Does it run? Dev Journal 3

This post is part of the "Dev Journal" series. Part 1 contains the series index, while the DevJournal3 tag for the CalDance project in GitLab holds the state of the repository as described here.

A short update this time. Gregg Bremer (hi Gregg!) pointed out that running nix run on his linux machine resulted in an error about not being able to find libssl.

This neatly highlights one of the weak spots of Nix; while an excellent packaging solution, it isn't perfect. Nix sandboxes your packages by altering the path environment variable, but not everything is located via that mechanism.

In this case, nix run ran on my machine because I happened to have the libraries in the "right place" for a self contained dotnet core executable, but Gregg did not.

Neither, it turns out, did the docker container I was building. I built and tested it initially with a dotnet console app (which did work, not needing libssl) and then carried on assuming that running nix run on my local machine would also tell me if the docker image could run correctly.

I've now fixed up the code in the previous posts (we needed to add some runtimeDeps to our server package, and the docker image start up command needs to create a writable /tmp directory for asp.net to run correctly).

Most importantly though, I've also made sure that CI will prevent this from happening again by actually checking that the docker image produced can respond to a request to the index with a 200 response code. This is done by adding "stages" to our CI build; the first does exactly what we were doing already, the second then starts the just finished docker image as a "service" and uses curl to check it can respond to us.

You can check out the revised .gitlab-ci.yml file below:

  - build-container
  - end-to-end-tests

  stage: build-container
    name: "nixos/nix:2.19.3"
    - nix-env --install --attr nixpkgs.skopeo
    - mkdir -p "$HOME/.config/nix"
    - echo 'experimental-features = nix-command flakes' > "$HOME/.config/nix/nix.conf"
    - mkdir -p "/etc/containers/"
    - echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
    - skopeo login --username "$CI_REGISTRY_USER" --password "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
    - 'nix build .#dockerImage .#test'
    - mkdir testResults
    - 'cp result-1/* testResults'
    - ls -lh ./result
    - 'skopeo inspect docker-archive://$(readlink -f ./result)'
    - 'skopeo copy docker-archive://$(readlink -f ./result) docker://$IMAGE_TAG'
    when: always
      - 'testResults/*.xml'
      junit: 'testResults/*.xml'

  stage: end-to-end-tests
    name: "nixos/nix:2.19.3"
    GIT_STRATEGY: none
    - name: $IMAGE_TAG
      alias: caldance
    - curl -f "http://caldance:5001/"

Next up: adding in the database