snix/ops/pipelines/depot.nix
Florian Klink 00950aa91d fix(ops): add +x for /nix/var/nix/gcroots
Previously, the buildkite users were not able to traverse there.

Removing /nix/var/nix/gcroots/buildkite/canon might not be needed, and
is racy with other anchor step - the first one might still be building
`ci.gcroot` (and didn't create the new symlink), so the second one will
fail trying to remove the non-existing symlink.

Change-Id: I0449447f7193113d807d597750b26c7beb48a3a6
Reviewed-on: https://cl.snix.dev/c/snix/+/30257
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
2025-03-23 15:02:22 +00:00

45 lines
1.4 KiB
Nix

# This file configures the primary build pipeline used for the
# top-level list of depot targets.
{ depot, pkgs, externalArgs, ... }:
let
pipeline = depot.nix.buildkite.mkPipeline {
headBranch = "refs/heads/canon";
drvTargets = depot.ci.targets;
parentTargetMap =
if (externalArgs ? parentTargetMap)
then builtins.fromJSON (builtins.readFile externalArgs.parentTargetMap)
else { };
postBuildSteps = [
# After successful builds, create a gcroot for builds on canon.
#
# This anchors *most* of the depot, in practice it's unimportant
# if there is a build race and we get +-1 of the targets.
#
# Unfortunately this requires a third evaluation of the graph, but
# since it happens after :duck: it should not affect the timing of
# status reporting back to Gerrit.
{
label = ":anchor:";
branches = "refs/heads/canon";
command = ''
nix-build -A ci.gcroot --out-link /nix/var/nix/gcroots/buildkite/canon
'';
# Ensure that anchoring happens on build01, so that a possibly deployed
# binary cache there has the store paths. Unanchored machines may
# garbage collect live paths.
agents.hostname = "build01";
}
];
};
drvmap = depot.nix.buildkite.mkDrvmap depot.ci.targets;
in
pkgs.runCommand "depot-pipeline" { } ''
mkdir $out
cp -r ${pipeline}/* $out
cp ${drvmap} $out/drvmap.json
''