about summary refs log tree commit diff
path: root/ops/pipelines/depot.nix
diff options
context:
space:
mode:
Diffstat (limited to 'ops/pipelines/depot.nix')
-rw-r--r--ops/pipelines/depot.nix24
1 files changed, 22 insertions, 2 deletions
diff --git a/ops/pipelines/depot.nix b/ops/pipelines/depot.nix
index ec7fb813278b..8c03217c1e3b 100644
--- a/ops/pipelines/depot.nix
+++ b/ops/pipelines/depot.nix
@@ -8,8 +8,7 @@
 
 let
   inherit (builtins) concatStringsSep foldl' map toJSON;
-  inherit (lib) singleton;
-  inherit (pkgs) writeText;
+  inherit (pkgs) symlinkJoin writeText;
 
   # Create an expression that builds the target at the specified
   # location.
@@ -80,6 +79,27 @@ let
       ({
         command = "exit $(buildkite-agent meta-data get 'failure')";
         label = ":duck:";
+        key = ":duck:";
+      })
+
+      # After duck, on success, create a gcroot if the build branch is
+      # canon.
+      #
+      # We care that this anchors *most* of the depot, in practice
+      # it's unimportant if there is a build race and we get +-1 of
+      # the targets.
+      #
+      # Unfortunately this requires a third evaluation of the graph,
+      # but since it happens after :duck: it should not affect the
+      # timing of status reporting back to Gerrit.
+      ({
+        command = "nix-instantiate -A ci.gcroot --add-root /nix/var/nix/gcroots/depot/canon";
+        label = ":anchor:";
+        "if" = ''build.branch == "canon"'';
+        depends_on = [{
+          step = ":duck:";
+          allow_failure = false;
+        }];
       })
     ];
 in (writeText "depot.yaml" (toJSON pipeline))