Abandon the pre-receive hook

I wanted Gitea to call Buildkite's pre-receive pipeline and either accept or reject the incoming code depending on the outcome. The problem is that I can only *create* builds from Gitea's pre-receive hook. Now I'm left with two options: 1. run the lint-secrets step in post-receive 2. run `/nix/store/<hash>/git-secrets --scan-history $REPO_PATH` in Gitea As far as I can tell, I cannot define Gitea hooks in Nix, which is unfortunate; otherwise, option 2 would appeal more. I'm doing option one for now.
author: William Carroll <wpcarro@gmail.com> 2020-08-22T08·09+0100
committer: William Carroll <wpcarro@gmail.com> 2020-08-22T22·27+0100
commit: 7ab86f5423578cc86b76ed034e2a79e22a3af727 (patch)
tree: 2620fa28f654ce3b5d4b16b48e8d73fbd19423ed /ci/pipelines/post-receive.nix
parent: 42413399630d015e74aa0e782f217dbc25ff9fe8 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/ci/pipelines/post-receive.nix b/ci/pipelines/post-receive.nix
index 415f10408cc7..3f14dfade557 100644
--- a/ci/pipelines/post-receive.nix
+++ b/ci/pipelines/post-receive.nix
@@ -3,9 +3,15 @@
 let
   pipeline.steps = [
     {
+      key = "lint-secrets";
+      command = "${pkgs.git-secrets}/bin/git-secrets --scan-history";
+      label = ":broom: lint secrets";
+    }
+    {
       key = "build-briefcase";
       command = "nix-build . -I briefcase=$(pwd) --no-out-link --show-trace";
       label = ":nix: build briefcase";
+      depends_on = "lint-secrets";
     }
     {
       key = "build-socrates";
author	William Carroll <wpcarro@gmail.com>	2020-08-22T08·09+0100
committer	William Carroll <wpcarro@gmail.com>	2020-08-22T22·27+0100
commit	7ab86f5423578cc86b76ed034e2a79e22a3af727 (patch)
tree	2620fa28f654ce3b5d4b16b48e8d73fbd19423ed /ci/pipelines/post-receive.nix
parent	42413399630d015e74aa0e782f217dbc25ff9fe8 (diff)