feat(colmena): Apply deployment protection from Jade Lovelace

This commit is contained in:
Tom Hubrecht 2024-03-07 09:04:16 +01:00
parent 4f1e579fa8
commit d4c6f05ed3
3 changed files with 46 additions and 2 deletions

View file

@ -74,10 +74,12 @@ in
with pkgs; with pkgs;
[ [
npins npins
colmena
nixos-generators nixos-generators
] ]
++ (builtins.map (p: callPackage p { }) [ (sources.disko + "/package.nix") ]) ++ (builtins.map (p: callPackage p { }) [
(sources.disko + "/package.nix")
./lib/colmena
])
) )
++ (import ./scripts { inherit pkgs; }); ++ (import ./scripts { inherit pkgs; });

11
lib/colmena/default.nix Normal file
View file

@ -0,0 +1,11 @@
# Copyright: Jade Lovelace <lix@jade.fyi> 2024
{ colmena, runCommandNoCC }:
runCommandNoCC "colmena-wrapper" { env.colmena = "${colmena}/bin/colmena"; } ''
mkdir -p $out
ln -s ${colmena}/share $out/share
mkdir $out/bin
substituteAll ${./wrapper.sh.in} $out/bin/colmena
chmod +x $out/bin/colmena
''

31
lib/colmena/wrapper.sh.in Normal file
View file

@ -0,0 +1,31 @@
#!/usr/bin/env bash
#
# Copyright: Jade Lovelace <lix@jade.fyi> 2024
doChecks() {
# creates refs in the refs/prefetch/remotes/origin namespace
echo "Prefetching repo changes..." >&2
git fetch --quiet --prefetch --no-write-fetch-head origin
diffs=$(git rev-list --left-right --count HEAD...refs/prefetch/remotes/origin/main)
only_in_local=$(echo "$diffs" | cut -f1)
only_in_main=$(echo "$diffs" | cut -f2)
if [[ $only_in_main -gt 0 && ! -v $FORCE_DEPLOY_DGNUM ]]; then
echo >&2
echo "Attempting to deploy when main has $only_in_main commits not in your branch!" >&2
echo "This will probably revert someone's changes. Consider merging them." >&2
echo "If you really mean it, set the environment variable FORCE_DEPLOY_DGNUM" >&2
exit 1
fi
if [[ $only_in_local -gt 0 ]]; then
echo "You have $only_in_local commits not yet pushed to main. Reminder to push them after :)" >&2
fi
}
if [[ $1 == 'apply' ]]; then
doChecks
fi
exec @colmena@ "$@"