refactor(ops/pipelines): Configurable GraphQL token location

For external users of the pipeline construction, the token might be in
a different path than `/run/agenix/buildkite-graphql-token`.

It is made configurable through the BUILDKITE_TOKEN_PATH environment
variable. This should be configured on the pipeline level to apply to
all steps.

Change-Id: I23c52e2d705e4134b8b013f8603f92e5533a6e44
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5424
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Reviewed-by: asmundo <asmundo@gmail.com>
This commit is contained in:
Vincent Ambo 2022-03-30 11:52:05 +02:00 committed by clbot
parent 3badee71bb
commit e70428e75b
2 changed files with 5 additions and 2 deletions

View file

@ -14,6 +14,7 @@ set -ueo pipefail
# build all targets. # build all targets.
: ${DRVMAP_PATH:=pipeline/drvmap.json} : ${DRVMAP_PATH:=pipeline/drvmap.json}
: ${BUILDKITE_TOKEN_PATH:=~/buildkite-token}
git fetch -v origin "${BUILDKITE_PIPELINE_DEFAULT_BRANCH}" git fetch -v origin "${BUILDKITE_PIPELINE_DEFAULT_BRANCH}"
@ -25,7 +26,7 @@ function most_relevant_builds {
set -u set -u
curl 'https://graphql.buildkite.com/v1' \ curl 'https://graphql.buildkite.com/v1' \
--silent \ --silent \
-H "Authorization: Bearer $(cat /run/agenix/buildkite-graphql-token)" \ -H "Authorization: Bearer $(cat ${BUILDKITE_TOKEN_PATH})" \
-d "{\"query\": \"query { pipeline(slug: \\\"$BUILDKITE_ORGANIZATION_SLUG/$BUILDKITE_PIPELINE_SLUG\\\") { builds(commit: [\\\"$FIRST\\\",\\\"$SECOND\\\",\\\"$THIRD\\\"]) { edges { node { uuid }}}}}\"}" | \ -d "{\"query\": \"query { pipeline(slug: \\\"$BUILDKITE_ORGANIZATION_SLUG/$BUILDKITE_PIPELINE_SLUG\\\") { builds(commit: [\\\"$FIRST\\\",\\\"$SECOND\\\",\\\"$THIRD\\\"]) { edges { node { uuid }}}}}\"}" | \
jq -r '.data.pipeline.builds.edges[] | .node.uuid' jq -r '.data.pipeline.builds.edges[] | .node.uuid'
} }

View file

@ -4,6 +4,8 @@
# If something fails during the creation of the pipeline, the fallback # If something fails during the creation of the pipeline, the fallback
# is executed instead which will simply report an error to Gerrit. # is executed instead which will simply report an error to Gerrit.
--- ---
env:
BUILDKITE_TOKEN_PATH: /run/agenix/buildkite-graphql-token
steps: steps:
# Run pipeline for tvl-kit when new commits arrive on canon. Since # Run pipeline for tvl-kit when new commits arrive on canon. Since
# it is not part of the depot build tree, this is a useful # it is not part of the depot build tree, this is a useful
@ -85,7 +87,7 @@ steps:
readonly FAILED_JOBS=$(curl 'https://graphql.buildkite.com/v1' \ readonly FAILED_JOBS=$(curl 'https://graphql.buildkite.com/v1' \
--silent \ --silent \
-H "Authorization: Bearer $(cat /run/agenix/buildkite-graphql-token)" \ -H "Authorization: Bearer $(cat ${BUILDKITE_TOKEN_PATH})" \
-d "{\"query\": \"query BuildStatusQuery { build(uuid: \\\"$BUILDKITE_BUILD_ID\\\") { jobs(passed: false) { count } } }\"}" | \ -d "{\"query\": \"query BuildStatusQuery { build(uuid: \\\"$BUILDKITE_BUILD_ID\\\") { jobs(passed: false) { count } } }\"}" | \
jq -r '.data.build.jobs.count') jq -r '.data.build.jobs.count')