chore(gerrit): offer projects configuration and factor out private SSH keys

Previously, we needed to hardcode the URL for private SSH keys,
this is cleaned up and we can iterate over each project for its
configuration.

Configuration is at deployment time.

Signed-off-by: Raito Bezarius <raito@lix.systems>
This commit is contained in:
raito 2024-05-06 19:39:16 +02:00 committed by Jade Lovelace
parent 9eb92e76e7
commit b4ab40f746
2 changed files with 35 additions and 15 deletions

View file

@ -81,6 +81,8 @@ class BuildbotNixError(Exception):
class GerritProject: class GerritProject:
# `project` field. # `project` field.
name: str name: str
# Private SSH key path to access Gerrit API
private_sshkey_path: str
class BuildTrigger(steps.BuildStep): class BuildTrigger(steps.BuildStep):
def __init__( def __init__(
@ -652,7 +654,7 @@ def config_for_project(
], ],
) )
gerrit_private_key = None gerrit_private_key = None
with open('/var/lib/buildbot/master/id_gerrit', 'r') as f: with open(project.private_sshkey_path, 'r') as f:
gerrit_private_key = f.read() gerrit_private_key = f.read()
if gerrit_private_key is None: if gerrit_private_key is None:
@ -775,6 +777,7 @@ class GerritNixConfigurator(ConfiguratorBase):
gerrit_user: str, gerrit_user: str,
gerrit_port: int, gerrit_port: int,
gerrit_sshkey_path: str, gerrit_sshkey_path: str,
projects: list[str],
url: str, url: str,
nix_supported_systems: list[str], nix_supported_systems: list[str],
nix_eval_worker_count: int | None, nix_eval_worker_count: int | None,
@ -788,17 +791,24 @@ class GerritNixConfigurator(ConfiguratorBase):
self.gerrit_server = gerrit_server self.gerrit_server = gerrit_server
self.gerrit_user = gerrit_user self.gerrit_user = gerrit_user
self.gerrit_port = gerrit_port self.gerrit_port = gerrit_port
self.gerrit_sshkey_path = gerrit_sshkey_path
self.projects = projects
self.nix_workers_secret_name = nix_workers_secret_name self.nix_workers_secret_name = nix_workers_secret_name
self.nix_eval_max_memory_size = nix_eval_max_memory_size self.nix_eval_max_memory_size = nix_eval_max_memory_size
self.nix_eval_worker_count = nix_eval_worker_count self.nix_eval_worker_count = nix_eval_worker_count
self.nix_supported_systems = nix_supported_systems self.nix_supported_systems = nix_supported_systems
self.gerrit_change_source = GerritChangeSource(gerrit_server, gerrit_user, gerritport=gerrit_port, identity_file=gerrit_sshkey_path) self.gerrit_change_source = GerritChangeSource(gerrit_server, gerrit_user, gerritport=gerrit_port, identity_file=gerrit_sshkey_path)
self.url = url self.url = url
self.prometheus_config = prometheus_config self.prometheus_config = prometheus_config
if binary_cache_config is not None: if binary_cache_config is not None:
self.binary_cache_config = S3BinaryCacheConfig(**binary_cache_config) self.binary_cache_config = S3BinaryCacheConfig(**binary_cache_config)
else: else:
self.binary_cache_config = None self.binary_cache_config = None
self.signing_keyfile = signing_keyfile self.signing_keyfile = signing_keyfile
def configure(self, config: dict[str, Any]) -> None: def configure(self, config: dict[str, Any]) -> None:
@ -819,24 +829,24 @@ class GerritNixConfigurator(ConfiguratorBase):
eval_lock = util.MasterLock("nix-eval") eval_lock = util.MasterLock("nix-eval")
# Configure the Lix project. for project in self.projects:
config_for_project( config_for_project(
config, config,
GerritProject(name="lix"), GerritProject(name=project, private_sshkey_path=self.gerrit_sshkey_path),
worker_names, worker_names,
self.nix_supported_systems, self.nix_supported_systems,
self.nix_eval_worker_count or multiprocessing.cpu_count(), self.nix_eval_worker_count or multiprocessing.cpu_count(),
self.nix_eval_max_memory_size, self.nix_eval_max_memory_size,
eval_lock, eval_lock,
signing_keyfile=self.signing_keyfile, signing_keyfile=self.signing_keyfile,
binary_cache_config=self.binary_cache_config binary_cache_config=self.binary_cache_config
) )
config["change_source"] = self.gerrit_change_source config["change_source"] = self.gerrit_change_source
config["services"].append( config["services"].append(
reporters.GerritStatusPush(self.gerrit_server, self.gerrit_user, reporters.GerritStatusPush(self.gerrit_server, self.gerrit_user,
port=2022, port=self.gerrit_port,
identity_file='/var/lib/buildbot/master/id_gerrit', identity_file=self.gerrit_sshkey_path,
summaryCB=None, summaryCB=None,
startCB=None, startCB=None,
wantSteps=True, wantSteps=True,
@ -853,6 +863,7 @@ class GerritNixConfigurator(ConfiguratorBase):
if not ref.startswith('refs/changes/'): if not ref.startswith('refs/changes/'):
return ref return ref
return ref.rsplit('/', 1)[0] return ref.rsplit('/', 1)[0]
config["services"].append( config["services"].append(
util.OldBuildCanceller( util.OldBuildCanceller(
"lix_build_canceller", "lix_build_canceller",

View file

@ -98,6 +98,14 @@ in
''; '';
example = "/var/lib/buildbot/master/id_gerrit"; example = "/var/lib/buildbot/master/id_gerrit";
}; };
projects = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = ''
List of projects which are to check on Gerrit.
'';
example = [ "lix" ];
};
}; };
binaryCache = { binaryCache = {
@ -162,6 +170,7 @@ in
"${cfg.gerrit.username}", "${cfg.gerrit.username}",
"${toString cfg.gerrit.port}", "${toString cfg.gerrit.port}",
"${cfg.gerrit.privateKeyFile}", "${cfg.gerrit.privateKeyFile}",
projects=${builtins.toJSON cfg.gerrit.projects},
url=${builtins.toJSON config.services.buildbot-master.buildbotUrl}, url=${builtins.toJSON config.services.buildbot-master.buildbotUrl},
nix_eval_max_memory_size=${builtins.toJSON cfg.evalMaxMemorySize}, nix_eval_max_memory_size=${builtins.toJSON cfg.evalMaxMemorySize},
nix_eval_worker_count=${if cfg.evalWorkerCount == null then "None" else builtins.toString cfg.evalWorkerCount}, nix_eval_worker_count=${if cfg.evalWorkerCount == null then "None" else builtins.toString cfg.evalWorkerCount},