Impure tests

You can have NixCI automatically run impure test using secrets and the internet.

Step 1: Configuration

To activate the impure testing mechanism, add a test section to your NixCI configuration.

For example, this example test configures the packages.x86_64-linux.impure-test package to be run as a test:

{
  test = {
    example = {
      branches = "default";
      package = "packages.x86_64-linux.impure-test";
    };
  };
}

In particular, NixCI will nix run packages.x86_64-linux.impure-test , which will execute the package's meta.mainProgram .

Step 2: Secrets & Environment Variables

Tests can access secrets and SSH keys as environment variables. See the Secrets & SSH Keys documentation for how to declare and use them.

NixCI also automatically provides git metadata as environment variables during tests.

Reference schema

test: # optional
  # default: {}
  # Test Configurations
  <key>: 
    # TestConfiguration
    enable: # optional
      # default: true
      # enable this test
      <boolean>
    package: # required
      # package of which the main program will be run
      <string>
    system: # optional
      # system on which the test will be run
      <string>
    branches: # optional
      # default: any
      # branches from which may be tested
      # any of
      [ # Run from any branch
        any
      , # The same as "any"
        all
      , # Only run from the default branch
        default
      , # Do not run from any branch
        none
      , # Run from any of this list of branches
        - <string>
      , # true means any branch, false means none
        <boolean>
      ]
    in-repo: # optional
      # Run the job in a checkout of the repository at the right revision
      # default: False
      # Setting this to false is more efficient if the job doesn't need to access to git history.
      # You can use ${self} to refer to the flake source if you need access to the repository contents at the current commit only.
      <boolean>
    secrets: # optional
      # default: []
      # secrets provided to the test
      - <string>
    ssh-keys: # optional
      # default: []
      # ssh keys provided to the test
      - # SshKeyConfiguration
        secret: # required
          # name of the secret on NixCI to use as the private key
          <string>
        public-key: # required
          # public key of the ssh key
          <string>