Skip to content

Commit 3555544

Browse files
dkijaniadkijania
committed
run permission script inside container as a pre command
1 parent f707592 commit 3555544

File tree

5 files changed

+66
-202
lines changed

5 files changed

+66
-202
lines changed

buildkite/src/Command/Mina.dhall

Lines changed: 0 additions & 35 deletions
This file was deleted.

buildkite/src/Command/Packages/Publish.dhall

Lines changed: 42 additions & 150 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,6 @@ let Extensions = ../../Lib/Extensions.dhall
44

55
let join = Extensions.join
66

7-
let Optional/map = Prelude.Optional.map
8-
9-
let Optional/default = Prelude.Optional.default
10-
11-
let List/map = Prelude.List.map
12-
137
let Artifacts = ../../Constants/Artifacts.dhall
148

159
let Size = ../../Command/Size.dhall
@@ -28,13 +22,11 @@ let DebianRepo = ../../Constants/DebianRepo.dhall
2822

2923
let DockerRepo = ../../Constants/DockerRepo.dhall
3024

31-
let ContainerImages = ../../Constants/ContainerImages.dhall
32-
3325
let Command = ../Base.dhall
3426

3527
let Cmd = ../../Lib/Cmds.dhall
3628

37-
let Mina = ../Mina.dhall
29+
let WithPermissions = ../WithPermissions.dhall
3830

3931
let Artifact = ../../Constants/Artifacts.dhall
4032

@@ -108,16 +100,6 @@ let publish
108100
"\\\${GITTAG}"
109101
"\\\$(date \"+%Y%m%d\")"
110102

111-
let target_version =
112-
spec.target_version
113-
DebianVersions.DebVersion.Bullseye
114-
spec.channel
115-
spec.branch
116-
spec.profile
117-
"\\\${GIT_COMMIT}"
118-
"\\\${GITTAG}"
119-
"\\\$(date \"+%Y%m%d\")"
120-
121103
let artifacts = join "," (Artifacts.dockerNames spec.artifacts)
122104

123105
let networks =
@@ -142,139 +124,49 @@ let publish
142124
spec.codenames
143125
)
144126

145-
let maybeKey =
146-
Optional/map
147-
Text
148-
Text
149-
(\(repo : Text) -> "--debian-sign-key " ++ repo)
150-
(DebianRepo.keyId spec.debian_repo)
151-
152-
let keyArg = Optional/default Text "" maybeKey
153-
154127
let indexedAdditionalTags = Prelude.List.indexed Text additional_tags
155128

156-
let architectures =
157-
join
158-
","
159-
( List/map
160-
Architecture.Type
161-
Text
162-
( \(architecture : Architecture.Type)
163-
-> Architecture.lowerName architecture
164-
)
165-
spec.architectures
166-
)
167-
168-
let signedArg =
169-
if DebianRepo.isSigned spec.debian_repo
170-
171-
then "--signed-debian-repo "
172-
173-
else ""
174-
175-
let commands =
176-
[ Cmd.runInDocker
177-
Cmd.Docker::{
178-
, image = ContainerImages.minaToolchain
179-
, extraEnv =
180-
[ "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY" ]
181-
, privileged = True
182-
, useRoot = True
183-
}
184-
( "git config --global --add safe.directory /workdir && "
185-
++ ". ./buildkite/scripts/export-git-env-vars.sh && "
186-
++ " gpg --import /var/secrets/debian/key.gpg && "
187-
++ " mkdir -p ./cache && "
188-
++ "DEBIAN_CACHE_FOLDER=/workdir/cache ./buildkite/scripts/release/manager.sh publish "
189-
++ "--artifacts ${artifacts} "
190-
++ "--networks ${networks} "
191-
++ "--buildkite-build-id ${spec.build_id} "
192-
++ "--backend ${spec.backend} "
193-
++ "--channel ${DebianChannel.lowerName spec.channel} "
194-
++ "--source-version ${spec.source_version} "
195-
++ "--target-version ${target_version} "
196-
++ "--codenames ${codenames} "
197-
++ "--debian-repo ${DebianRepo.bucket_or_default
198-
spec.debian_repo} "
199-
++ "--only-debians "
200-
++ "--archs ${architectures} "
201-
++ "--profile ${Profiles.lowerName spec.profile} "
202-
++ "${keyArg}"
203-
)
204-
]
205-
# [ Cmd.run
206-
( ". ./buildkite/scripts/export-git-env-vars.sh && "
207-
++ "./buildkite/scripts/release/manager.sh verify "
208-
++ "--artifacts ${artifacts} "
209-
++ "--networks ${networks} "
210-
++ "--channel ${DebianChannel.lowerName spec.channel} "
211-
++ "--version ${target_version} "
212-
++ "--codenames ${codenames} "
213-
++ "--debian-repo ${DebianRepo.bucket_or_default
214-
spec.debian_repo} "
215-
++ "--profile ${Profiles.lowerName spec.profile} "
216-
++ "--only-debians "
217-
++ "--archs ${architectures} "
218-
++ "${signedArg}"
219-
)
220-
]
221-
222-
in [ Command.build
223-
Command.Config::{
224-
, commands =
225-
[ Mina.fixPermissionsCommand
226-
ContainerImages.minaToolchain
129+
in Prelude.List.map
130+
{ index : Natural, value : Text }
131+
Command.Type
132+
( \(r : { index : Natural, value : Text })
133+
-> Command.build
134+
Command.Config::{
135+
, commands =
136+
[ Cmd.run
137+
( WithPermissions.withPermissions
138+
( "./buildkite/scripts/export-git-env-vars.sh && "
139+
++ "./buildkite/scripts/release/manager.sh publish "
140+
++ "--artifacts ${artifacts} "
141+
++ "--networks ${networks} "
142+
++ "--buildkite-build-id ${spec.build_id} "
143+
++ "--backend ${spec.backend} "
144+
++ "--channel ${DebianChannel.lowerName
145+
spec.channel} "
146+
++ "--verify "
147+
++ "--source-version ${spec.source_version} "
148+
++ "--target-version ${r.value} "
149+
++ "--codenames ${codenames} "
150+
++ "--only-dockers "
151+
++ "--source-docker-repo ${DockerRepo.show
152+
spec.docker_repo} "
153+
++ "--target-docker-repo ${DockerRepo.show
154+
spec.docker_repo} "
155+
++ "--force-upload-debians "
156+
)
157+
)
227158
]
228-
# commands
229-
, label = "Debian Packages Publishing"
230-
, key =
231-
"publish-debians-${DebianChannel.lowerName
232-
spec.channel}-${Profiles.lowerName
233-
spec.profile}"
234-
, target = Size.Small
235-
, depends_on = spec.depends_on
236-
, if_ = spec.if_
237-
}
238-
]
239-
# Prelude.List.map
240-
{ index : Natural, value : Text }
241-
Command.Type
242-
( \(r : { index : Natural, value : Text })
243-
-> Command.build
244-
Command.Config::{
245-
, commands =
246-
[ Cmd.run
247-
( ". ./buildkite/scripts/export-git-env-vars.sh && "
248-
++ "./buildkite/scripts/release/manager.sh publish "
249-
++ "--artifacts ${artifacts} "
250-
++ "--networks ${networks} "
251-
++ "--buildkite-build-id ${spec.build_id} "
252-
++ "--backend ${spec.backend} "
253-
++ "--channel ${DebianChannel.lowerName
254-
spec.channel} "
255-
++ "--verify "
256-
++ "--source-version ${spec.source_version} "
257-
++ "--target-version ${r.value} "
258-
++ "--codenames ${codenames} "
259-
++ "--only-dockers "
260-
++ "--source-docker-repo ${DockerRepo.show
261-
spec.docker_repo} "
262-
++ "--target-docker-repo ${DockerRepo.show
263-
spec.docker_repo} "
264-
++ "--force-upload-debians "
265-
)
266-
]
267-
, label = "Docker Packages Publishing"
268-
, key =
269-
"publish-dockers-${DebianChannel.lowerName
270-
spec.channel}-${Profiles.lowerName
271-
spec.profile}-${Natural/show
272-
r.index}"
273-
, target = Size.Small
274-
, depends_on = spec.depends_on
275-
, if_ = spec.if_
276-
}
277-
)
278-
indexedAdditionalTags
159+
, label = "Docker Packages Publishing"
160+
, key =
161+
"publish-dockers-${DebianChannel.lowerName
162+
spec.channel}-${Profiles.lowerName
163+
spec.profile}-${Natural/show
164+
r.index}"
165+
, target = Size.Small
166+
, depends_on = spec.depends_on
167+
, if_ = spec.if_
168+
}
169+
)
170+
indexedAdditionalTags
279171

280172
in { publish = publish, Spec = Spec }

buildkite/src/Command/RunInToolchain.dhall

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
let Cmd = ../Lib/Cmds.dhall
22

3-
let Mina = ../Command/Mina.dhall
3+
let WithPermissions = ./WithPermissions.dhall
44

55
let ContainerImages = ../Constants/ContainerImages.dhall
66

@@ -12,15 +12,14 @@ let runInToolchainImage
1212
-> \(platform : Text)
1313
-> \(environment : List Text)
1414
-> \(innerScript : Text)
15-
-> [ Mina.fixPermissionsCommand image ]
16-
# [ Cmd.runInDocker
17-
Cmd.Docker::{
18-
, image = image
19-
, extraEnv = environment
20-
, platform = platform
21-
}
22-
innerScript
23-
]
15+
-> [ Cmd.runInDocker
16+
Cmd.Docker::{
17+
, image = image
18+
, extraEnv = environment
19+
, platform = platform
20+
}
21+
(WithPermissions.withPermissions innerScript)
22+
]
2423

2524
let runInToolchainNoble
2625
: Arch.Type -> List Text -> Text -> List Cmd.Type

buildkite/src/Command/WithPermissions.dhall

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
let fixPermissionsScript = "sudo chown -R opam ."
2+
3+
let withPermissions
4+
: Text -> Text
5+
= \(str : Text) -> fixPermissionsScript ++ " && " ++ str
6+
7+
in { withPermissions = withPermissions }

buildkite/src/Jobs/Test/EmergencyHfTest.dhall

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ let RunWithPostgres = ../../Command/RunWithPostgres.dhall
1414

1515
let ContainerImages = ../../Constants/ContainerImages.dhall
1616

17-
let Mina = ../../Command/Mina.dhall
17+
let WithPermissions = ../../Command/WithPermissions.dhall
1818

1919
let key = "emergency-hf-test"
2020

@@ -37,13 +37,14 @@ in Pipeline.build
3737
[ Command.build
3838
Command.Config::{
3939
, commands =
40-
[ Mina.fixPermissionsCommand ContainerImages.minaToolchain ]
41-
# [ RunWithPostgres.runInDockerWithPostgresConn
42-
([] : List Text)
43-
(None RunWithPostgres.ScriptOrArchive)
44-
ContainerImages.minaToolchain
40+
[ RunWithPostgres.runInDockerWithPostgresConn
41+
([] : List Text)
42+
(None RunWithPostgres.ScriptOrArchive)
43+
ContainerImages.minaToolchain
44+
( WithPermissions.withPermissions
4545
"./scripts/tests/archive-hardfork-toolbox/test-convert-canonical-blocks.sh && buildkite/scripts/upload-partial-coverage-data.sh ${key} "
46-
]
46+
)
47+
]
4748
, label = "Emergency HF test"
4849
, key = "emergency-hf-test"
4950
, target = Size.Large

0 commit comments

Comments
 (0)