        env:
+          TS_CLIENT: ${{ secrets.TS_OAUTH_CLIENT_ID }}
+          TS_SECRET: ${{ secrets.TS_OAUTH_SECRET }}
+        run: |
+          id="$(tailscale status --json | jq -r --arg ts "libations-$HOSTNAME" '.Peer[] | select(.HostName==$ts) | .ID')"
+          token="$(curl -s -d "client_id=$TS_CLIENT" -d "client_secret=$TS_SECRET" "https://api.tailscale.com/api/v2/oauth/token" | jq -r '.access_token')"
+
+          curl -s -u "${token}:" -X DELETE "https://api.tailscale.com/api/v2/device/${id}"