-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CI (Buildkite): move the
sanitizers
builders (e.g. asan
) to the e…
- Loading branch information
1 parent
aa9827f
commit 8d49537
Showing
4 changed files
with
42 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# This file represents what is put into the webUI. | ||
# It is purely for keeping track of the changes we make to the webUI configuration; modifying this file has no effect. | ||
# We use the `cryptic` buildkite plugin to provide secrets management, which requires some integration into the WebUI's steps. | ||
agents: | ||
queue: "julia" | ||
sandbox.jl: "true" | ||
|
||
steps: | ||
- label: ":unlock: Unlock secrets, launch pipelines" | ||
plugins: | ||
- staticfloat/cryptic: | ||
# Our list of pipelines that should be launched (but don't require a signature) | ||
# These pipelines can be modified by any contributor and CI will still run. | ||
# Build secrets will not be available in these pipelines (or their children) | ||
# but some of our signed pipelines can wait upon the completion of these unsigned | ||
# pipelines. | ||
unsigned_pipelines: | ||
- .buildkite/experimental/pipeline.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# This file launches all the build jobs that _don't_ require secrets access. | ||
# These jobs can pass their output off to jobs that do require secrets access, | ||
# but those privileged steps require signing before they can be run. | ||
# | ||
# Yes, this is creating another layer of indirection; the flow now looks like: | ||
# | ||
# [webui] -> pipeline.yml -> llvm_passes.yml | ||
# | ||
# when we could theoretically just have the `webui` launch `llvm_passes.yml`, | ||
# however this raises the bar for contributors to add new (unsigned) steps to | ||
# our CI configuration, so I'd rather live with an extra layer of indirection | ||
# and only need to touch the webui configuration when we need to alter | ||
# something about the privileged steps. | ||
steps: | ||
- label: ":buildkite: Launch unsigned pipelines" | ||
commands: | | ||
buildkite-agent pipeline upload .buildkite/experimental/sanitizers.yml | ||
agents: | ||
queue: julia |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters