refac(cross): fluidattacks#1223 restructure tests

- Move container to root directory
- Move tests to root directory
- Move utils to root directory
- Create an isolated namespace per test
- Adapt CI jobs

Signed-off-by: Daniel Salazar <[email protected]>

.github/workflows/dev.yml

@@ -35,22 +35,6 @@ jobs:
       - name: /deployTerraform/module
         run: nix-env -if . && m . /deployTerraform/module
 
-  linux_dev_example:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
-      - uses: docker://docker.io/nixos/nix@sha256:c3db4c484f6b1ee6c9bb8ca90307cfbeca8ef88156840911356a677eeaff4845
-        name: /dev/example
-        with:
-          args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /dev/example"
-  macos_dev_example:
-    runs-on: macos-latest
-    steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
-      - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac
-      - name: /dev/example
-        run: nix-env -if . && m . /dev/example
-
   linux_dev_makes:
     runs-on: ubuntu-latest
     steps:
@@ -388,15 +372,15 @@ jobs:
       - name: /testTerraform/module
         run: nix-env -if . && m . /testTerraform/module
 
-  linux_computeOnAwsBatch_module:
+  linux_tests_computeOnAwsBatch:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
       - uses: docker://docker.io/nixos/nix@sha256:c3db4c484f6b1ee6c9bb8ca90307cfbeca8ef88156840911356a677eeaff4845
         name: /tests/computeOnAwsBatch
         with:
           args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /tests/computeOnAwsBatch
-  macos_computeOnAwsBatch_module:
+  macos_tests_computeOnAwsBatch:
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222

.github/workflows/prod.yml

@@ -122,26 +122,6 @@ jobs:
         env:
           CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
 
-  linux_dev_example:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
-      - uses: docker://docker.io/nixos/nix@sha256:c3db4c484f6b1ee6c9bb8ca90307cfbeca8ef88156840911356a677eeaff4845
-        name: /dev/example
-        with:
-          args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /dev/example"
-        env:
-          CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-  macos_dev_example:
-    runs-on: macos-latest
-    steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
-      - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac
-      - name: /dev/example
-        run: nix-env -if . && m . /dev/example
-        env:
-          CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-
   linux_docs_deploy:
     runs-on: ubuntu-latest
     steps:
@@ -544,15 +524,15 @@ jobs:
         env:
           CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
 
-  linux_computeOnAwsBatch_module:
+  linux_tests_computeOnAwsBatch:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
       - uses: docker://docker.io/nixos/nix@sha256:c3db4c484f6b1ee6c9bb8ca90307cfbeca8ef88156840911356a677eeaff4845
         name: /tests/computeOnAwsBatch
         with:
           args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /tests/computeOnAwsBatch
-  macos_computeOnAwsBatch_module:
+  macos_tests_computeOnAwsBatch:
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222

makes/container-image/makes.nix → container/makes.nix

@@ -1,5 +1,52 @@
 { outputs, __nixpkgs__, ... }: {
-  jobs."/container-image" = __nixpkgs__.dockerTools.buildImage {
+  deployContainer = {
+    makesAmd64 = {
+      credentials = {
+        token = "GITHUB_TOKEN";
+        user = "GITHUB_ACTOR";
+      };
+      image = "ghcr.io/fluidattacks/makes:amd64";
+      src = outputs."/container";
+      sign = true;
+    };
+    makesArm64 = {
+      credentials = {
+        token = "GITHUB_TOKEN";
+        user = "GITHUB_ACTOR";
+      };
+      image = "ghcr.io/fluidattacks/makes:arm64";
+      src = outputs."/container";
+      sign = true;
+    };
+  };
+  deployContainerManifest = {
+    makes = {
+      credentials = {
+        token = "GITHUB_TOKEN";
+        user = "GITHUB_ACTOR";
+      };
+      image = "ghcr.io/fluidattacks/makes:latest";
+      manifests = [
+        {
+          image = "ghcr.io/fluidattacks/makes:amd64";
+          platform = {
+            architecture = "amd64";
+            os = "linux";
+          };
+        }
+        {
+          image = "ghcr.io/fluidattacks/makes:arm64";
+          platform = {
+            architecture = "arm64";
+            os = "linux";
+          };
+        }
+      ];
+      sign = true;
+      tags = [ "24.12" ];
+    };
+  };
+  jobs."/container" = __nixpkgs__.dockerTools.buildImage {
     config = {
       Env = [
         "HOME=/home/root"
@@ -24,7 +71,7 @@
       User = "root:root";
       WorkingDir = "/working-dir";
     };
-    name = "container-image";
+    name = "container";
     tag = "latest";
 
     copyToRoot = __nixpkgs__.buildEnv {

makes.nix

@@ -1,7 +1,4 @@
-{ fetchNixpkgs, fetchUrl, makeScript, outputs, projectPath, __nixpkgs__, ...
-}: {
-  imports = [ ./docs/makes.nix ./makes/makes.nix ];
-  projectIdentifier = "makes-repo";
+{ fetchNixpkgs, outputs, __nixpkgs__, ... }: {
   cache = {
     readNixos = true;
     extra = {
@@ -16,77 +13,12 @@
       };
     };
   };
-  deployContainer = {
-    makesAmd64 = {
-      credentials = {
-        token = "GITHUB_TOKEN";
-        user = "GITHUB_ACTOR";
-      };
-      image = "ghcr.io/fluidattacks/makes:amd64";
-      src = outputs."/container-image";
-      sign = true;
-    };
-    makesArm64 = {
-      credentials = {
-        token = "GITHUB_TOKEN";
-        user = "GITHUB_ACTOR";
-      };
-      image = "ghcr.io/fluidattacks/makes:arm64";
-      src = outputs."/container-image";
-      sign = true;
-    };
-  };
-  deployContainerManifest = {
-    makes = {
-      credentials = {
-        token = "GITHUB_TOKEN";
-        user = "GITHUB_ACTOR";
-      };
-      image = "ghcr.io/fluidattacks/makes:latest";
-      manifests = [
-        {
-          image = "ghcr.io/fluidattacks/makes:amd64";
-          platform = {
-            architecture = "amd64";
-            os = "linux";
-          };
-        }
-        {
-          image = "ghcr.io/fluidattacks/makes:arm64";
-          platform = {
-            architecture = "arm64";
-            os = "linux";
-          };
-        }
-      ];
-      sign = true;
-      tags = [ "24.12" ];
-    };
-  };
-  deployTerraform = {
-    modules = {
-      module = {
-        src = "/test/terraform/module";
-        version = "1.0";
-      };
-    };
-  };
   dev = {
-    example = { bin = [ __nixpkgs__.hello ]; };
     makes = {
       bin = [ __nixpkgs__.just __nixpkgs__.reuse ];
       source = [ outputs."/cli/env/runtime" ];
     };
   };
-  envVars = {
-    example = {
-      # Don't do this in production, it's unsafe. We do this for testing purposes.
-      PGP_PRIVATE = builtins.readFile ./makes/tests/secretsForGpgFromEnv/pgp;
-      PGP_PUBLIC = builtins.readFile ./makes/tests/secretsForGpgFromEnv/pgp.pub;
-      VAR_NAME = "test";
-    };
-  };
-  envVarsForTerraform = { example = { VAR_NAME = "test"; }; };
   extendingMakesDirs = [ "/makes" ];
   formatBash = {
     enable = true;
@@ -104,10 +36,13 @@
     enable = true;
     targets = [ "/" ];
   };
-  helloWorld = {
-    enable = true;
-    name = "Jane Doe";
-  };
+  imports = [
+    ./container/makes.nix
+    ./docs/makes.nix
+    ./makes/makes.nix
+    ./tests/makes.nix
+    ./utils/makes.nix
+  ];
   inputs = {
     nixpkgs = fetchNixpkgs {
       rev = "f88fc7a04249cf230377dd11e04bf125d45e9abe";
@@ -118,60 +53,11 @@
     enable = true;
     targets = [ "/" ];
   };
-  lintGitMailMap = { enable = true; };
+  lintGitMailMap.enable = true;
   lintNix = {
     enable = true;
     targets = [ "/" ];
   };
-  lintTerraform = {
-    modules = {
-      module = {
-        src = "/test/terraform/module";
-        version = "1.0";
-      };
-    };
-  };
-  lintWithAjv = {
-    "test" = {
-      schema = "/test/lint-with-ajv/schema.json";
-      targets =
-        [ "/test/lint-with-ajv/data.json" "/test/lint-with-ajv/data.yaml" ];
-    };
-  };
-  pipelines = {
-    example = {
-      gitlabPath = "/test/pipelines/.gitlab-ci.yaml";
-      jobs = [
-        {
-          output = "/lintNix";
-          args = [ ];
-        }
-        {
-          output = "/helloWorld";
-          args = [ "1" "2" "3" ];
-        }
-      ];
-    };
-  };
-  secretsForGpgFromEnv = { example = [ "PGP_PUBLIC" "PGP_PRIVATE" ]; };
-  secretsForEnvFromSops = {
-    example = {
-      manifest = "/makes/tests/secretsForGpgFromEnv/secrets.yaml";
-      vars = [ "secret" ];
-    };
-  };
-  secretsForTerraformFromEnv = { example = { test = "VAR_NAME"; }; };
-  testLicense = { enable = true; };
-  testTerraform = {
-    modules = {
-      module = {
-        setup = [
-          outputs."/envVars/example"
-          outputs."/secretsForTerraformFromEnv/example"
-        ];
-        src = "/test/terraform/module";
-        version = "1.0";
-      };
-    };
-  };
+  projectIdentifier = "makes-repo";
+  testLicense.enable = true;
 }

makes/makes.nix

@@ -1,19 +1,7 @@
 { __nixpkgs__, makeScript, outputs, projectPath, ... }:
 let makesVersion = "24.12";
 in {
-  imports = [
-    ./cli/env/runtime/makes.nix
-    ./cli/env/runtime/pypi/makes.nix
-    ./container-image/makes.nix
-    ./tests/commitlint/makes.nix
-    ./tests/computeOnAwsBatch/makes.nix
-    ./tests/makeScript/makes.nix
-    ./tests/makeSearchPaths/makes.nix
-    ./tests/makeTemplate/makes.nix
-    ./tests/secretsForGpgFromEnv/makes.nix
-    ./utils/makePythonLock/makes.nix
-    ./utils/makeRubyLock/makes.nix
-  ];
+  imports = [ ./cli/env/runtime/makes.nix ./cli/env/runtime/pypi/makes.nix ];
 
   jobs."/" = makeScript {
     aliases = [ "m-v${makesVersion}" "makes" "makes-v${makesVersion}" ];

makes/tests/commitlint/makes.nix → tests/commitlint/makes.nix

@@ -2,7 +2,7 @@
   jobs."/tests/commitlint" = makeScript {
     name = "commitlint";
     entrypoint = ''
-      pushd makes/tests/commitlint
+      pushd tests/commitlint
 
       commit_hash="$(git --no-pager log --pretty=%h origin/main..HEAD)"
 

tests/helloWorld/makes.nix

@@ -0,0 +1,6 @@
+{
+  helloWorld = {
+    enable = true;
+    name = "Jane Doe";
+  };
+}

tests/lintWithAjv/makes.nix

@@ -0,0 +1,9 @@
+{
+  lintWithAjv = {
+    "test" = {
+      schema = "/tests/lintWithAjv/schema.json";
+      targets =
+        [ "/tests/lintWithAjv/data.json" "/test/lintWithAjv/data.yaml" ];
+    };
+  };
+}

makes/tests/makeScript/README.md → tests/makeScript/README.md

@@ -1,6 +1,6 @@
 # A Script With a Help
 
-- This is `makes/tests/makeScript/README.md`
+- This is `tests/makeScript/README.md`
 - You might be looking at it beautifully rendered on GitHub / GitLab / etc.
 - You also might be looking at it beautifully rendedred on the CLI\*.
 

tests/makes.nix

@@ -0,0 +1,13 @@
+{
+  imports = [
+    ./commitlint/makes.nix
+    ./computeOnAwsBatch/makes.nix
+    ./helloWorld/makes.nix
+    ./lintWithAjv/makes.nix
+    ./makeScript/makes.nix
+    ./makeSearchPaths/makes.nix
+    ./makeTemplate/makes.nix
+    ./pipelines/makes.nix
+    ./secretsForGpgFromEnv/makes.nix
+  ];
+}