2021-08-29 14:25:59 +02:00
|
|
|
# This file defines the static Buildkite pipeline which attempts to
|
|
|
|
# create the dynamic pipeline of all depot targets.
|
|
|
|
#
|
|
|
|
# If something fails during the creation of the pipeline, the fallback
|
|
|
|
# is executed instead which will simply report an error to Gerrit.
|
2020-11-17 23:27:38 +01:00
|
|
|
---
|
2022-03-30 11:52:05 +02:00
|
|
|
env:
|
|
|
|
BUILDKITE_TOKEN_PATH: /run/agenix/buildkite-graphql-token
|
2020-11-17 23:27:38 +01:00
|
|
|
steps:
|
2022-01-19 20:49:29 +01:00
|
|
|
# Run pipeline for tvl-kit when new commits arrive on canon. Since
|
|
|
|
# it is not part of the depot build tree, this is a useful
|
|
|
|
# verification to ensure we don't break external things (too much).
|
|
|
|
- trigger: "tvl-kit"
|
|
|
|
async: true
|
|
|
|
label: ":fork:"
|
|
|
|
branches: "refs/heads/canon"
|
|
|
|
build:
|
|
|
|
message: "Verification triggered by ${BUILDKITE_COMMIT}"
|
|
|
|
|
2022-01-22 12:06:54 +01:00
|
|
|
# Create a revision number for the current commit for builds on
|
|
|
|
# canon.
|
|
|
|
#
|
|
|
|
# This writes data back to Gerrit using the Buildkite agent
|
|
|
|
# credentials injected through a git credentials helper.
|
|
|
|
#
|
|
|
|
# Revision numbers are defined as the number of commits in the
|
|
|
|
# lineage of HEAD, following only the first parent of merges.
|
|
|
|
- label: ":git:"
|
2022-01-22 12:11:13 +01:00
|
|
|
branches: "refs/heads/canon"
|
2022-01-22 12:06:54 +01:00
|
|
|
command: |
|
|
|
|
git -c 'credential.helper=gerrit-creds' \
|
|
|
|
push origin "HEAD:refs/r/$(git rev-list --count --first-parent HEAD)"
|
|
|
|
|
|
|
|
# Generate & upload dynamic build steps
|
2020-11-17 23:27:38 +01:00
|
|
|
- label: ":llama:"
|
2021-10-01 12:43:53 +02:00
|
|
|
key: "pipeline-gen"
|
2022-12-03 14:36:12 +01:00
|
|
|
concurrency_group: 'depot-nix-eval'
|
|
|
|
concurrency: 5 # much more than this and whitby will OOM
|
2020-11-17 23:27:38 +01:00
|
|
|
command: |
|
2021-12-10 08:10:02 +01:00
|
|
|
set -ue
|
2021-12-19 17:24:04 +01:00
|
|
|
|
|
|
|
if test -n "$${GERRIT_CHANGE_URL-}"; then
|
|
|
|
echo "This is a build of [cl/$$GERRIT_CHANGE_ID]($$GERRIT_CHANGE_URL) (at patchset #$$GERRIT_PATCHSET)" | \
|
|
|
|
buildkite-agent annotate
|
|
|
|
fi
|
|
|
|
|
2022-01-16 16:20:15 +01:00
|
|
|
# Attempt to fetch a target map from a parent commit on canon,
|
|
|
|
# except on builds of canon itself.
|
|
|
|
[ "${BUILDKITE_BRANCH}" != "refs/heads/canon" ] && \
|
2022-01-19 16:01:41 +01:00
|
|
|
nix/buildkite/fetch-parent-targets.sh
|
2022-01-16 16:20:15 +01:00
|
|
|
|
|
|
|
PIPELINE_ARGS=""
|
2022-01-19 15:56:01 +01:00
|
|
|
if [[ -f tmp/parent-target-map.json ]]; then
|
|
|
|
PIPELINE_ARGS="--arg parentTargetMap tmp/parent-target-map.json"
|
2022-01-16 16:20:15 +01:00
|
|
|
fi
|
|
|
|
|
2022-10-01 22:52:12 +02:00
|
|
|
nix-build --option restrict-eval true --include "depot=$${PWD}" \
|
|
|
|
--include "store=/nix/store" \
|
2022-05-26 14:31:18 +02:00
|
|
|
--allowed-uris 'https://' \
|
|
|
|
-A ops.pipelines.depot \
|
|
|
|
-o pipeline --show-trace $$PIPELINE_ARGS
|
2021-12-15 12:28:15 +01:00
|
|
|
|
|
|
|
# Steps need to be uploaded in reverse order because pipeline
|
|
|
|
# upload prepends instead of appending.
|
2022-01-22 12:32:19 +01:00
|
|
|
ls pipeline/build-chunk-*.json | tac | while read chunk; do
|
2021-12-15 12:28:15 +01:00
|
|
|
buildkite-agent pipeline upload $$chunk
|
|
|
|
done
|
2020-11-17 23:27:38 +01:00
|
|
|
|
2022-01-22 12:05:34 +01:00
|
|
|
buildkite-agent artifact upload "pipeline/*"
|
2021-10-01 12:43:53 +02:00
|
|
|
|
2022-01-07 01:53:51 +01:00
|
|
|
# Wait for all previous steps to complete.
|
|
|
|
- wait: null
|
|
|
|
continue_on_failure: true
|
|
|
|
|
2021-12-10 08:10:02 +01:00
|
|
|
# Exit with success or failure depending on whether any other steps
|
|
|
|
# failed.
|
|
|
|
#
|
|
|
|
# This information is checked by querying the Buildkite GraphQL API
|
|
|
|
# and fetching the count of failed steps.
|
|
|
|
#
|
|
|
|
# This step must be :duck: (yes, really!) because the post-command
|
|
|
|
# hook will inspect this name.
|
|
|
|
#
|
|
|
|
# Note that this step has requirements for the agent environment, which
|
|
|
|
# are enforced in our NixOS configuration:
|
|
|
|
#
|
|
|
|
# * curl and jq must be on the $PATH of build agents
|
|
|
|
# * besadii configuration must be readable to the build agents
|
|
|
|
- label: ":duck:"
|
|
|
|
key: ":duck:"
|
|
|
|
command: |
|
|
|
|
set -ueo pipefail
|
|
|
|
|
|
|
|
readonly FAILED_JOBS=$(curl 'https://graphql.buildkite.com/v1' \
|
|
|
|
--silent \
|
2022-03-30 11:52:05 +02:00
|
|
|
-H "Authorization: Bearer $(cat ${BUILDKITE_TOKEN_PATH})" \
|
2021-12-10 08:10:02 +01:00
|
|
|
-d "{\"query\": \"query BuildStatusQuery { build(uuid: \\\"$BUILDKITE_BUILD_ID\\\") { jobs(passed: false) { count } } }\"}" | \
|
|
|
|
jq -r '.data.build.jobs.count')
|
|
|
|
|
|
|
|
echo "$$FAILED_JOBS build jobs failed."
|
|
|
|
|
|
|
|
if (( $$FAILED_JOBS > 0 )); then
|
|
|
|
exit 1
|
|
|
|
fi
|
2021-11-05 13:59:57 +01:00
|
|
|
|
2022-06-02 19:01:05 +02:00
|
|
|
# After duck, on success, upload and run any release steps that were
|
|
|
|
# output by the dynamic pipeline.
|
2022-01-22 12:45:00 +01:00
|
|
|
- label: ":arrow_heading_down:"
|
|
|
|
depends_on:
|
|
|
|
- step: ":duck:"
|
|
|
|
allow_failure: false
|
|
|
|
command: |
|
|
|
|
set -ueo pipefail
|
|
|
|
|
|
|
|
buildkite-agent artifact download "pipeline/*" .
|
|
|
|
|
2022-06-02 19:01:05 +02:00
|
|
|
find ./pipeline -name 'release-chunk-*.json' | tac | while read chunk; do
|
2022-01-22 12:45:00 +01:00
|
|
|
buildkite-agent pipeline upload $$chunk
|
|
|
|
done
|