From bd7fd1aae6979eed8e09be9e6dd61566e9f76016 Mon Sep 17 00:00:00 2001 From: zzak Date: Mon, 2 Dec 2024 13:31:55 +0900 Subject: [PATCH] Remove approval block to run tests, lint, and annotations These steps are designed so any code executed from the workspace happens inside an unprivileged docker container. We would get faster feedback on PRs if these run instantly. --- pipelines/buildkite-config/initial.yml | 42 +++++++++++++++++--------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/pipelines/buildkite-config/initial.yml b/pipelines/buildkite-config/initial.yml index 0158f13..03d4c78 100644 --- a/pipelines/buildkite-config/initial.yml +++ b/pipelines/buildkite-config/initial.yml @@ -4,16 +4,6 @@ # This config is intended for running the rails/buildkite-config CI. steps: - - block: "Review Build Script" - branches: "!main" - prompt: | - Our CI scripts run outside the docker containers, which are a necessary security layer. - - Approving a build here is equivalent to copy & pasting it into a production ssh window. - - Prefer a second opinion for any nontrivial change, especially outside `pipeline-generate`. - - - @matthewd - group: label: ":pipeline: buildkite-config meta-ci" key: "meta" @@ -92,7 +82,13 @@ steps: prompt: | Are you sure you want to trigger a build of Rails CI pipeline for the main branch with this config? - We have a finite number of CI resources, so we want to avoid unnecessary builds. + Our CI scripts run outside the docker containers, which are a necessary security layer. + + Approving a build here is equivalent to copy & pasting it into a production ssh window. + + Prefer a second opinion for any nontrivial change, especially outside `pipeline-generate`. + + - @matthewd - trigger: "rails-ci" label: ":pipeline: Build Rails main with new config" depends_on: block-rails-ci-main @@ -108,7 +104,13 @@ steps: prompt: | Are you sure you want to trigger a build of Rails CI pipeline for the stable branch with this config? - We have a finite number of CI resources, so we want to avoid unnecessary builds. + Our CI scripts run outside the docker containers, which are a necessary security layer. + + Approving a build here is equivalent to copy & pasting it into a production ssh window. + + Prefer a second opinion for any nontrivial change, especially outside `pipeline-generate`. + + - @matthewd - trigger: "rails-ci" label: ":pipeline: Build Rails 6-1-stable with new config" depends_on: block-rails-ci-stable @@ -124,7 +126,13 @@ steps: prompt: | Are you sure you want to trigger a build of Rails CI Nightly pipeline for the main branch with this config? - We have a finite number of CI resources, so we want to avoid unnecessary builds. + Our CI scripts run outside the docker containers, which are a necessary security layer. + + Approving a build here is equivalent to copy & pasting it into a production ssh window. + + Prefer a second opinion for any nontrivial change, especially outside `pipeline-generate`. + + - @matthewd - trigger: "rails-ci-nightly" label: ":pipeline: Build Rails main with new nightly config" depends_on: block-rails-ci-nightly-main @@ -140,7 +148,13 @@ steps: prompt: | Are you sure you want to trigger a build of Rails CI Nightly pipeline for the stable branch with this config? - We have a finite number of CI resources, so we want to avoid unnecessary builds. + Our CI scripts run outside the docker containers, which are a necessary security layer. + + Approving a build here is equivalent to copy & pasting it into a production ssh window. + + Prefer a second opinion for any nontrivial change, especially outside `pipeline-generate`. + + - @matthewd - trigger: "rails-ci-nightly" label: ":pipeline: Build Rails 6-1-stable with new nightly config" depends_on: block-rails-ci-nightly-stable