refactor(rust-crates-advisory): redo the buildkite report in bash
I've elected to split the check-all-our-lock-files script into two new scripts: One very simple script which generates the report by invoking lock-file-report on the fake lock file for //third_party/rust-crates and all lock files in depot, and one which executes this and adds it as a buildkite annotation if there are any warnings (which is reported by the report generating script using a non zero exit code). The latter script could become the basis for generalizing buildkite annotations, a slight attempt at making it easily reusable in the future has been made. So far we expect a report generating script to exit non zero if a report should be made and to print commonmark to stdout. In the future we may want to use a JSON format for generating the report, allowing us to filter it by buildkite target (using the drvmap to exclude certain reports, potentially). Change-Id: I1df9e440509d69adff5b8e6304105a45dc62c018 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5260 Reviewed-by: kn <klemens@posteo.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
This commit is contained in:
		
							parent
							
								
									ffec3c70f4
								
							
						
					
					
						commit
						bf18e65719
					
				
					 1 changed files with 41 additions and 40 deletions
				
			
		|  | @ -120,44 +120,43 @@ let | |||
|     exit $status | ||||
|   ''; | ||||
| 
 | ||||
|   check-all-our-lock-files = depot.nix.writeExecline "check-all-our-lock-files" { } [ | ||||
|     "backtick" | ||||
|     "-EI" | ||||
|     "report" | ||||
|     [ | ||||
|       "foreground" | ||||
|       [ | ||||
|         lock-file-report | ||||
|         "//third_party/rust-crates" | ||||
|         our-crates-lock-file | ||||
|         "false" | ||||
|       ] | ||||
|       tree-lock-file-report | ||||
|       "." | ||||
|     ] | ||||
|     "ifelse" | ||||
|     [ | ||||
|       bins.s6-test | ||||
|       "-z" | ||||
|       "$report" | ||||
|     ] | ||||
|     [ | ||||
|       "exit" | ||||
|       "0" | ||||
|     ] | ||||
|     "pipeline" | ||||
|     [ | ||||
|       "printf" | ||||
|       "%s" | ||||
|       "$report" | ||||
|     ] | ||||
|     "buildkite-agent" | ||||
|     "annotate" | ||||
|     "--style" | ||||
|     "warning" | ||||
|     "--context" | ||||
|     "check-all-our-lock-files" | ||||
|   ]; | ||||
|   depot-rust-crates-advisory-report = pkgs.writers.writeBash "depot-advisory-report" '' | ||||
|     set -eu | ||||
|     status=0 | ||||
| 
 | ||||
|     "${lock-file-report}" "//third_party/rust-crates" "${our-crates-lock-file}" || status=1 | ||||
|     "${tree-lock-file-report}" || status=1 | ||||
| 
 | ||||
|     exit $status | ||||
|   ''; | ||||
| 
 | ||||
|   buildkiteReportStep = | ||||
|     { command | ||||
|     , context ? null | ||||
|     , style ? "warning" | ||||
|     }: | ||||
|     let | ||||
|       commandName = depot.nix.utils.storePathName (builtins.head command); | ||||
|     in | ||||
| 
 | ||||
|     pkgs.writers.writeBash "buildkite-report-${commandName}" '' | ||||
|       set -uo pipefail | ||||
| 
 | ||||
|       report="$(${lib.escapeShellArgs command})" | ||||
| 
 | ||||
|       if test $? -ne 0; then | ||||
|          printf "%s" "$report" | \ | ||||
|          buildkite-agent annotate ${ | ||||
|            lib.escapeShellArgs ([ | ||||
|              "--style" | ||||
|              style | ||||
|            ] ++ lib.optionals (context != null) [ | ||||
|              "--context" | ||||
|              context | ||||
|            ]) | ||||
|          } | ||||
|       fi | ||||
|     ''; | ||||
| 
 | ||||
| in | ||||
| depot.nix.readTree.drvTargets { | ||||
|  | @ -167,12 +166,14 @@ depot.nix.readTree.drvTargets { | |||
|     lock-file-report | ||||
|     ; | ||||
| 
 | ||||
| 
 | ||||
|   tree-lock-file-report = tree-lock-file-report // { | ||||
|     meta.ci.extraSteps.run = { | ||||
|       label = "Check all crates used in depot for advisories"; | ||||
|       alwaysRun = true; | ||||
|       command = check-all-our-lock-files; | ||||
|       command = buildkiteReportStep { | ||||
|         command = [ depot-rust-crates-advisory-report ]; | ||||
|         style = "warning"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue