fix(nix/buildkite): Forbid 'prompt' in build phase steps
This would block CI on human-approval if people were allowed to do it, so they're just not. Change-Id: I8a9b657d5c91636a7b4de249b977e24fc0941a1c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5826 Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
This commit is contained in:
parent
56a97a0337
commit
876b71f641
1 changed files with 11 additions and 5 deletions
|
@ -294,13 +294,11 @@ rec {
|
||||||
, parentOverride ? (x: x)
|
, parentOverride ? (x: x)
|
||||||
, branches ? null
|
, branches ? null
|
||||||
, alwaysRun ? false
|
, alwaysRun ? false
|
||||||
|
, prompt ? false
|
||||||
|
|
||||||
# TODO(tazjin): Default to 'build' after 2022-10-01.
|
# TODO(tazjin): Default to 'build' after 2022-10-01.
|
||||||
, phase ? if (isNull postBuild || !postBuild) then "build" else "release"
|
, phase ? if (isNull postBuild || !postBuild) then "build" else "release"
|
||||||
|
|
||||||
# TODO(tazjin): Forbid prompt steps in 'build' phase.
|
|
||||||
, prompt ? false
|
|
||||||
|
|
||||||
# TODO(tazjin): Turn into hard-failure after 2022-10-01.
|
# TODO(tazjin): Turn into hard-failure after 2022-10-01.
|
||||||
, postBuild ? null
|
, postBuild ? null
|
||||||
}:
|
}:
|
||||||
|
@ -317,8 +315,7 @@ rec {
|
||||||
label
|
label
|
||||||
needsOutput
|
needsOutput
|
||||||
parent
|
parent
|
||||||
parentLabel
|
parentLabel;
|
||||||
prompt;
|
|
||||||
|
|
||||||
# //nix/buildkite is growing a new feature for adding different
|
# //nix/buildkite is growing a new feature for adding different
|
||||||
# "build phases" which supersedes the previous `postBuild`
|
# "build phases" which supersedes the previous `postBuild`
|
||||||
|
@ -343,6 +340,15 @@ rec {
|
||||||
this step and instead set `phase = ${phase};`.
|
this step and instead set `phase = ${phase};`.
|
||||||
''
|
''
|
||||||
phase;
|
phase;
|
||||||
|
|
||||||
|
prompt = lib.throwIf (prompt != false && phase == "build") ''
|
||||||
|
In step '${label}' (from ${parentLabel}):
|
||||||
|
|
||||||
|
The 'prompt' feature can only be used by steps in the "release"
|
||||||
|
phase, because CI builds should not be gated on manual human
|
||||||
|
approvals.
|
||||||
|
''
|
||||||
|
prompt;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Create the Buildkite configuration for an extra step, optionally
|
# Create the Buildkite configuration for an extra step, optionally
|
||||||
|
|
Loading…
Reference in a new issue