diff --git a/ops/pipelines/depot.nix b/ops/pipelines/depot.nix index 6d4b69d5b..f2db69a78 100644 --- a/ops/pipelines/depot.nix +++ b/ops/pipelines/depot.nix @@ -27,10 +27,6 @@ let else label; # Create a pipeline step from a single target. - # - # If the build fails, Buildkite metadata is updated to mark the - # pipeline as failed. Buildkite has a concept of a failed pipeline - # regardless, but this data is not accessible. mkStep = target: { command = let drvPath = builtins.unsafeDiscardStringContext target.drvPath; @@ -45,7 +41,6 @@ let # To handle this case we fall back to an ordinary build if the derivation # file is missing. "|| (test ! -f '${drvPath}' && nix-build -E '${mkBuildExpr target}' --show-trace)" - "|| (buildkite-agent meta-data set 'failure' '1'; exit 1)" ]; label = ":nix: ${mkLabel target}"; @@ -89,10 +84,29 @@ let }) # Wait for all steps to complete, then exit with success or - # failure depending on whether any failure status was written. + # failure depending on whether any other steps failed. + # + # This information is checked by querying the Buildkite GraphQL + # API and fetching the count of failed steps. + # # This step must be :duck:! (yes, really!) ({ - command = "exit $(buildkite-agent meta-data get 'failure')"; + command = let duck = pkgs.writeShellScript "duck" '' + set -ueo pipefail + + readonly FAILED_JOBS=$(${pkgs.curl}/bin/curl 'https://graphql.buildkite.com/v1' \ + --silent \ + -H "Authorization: Bearer $(cat /etc/secrets/buildkite-besadii)" \ + -d "{\"query\": \"query BuildStatusQuery { build(uuid: \\\"$BUILDKITE_BUILD_ID\\\") { jobs(passed: false) { count } } }\"}" | \ + ${pkgs.jq}/bin/jq -r '.data.build.jobs.count') + + echo "$FAILED_JOBS build jobs failed." + + if (( $FAILED_JOBS > 0 )); then + exit 1 + fi + ''; in "${duck}"; + label = ":duck:"; key = ":duck:"; }) diff --git a/ops/pipelines/static-pipeline.yaml b/ops/pipelines/static-pipeline.yaml index 2261b11b8..c864aea65 100644 --- a/ops/pipelines/static-pipeline.yaml +++ b/ops/pipelines/static-pipeline.yaml @@ -14,7 +14,6 @@ steps: } nix-build -A ops.pipelines.depot -o depot.yaml --show-trace || fallback - buildkite-agent meta-data set 'failure' '0' buildkite-agent pipeline upload depot.yaml || fallback # Create a revision number for the current commit for builds on