Hello Guix! As you might have noticed, there’s now rudimentary continuous integration (CI) for pull requests (PRs):
https://pulls.ci.gnu.org/pull-requests In your PRs, you might have seen “reviews” by ‘guix-cuirass-bot’, sometimes good, sometimes not so informative. :-) This is not an ideal solution but rather a stopgap: we’re adventurous and all but merging pull requests without automated checks feels like Indiana Jones’ perilous walks in the jungle. I believe the better solution is to adapt qa.guix.gnu.org to support Forgejo; to get an idea of how you can help, see: https://codeberg.org/guix/maintenance/issues/24 Back to pulls.ci.guix.org, what it does so far is: 1. Evaluate pull requests, as you’d do with ‘guix pull’. If you get an “Evaluation failed” message from ‘guix-cuirass-bot’, then something’s wrong with your changes. 2. Build all the packages of the ‘guix’ channel but for ‘x86_64-linux’ only, and without cross builds. Notably, it does not run ‘guix lint’ (contrary to qa.guix.gnu.org). The impatient reader could set up a Forgejo Action for that, though. It’s been pretty fun to see it in action over the last few days! There are rough edges, but you can report them to: https://codeberg.org/guix/cuirass/issues … and join us in fixing bugs. :-) Keep in mind that there are also fundamental flaws that will be hard to fix; for those, again, the better option is the Data Service + QA-Frontpage. The setup was discussed here: https://codeberg.org/guix/maintenance/pulls/28 In a nutshell, pulls.ci.guix.gnu.org runs in a throw-away VM. The main reason for this is that it processes untrusted code, and since Cuirass currently doesn’t isolate the “evaluation” process (essentially ‘guix pull’ + ‘guix build -d’), we have to assume that the machine could be compromised. (Of course, Cuirass runs as an unprivileged users, which limits the harm that could be done, but better be safe than sorry.) Consequently, pulls.ci: 1. has limited storage and build power (the former is the main issue, especially because Cuirass wants to build everything, so the VM has to be able to store all of Guix, and it can barely do so right now). 2. will periodically start anew, forgetting about past and pending pull requests. I did the initial stab but please consider it yours: anyone can test things locally with ‘guix system vm’ and send pull requests. That’s about it. Questions? Ideas? Patches? Ludo’.
signature.asc
Description: PGP signature
