about summary refs log tree commit diff
path: root/ops
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2021-12-10T07·10+0300
committertazjin <mail@tazj.in>2021-12-10T07·55+0000
commite4231c9816dc532b4d4eb0c9e8d7e8e347d0ebe4 (patch)
tree119735e2051add221899939b006b75808b6b3cc0 /ops
parent9ea4d55d81d61b6073e69bebdc614f9694d8223c (diff)
refactor(ops/pipelines): Move :duck: logic into static pipeline r/3177
This simplifies the fallback logic used in case of Nix evaluation
failure and makes it so that the evaluation step itself is the one
that is marked as failed in Buildkite.

This is possible because the pipeline upload command will insert new
steps at the point where it runs in the pipeline, and not later.

Change-Id: I870534c004ebc457a1602623c4e5f9c0c68e28fc
Diffstat (limited to 'ops')
-rw-r--r--ops/pipelines/depot.nix34
-rw-r--r--ops/pipelines/fallback.yaml8
-rw-r--r--ops/pipelines/static-pipeline.yaml44
3 files changed, 37 insertions, 49 deletions
diff --git a/ops/pipelines/depot.nix b/ops/pipelines/depot.nix
index f2db69a78ff3..de03755373c0 100644
--- a/ops/pipelines/depot.nix
+++ b/ops/pipelines/depot.nix
@@ -77,40 +77,6 @@ let
       # Simultaneously run protobuf checks
       protoCheck
 
-      # Wait for all previous checks to complete
-      ({
-        wait = null;
-        continue_on_failure = true;
-      })
-
-      # Wait for all steps to complete, then exit with success or
-      # failure depending on whether any other steps failed.
-      #
-      # This information is checked by querying the Buildkite GraphQL
-      # API and fetching the count of failed steps.
-      #
-      # This step must be :duck:! (yes, really!)
-      ({
-        command = let duck = pkgs.writeShellScript "duck" ''
-          set -ueo pipefail
-
-          readonly FAILED_JOBS=$(${pkgs.curl}/bin/curl 'https://graphql.buildkite.com/v1' \
-            --silent \
-            -H "Authorization: Bearer $(cat /etc/secrets/buildkite-besadii)" \
-            -d "{\"query\": \"query BuildStatusQuery { build(uuid: \\\"$BUILDKITE_BUILD_ID\\\") { jobs(passed: false) { count } } }\"}" | \
-            ${pkgs.jq}/bin/jq -r '.data.build.jobs.count')
-
-          echo "$FAILED_JOBS build jobs failed."
-
-          if (( $FAILED_JOBS > 0 )); then
-            exit 1
-          fi
-        ''; in "${duck}";
-
-        label = ":duck:";
-        key = ":duck:";
-      })
-
       # After duck, on success, create a gcroot if the build branch is
       # canon.
       #
diff --git a/ops/pipelines/fallback.yaml b/ops/pipelines/fallback.yaml
deleted file mode 100644
index 73308d937b0c..000000000000
--- a/ops/pipelines/fallback.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-# This build configuration provides a fallback which marks a build as
-# failed. This is used if evaluating the build configuration fails,
-# for example because of a syntax error in Nix code.
----
-steps:
-  - command: "echo 'Nix evaluation failed!' && exit 1"
-    # This step *must* be :duck: to trigger the correct hook.
-    label: ":duck:"
diff --git a/ops/pipelines/static-pipeline.yaml b/ops/pipelines/static-pipeline.yaml
index c864aea65714..2c7767820b94 100644
--- a/ops/pipelines/static-pipeline.yaml
+++ b/ops/pipelines/static-pipeline.yaml
@@ -7,14 +7,44 @@
 steps:
   - label: ":llama:"
     command: |
-      function fallback() {
-        echo 'Using fallback pipeline ...'
-        buildkite-agent pipeline upload ops/pipelines/fallback.yaml
-        exit
-      }
+      set -ue
+      nix-build -A ops.pipelines.depot -o depot.yaml --show-trace && \
+        buildkite-agent pipeline upload depot.yaml
 
-      nix-build -A ops.pipelines.depot -o depot.yaml --show-trace || fallback
-      buildkite-agent pipeline upload depot.yaml || fallback
+  # Wait for all previous steps to complete.
+  - wait: null
+    continue_on_failure: true
+
+  # Exit with success or failure depending on whether any other steps
+  # failed.
+  #
+  # This information is checked by querying the Buildkite GraphQL API
+  # and fetching the count of failed steps.
+  #
+  # This step must be :duck: (yes, really!) because the post-command
+  # hook will inspect this name.
+  #
+  # Note that this step has requirements for the agent environment, which
+  # are enforced in our NixOS configuration:
+  #
+  #  * curl and jq must be on the $PATH of build agents
+  #  * besadii configuration must be readable to the build agents
+  - label: ":duck:"
+    key: ":duck:"
+    command: |
+      set -ueo pipefail
+
+      readonly FAILED_JOBS=$(curl 'https://graphql.buildkite.com/v1' \
+        --silent \
+        -H "Authorization: Bearer $(cat /etc/secrets/buildkite-besadii)" \
+        -d "{\"query\": \"query BuildStatusQuery { build(uuid: \\\"$BUILDKITE_BUILD_ID\\\") { jobs(passed: false) { count } } }\"}" | \
+        jq -r '.data.build.jobs.count')
+
+      echo "$$FAILED_JOBS build jobs failed."
+
+      if (( $$FAILED_JOBS > 0 )); then
+        exit 1
+      fi
 
   # Create a revision number for the current commit for builds on
   # canon.