subtree(users/wpcarro): docking briefcase at '24f5a642' r/3226

git-subtree-dir: users/wpcarro
git-subtree-mainline: 464bbcb15c09813172c79820bcf526bb10cf4208
git-subtree-split: 24f5a642af3aa1627bbff977f0a101907a02c69f
Change-Id: I6105b3762b79126b3488359c95978cadb3efa789

3 files changed, 109 insertions, 0 deletions

diff --git a/users/wpcarro/ci/pipelines/post-receive.nix b/users/wpcarro/ci/pipelines/post-receive.nix
new file mode 100644
index 0000000000..456d546af7
--- /dev/null
+++ b/users/wpcarro/ci/pipelines/post-receive.nix
@@ -0,0 +1,56 @@
+{ briefcase, pkgs, ... }:
+
+let
+  inherit (builtins) fetchGit path toJSON;
+  inherit (briefcase.emacs) initEl runScript;
+
+  elispLintSrc = fetchGit {
+    url = "https://github.com/gonewest818/elisp-lint";
+    rev = "2b645266be8010a6a49c6d0ebf6a3ad5bd290ff4";
+  };
+
+  pipeline.steps = [
+    {
+      key = "lint-secrets";
+      command = "${pkgs.git-secrets}/bin/git-secrets --scan-history";
+      label = ":broom: lint secrets";
+    }
+    {
+      key = "build-briefcase";
+      command = ''
+        nix-build . -I briefcase="$(pwd)" --no-out-link --show-trace
+      '';
+      label = ":nix: build briefcase";
+      depends_on = "lint-secrets";
+    }
+    {
+      key = "init-emacs";
+      command = let
+        scriptEl = path {
+          path = ./script.el;
+          name = "script.el";
+        };
+        runScriptEl = runScript {
+          script = scriptEl;
+          briefcasePath = "$(pwd)";
+        };
+      in "${runScriptEl} ${initEl}";
+      label = ":gnu: initialize Emacs";
+      depends_on = "build-briefcase";
+    }
+    {
+      key = "build-socrates";
+      command = ''
+        nix-build '<nixpkgs/nixos>' \
+          -I briefcase="$(pwd)" \
+          -I nixpkgs=/var/lib/buildkite-agent-socrates/nixpkgs-channels \
+          -I nixos-config=nixos/socrates/default.nix \
+          -A system \
+          --no-out-link \
+          --show-trace
+      '';
+      label = ":nix: build socrates";
+      depends_on = "build-briefcase";
+    }
+  ];
+in pkgs.writeText "pipeline.yaml" (toJSON pipeline)
diff --git a/users/wpcarro/ci/pipelines/script.el b/users/wpcarro/ci/pipelines/script.el
new file mode 100644
index 0000000000..da079b64ba
--- /dev/null
+++ b/users/wpcarro/ci/pipelines/script.el
@@ -0,0 +1,44 @@
+;; This script initializes Emacs and exits with either a zero or non-zero status
+;; depending on whether or not Emacs initialized without logging warnings or
+;; encountering errors.
+;;
+;; This script reads the location of init.el as the last argument in `argv'.
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Dependencies
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(require 'prelude)
+(require 'f)
+(require 'dash)
+(require 'buffer)
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Script
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defvar init-el-path (-last-item argv)
+  "Path to the init.el file that this script attempts to load.")
+
+(prelude-assert (f-exists? init-el-path))
+
+(condition-case err
+    (load init-el-path)
+  (error
+   (message "Encountered an error while attempting to load init.el: %s" err)
+   (kill-emacs 1)))
+
+(when (buffer-exists? "*Errors*")
+  (progn
+    (with-current-buffer "*Errors*"
+      (message "Encountered errors in *Errors* buffer: %s" (buffer-string)))
+    (kill-emacs 1)))
+
+(when (buffer-exists? "*Warnings*")
+  (progn
+    (with-current-buffer "*Warnings*"
+      (message "Encountered warnings in *Warnings* buffer: %s" (buffer-string)))
+    (kill-emacs 1)))
+
+(message "Successfully init'd Emacs without encountering errors or warnings!")
+(kill-emacs 0)
diff --git a/users/wpcarro/ci/secret-patterns.txt b/users/wpcarro/ci/secret-patterns.txt
new file mode 100644
index 0000000000..cbf58a1e74
--- /dev/null
+++ b/users/wpcarro/ci/secret-patterns.txt
@@ -0,0 +1,9 @@
+(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
+("|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)("|')?\s*(:|=>|=)\s*("|')?[A-Za-z0-9/\+=]{40}("|')?
+("|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?("|')?\s*(:|=>|=)\s*("|')?[0-9]{4}\-?[0-9]{4}\-?[0-9]{4}("|')?
+AIza[0-9A-Za-z_-]{35}
+[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com
+(^|[^0-9A-Za-z/+])1/[0-9A-Za-z_-]{43}
+(^|[^0-9A-Za-z/+])1/[0-9A-Za-z_-]{64}
+ya29\.[0-9A-Za-z_-]+
+(sk|pk)_(test|live)_[a-zA-Z0-9]{99}