Lib.rs

Development toolsBuild Utils
#ambient #ci #radicle-ci-ambient #enbine

build radicle-ci-ambient

A Radicle CI adapter for the Ambient CI enbine

by Lars Wirzenius. Owned by larswirzenius.

10 releases (breaking)

0.8.0 Mar 26, 2025
0.7.0 Mar 17, 2025
0.6.0 Mar 12, 2025
0.5.0 Mar 4, 2025
0.1.0 Jan 10, 2025

#393 in Build Utils

Download history 117/week @ 2025-01-08 5/week @ 2025-01-15 268/week @ 2025-01-29 45/week @ 2025-02-05 229/week @ 2025-02-12 24/week @ 2025-02-19 82/week @ 2025-02-26 81/week @ 2025-03-05 258/week @ 2025-03-12 31/week @ 2025-03-19 142/week @ 2025-03-26 7/week @ 2025-04-02

443 downloads per month
Used in rad-ci

MIT/Apache and GPL-3.0-or-later

40KB
447 lines

radicle-ci-ambient -- a Radicle CI adapter for Ambient CI

Integrate the Ambient CI software with the Radicle CI broker.

Installation and setup

Given a Radicle node with the CI broker:

  • Install and configure ambient on the host. This will require qemu-system-x86_64 and a virtual machine image.
  • Install the Ambient adapter. Below, we assume it's installed as /bin/radicle-ci-ambient but the location doesn't matter, as long as you specify it correctly in the configuration.
  • Adjust the CI broker configuration to use the Ambient adapter:
default_adapter: ambient
adapters:
  ambient:
    command: /bin/radicle-ci-ambient
    env:
      RADICLE_CI_AMBIENT: /home/_rad/radicle-ci-ambient.yaml
      RADICLE_CI_BROKER_WEBROOT: /srv/pages/ci-broker
      PATH: /bin:/home/_rad/.radicle/bin:/home/_rad/.cargo/bin
  • adjust filenames and PATH as necessary
  • Restart the CI adapter.
  • Make sure that each repository that the node runs CI for, has a CI specification file for the Ambient adapter: .radicle/ambient.yaml

Ambient CI specification file

This is also known as a distilled plan. It is YAML, with three fields:

  • pre_plan
  • plan
  • post_plan

Each field is a list of Ambient actions. The pre- and post-plan actions are run locally on the host, and have network access, but they're restricted to a small set of variants that are deemed safe and secure, what Ambient calls trusted actions:

  • cargo_fetch
  • rsync
  • dput

The actions in the plan are less constrained, but they run in a virtual machine without network access.

  • mkdir
  • shell
  • cargo-fmt
  • cargo-clippy
  • cargo-build
  • cargo-test
  • cargo-install
  • deb

(These need to be documented in Ambient.)

Example:

pre_plan:
  - action: cargo_fetch
plan:
  - action: cargo_fmt
  - action: cargo_clippy

  - action: shell
    shell: |
      export DEBEMAIL=liw@liw.fi
      export DEBFULLNAME="Lars Wirzenius"
      export CARGO_TARGET_DIR=/workspace/cache

      # git reset --hard
      # git clean -fdx
      # git switch main
      git status --ignored
      # git clean -fdx

      V="$(dpkg-parsechangelog -SVersion | sed 's/-[^-]*$//')"
      T="$(date -u "+%Y%m%dT%H%M%S")"
      version="$V.ci$T-1"
      dch -v "$version" "CI build under Ambient."
      dch -r ''
  - action: deb

Dependencies

~60–91MB
~1.5M SLoC