refactor(rust-crates-advisory): redo the buildkite report in bash
I've elected to split the check-all-our-lock-files script into two new scripts: One very simple script which generates the report by invoking lock-file-report on the fake lock file for //third_party/rust-crates and all lock files in depot, and one which executes this and adds it as a buildkite annotation if there are any warnings (which is reported by the report generating script using a non zero exit code). The latter script could become the basis for generalizing buildkite annotations, a slight attempt at making it easily reusable in the future has been made. So far we expect a report generating script to exit non zero if a report should be made and to print commonmark to stdout. In the future we may want to use a JSON format for generating the report, allowing us to filter it by buildkite target (using the drvmap to exclude certain reports, potentially). Change-Id: I1df9e440509d69adff5b8e6304105a45dc62c018 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5260 Reviewed-by: kn <klemens@posteo.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
This commit is contained in:
parent
ffec3c70f4
commit
bf18e65719
1 changed files with 41 additions and 40 deletions
|
@ -120,44 +120,43 @@ let
|
|||
exit $status
|
||||
'';
|
||||
|
||||
check-all-our-lock-files = depot.nix.writeExecline "check-all-our-lock-files" { } [
|
||||
"backtick"
|
||||
"-EI"
|
||||
"report"
|
||||
[
|
||||
"foreground"
|
||||
[
|
||||
lock-file-report
|
||||
"//third_party/rust-crates"
|
||||
our-crates-lock-file
|
||||
"false"
|
||||
]
|
||||
tree-lock-file-report
|
||||
"."
|
||||
]
|
||||
"ifelse"
|
||||
[
|
||||
bins.s6-test
|
||||
"-z"
|
||||
"$report"
|
||||
]
|
||||
[
|
||||
"exit"
|
||||
"0"
|
||||
]
|
||||
"pipeline"
|
||||
[
|
||||
"printf"
|
||||
"%s"
|
||||
"$report"
|
||||
]
|
||||
"buildkite-agent"
|
||||
"annotate"
|
||||
"--style"
|
||||
"warning"
|
||||
"--context"
|
||||
"check-all-our-lock-files"
|
||||
];
|
||||
depot-rust-crates-advisory-report = pkgs.writers.writeBash "depot-advisory-report" ''
|
||||
set -eu
|
||||
status=0
|
||||
|
||||
"${lock-file-report}" "//third_party/rust-crates" "${our-crates-lock-file}" || status=1
|
||||
"${tree-lock-file-report}" || status=1
|
||||
|
||||
exit $status
|
||||
'';
|
||||
|
||||
buildkiteReportStep =
|
||||
{ command
|
||||
, context ? null
|
||||
, style ? "warning"
|
||||
}:
|
||||
let
|
||||
commandName = depot.nix.utils.storePathName (builtins.head command);
|
||||
in
|
||||
|
||||
pkgs.writers.writeBash "buildkite-report-${commandName}" ''
|
||||
set -uo pipefail
|
||||
|
||||
report="$(${lib.escapeShellArgs command})"
|
||||
|
||||
if test $? -ne 0; then
|
||||
printf "%s" "$report" | \
|
||||
buildkite-agent annotate ${
|
||||
lib.escapeShellArgs ([
|
||||
"--style"
|
||||
style
|
||||
] ++ lib.optionals (context != null) [
|
||||
"--context"
|
||||
context
|
||||
])
|
||||
}
|
||||
fi
|
||||
'';
|
||||
|
||||
in
|
||||
depot.nix.readTree.drvTargets {
|
||||
|
@ -167,12 +166,14 @@ depot.nix.readTree.drvTargets {
|
|||
lock-file-report
|
||||
;
|
||||
|
||||
|
||||
tree-lock-file-report = tree-lock-file-report // {
|
||||
meta.ci.extraSteps.run = {
|
||||
label = "Check all crates used in depot for advisories";
|
||||
alwaysRun = true;
|
||||
command = check-all-our-lock-files;
|
||||
command = buildkiteReportStep {
|
||||
command = [ depot-rust-crates-advisory-report ];
|
||||
style = "warning";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue