mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(nix/buildkite): Restrict step conditionals to refs only

Browse source 
The previous `condition` abstraction which allowed the full set of
Buildkite conditionals is way too leaky (it lets users to very
Buildkite-specific things which we may not want to allow, and which
are mostly not relevant to a pure evaluation).

Supporting only the `branches` condition (native to Buildkite) should
make it possible to port this to other future CI systems later.

Change-Id: Ib8adcc41db4f1a3566cbeecf13a4228403105c1f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5051
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Autosubmit: tazjin <tazjin@tvl.su>
This commit is contained in:
Vincent Ambo 2022-01-22 16:04:39 +03:00 committed by clbot
parent 1a1d706125
commit 4d7dcf10ed
1 changed files with 9 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
nix/buildkite/default.nix
View file

@ -243,9 +243,8 @@ in rec {
# command. Output will be available as 'result'. # command. Output will be available as 'result'.
# TODO: Figure out multiple-output derivations. # TODO: Figure out multiple-output derivations.
# #
# condition (optional): Any other Buildkite condition, such as # branches (optional): Git references (branches, tags ... ) on
# specific branch requirements, for this step. # which this step should be allowed to run. List of strings.
# See https://buildkite.com/docs/pipelines/conditionals
# #
# alwaysRun (optional): If set to true, this step will always run, # alwaysRun (optional): If set to true, this step will always run,
# even if its parent has not been rebuilt. # even if its parent has not been rebuilt.
@ -254,17 +253,16 @@ in rec {
# Create a gated step in a step group, independent from any other # Create a gated step in a step group, independent from any other
# steps. # steps.
mkGatedStep = { step, label, parent, prompt, condition }: { mkGatedStep = { step, label, parent, prompt }: {
inherit (step) branches depends_on;
group = label; group = label;
depends_on = step.depends_on;
skip = parent.skip or false; skip = parent.skip or false;
"if" = condition;
steps = [ steps = [
{ {
inherit (step) branches;
inherit prompt; inherit prompt;
block = ":radio_button: Run ${label}? (from ${parent.env.READTREE_TARGET})"; block = ":radio_button: Run ${label}? (from ${parent.env.READTREE_TARGET})";
"if" = condition;
} }
# The explicit depends_on of the wrapped step must be removed, # The explicit depends_on of the wrapped step must be removed,
@ -281,16 +279,16 @@ in rec {
label ? key, label ? key,
prompt ? false, prompt ? false,
needsOutput ? false, needsOutput ? false,
condition ? null, branches ? null,
alwaysRun ? false alwaysRun ? false
}@cfg: let }@cfg: let
parentLabel = parent.env.READTREE_TARGET; parentLabel = parent.env.READTREE_TARGET;
step = { step = {
label = ":gear: ${label} (from ${parentLabel})"; label = ":gear: ${label} (from ${parentLabel})";
skip = if alwaysRun then false else parent.skip or false; skip = if alwaysRun then false else parent.skip or false;
"if" = condition;
depends_on = lib.optional (!alwaysRun && !needsOutput) parent.key; depends_on = lib.optional (!alwaysRun && !needsOutput) parent.key;
branches = if branches != null then lib.concatStringsSep " " branches else null;
command = pkgs.writeShellScript "${key}-script" '' command = pkgs.writeShellScript "${key}-script" ''
set -ueo pipefail set -ueo pipefail
@ -302,7 +300,7 @@ in rec {
}; };
in if (isString prompt) in if (isString prompt)
then mkGatedStep { then mkGatedStep {
inherit step label parent prompt condition; inherit step label parent prompt;
} }
else step; else step;
} }