refactor(rust-crates-advisory): redo the buildkite report in bash
I've elected to split the check-all-our-lock-files script into two new scripts: One very simple script which generates the report by invoking lock-file-report on the fake lock file for //third_party/rust-crates and all lock files in depot, and one which executes this and adds it as a buildkite annotation if there are any warnings (which is reported by the report generating script using a non zero exit code). The latter script could become the basis for generalizing buildkite annotations, a slight attempt at making it easily reusable in the future has been made. So far we expect a report generating script to exit non zero if a report should be made and to print commonmark to stdout. In the future we may want to use a JSON format for generating the report, allowing us to filter it by buildkite target (using the drvmap to exclude certain reports, potentially). Change-Id: I1df9e440509d69adff5b8e6304105a45dc62c018 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5260 Reviewed-by: kn <klemens@posteo.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
This commit is contained in:
parent
ffec3c70f4
commit
bf18e65719
1 changed files with 41 additions and 40 deletions
|
@ -120,44 +120,43 @@ let
|
||||||
exit $status
|
exit $status
|
||||||
'';
|
'';
|
||||||
|
|
||||||
check-all-our-lock-files = depot.nix.writeExecline "check-all-our-lock-files" { } [
|
depot-rust-crates-advisory-report = pkgs.writers.writeBash "depot-advisory-report" ''
|
||||||
"backtick"
|
set -eu
|
||||||
"-EI"
|
status=0
|
||||||
"report"
|
|
||||||
[
|
"${lock-file-report}" "//third_party/rust-crates" "${our-crates-lock-file}" || status=1
|
||||||
"foreground"
|
"${tree-lock-file-report}" || status=1
|
||||||
[
|
|
||||||
lock-file-report
|
exit $status
|
||||||
"//third_party/rust-crates"
|
'';
|
||||||
our-crates-lock-file
|
|
||||||
"false"
|
buildkiteReportStep =
|
||||||
]
|
{ command
|
||||||
tree-lock-file-report
|
, context ? null
|
||||||
"."
|
, style ? "warning"
|
||||||
]
|
}:
|
||||||
"ifelse"
|
let
|
||||||
[
|
commandName = depot.nix.utils.storePathName (builtins.head command);
|
||||||
bins.s6-test
|
in
|
||||||
"-z"
|
|
||||||
"$report"
|
pkgs.writers.writeBash "buildkite-report-${commandName}" ''
|
||||||
]
|
set -uo pipefail
|
||||||
[
|
|
||||||
"exit"
|
report="$(${lib.escapeShellArgs command})"
|
||||||
"0"
|
|
||||||
]
|
if test $? -ne 0; then
|
||||||
"pipeline"
|
printf "%s" "$report" | \
|
||||||
[
|
buildkite-agent annotate ${
|
||||||
"printf"
|
lib.escapeShellArgs ([
|
||||||
"%s"
|
"--style"
|
||||||
"$report"
|
style
|
||||||
]
|
] ++ lib.optionals (context != null) [
|
||||||
"buildkite-agent"
|
"--context"
|
||||||
"annotate"
|
context
|
||||||
"--style"
|
])
|
||||||
"warning"
|
}
|
||||||
"--context"
|
fi
|
||||||
"check-all-our-lock-files"
|
'';
|
||||||
];
|
|
||||||
|
|
||||||
in
|
in
|
||||||
depot.nix.readTree.drvTargets {
|
depot.nix.readTree.drvTargets {
|
||||||
|
@ -167,12 +166,14 @@ depot.nix.readTree.drvTargets {
|
||||||
lock-file-report
|
lock-file-report
|
||||||
;
|
;
|
||||||
|
|
||||||
|
|
||||||
tree-lock-file-report = tree-lock-file-report // {
|
tree-lock-file-report = tree-lock-file-report // {
|
||||||
meta.ci.extraSteps.run = {
|
meta.ci.extraSteps.run = {
|
||||||
label = "Check all crates used in depot for advisories";
|
label = "Check all crates used in depot for advisories";
|
||||||
alwaysRun = true;
|
alwaysRun = true;
|
||||||
command = check-all-our-lock-files;
|
command = buildkiteReportStep {
|
||||||
|
command = [ depot-rust-crates-advisory-report ];
|
||||||
|
style = "warning";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue