refactor(rust-crates-advisory): redo the buildkite report in bash
I've elected to split the check-all-our-lock-files script into two new scripts: One very simple script which generates the report by invoking lock-file-report on the fake lock file for //third_party/rust-crates and all lock files in depot, and one which executes this and adds it as a buildkite annotation if there are any warnings (which is reported by the report generating script using a non zero exit code). The latter script could become the basis for generalizing buildkite annotations, a slight attempt at making it easily reusable in the future has been made. So far we expect a report generating script to exit non zero if a report should be made and to print commonmark to stdout. In the future we may want to use a JSON format for generating the report, allowing us to filter it by buildkite target (using the drvmap to exclude certain reports, potentially). Change-Id: I1df9e440509d69adff5b8e6304105a45dc62c018 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5260 Reviewed-by: kn <klemens@posteo.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
This commit is contained in:
		
							parent
							
								
									ffec3c70f4
								
							
						
					
					
						commit
						bf18e65719
					
				
					 1 changed files with 41 additions and 40 deletions
				
			
		|  | @ -120,44 +120,43 @@ let | ||||||
|     exit $status |     exit $status | ||||||
|   ''; |   ''; | ||||||
| 
 | 
 | ||||||
|   check-all-our-lock-files = depot.nix.writeExecline "check-all-our-lock-files" { } [ |   depot-rust-crates-advisory-report = pkgs.writers.writeBash "depot-advisory-report" '' | ||||||
|     "backtick" |     set -eu | ||||||
|     "-EI" |     status=0 | ||||||
|     "report" | 
 | ||||||
|     [ |     "${lock-file-report}" "//third_party/rust-crates" "${our-crates-lock-file}" || status=1 | ||||||
|       "foreground" |     "${tree-lock-file-report}" || status=1 | ||||||
|       [ | 
 | ||||||
|         lock-file-report |     exit $status | ||||||
|         "//third_party/rust-crates" |   ''; | ||||||
|         our-crates-lock-file | 
 | ||||||
|         "false" |   buildkiteReportStep = | ||||||
|       ] |     { command | ||||||
|       tree-lock-file-report |     , context ? null | ||||||
|       "." |     , style ? "warning" | ||||||
|     ] |     }: | ||||||
|     "ifelse" |     let | ||||||
|     [ |       commandName = depot.nix.utils.storePathName (builtins.head command); | ||||||
|       bins.s6-test |     in | ||||||
|       "-z" | 
 | ||||||
|       "$report" |     pkgs.writers.writeBash "buildkite-report-${commandName}" '' | ||||||
|     ] |       set -uo pipefail | ||||||
|     [ | 
 | ||||||
|       "exit" |       report="$(${lib.escapeShellArgs command})" | ||||||
|       "0" | 
 | ||||||
|     ] |       if test $? -ne 0; then | ||||||
|     "pipeline" |          printf "%s" "$report" | \ | ||||||
|     [ |          buildkite-agent annotate ${ | ||||||
|       "printf" |            lib.escapeShellArgs ([ | ||||||
|       "%s" |              "--style" | ||||||
|       "$report" |              style | ||||||
|     ] |            ] ++ lib.optionals (context != null) [ | ||||||
|     "buildkite-agent" |              "--context" | ||||||
|     "annotate" |              context | ||||||
|     "--style" |            ]) | ||||||
|     "warning" |          } | ||||||
|     "--context" |       fi | ||||||
|     "check-all-our-lock-files" |     ''; | ||||||
|   ]; |  | ||||||
| 
 | 
 | ||||||
| in | in | ||||||
| depot.nix.readTree.drvTargets { | depot.nix.readTree.drvTargets { | ||||||
|  | @ -167,12 +166,14 @@ depot.nix.readTree.drvTargets { | ||||||
|     lock-file-report |     lock-file-report | ||||||
|     ; |     ; | ||||||
| 
 | 
 | ||||||
| 
 |  | ||||||
|   tree-lock-file-report = tree-lock-file-report // { |   tree-lock-file-report = tree-lock-file-report // { | ||||||
|     meta.ci.extraSteps.run = { |     meta.ci.extraSteps.run = { | ||||||
|       label = "Check all crates used in depot for advisories"; |       label = "Check all crates used in depot for advisories"; | ||||||
|       alwaysRun = true; |       alwaysRun = true; | ||||||
|       command = check-all-our-lock-files; |       command = buildkiteReportStep { | ||||||
|  |         command = [ depot-rust-crates-advisory-report ]; | ||||||
|  |         style = "warning"; | ||||||
|  |       }; | ||||||
|     }; |     }; | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue