diff options
| author | Vincent Ambo <mail@tazj.in> | 2022-05-26T12·31+0200 |
|---|---|---|
| committer | tazjin <tazjin@tvl.su> | 2022-05-26T16·57+0000 |
| commit | 772f8f1b90d5e0ad1f03e7b5d7cf8d30ed04aa6a (patch) | |
| tree | c78bec8d78a8da26c69e8bb7982a659cf30cc57c | |
| parent | 46d71fbff86bb0cc8f6d520f3afcd7aaa72c3195 (diff) | |
feat(ops/pipelines): Evaluate depot pipeline in restricted-eval mode r/4144
Change-Id: Ic5b98a0777860b68dabb9a9b59e8c682236a71c7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4884 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
| -rw-r--r-- | ops/pipelines/static-pipeline.yaml | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ops/pipelines/static-pipeline.yaml b/ops/pipelines/static-pipeline.yaml index 2936f56d2c..2e35a8a179 100644 --- a/ops/pipelines/static-pipeline.yaml +++ b/ops/pipelines/static-pipeline.yaml @@ -52,7 +52,10 @@ steps: PIPELINE_ARGS="--arg parentTargetMap tmp/parent-target-map.json" fi - nix-build -A ops.pipelines.depot -o pipeline --show-trace $$PIPELINE_ARGS + nix-build --option restrict-eval true --include "depot=$${PWD}"\ + --allowed-uris 'https://' \ + -A ops.pipelines.depot \ + -o pipeline --show-trace $$PIPELINE_ARGS # Steps need to be uploaded in reverse order because pipeline # upload prepends instead of appending. |