diff --git a/buildbot_nix/__init__.py b/buildbot_nix/__init__.py index 0a94e87..c4ef97a 100644 --- a/buildbot_nix/__init__.py +++ b/buildbot_nix/__init__.py @@ -310,6 +310,7 @@ class GitWithRetry(steps.Git): def nix_eval_config( project: GerritProject, + gerrit_private_key: str, worker_names: list[str], supported_systems: list[str], eval_lock: util.MasterLock, @@ -326,7 +327,8 @@ def nix_eval_config( repourl="git://git@git.lix.systems/lix-project/lix", mode="full", retry=[60, 60], - timeout=3600 + timeout=3600, + sshPrivateKey=gerrit_private_key ), ) drv_gcroots_dir = util.Interpolate( @@ -570,12 +572,20 @@ def config_for_project( ), ], ) + gerrit_private_key = None + with open('/var/lib/buildbot/master/id_gerrit', 'r') as f: + gerrit_private_key = f.read() + + if gerrit_private_key is None: + raise RuntimeError('No gerrit private key to fetch the repositories') + config["builders"].extend( [ # Since all workers run on the same machine, we only assign one of them to do the evaluation. # This should prevent exessive memory usage. nix_eval_config( project, + gerrit_private_key, worker_names, supported_systems=nix_supported_systems, worker_count=nix_eval_worker_count, @@ -670,6 +680,7 @@ class GerritNixConfigurator(ConfiguratorBase): gerrit_server: str, gerrit_user: str, gerrit_port: int, + gerrit_sshkey_path: str, url: str, nix_supported_systems: list[str], nix_eval_worker_count: int | None, @@ -686,7 +697,7 @@ class GerritNixConfigurator(ConfiguratorBase): self.nix_eval_max_memory_size = nix_eval_max_memory_size self.nix_eval_worker_count = nix_eval_worker_count self.nix_supported_systems = nix_supported_systems - self.gerrit_change_source = GerritChangeSource(gerrit_server, gerrit_user, gerritport=gerrit_port) + self.gerrit_change_source = GerritChangeSource(gerrit_server, gerrit_user, gerritport=gerrit_port, identity_file=gerrit_sshkey_path) self.url = url self.cachix = cachix if outputs_path is None: