feat(ops/pipelines): Evaluate depot pipeline in restricted-eval mode
Change-Id: Ic5b98a0777860b68dabb9a9b59e8c682236a71c7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4884 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
This commit is contained in:
parent
46d71fbff8
commit
772f8f1b90
1 changed files with 4 additions and 1 deletions
|
@ -52,7 +52,10 @@ steps:
|
|||
PIPELINE_ARGS="--arg parentTargetMap tmp/parent-target-map.json"
|
||||
fi
|
||||
|
||||
nix-build -A ops.pipelines.depot -o pipeline --show-trace $$PIPELINE_ARGS
|
||||
nix-build --option restrict-eval true --include "depot=$${PWD}"\
|
||||
--allowed-uris 'https://' \
|
||||
-A ops.pipelines.depot \
|
||||
-o pipeline --show-trace $$PIPELINE_ARGS
|
||||
|
||||
# Steps need to be uploaded in reverse order because pipeline
|
||||
# upload prepends instead of appending.
|
||||
|
|
Loading…
Reference in a new issue