tvl-depot/users/wpcarro/ci/pipelines/post-receive.nix

{ pkgs, depot, ... }:

let
  inherit (builtins) path toJSON;

  pipeline.steps = [
    {
      key = "lint-secrets";
      command = "${pkgs.git-secrets}/bin/git-secrets --scan-history";
      label = ":broom: lint secrets";
    }
  ];
in
pkgs.writeText "pipeline.yaml" (toJSON pipeline)
fix(wpcarro/nix): Remove <briefcase> references Angle-bracketed references are a Nix anti-pattern, and thankfully this repository enforces this as a standard. TL;DR: - Drop angle-bracketed references - Change `briefcase` -> `users.wpcarro` - Fix any resulting regressions - Fix //users/wpcarro/tools/simple_vim - Mark //users/wpcarro/boilerplate/typescript and related projects as broken - drop .skip-subtree file, enabling depot CI Change-Id: I7153cbabafa617bfd6b199370cbec65cb75441f6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4325 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com> Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: wpcarro <wpcarro@gmail.com> 2021-12-14 04:51:48 +01:00			`{ pkgs, depot, ... }:`
Define BuildKite pipelines in Nix After a handful of failed attempts to run lint-secrets.sh due to a missing `git-secrets` executable on my git server, I decided that now was a good time to use Nix to define my BuildKite pipelines. TL;DR: - Delete ci/scripts directory - Define ci/pipelines/{briefcase,socrates}.nix Outside of this repository: - I logged into my admin account at git.wpcarro.dev and changed my Gitea post-receive hook to trigger the briefcase pipeline - I logged into my BuildKite account, deleted my build-briefcase pipeline, created a new briefcase pipeline that called: ```shell nix-build -A ci.pipelines.briefcase -o briefcase.yaml buildkite-agent pipeline upload briefcase.yaml ``` One day I will audit all of my ad-hoc, non-mono-repo activity (like the steps I listed above) and attempt to fit everything herein... one step at a time, though! 2020-08-21 12:12:57 +02:00
			`let`
chore(wpcarro/*): Remove some dead code Found this while looking for non-3p uses of builtins.fetchGit. The hailgun package is in the package set now, and the other thing was unused (and it's also in the package set). Change-Id: I6f519fd6014bbed90fc6cee695bed7afbcf55717 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4984 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: wpcarro <wpcarro@gmail.com> 2022-01-17 15:21:40 +01:00			`inherit (builtins) path toJSON;`
Allow configurable BRIEFCASE env var for CI These were hard-coded as $HOME/BRIEFCASE, which won't work in CI, since CI runs as the user buildkite-agent-socrates, whose $HOME directory doesn't exist. 2020-08-31 02:16:31 +02:00
Define BuildKite pipelines in Nix After a handful of failed attempts to run lint-secrets.sh due to a missing `git-secrets` executable on my git server, I decided that now was a good time to use Nix to define my BuildKite pipelines. TL;DR: - Delete ci/scripts directory - Define ci/pipelines/{briefcase,socrates}.nix Outside of this repository: - I logged into my admin account at git.wpcarro.dev and changed my Gitea post-receive hook to trigger the briefcase pipeline - I logged into my BuildKite account, deleted my build-briefcase pipeline, created a new briefcase pipeline that called: ```shell nix-build -A ci.pipelines.briefcase -o briefcase.yaml buildkite-agent pipeline upload briefcase.yaml ``` One day I will audit all of my ad-hoc, non-mono-repo activity (like the steps I listed above) and attempt to fit everything herein... one step at a time, though! 2020-08-21 12:12:57 +02:00			`pipeline.steps = [`
Abandon the pre-receive hook I wanted Gitea to call Buildkite's pre-receive pipeline and either accept or reject the incoming code depending on the outcome. The problem is that I can only create builds from Gitea's pre-receive hook. Now I'm left with two options: 1. run the lint-secrets step in post-receive 2. run `/nix/store/<hash>/git-secrets --scan-history $REPO_PATH` in Gitea As far as I can tell, I cannot define Gitea hooks in Nix, which is unfortunate; otherwise, option 2 would appeal more. I'm doing option one for now. 2020-08-22 10:09:15 +02:00			`{`
			`key = "lint-secrets";`
			`command = "${pkgs.git-secrets}/bin/git-secrets --scan-history";`
			`label = ":broom: lint secrets";`
			`}`
Define BuildKite pipelines in Nix After a handful of failed attempts to run lint-secrets.sh due to a missing `git-secrets` executable on my git server, I decided that now was a good time to use Nix to define my BuildKite pipelines. TL;DR: - Delete ci/scripts directory - Define ci/pipelines/{briefcase,socrates}.nix Outside of this repository: - I logged into my admin account at git.wpcarro.dev and changed my Gitea post-receive hook to trigger the briefcase pipeline - I logged into my BuildKite account, deleted my build-briefcase pipeline, created a new briefcase pipeline that called: ```shell nix-build -A ci.pipelines.briefcase -o briefcase.yaml buildkite-agent pipeline upload briefcase.yaml ``` One day I will audit all of my ad-hoc, non-mono-repo activity (like the steps I listed above) and attempt to fit everything herein... one step at a time, though! 2020-08-21 12:12:57 +02:00			`];`
Allow configurable BRIEFCASE env var for CI These were hard-coded as $HOME/BRIEFCASE, which won't work in CI, since CI runs as the user buildkite-agent-socrates, whose $HOME directory doesn't exist. 2020-08-31 02:16:31 +02:00			`in`
			`pkgs.writeText "pipeline.yaml" (toJSON pipeline)`