From 876b71f6417ea0489e16dbd8c1e11794d4e3ab10 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Thu, 2 Jun 2022 17:26:18 +0000
Subject: fix(nix/buildkite): Forbid 'prompt' in build phase steps

This would block CI on human-approval if people were allowed to do it,
so they're just not.

Change-Id: I8a9b657d5c91636a7b4de249b977e24fc0941a1c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5826
Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
---
 nix/buildkite/default.nix | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/nix/buildkite/default.nix b/nix/buildkite/default.nix
index abce35b459..6a24fea074 100644
--- a/nix/buildkite/default.nix
+++ b/nix/buildkite/default.nix
@@ -294,13 +294,11 @@ rec {
     , parentOverride ? (x: x)
     , branches ? null
     , alwaysRun ? false
+    , prompt ? false
 
       # TODO(tazjin): Default to 'build' after 2022-10-01.
     , phase ? if (isNull postBuild || !postBuild) then "build" else "release"
 
-      # TODO(tazjin): Forbid prompt steps in 'build' phase.
-    , prompt ? false
-
       # TODO(tazjin): Turn into hard-failure after 2022-10-01.
     , postBuild ? null
     }:
@@ -317,8 +315,7 @@ rec {
         label
         needsOutput
         parent
-        parentLabel
-        prompt;
+        parentLabel;
 
       # //nix/buildkite is growing a new feature for adding different
       # "build phases" which supersedes the previous `postBuild`
@@ -343,6 +340,15 @@ rec {
         this step and instead set `phase = ${phase};`.
       ''
         phase;
+
+      prompt = lib.throwIf (prompt != false && phase == "build") ''
+        In step '${label}' (from ${parentLabel}):
+
+        The 'prompt' feature can only be used by steps in the "release"
+        phase, because CI builds should not be gated on manual human
+        approvals.
+      ''
+        prompt;
     };
 
   # Create the Buildkite configuration for an extra step, optionally
-- 
cgit 1.4.1