feat(ops/pipelines): Add gcroots for depot builds on canon

Adds a conditional build step that only runs on the canon branch, and
only if 🦆 (the status reporting step) succeeds, which creates a
new Nix GC root for all depot targets named `depot-canon`.

In practice this might be a bit racey, as canon builds are not
guaranteed to succeed in order (though it is likely). This shouldn't
matter much in practice: We only want to prevent rebuilds of the whole
world.

This fixes b/102

Change-Id: Id3d0bf4158bffcb1ed6929888a29d31609b6ece1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2904
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This commit is contained in:
Vincent Ambo 2021-04-11 12:19:18 +02:00 committed by tazjin
parent 6c3585f764
commit d7b89df748
2 changed files with 28 additions and 2 deletions

View file

@ -105,6 +105,12 @@ in fix(self: {
# remove nixpkgs from the set, for obvious reasons.
third_party = self.third_party // { nixpkgs = null; };
});
# Derivation that gcroots all depot targets.
ci.gcroot = self.third_party.nixpkgs.symlinkJoin {
name = "depot-gcroot";
paths = self.ci.targets;
};
}
# Add local packages as structured by readTree

View file

@ -8,8 +8,7 @@
let
inherit (builtins) concatStringsSep foldl' map toJSON;
inherit (lib) singleton;
inherit (pkgs) writeText;
inherit (pkgs) symlinkJoin writeText;
# Create an expression that builds the target at the specified
# location.
@ -80,6 +79,27 @@ let
({
command = "exit $(buildkite-agent meta-data get 'failure')";
label = ":duck:";
key = ":duck:";
})
# After duck, on success, create a gcroot if the build branch is
# canon.
#
# We care that this anchors *most* of the depot, in practice
# it's unimportant if there is a build race and we get +-1 of
# the targets.
#
# Unfortunately this requires a third evaluation of the graph,
# but since it happens after :duck: it should not affect the
# timing of status reporting back to Gerrit.
({
command = "nix-instantiate -A ci.gcroot --add-root /nix/var/nix/gcroots/depot/canon";
label = ":anchor:";
"if" = ''build.branch == "canon"'';
depends_on = [{
step = ":duck:";
allow_failure = false;
}];
})
];
in (writeText "depot.yaml" (toJSON pipeline))