\documentclass{beamer} \usepackage{graphicx} \usepackage[outputdir=../aux/tex]{minted} \usepackage[showboxes,absolute,overlay]{textpos} \usepackage{tikz} \usepackage{svg} \usetikzlibrary{calc,tikzmark} \title{buildbot-nix} \author{Richard Brežák} \date{2024} \usetheme[progressbar=frametitle]{moloch} \newcommand\beamercoverdeemph{% \setbeamercovered{again covered={\opaqueness<1->{30}}}% } \begin{document} \frame{\titlepage} \begin{frame} \centering There is no good open-source Nix CI/CD \end{frame} \begin{frame}{Hydra} \beamercoverdeemph{} \centering \begin{itemize} \item<2>{heavy-weight, keeps track of every store path} \item<3>{lots of legacy Perl} \item<4>{hard to deploy, administer and hack on} \item<5>{\texttt{nixpkgs} scale CI for \texttt{nixpkgs} scale problems} \item<6,7>{doesn't integrate well with GitHub/Gitea\only<7>{, especially PRs}} \end{itemize} \end{frame} \begin{frame} \begin{columns}[c] \begin{column}{0.49\textwidth} \centering I attempted to run Hydra \end{column} \begin{column}{0.02\textwidth} \rule{.1mm}{0.7\textheight} \end{column} \begin{column}{0.49\textwidth} \centering I've succeeded and I'm still running it \end{column} \end{columns} \end{frame} \begin{frame}{GitHub/Gitea Actions} \beamercoverdeemph{} \centering \begin{itemize} \item<2>{not Nix native} \item<3>{cannot use the build sandbox generally} \item<4>{caching is hard to get right or wasteful} \item<5>{build logs become a jumbled mess \textit{OR} may repeat builds} \item<6>{if done naively, you will get an OOM} \end{itemize} \end{frame} \begin{frame} \includegraphics[width=1.0\textwidth]{../figures/how-standards-prolifirate.png} \end{frame} \begin{frame}[fragile] \begin{center} \verb|buildbot-nix| \end{center} \end{frame} \begin{frame} \begin{columns}[c] \begin{column}{0.49\textwidth} \centering I know of buildbot-nix \end{column} \begin{column}{0.02\textwidth} \rule{.1mm}{0.7\textheight} \end{column} \begin{column}{0.49\textwidth} \centering I've never heard of it \end{column} \end{columns} \end{frame} \begin{frame}{buildbot?} \begin{columns}[c] \begin{column}{0.5\textwidth} \beamercoverdeemph{} \begin{itemize} \item<1> CI/CD framework \item<2> written in Python \item<3> used by many projects \end{itemize} \vspace{1.0em} \uncover<4->{essentially...} \\ \vspace{1.0em} \uncover<5->{Jenkins but in Python} \end{column} \begin{column}{0.5\textwidth} \pgfdeclareimage[width=5em]{openzfs}{../figures/openzfs-logo.png} \pgfdeclareimage[width=5em]{python}{../figures/python.png} \pgfdeclareimage[width=5em]{gentoo}{../figures/gentoo.png} \pgfdeclareimage[width=5em]{blender}{../figures/blender.png} \pgfdeclareimage[width=5em]{llvm}{../figures/llvm.png} \pgfdeclareimage[width=20em]{nix-community}{../figures/nix-community.png} \begin{column}<3->{0.5\textwidth} %% \pgfmathsetseed{2} \begin{tikzpicture} %% \makeatletter %% \pgfmathdeclarefunction{rndx}{0}{ %% \pgfmathrandom{-1em, 1em} \pgfmathresult %% } %% \pgfmathdeclarefunction{rndy}{0}{ %% \pgfmathrandom{-1em, 1em} \pgfmathresult %% } %% \makeatother %% \draw (0, 0) node {\pgftext{\includesvg[width=1em]{../figures/python-logo.svg}}}; \draw (-14em, 7em) node {\pgfuseimage{openzfs}}; \draw (-14em, -7em) node {\pgfuseimage{blender}}; \draw (-14em, 0) node {\pgfuseimage{gentoo}}; \draw (-7em, 3.5em) node {\pgfuseimage{python}}; \draw (-7em, -3.5em) node {\pgfuseimage{llvm}}; %% \draw (0, 0) node {\pgftext{\includegraphics{silver}}}}; \end{tikzpicture} \end{column} \end{column} \end{columns} \end{frame} \begin{frame}{buildbot!} \includegraphics[width=1.0\linewidth]{../figures/python-buildbot.png} \end{frame} \begin{frame}{buildbot-nix?} \beamercoverdeemph{} \begin{itemize} \item<1> CI/CD for Nix \item<2> plugin for \texttt{buildbot} \item<3> written in Python \item<4> can run on PRs safely -- configuration is server-side \end{itemize} \begin{uncoverenv}<5> \begin{center} \Large Aiming for smaller projects \end{center} \end{uncoverenv} \begin{onlyenv}<6> \begin{tikzpicture}[overlay] \fill[white, opacity=0.7] (-0.2\paperwidth,1.0\paperheight) rectangle (1.0\paperwidth, -0.2\paperheight); \draw (0.45\textwidth,0.175\textheight) node {\pgfuseimage{nix-community}}; \end{tikzpicture} \end{onlyenv} \end{frame} \begin{frame}[fragile] \begin{minted}[linenos=true,bgcolor=bg,breaklines,tabsize=2]{nix} { inputs = { ... }; outputs = { ... }: { checks.${system} = { treefmt = treefmt...check; packageTest = runCommand "package-test" { } "exit 1"; }; formatter.${system} = treefmt...wrapper; }; } \end{minted} {\tiny (not true Nix)} \end{frame} \begin{frame} \includegraphics[width=1.0\textwidth]{../figures/gh-status-ex01.png} \begin{textblock}{2.5}(12.5,14.5) {\footnotesize(find the bug)} \end{textblock} \end{frame} \begin{frame} \includegraphics[width=1.0\textwidth]{../figures/buildbot-view.png} \end{frame} \begin{frame} \centering How do I get this? \end{frame} \begin{frame} \centering Easily! \end{frame} \begin{frame}[fragile] \newcommand<>{\circletikz}[2]{% \begin{onlyenv}#3 \begin{tikzpicture}[overlay,remember picture] \draw[draw = red, line width=0.3mm] let \p1 = ($(pic cs:#1) - (pic cs:#2)$), \p2 = ($1/2*(\x1,\y1)$) in ($(pic cs:#1) - 1/2*(\x1, \y1) + (0, 0.25em)$) ellipse (\x2 and 1em); \end{tikzpicture}% \end{onlyenv}% } \newcommand<>{\underlinetikz}[2]{% \begin{onlyenv}#3 \begin{tikzpicture}[overlay,remember picture] \draw[draw = red, line width=0.3mm] ($(pic cs:#1) - (0, 0.125em)$) -- ($(pic cs:#2) - (0, 0.125em)$); \end{tikzpicture}% \end{onlyenv}% } \begin{minted}[escapeinside=||,beameroverlays,fontsize=\small,linenos=true,bgcolor=bg,breaklines,tabsize=2]{nix} services.buildbot-nix.master = { enable = true; jobReportLimit = |\tikzmark{jobsS}|null|\tikzmark{jobsE}|; domain = |\tikzmark{domainS}|"buildbot.example.org"|\tikzmark{domainE}|; workersFile = |\tikzmark{workersS}|"/secret/workers.json"|\tikzmark{workersE}|; admins = |\tikzmark{adminsS}|["your-nickname"]|\tikzmark{adminsE}|; authBackend = |\tikzmark{githubS}|"github"|\tikzmark{githubE}|; |\tikzmark{githubS}|github|\tikzmark{githubE}| = { |\tikzmark{githubEnableS}|enable = true|\tikzmark{githubEnableE}|; webhookSecretFile = |\tikzmark{webhookS}|"/secret/github_webhook_secret"|\tikzmark{webhookE}|; oauthId = |\tikzmark{oauthIdS}|"..."|\tikzmark{oauthIdE}|; oauthSecretFile = |\tikzmark{oauthSecretS}|"/secret/github_oauth_secret"|\tikzmark{oauthSecretE}|; topic = |\tikzmark{topicS}|"build-with-buildbot"|\tikzmark{topicE}|; authType.app = { secretKeyFile = |\tikzmark{secretKeyS}|"/secret/github_app_private_key.pem"|\tikzmark{secretKeyE}|; id = |\tikzmark{idS}|881425|\tikzmark{idE}|; }; }; }; \end{minted} \underlinetikz<2>{domainS}{domainE} \underlinetikz<3>{githubS}{githubE} \underlinetikz<3>{githubEnableS}{githubEnableE} \underlinetikz<4>{workersS}{workersE} \underlinetikz<4>{webhookS}{webhookE} \underlinetikz<4>{oauthIdS}{oauthIdE} \underlinetikz<4>{oauthSecretS}{oauthSecretE} \underlinetikz<4>{secretKeyS}{secretKeyE} \underlinetikz<4>{idS}{idE} \underlinetikz<5>{topicS}{topicE} \underlinetikz<5>{jobsS}{jobsE} \end{frame} \begin{frame}[fragile] \begin{center} and you have buildbot running \end{center} \begin{textblock}{10.0}(5.5,14.5) {\footnotesize(after configuring \verb|services.nginx.virtualHosts|)} \end{textblock} \end{frame} \begin{frame} \centering What are the features? \end{frame} \newcommand{\imagewithtitle}[2]{% \begin{minipage}[t][1em]{1.0\linewidth} \centering #1 \end{minipage}\\ \vspace{1.5em} \includegraphics[width=1.0\linewidth, height=0.8\textheight, keepaspectratio]{#2}% } %% \begin{frame}[fragile] %% %% \begin{columns} %% %% \begin{column}{0.5\textwidth} %% \centering %% \imagewithtitle{\Large builds \texttt{.\#checks}}{../figures/buildbot-view.png} %% %% \end{column} %% %% \begin{column}{0.5\textwidth} %% \centering %% \imagewithtitle{\Large status reports}{../figures/gh-status-ex01.png} %% %% \end{column} %% %% \end{columns} %% \end{frame} \begin{frame} \begin{columns} \begin{column}{0.5\textwidth} \centering \imagewithtitle{\Large Gitea/Forgejo}{../figures/forgejo.png} \end{column} \begin{column}{0.5\textwidth} \centering \imagewithtitle{\Large GitHub}{../figures/github.png} \end{column} \end{columns} \end{frame} \begin{frame} \centering \imagewithtitle{\Large Cachix}{example-image-a} \end{frame} \begin{frame} \centering \imagewithtitle{\Large post build steps}{example-image-a} \end{frame} \begin{frame} \centering \imagewithtitle{\Large per-repository settings}{example-image-a} \end{frame} \begin{frame} \centering \imagewithtitle{\Large per-repository effects with secrets (soon)}{example-image-a} \end{frame} \begin{frame} \centering Questions? \end{frame} %% \begin{frame} %% \centering %% what can it do? %% \end{frame} %% \begin{frame}[fragile] %% \centering %% \verb|buildbot-nix| will evaluate \verb|#checks| for all systems %% \end{frame} %% \begin{frame}[fragile] %% \centering %% it will report evaluation failures %% \end{frame} %% \begin{frame}[fragile] %% \centering %% it will build derivations for supported systems %% \end{frame} \end{document} % there is no good opensource CI % then we built it % why is hydra not great % what is it we built, what does it offer % now there is good opensource CI, check out % call for action