From e51263057f21e77602481d6a6d826ff8cc0c1db0 Mon Sep 17 00:00:00 2001 From: Jade Lovelace Date: Tue, 23 Jul 2024 22:43:38 +0200 Subject: ci: add a asan+ubsan test run on x86_64-linux This should at least catch out blatantly bad patches that don't pass the test suite with ASan. We don't do this to the integration tests since they run on relatively limited-memory VMs and so it may not be super safe to run an evaluator with leak driven garbage collection for them. Fixes: https://git.lix.systems/lix-project/lix/issues/403 Fixes: https://git.lix.systems/lix-project/lix/issues/319 Change-Id: I5267b02626866fd33e8b4d8794344531af679f78 --- flake.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'flake.nix') diff --git a/flake.nix b/flake.nix index cec970974..9a3087c4b 100644 --- a/flake.nix +++ b/flake.nix @@ -275,6 +275,15 @@ # System tests. tests = import ./tests/nixos { inherit lib nixpkgs nixpkgsFor; } // { + # This is x86_64-linux only, just because we have significantly + # cheaper x86_64-linux compute in CI. + # It is clangStdenv because clang's sanitizers are nicer. + asanBuild = self.packages.x86_64-linux.nix-clangStdenv.override { + sanitize = [ + "address" + "undefined" + ]; + }; # Make sure that nix-env still produces the exact same result # on a particular version of Nixpkgs. -- cgit v1.2.3 From b5c6ce7a537d91ee22d6876ba0166259da2ac3c0 Mon Sep 17 00:00:00 2001 From: Jade Lovelace Date: Tue, 23 Jul 2024 22:53:56 +0200 Subject: Add -Werror CI job We should cause CLs that introduce compiler warnings to fail CI. Sadly this will only cover Clang, but it will cover Clang for free, so it's truly impossible to say if it's bad or not. Change-Id: I45ca20d77251af9671d5cbe0d29cb08c5f1d03c2 --- flake.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'flake.nix') diff --git a/flake.nix b/flake.nix index 9a3087c4b..440320afa 100644 --- a/flake.nix +++ b/flake.nix @@ -283,6 +283,10 @@ "address" "undefined" ]; + # it is very hard to make *every* CI build use this option such + # that we don't wind up building Lix twice, so we do it here where + # we are already doing so. + werror = true; }; # Make sure that nix-env still produces the exact same result -- cgit v1.2.3 From 5eecdd3ae9f47b1aaac22134eced318ff3e4bc41 Mon Sep 17 00:00:00 2001 From: Jade Lovelace Date: Tue, 23 Jul 2024 23:25:18 +0200 Subject: releng: move officialRelease to version.json This was causing a few bits of suffering downstream, in particular, in the NixOS module, which, after this change, can have the `officialRelease` stuff in *it* completely deleted since we now have correct defaulting in package.nix for it. It also eliminates some automated editing of Nix files, which is certainly always welcome to eliminate. Fixes: https://git.lix.systems/lix-project/lix/issues/406 Change-Id: Id12f3018cff4633e379dbfcbe26b7bc84922bdaf --- flake.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'flake.nix') diff --git a/flake.nix b/flake.nix index 440320afa..d2173cf47 100644 --- a/flake.nix +++ b/flake.nix @@ -59,7 +59,8 @@ (Run `touch .nocontribmsg` to hide this message.) ''; - officialRelease = false; + versionJson = builtins.fromJSON (builtins.readFile ./version.json); + officialRelease = versionJson.official_release; # Set to true to build the release notes for the next release. buildUnreleasedNotes = true; @@ -419,7 +420,7 @@ pkgs: stdenv: let nix = pkgs.callPackage ./package.nix { - inherit stdenv officialRelease versionSuffix; + inherit stdenv versionSuffix; busybox-sandbox-shell = pkgs.busybox-sandbox-shell or pkgs.default-busybox-sandbox; internalApiDocs = false; }; -- cgit v1.2.3