refactor(rust-crates-advisory): redo the buildkite report in bash

I've elected to split the check-all-our-lock-files script into two new
scripts: One very simple script which generates the report by invoking
lock-file-report on the fake lock file for //third_party/rust-crates and
all lock files in depot, and one which executes this and adds it as a
buildkite annotation if there are any warnings (which is reported by the
report generating script using a non zero exit code).

The latter script could become the basis for generalizing buildkite
annotations, a slight attempt at making it easily reusable in the future
has been made. So far we expect a report generating script to exit non
zero if a report should be made and to print commonmark to stdout. In
the future we may want to use a JSON format for generating the report,
allowing us to filter it by buildkite target (using the drvmap to
exclude certain reports, potentially).

Change-Id: I1df9e440509d69adff5b8e6304105a45dc62c018
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5260
Reviewed-by: kn <klemens@posteo.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This commit is contained in:
sterni 2022-02-06 13:07:56 +01:00
parent ffec3c70f4
commit bf18e65719

View file

@ -120,44 +120,43 @@ let
exit $status exit $status
''; '';
check-all-our-lock-files = depot.nix.writeExecline "check-all-our-lock-files" { } [ depot-rust-crates-advisory-report = pkgs.writers.writeBash "depot-advisory-report" ''
"backtick" set -eu
"-EI" status=0
"report"
[ "${lock-file-report}" "//third_party/rust-crates" "${our-crates-lock-file}" || status=1
"foreground" "${tree-lock-file-report}" || status=1
[
lock-file-report exit $status
"//third_party/rust-crates" '';
our-crates-lock-file
"false" buildkiteReportStep =
] { command
tree-lock-file-report , context ? null
"." , style ? "warning"
] }:
"ifelse" let
[ commandName = depot.nix.utils.storePathName (builtins.head command);
bins.s6-test in
"-z"
"$report" pkgs.writers.writeBash "buildkite-report-${commandName}" ''
] set -uo pipefail
[
"exit" report="$(${lib.escapeShellArgs command})"
"0"
] if test $? -ne 0; then
"pipeline" printf "%s" "$report" | \
[ buildkite-agent annotate ${
"printf" lib.escapeShellArgs ([
"%s" "--style"
"$report" style
] ] ++ lib.optionals (context != null) [
"buildkite-agent" "--context"
"annotate" context
"--style" ])
"warning" }
"--context" fi
"check-all-our-lock-files" '';
];
in in
depot.nix.readTree.drvTargets { depot.nix.readTree.drvTargets {
@ -167,12 +166,14 @@ depot.nix.readTree.drvTargets {
lock-file-report lock-file-report
; ;
tree-lock-file-report = tree-lock-file-report // { tree-lock-file-report = tree-lock-file-report // {
meta.ci.extraSteps.run = { meta.ci.extraSteps.run = {
label = "Check all crates used in depot for advisories"; label = "Check all crates used in depot for advisories";
alwaysRun = true; alwaysRun = true;
command = check-all-our-lock-files; command = buildkiteReportStep {
command = [ depot-rust-crates-advisory-report ];
style = "warning";
};
}; };
}; };
} }