Run integv2 tests with nix

[harrisonkaiser]

Resolved issues:

This PR adds the ability run a devShell using nix develop.

That devShell gives you access to all the packages you need installed to run most of the integration tests, unit tests, and even clang-format the repo:

$ nix develop
...
[in-dev-shell] $ configure
<runs-cmake-configure-stage>...

[in-dev-shell] $ build
<runs-cmake-build-stage>...

[in-dev-shell] $ integ happy
<runs-happy-path-integ-test>...

[in-dev-shell] $ unit
<runs-all-unit-tests>...

[in-dev-shell] $ check-clang-format
<running clang-format checks>...

[in-dev-shell] $ do-clang-format
<running clang-format in place>...

Description of changes:

This PR adds many derivations.

Call-outs:

This is only tested on x86-linux. See: #3841

Testing:

Locally -- lots of building and rebuilding. Good thing there is a cache.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[camshaft]

Is it possible to have multiple dev shells where you can select these?

[harrisonkaiser]

We do that for build, but it doesn't make as much sense here. Often if you are debugging something with openssl you'll want access to all of them. I do think that it is a little silly to have them all commented out here though. Instead I propose putting them all in the environment and creating alias so you can run all the openssls.

[harrisonkaiser]

@dougch brought up a good point: adding all the libcryptos here makes it difficult to build different versions of the library in the devShell. We might need to make different devShells for that reason alone.

[dougch]

Good stuff. Still on the fence about including all of the various libcrypto's in the default devShell, but it does make for less work to flip between them this way. Local testing (minus offline discussion) worked on x86.

[dougch]

Is this a common pattern? The checkPhase seems meant for unit tests?

[harrisonkaiser]

I found some evidence online that the checkPhase is for flame tests. Like "is the binary actually there", "does it execute" ect... The problem with tests is that they add non-determinism in the build. The advice I got was to either 1) build the tests and install them or 2) just use the devShell. There isn't really a way to "build" and "install" the Python tests so I figured I'd cater to the developer and make it easy to build/run the tests.

There is also a non-nix reason not to build the tests in the main build. If we want to run the unit tests we have to build them. Building them means we aren't able to take advantage of LTO optimization. This PR is mostly focused on the dev shell, but one area for improvement is to make the build here match the release build as exactly as possible. See 4. on #3841

[camshaft]

This should really be added as a target in the cmake integ test section. I'm assuming that's possible?

[harrisonkaiser]

This simply reflects what the codebuild bin script does already. Moving the Java dependency into CMakeLists.txt is a goal but to do that idiomatically requires the use of ctests fixtures which requires at least cmake 3.7 (see here). Our minimum required cmake version is 3.0. One alternative to using fixtures is to create a script that cmake invokes (the script could handle the java compile, as well as apache setup, for the appropriate test cases).

I think this change is somewhat involved and should go in its own PR.

[camshaft]

This is fine for now but it's a bit limiting. I'm not sure if there's a better way to expose the matrix of options one might want to test, though.

[harrisonkaiser]

My intention here is to be an opinionated default. If you want to build with your own options you can invoke CMake directly. Perhaps there is a limited set of default options that invoke CMake in a few different ways. But I don't think that exposing the whole matrix of options makes sense, CMake already does that and you can use it directly for that purpose.

[harrisonkaiser]

Waiting a re-approval from @dougch.

[dougch]

We'll iterate some on this in a future PR.

[harrisonkaiser]

We'll iterate some on this in a future PR.

#3841