about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2022-06-02T17·26+0000
committertazjin <tazjin@tvl.su>2022-06-03T17·36+0000
commit876b71f6417ea0489e16dbd8c1e11794d4e3ab10 (patch)
tree7183ed06d18db853067d68ff0e7cf513ed77dd68
parent56a97a0337a3f3eedc859b5f380a6f62adcb0368 (diff)
fix(nix/buildkite): Forbid 'prompt' in build phase steps r/4204
This would block CI on human-approval if people were allowed to do it,
so they're just not.

Change-Id: I8a9b657d5c91636a7b4de249b977e24fc0941a1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5826
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
-rw-r--r--nix/buildkite/default.nix16
1 files changed, 11 insertions, 5 deletions
diff --git a/nix/buildkite/default.nix b/nix/buildkite/default.nix
index abce35b459..6a24fea074 100644
--- a/nix/buildkite/default.nix
+++ b/nix/buildkite/default.nix
@@ -294,13 +294,11 @@ rec {
     , parentOverride ? (x: x)
     , branches ? null
     , alwaysRun ? false
+    , prompt ? false
 
       # TODO(tazjin): Default to 'build' after 2022-10-01.
     , phase ? if (isNull postBuild || !postBuild) then "build" else "release"
 
-      # TODO(tazjin): Forbid prompt steps in 'build' phase.
-    , prompt ? false
-
       # TODO(tazjin): Turn into hard-failure after 2022-10-01.
     , postBuild ? null
     }:
@@ -317,8 +315,7 @@ rec {
         label
         needsOutput
         parent
-        parentLabel
-        prompt;
+        parentLabel;
 
       # //nix/buildkite is growing a new feature for adding different
       # "build phases" which supersedes the previous `postBuild`
@@ -343,6 +340,15 @@ rec {
         this step and instead set `phase = ${phase};`.
       ''
         phase;
+
+      prompt = lib.throwIf (prompt != false && phase == "build") ''
+        In step '${label}' (from ${parentLabel}):
+
+        The 'prompt' feature can only be used by steps in the "release"
+        phase, because CI builds should not be gated on manual human
+        approvals.
+      ''
+        prompt;
     };
 
   # Create the Buildkite configuration for an extra step, optionally