hercules-ci / arion

Run docker-compose with help from Nix/NixOS
Apache License 2.0
667 stars 48 forks source link

Can Arion be run inside a derivation? #194

Open KaiserKarel opened 1 year ago

KaiserKarel commented 1 year ago

I'd like to use arion in the checkPhase. Is there an example on doing so? Useful in e2e tests.

roberth commented 1 year ago

Either

  1. It can run in a NixOS VM test (available externally). See https://github.com/hercules-ci/arion/blob/main/tests/arion-test/default.nix for an example test implementation (multiple networks in sequence)
  2. In theory it should be possible to run bare podman (or docker?) containers in the build sandbox on linux using auto-allocate-uids, but that's going to need some experimentation. Configuring the container engine to use a socket and different config file locations (not /etc) seems like non-trivial work.

So the path of least resistance is to use NixOS VM tests. That's not really checkPhase, but at least you'll test reproducibly in Nix. You'll need a linux machine with "KVM" virtualization, e.g. local hardware, bare metal server, or a cloud with nested virtualization support. If that's a problem, playing around with auto uid allocation is the only way.

Leon-Africa commented 1 year ago

@KaiserKarel how about Kind?

roberth commented 1 year ago

@Leon-Africa such a tool needs a container runtime to work inside the Nix sandbox, just like arion would need.

@KaiserKarel I've updated my answer with a link to a test that tests the arion examples in this repo. It runs in the sandbox and requires kvm virtualization support.