about summary refs log tree commit diff
path: root/tools
AgeCommit message (Collapse)AuthorFilesLines
2022-09-19 r/4925 fix(nixery): Discard string context before parsing with fromJSONtalyz1-3/+3
Discard string context in prepare-image.nix before parsing input read with readFile with fromJSON. Required for compatibility with nix >2.3. Change-Id: I3830707e80fd19a700551a15f1a96d2841d0b022 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6696 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-09-19 r/4924 fix(nixery): Avoid race when the same image is fetched in paralleltalyz5-47/+60
Remove a race condition which appears when uploadHashLayer is called with the same key from multiple threads simultaneously. This can easily happen when the same image path is requested by multiple clients at the same time. When it does, a 500 status is returned and the following error message is logged: { "context": { "filePath": "github.com/google/nixery/builder/builder.go", "lineNumber": 440, "functionName": "github.com/google/nixery/builder.uploadHashLayer" }, "error": "rename /var/lib/nixery/staging/<hash> /var/lib/nixery/layers/<hash>: no such file or directory", "eventTime": "...", "layer": "<hash>", "message": "failed to move layer from staging", ... } To solve this issue, introduce a mutex keyed on the uploaded hash and move all layer caching into uploadHashLayer. This could additionally provide a small performance benefit when an already built image is requested and NIXERY_PKGS_PATH is set, since symlink layers and config layers are now also cached. Change-Id: I50788a7ec7940cb5e5760f244692e361019a9bb7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6695 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-09-19 r/4922 chore(gerrit): migrate OWNERS files to code-owners styleLuke Granger-Brown6-18/+7
Change-Id: Iacc521dfdd4b4a2d5cef3920cf8189bcce35a488
2022-08-24 r/4461 feat(tvix/tests): check in Nix' language test suiteVincent Ambo1-2/+1
This adds scaffolding code for running the Nix language test suite. The majority of eval-okay-* tests should eventually be runnable as-is by Tvix, however the eval-fail-* tests might not as we intend to have more useful error messages than upstream Nix. Change-Id: I4f3227f0889c55e4274b804a3072850fb78dd1bd Reviewed-on: https://cl.tvl.fyi/c/depot/+/6126 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: grfn <grfn@gws.fyi>
2022-08-22 r/4451 chore(tools/cheddar): bump cargo dependenciesVincent Ambo1-125/+248
Change-Id: I41e26046a67635ec3dba2ac955e31e6ca7451cc6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6120 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-08-13 r/4420 feat(tvl.el): add magit-gerrit-push-privateVincent Ambo1-0/+13
This adds a new function (intentionally bound to a rare key (Q)) in the push menu which can push a *private* change to Gerrit. A private change is one that, until submitted, is only visible to its owner and all explicitly added people (reviewers, CC). Change-Id: I6ee13dbbad099584475d3efac96e5d9b86efbc26 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6061 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: tazjin <tazjin@tvl.su>
2022-06-30 r/4267 test(tools/cheddar): Run unit tests during buildWilliam Carroll1-0/+1
TIL `doCheck` is `naersk`'s mechanism for running unit tests during builds. Change-Id: Ife8eebacdf211ea52ecd50bb7bcdba326db64fbe Reviewed-on: https://cl.tvl.fyi/c/depot/+/5661 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: wpcarro <wpcarro@gmail.com>
2022-06-16 r/4242 chore(nixery): use nix-1p from within the depotVincent Ambo2-9/+6
Since the source of nix-1p is checked in under //nix/nix-1p, we should use it from there if Nixery is being built inside of depot. Change-Id: Iddd54f7b93b398b2f909db6ee105366a9914a2ac Reviewed-on: https://cl.tvl.fyi/c/depot/+/5882 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-06-16 r/4241 docs(nixery): dynamically display current nixpkgs commitVincent Ambo3-13/+25
People occasionally ask what the current nixpkgs commit is on nixery.dev (see e.g. https://github.com/tazjin/nixery/issues/153). With this change, the commit is displayed on nixery.dev if Nixery is built for the TVL deployment. Change-Id: I795220214db5a367a126c9b4bd03754e9f144940 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5881 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2022-06-07 r/4229 fix(tools/checks): Minor typo fixVincent Ambo1-1/+1
Change-Id: I5cfd6223a3bd0bb4cc650b53af36193185354062 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5859 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-06-07 r/4224 feat(tools/checks): Add factored-out Terraform config checkVincent Ambo1-0/+38
This can be re-used across Terraform environments. Change-Id: I3d964a17d1cda1aff1df12bd4c0c3ee84b7f7748 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5850 Tested-by: BuildkiteCI Reviewed-by: asmundo <asmundo@gmail.com>
2022-06-06 r/4223 fix(tools/releases): Explicitly set release phase in filteredGitPushVincent Ambo1-1/+1
Change-Id: I70fe0eb168064795f704baf1a24556365cfdf8c9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5831 Tested-by: BuildkiteCI Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
2022-06-06 r/4212 feat(ops/buildkite): Bootstrap Buildkite Terraform configurationVincent Ambo1-0/+5
In order to run this the secrets needs to be sourced, e.g.: eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age) Change-Id: I9f6a02c0dac22f584181635861ddbb06cf849f14 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5838 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su>
2022-06-01 r/4199 feat(tools/magrathea): add repl commandsterni1-0/+5
`mg repl` is essentially a shortcut for nix repl $(mg path //) which comes up often enough for me. Launching a repl only really makes sense in the repository root with how readTree works at the moment, so I think this is a convenient addition. Change-Id: I32b695885c2e6eaecdcc656c7249afa504439913 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5822 Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-05-27 r/4163 test(tools/hash-password): ensure that script can execute correctlyVincent Ambo1-3/+11
This tests loading of the argon2 OpenLDAP module. Relates to b/184 Change-Id: I661af4ddc238ad02d082b3a0cede55af5ef13f1b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5750 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 r/4123 chore(nixery): Bump Go dependenciesVincent Ambo3-69/+106
Change-Id: Id6ff48d66368732cba0b8af6e1cbab64b0f2afbf Reviewed-on: https://cl.tvl.fyi/c/depot/+/5671 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 r/4121 feat(nixery): Automatically mirror subtree to GithubVincent Ambo1-0/+8
This exports the `:/tools/nixery` subtree to Github automatically after merges to `canon`. Due to the way the project was imported this continues the existing git history in the external repository. Change-Id: Ie871c14ad5d8f1019f8be86adecbe9b130ffb01a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5667 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-26 r/4120 feat(tools/releases): Add release helper for mirroring to GithubVincent Ambo1-0/+37
This adds an extra step definition which can push the result of running a josh filter on the repository to Github. Change-Id: I1f93ae78e1bf452fbd1b21ce943a60acc85c944f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5666 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2022-05-25 r/4116 chore(cheddar): Bump dependencies within boundsVincent Ambo1-44/+44
Change-Id: I58a18b41c883c73450fdfafa93a565777710be3b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5663 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
2022-05-23 r/4106 refactor(nixery): Modernise structure of binariesVincent Ambo2-28/+25
Nixery is going to gain a new binary (used for building images without a registry server); to prepare for this the server binary has moved to cmd/server and the Nix build logic has been updated to wrap this binary and set the required environment variables. Change-Id: I9b4f49f47872ae76430463e2fcb8f68114070f72 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5603 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-23 r/4105 refactor(nixery): Extract layering logic into separate packageVincent Ambo4-21/+25
This will be required for making a standalone, Nixery-style image builder function usable from Nix. Change-Id: I5e36348bd4c32d249d56f6628cd046916691319f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5601 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-10 r/4038 fix(tool/depot-deps): rebuildSystem -> rebuild-systemWilliam Carroll1-1/+1
The camelCase variant of `rebuild-system` doesn't exist, but the kebab-case version does. Side note: this `lazy-dispatch` upgrade is pretty cool. TIL `direnv` supports `watch_file` and `PATH_add`. Change-Id: Idc9109a9b0de327ddf7b9c6a4368b7bebb551196 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5565 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: wpcarro <wpcarro@gmail.com>
2022-05-05 r/4006 chore: simplify the .envrc loadingzimbatm1-26/+19
nix-shell pollutes the environment with all sorts of variables. Let's just add the tools to the PATH? This also papers over the various differences in users `use_nix` implementations by not using it at all. Change-Id: If4282531fd6b7453b3611fe50217beacadc08bb5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5524 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-05-02 r/3997 refactor: Replace //bin with //tools/depot-depsVincent Ambo1-0/+34
This modifies the envrc configuration to add the result of building //tools/depot-deps to $PATH, instead of dispatching through the manually maintained list of symlinks. While at it, I've cleaned up some stuff from that list that is no longer actually used. Change-Id: If345c44da75b23c06b7c7f435be0cb02f99aaac5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5513 Tested-by: BuildkiteCI Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
2022-05-01 r/3994 feat(magrathea): add flag passthru for arguments to nix-buildVincent Ambo1-13/+56
in some cases, users might want to pass through flags for nix-build (such as `-j`). magrathea now accepts these as arguments to `mg build`, as long as they are separated by `--`. the arguments passed to `mg build` are parsed into a proper record, which enables us to show users very clear error messages in case they forget to use the `--` separator and keeping us future-compatible with more potential arguments to magrathea itself. Change-Id: I81f5d9db52779a5cc3b8bbdd975316274fffe5fc Reviewed-on: https://cl.tvl.fyi/c/depot/+/5507 Tested-by: BuildkiteCI Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com> Reviewed-by: asmundo <asmundo@gmail.com>
2022-04-21 r/3987 fix(nixery): Avoid impure reading of .git directoryVincent Ambo1-5/+3
Change-Id: I67405f9c9bd9cc8cb34fafff80e30b2fca53a2b3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5502 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su>
2022-04-20 r/3982 chore(nixery): Housekeeping for depot compatibilityVincent Ambo28-457/+186
Cleans up a whole bunch of things I wanted to get out of the door right away: * depot internal references to //third_party/nixery have been replaced with //tools/nixery * cleaned up files from Github * fixed SPDX & Copyright headers * code formatting and inclusion in //tools/depotfmt checks Change-Id: Iea79f0fdf3aa04f71741d4f4032f88605ae415bb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5486 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su>
2022-04-20 r/3979 refactor(nixery): Adapt Nix build instructions for readTreeVincent Ambo2-7/+11
This does not fully change the build structure of Nixery to be depot-compatible yet, but should allow most targets to be built in depot CI. This contains some hacks to work around surface incompatibilities which we'll clear away later. Change-Id: I84e7734334abbe299983956f528c0897f49fa8c2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5485 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-04-20 r/3978 feat(tools/nixery): Absorb Nixery into depotVincent Ambo46-1/+5065
This absorbs a josh-filtered Nix subtree into depot, at //tools/nixery. This subtree was created through `josh-filter ':prefix=tools/nixery'`, which allows a filter on tools/nixery to yield the same commit hashes as the original Nixery repository (allowing for history continuity). Change-Id: Icc1a99bf1248226b91f437b0a90361d36fb0d327
2022-04-20 docs: change references to repo URLRaphael Borun Das Gupta3-5/+5
The Nixery main Git repo has moved from https://github.com/google/nixery to https://github.com/tazjin/nixery . So change it in README and on the https://nixery.dev/ website.
2022-04-17 r/3972 chore(cheddar): Bump dependenciesVincent Ambo1-39/+59
Change-Id: Id8be05cadb4284cca78875c36a886c9ae0aa027d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5476 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2022-03-08 r/3897 chore(cheddar): Bump rouille and other dependenciesVincent Ambo2-187/+154
This mitigates the chrono & brotli-sys CVE reports for cheddar. Change-Id: I2f37cd7575e5ea38f4ca3aac71275652c343753d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5353 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-26 r/3870 chore(tools): drop depot-nixpkgs-updatesterni1-44/+0
This tool has been replaced by niv. Change-Id: I011059b7d8890d0456b22f066e723584cc1d9a2b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5329 Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-02-26 r/3869 chore(tools): Remove deprecated depot-build toolVincent Ambo1-8/+0
This has been superseded by magrathea. Change-Id: Ief4a3d1b81e51e7a9c9a0112584fa7efc8aca63f Reviewed-on: https://cl.tvl.fyi/c/depot/+/5328 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-02-18 r/3857 feat(tools/magrathea): implement run commandsterni1-0/+48
This command builds the desired target and runs the executable produced by it. If a directory is produced, it looks for a single (!) executable in the bin directory. Dot files are ignored, so wrappers should generally work. In the future we could provide a flag to select one of multiple executables. All arguments following the target are passed to the executable as is. Examples: mg run ops/mq_cli ls mg run web/bubblegum:examples Change-Id: I6490668af68e028520973196d9daa5f1d58969ee Reviewed-on: https://cl.tvl.fyi/c/depot/+/5277 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-02-13 r/3818 feat(rust-crates-advisories): check 3p crates together w/ lock filessterni1-74/+20
Instead of the strict check-all-our-crates, generate a fake Cargo.lock and add it to the report generated by check-all-our-lock-files. check-all-our-crates was a reimplementation of cargo-audit anyways and prevented us from updating the advisory db due to its strict model (failing on any advisory). Change-Id: I264a7f1a5058a527cbc46d26225352ecd437a22b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5230 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-02-13 r/3817 refactor(rust-crates-advisory): split code for buildkite and reportsterni1-20/+28
Rename check-all-our-lock-files to tree-lock-file-report and pull out all the buildkite-specific code which makes the code less awkward. check-all-our-lock-files is then only executed in extraSteps and runs tree-lock-file-report on depot, adding it as a warning to the pipeline if it is non-empty. Change-Id: If6bd236d90cc680cba0ed4e988f2f28ddb8012d6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5229 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
2022-02-13 r/3816 refactor(rust-crates-advisory): move report generation into scriptsterni1-22/+28
This script is somewhat usable by humans (it even has a help screen!) and can be reused in //users/sterni/nixpkgs-crate-holes. We are using bash since that allows us to exit with the actual exit code of cargo-audit - something that's not possible in execline. Change-Id: I3331ae8222a20e23b8e30dc920ab48af78f0247c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5228 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
2022-02-13 r/3813 fix(magrathea): print [mg] messages to stderrsterni1-2/+2
I want to add a shortcut to build and run e.g. scripts that are depot targets - for which it would be useful to not have stdout polluted by magrathea itself. Change-Id: Ic58fe28eafb4d0715e53beae041bfaa5d1745812 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5276 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2022-02-08 r/3792 feat(depotfmt): Check & format Rust code with rustfmtVincent Ambo1-0/+7
The rustfmt configuration of the depot is moved to `rustfmt.toml` (it is recognised more reliably from this path than from the hidden .rustfmt.toml). Nested configuration is theoretically possible, but detection of nested config files is flaky. Paths with nested config files need to be disabled in the top-level check (I've excluded my user directory). Change-Id: I385ce3ef529bda28fac03bfba86fc204c81b8a61 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5241 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2022-02-08 r/3791 style(rust): Format all Rust code with rustfmtVincent Ambo4-30/+84
Change-Id: Iab7e00cc26a4f9727d3ab98691ef379921a33052 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5240 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: tazjin <tazjin@tvl.su>
2022-02-08 r/3790 chore: move some meta.targets definitions to meta.ci.targetsVincent Ambo1-1/+1
Change-Id: Icdec1dec89158fb596c5185ac7105892081947f5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5252 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>
2022-02-07 r/3783 fix(tools/depotfmt): clear cache when running checksVincent Ambo1-0/+1
apparently the cache can get out-of-sync or something; either way we had a build where it missed a file that was misformated. Change-Id: I2967aec99ee1c7c8b978a3dfdfed4ff213bb6591 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5249 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-07 r/3782 feat(tools/crfo-approve): Add tool for CRFO depot-interventionsVincent Ambo1-0/+52
In some cases we want to be able to "emergency approve" something on behalf of a different user. Example cases: * clean up of abandoned directories with restrictive OWNERS * security fixes blocked on people in different timezones This script can be used to perform these approvals if the user is a member of depot-interventions. Note that access to depot-interventions is audit logged. The user on behalf of whom approval is performed is always added to the attention set to ensure that they are made aware of the CRFO approval. Note: This depends on nixpkgs#156466. Keeping WIP until we have a channel with that patch. Change-Id: I16e5f9d7baa9daab49c88b629bb8f024aad9d94c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5085 Tested-by: BuildkiteCI Reviewed-by: kn <klemens@posteo.de> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-04 r/3764 fix(format-audit-results.jq): use advisories over vulnerabilitiessterni1-1/+1
Many of the vulnerabilities (in the respective crates) reported are not actually exploitable vulnerabilties of the packages we report them for. Consequently it is more accurate to state that they are advisories. Change-Id: I02932125b77fc9c71e583ae49e822fd3438dce05 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5202 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-02-04 r/3763 feat(tools/rust-crates-advisory): omit GHFM checklist in buildkitesterni2-1/+6
Buildkite doesn't understand GitHub Flavored Markdown and having a read only checklist in there is probably not much use. Change-Id: I41538487087e8c817b1a5e653f077bb0fbe6eb47 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5201 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-02-04 r/3762 chore: move format-audit-result.jq out of //users/sternisterni3-1/+75
In the spirit of the readTree filter we should also not include files in user directories from the outside. Change-Id: I1abe36a721048900d2758b5986063b68b8d1af93 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5200 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-02-04 r/3761 feat(tools/rust-crates-advisory): also check all our Cargo.lockssterni1-1/+92
check-all-our-lock-files works very similarly to //users/sterni/nixpkgs-crate-holes, even reusing some parts of it, but is much simpler since we don't need to extract the lock files — they are already in tree. It is implemented as a very simple script which just traverses the subtree of the current directory, collecting all warnings. When executing this script in buildkite via extraSteps, it never fails, instead annotating the pipeline run with a warning. Change-Id: I0a0bc26deffe7b20b99f5aa7238fb3c3bb9deb92 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3721 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2022-02-03 r/3760 refactor: expose cheddar-about script from cheddarsterni1-0/+11
Any other cgit configuration in depot would need this script wrapper as well. Change-Id: Ifa04e1c9de9c925eb3f60c5d3854221ae02ef06c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5206 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: sterni <sternenseemann@systemli.org>
2022-01-31 r/3724 feat(depotfmt): format Nix code using nixpkgs-fmtVincent Ambo1-0/+8
Change-Id: Ieffd04e1654e37500a6f6f5e4f29d09137bbc4e9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5142 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>