nix/coordinator: support specific private SSH keys

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-03-02 21:35:59 +01:00 · 2024-03-02 21:35:59 +01:00 · 94e3d7aeda
parent 9f98533dd7
commit 94e3d7aeda
1 changed files with 13 additions and 2 deletions
--- a/buildbot_nix/init.py
+++ b/buildbot_nix/init.py
@ -310,6 +310,7 @@ class GitWithRetry(steps.Git):

 def nix_eval_config(
    project: GerritProject,
+    gerrit_private_key: str,
    worker_names: list[str],
    supported_systems: list[str],
    eval_lock: util.MasterLock,
@ -326,7 +327,8 @@ def nix_eval_config(
            repourl="git://git@git.lix.systems/lix-project/lix",
            mode="full",
            retry=[60, 60],
-            timeout=3600
+            timeout=3600,
+            sshPrivateKey=gerrit_private_key
        ),
    )
    drv_gcroots_dir = util.Interpolate(
@ -570,12 +572,20 @@ def config_for_project(
            ),
        ],
    )
+    gerrit_private_key = None
+    with open('/var/lib/buildbot/master/id_gerrit', 'r') as f:
+        gerrit_private_key = f.read()
+
+    if gerrit_private_key is None:
+        raise RuntimeError('No gerrit private key to fetch the repositories')
+
    config["builders"].extend(
        [
            # Since all workers run on the same machine, we only assign one of them to do the evaluation.
            # This should prevent exessive memory usage.
            nix_eval_config(
                project,
+                gerrit_private_key,
                worker_names,
                supported_systems=nix_supported_systems,
                worker_count=nix_eval_worker_count,
@ -670,6 +680,7 @@ class GerritNixConfigurator(ConfiguratorBase):
        gerrit_server: str,
        gerrit_user: str,
        gerrit_port: int,
+        gerrit_sshkey_path: str,
        url: str,
        nix_supported_systems: list[str],
        nix_eval_worker_count: int | None,
@ -686,7 +697,7 @@ class GerritNixConfigurator(ConfiguratorBase):
        self.nix_eval_max_memory_size = nix_eval_max_memory_size
        self.nix_eval_worker_count = nix_eval_worker_count
        self.nix_supported_systems = nix_supported_systems
-        self.gerrit_change_source = GerritChangeSource(gerrit_server, gerrit_user, gerritport=gerrit_port)
+        self.gerrit_change_source = GerritChangeSource(gerrit_server, gerrit_user, gerritport=gerrit_port, identity_file=gerrit_sshkey_path)
        self.url = url
        self.cachix = cachix
        if outputs_path is None: