From bf18e657190e6f1c6fa0d5969b6efc45a3599258 Mon Sep 17 00:00:00 2001 From: sterni Date: Sun, 6 Feb 2022 13:07:56 +0100 Subject: refactor(rust-crates-advisory): redo the buildkite report in bash I've elected to split the check-all-our-lock-files script into two new scripts: One very simple script which generates the report by invoking lock-file-report on the fake lock file for //third_party/rust-crates and all lock files in depot, and one which executes this and adds it as a buildkite annotation if there are any warnings (which is reported by the report generating script using a non zero exit code). The latter script could become the basis for generalizing buildkite annotations, a slight attempt at making it easily reusable in the future has been made. So far we expect a report generating script to exit non zero if a report should be made and to print commonmark to stdout. In the future we may want to use a JSON format for generating the report, allowing us to filter it by buildkite target (using the drvmap to exclude certain reports, potentially). Change-Id: I1df9e440509d69adff5b8e6304105a45dc62c018 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5260 Reviewed-by: kn Reviewed-by: tazjin Tested-by: BuildkiteCI --- tools/rust-crates-advisory/default.nix | 81 +++++++++++++++++----------------- 1 file changed, 41 insertions(+), 40 deletions(-) (limited to 'tools/rust-crates-advisory') diff --git a/tools/rust-crates-advisory/default.nix b/tools/rust-crates-advisory/default.nix index d33e78c44250..5285a766d56d 100644 --- a/tools/rust-crates-advisory/default.nix +++ b/tools/rust-crates-advisory/default.nix @@ -120,44 +120,43 @@ let exit $status ''; - check-all-our-lock-files = depot.nix.writeExecline "check-all-our-lock-files" { } [ - "backtick" - "-EI" - "report" - [ - "foreground" - [ - lock-file-report - "//third_party/rust-crates" - our-crates-lock-file - "false" - ] - tree-lock-file-report - "." - ] - "ifelse" - [ - bins.s6-test - "-z" - "$report" - ] - [ - "exit" - "0" - ] - "pipeline" - [ - "printf" - "%s" - "$report" - ] - "buildkite-agent" - "annotate" - "--style" - "warning" - "--context" - "check-all-our-lock-files" - ]; + depot-rust-crates-advisory-report = pkgs.writers.writeBash "depot-advisory-report" '' + set -eu + status=0 + + "${lock-file-report}" "//third_party/rust-crates" "${our-crates-lock-file}" || status=1 + "${tree-lock-file-report}" || status=1 + + exit $status + ''; + + buildkiteReportStep = + { command + , context ? null + , style ? "warning" + }: + let + commandName = depot.nix.utils.storePathName (builtins.head command); + in + + pkgs.writers.writeBash "buildkite-report-${commandName}" '' + set -uo pipefail + + report="$(${lib.escapeShellArgs command})" + + if test $? -ne 0; then + printf "%s" "$report" | \ + buildkite-agent annotate ${ + lib.escapeShellArgs ([ + "--style" + style + ] ++ lib.optionals (context != null) [ + "--context" + context + ]) + } + fi + ''; in depot.nix.readTree.drvTargets { @@ -167,12 +166,14 @@ depot.nix.readTree.drvTargets { lock-file-report ; - tree-lock-file-report = tree-lock-file-report // { meta.ci.extraSteps.run = { label = "Check all crates used in depot for advisories"; alwaysRun = true; - command = check-all-our-lock-files; + command = buildkiteReportStep { + command = [ depot-rust-crates-advisory-report ]; + style = "warning"; + }; }; }; } -- cgit 1.4.1