diff options
author | Vincent Ambo <mail@tazj.in> | 2022-06-02T17·26+0000 |
---|---|---|
committer | tazjin <tazjin@tvl.su> | 2022-06-03T17·36+0000 |
commit | 876b71f6417ea0489e16dbd8c1e11794d4e3ab10 (patch) | |
tree | 7183ed06d18db853067d68ff0e7cf513ed77dd68 /nix/buildkite/default.nix | |
parent | 56a97a0337a3f3eedc859b5f380a6f62adcb0368 (diff) |
fix(nix/buildkite): Forbid 'prompt' in build phase steps r/4204
This would block CI on human-approval if people were allowed to do it, so they're just not. Change-Id: I8a9b657d5c91636a7b4de249b977e24fc0941a1c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5826 Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
Diffstat (limited to 'nix/buildkite/default.nix')
-rw-r--r-- | nix/buildkite/default.nix | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/nix/buildkite/default.nix b/nix/buildkite/default.nix index abce35b45972..6a24fea074ce 100644 --- a/nix/buildkite/default.nix +++ b/nix/buildkite/default.nix @@ -294,13 +294,11 @@ rec { , parentOverride ? (x: x) , branches ? null , alwaysRun ? false + , prompt ? false # TODO(tazjin): Default to 'build' after 2022-10-01. , phase ? if (isNull postBuild || !postBuild) then "build" else "release" - # TODO(tazjin): Forbid prompt steps in 'build' phase. - , prompt ? false - # TODO(tazjin): Turn into hard-failure after 2022-10-01. , postBuild ? null }: @@ -317,8 +315,7 @@ rec { label needsOutput parent - parentLabel - prompt; + parentLabel; # //nix/buildkite is growing a new feature for adding different # "build phases" which supersedes the previous `postBuild` @@ -343,6 +340,15 @@ rec { this step and instead set `phase = ${phase};`. '' phase; + + prompt = lib.throwIf (prompt != false && phase == "build") '' + In step '${label}' (from ${parentLabel}): + + The 'prompt' feature can only be used by steps in the "release" + phase, because CI builds should not be gated on manual human + approvals. + '' + prompt; }; # Create the Buildkite configuration for an extra step, optionally |