about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ops/pipelines/depot.nix34
-rw-r--r--ops/pipelines/fallback.yaml8
-rw-r--r--ops/pipelines/static-pipeline.yaml44
3 files changed, 37 insertions, 49 deletions
diff --git a/ops/pipelines/depot.nix b/ops/pipelines/depot.nix
index f2db69a78ff3..de03755373c0 100644
--- a/ops/pipelines/depot.nix
+++ b/ops/pipelines/depot.nix
@@ -77,40 +77,6 @@ let
       # Simultaneously run protobuf checks
       protoCheck
 
-      # Wait for all previous checks to complete
-      ({
-        wait = null;
-        continue_on_failure = true;
-      })
-
-      # Wait for all steps to complete, then exit with success or
-      # failure depending on whether any other steps failed.
-      #
-      # This information is checked by querying the Buildkite GraphQL
-      # API and fetching the count of failed steps.
-      #
-      # This step must be :duck:! (yes, really!)
-      ({
-        command = let duck = pkgs.writeShellScript "duck" ''
-          set -ueo pipefail
-
-          readonly FAILED_JOBS=$(${pkgs.curl}/bin/curl 'https://graphql.buildkite.com/v1' \
-            --silent \
-            -H "Authorization: Bearer $(cat /etc/secrets/buildkite-besadii)" \
-            -d "{\"query\": \"query BuildStatusQuery { build(uuid: \\\"$BUILDKITE_BUILD_ID\\\") { jobs(passed: false) { count } } }\"}" | \
-            ${pkgs.jq}/bin/jq -r '.data.build.jobs.count')
-
-          echo "$FAILED_JOBS build jobs failed."
-
-          if (( $FAILED_JOBS > 0 )); then
-            exit 1
-          fi
-        ''; in "${duck}";
-
-        label = ":duck:";
-        key = ":duck:";
-      })
-
       # After duck, on success, create a gcroot if the build branch is
       # canon.
       #
diff --git a/ops/pipelines/fallback.yaml b/ops/pipelines/fallback.yaml
deleted file mode 100644
index 73308d937b0c..000000000000
--- a/ops/pipelines/fallback.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-# This build configuration provides a fallback which marks a build as
-# failed. This is used if evaluating the build configuration fails,
-# for example because of a syntax error in Nix code.
----
-steps:
-  - command: "echo 'Nix evaluation failed!' && exit 1"
-    # This step *must* be :duck: to trigger the correct hook.
-    label: ":duck:"
diff --git a/ops/pipelines/static-pipeline.yaml b/ops/pipelines/static-pipeline.yaml
index c864aea65714..2c7767820b94 100644
--- a/ops/pipelines/static-pipeline.yaml
+++ b/ops/pipelines/static-pipeline.yaml
@@ -7,14 +7,44 @@
 steps:
   - label: ":llama:"
     command: |
-      function fallback() {
-        echo 'Using fallback pipeline ...'
-        buildkite-agent pipeline upload ops/pipelines/fallback.yaml
-        exit
-      }
+      set -ue
+      nix-build -A ops.pipelines.depot -o depot.yaml --show-trace && \
+        buildkite-agent pipeline upload depot.yaml
 
-      nix-build -A ops.pipelines.depot -o depot.yaml --show-trace || fallback
-      buildkite-agent pipeline upload depot.yaml || fallback
+  # Wait for all previous steps to complete.
+  - wait: null
+    continue_on_failure: true
+
+  # Exit with success or failure depending on whether any other steps
+  # failed.
+  #
+  # This information is checked by querying the Buildkite GraphQL API
+  # and fetching the count of failed steps.
+  #
+  # This step must be :duck: (yes, really!) because the post-command
+  # hook will inspect this name.
+  #
+  # Note that this step has requirements for the agent environment, which
+  # are enforced in our NixOS configuration:
+  #
+  #  * curl and jq must be on the $PATH of build agents
+  #  * besadii configuration must be readable to the build agents
+  - label: ":duck:"
+    key: ":duck:"
+    command: |
+      set -ueo pipefail
+
+      readonly FAILED_JOBS=$(curl 'https://graphql.buildkite.com/v1' \
+        --silent \
+        -H "Authorization: Bearer $(cat /etc/secrets/buildkite-besadii)" \
+        -d "{\"query\": \"query BuildStatusQuery { build(uuid: \\\"$BUILDKITE_BUILD_ID\\\") { jobs(passed: false) { count } } }\"}" | \
+        jq -r '.data.build.jobs.count')
+
+      echo "$$FAILED_JOBS build jobs failed."
+
+      if (( $$FAILED_JOBS > 0 )); then
+        exit 1
+      fi
 
   # Create a revision number for the current commit for builds on
   # canon.