forked from the-distro/infra
Add a wrapper to colmena that stops unintended toe-stepping
Taken from lix/web-services, commit hash 6d29ce968e64225faf03450c063d11a0a5c89cac Co-authored-by: Jade Lovelace <lix@jade.fyi>
This commit is contained in:
parent
8390caee53
commit
d12ef46aa8
|
@ -65,8 +65,9 @@
|
|||
packages = [
|
||||
inputs.agenix.packages.${system}.agenix
|
||||
|
||||
pkgs.colmena
|
||||
pkgs.opentofu
|
||||
|
||||
(pkgs.callPackage ./lib/colmena-wrapper.nix { })
|
||||
];
|
||||
};
|
||||
|
||||
|
|
14
lib/colmena-wrapper.nix
Normal file
14
lib/colmena-wrapper.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
# A wrapper for colmena that prevents accidentally deploying changes without
|
||||
# having pulled.
|
||||
{ colmena, runCommandNoCC }:
|
||||
runCommandNoCC "colmena-wrapper"
|
||||
{
|
||||
env.colmena = "${colmena}/bin/colmena";
|
||||
} ''
|
||||
mkdir -p $out
|
||||
ln -s ${colmena}/share $out/share
|
||||
mkdir $out/bin
|
||||
|
||||
substituteAll ${./colmena-wrapper.sh.in} $out/bin/colmena
|
||||
chmod +x $out/bin/colmena
|
||||
''
|
29
lib/colmena-wrapper.sh.in
Executable file
29
lib/colmena-wrapper.sh.in
Executable file
|
@ -0,0 +1,29 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
doChecks() {
|
||||
# creates refs in the refs/prefetch/remotes/origin namespace
|
||||
echo "Prefetching repo changes..." >&2
|
||||
git fetch --quiet --prefetch --no-write-fetch-head origin
|
||||
|
||||
diffs=$(git rev-list --left-right --count HEAD...refs/prefetch/remotes/origin/main)
|
||||
only_in_local=$(echo "$diffs" | cut -f1)
|
||||
only_in_main=$(echo "$diffs" | cut -f2)
|
||||
|
||||
if [[ $only_in_main -gt 0 && ! -v $FOOTGUN_ME_UWU ]]; then
|
||||
echo >&2
|
||||
echo "Attempting to deploy when main has $only_in_main commits not in your branch!" >&2
|
||||
echo "This will probably revert someone's changes. Consider merging them." >&2
|
||||
echo "If you really mean it, set the environment variable FOOTGUN_ME_UWU" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ $only_in_local -gt 0 ]]; then
|
||||
echo "You have $only_in_local commits not yet pushed to main. Reminder to push them after :)" >&2
|
||||
fi
|
||||
}
|
||||
|
||||
if [[ $1 == 'apply' ]]; then
|
||||
doChecks
|
||||
fi
|
||||
|
||||
exec @colmena@ "$@"
|
Loading…
Reference in a new issue