chore(gerrit): offer projects configuration and factor out private SSH keys
Previously, we needed to hardcode the URL for private SSH keys, this is cleaned up and we can iterate over each project for its configuration. Configuration is at deployment time. Signed-off-by: Raito Bezarius <raito@lix.systems>
This commit is contained in:
parent
9eb92e76e7
commit
b4ab40f746
|
@ -81,6 +81,8 @@ class BuildbotNixError(Exception):
|
||||||
class GerritProject:
|
class GerritProject:
|
||||||
# `project` field.
|
# `project` field.
|
||||||
name: str
|
name: str
|
||||||
|
# Private SSH key path to access Gerrit API
|
||||||
|
private_sshkey_path: str
|
||||||
|
|
||||||
class BuildTrigger(steps.BuildStep):
|
class BuildTrigger(steps.BuildStep):
|
||||||
def __init__(
|
def __init__(
|
||||||
|
@ -652,7 +654,7 @@ def config_for_project(
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
gerrit_private_key = None
|
gerrit_private_key = None
|
||||||
with open('/var/lib/buildbot/master/id_gerrit', 'r') as f:
|
with open(project.private_sshkey_path, 'r') as f:
|
||||||
gerrit_private_key = f.read()
|
gerrit_private_key = f.read()
|
||||||
|
|
||||||
if gerrit_private_key is None:
|
if gerrit_private_key is None:
|
||||||
|
@ -775,6 +777,7 @@ class GerritNixConfigurator(ConfiguratorBase):
|
||||||
gerrit_user: str,
|
gerrit_user: str,
|
||||||
gerrit_port: int,
|
gerrit_port: int,
|
||||||
gerrit_sshkey_path: str,
|
gerrit_sshkey_path: str,
|
||||||
|
projects: list[str],
|
||||||
url: str,
|
url: str,
|
||||||
nix_supported_systems: list[str],
|
nix_supported_systems: list[str],
|
||||||
nix_eval_worker_count: int | None,
|
nix_eval_worker_count: int | None,
|
||||||
|
@ -788,17 +791,24 @@ class GerritNixConfigurator(ConfiguratorBase):
|
||||||
self.gerrit_server = gerrit_server
|
self.gerrit_server = gerrit_server
|
||||||
self.gerrit_user = gerrit_user
|
self.gerrit_user = gerrit_user
|
||||||
self.gerrit_port = gerrit_port
|
self.gerrit_port = gerrit_port
|
||||||
|
self.gerrit_sshkey_path = gerrit_sshkey_path
|
||||||
|
self.projects = projects
|
||||||
|
|
||||||
self.nix_workers_secret_name = nix_workers_secret_name
|
self.nix_workers_secret_name = nix_workers_secret_name
|
||||||
self.nix_eval_max_memory_size = nix_eval_max_memory_size
|
self.nix_eval_max_memory_size = nix_eval_max_memory_size
|
||||||
self.nix_eval_worker_count = nix_eval_worker_count
|
self.nix_eval_worker_count = nix_eval_worker_count
|
||||||
self.nix_supported_systems = nix_supported_systems
|
self.nix_supported_systems = nix_supported_systems
|
||||||
|
|
||||||
self.gerrit_change_source = GerritChangeSource(gerrit_server, gerrit_user, gerritport=gerrit_port, identity_file=gerrit_sshkey_path)
|
self.gerrit_change_source = GerritChangeSource(gerrit_server, gerrit_user, gerritport=gerrit_port, identity_file=gerrit_sshkey_path)
|
||||||
|
|
||||||
self.url = url
|
self.url = url
|
||||||
self.prometheus_config = prometheus_config
|
self.prometheus_config = prometheus_config
|
||||||
|
|
||||||
if binary_cache_config is not None:
|
if binary_cache_config is not None:
|
||||||
self.binary_cache_config = S3BinaryCacheConfig(**binary_cache_config)
|
self.binary_cache_config = S3BinaryCacheConfig(**binary_cache_config)
|
||||||
else:
|
else:
|
||||||
self.binary_cache_config = None
|
self.binary_cache_config = None
|
||||||
|
|
||||||
self.signing_keyfile = signing_keyfile
|
self.signing_keyfile = signing_keyfile
|
||||||
|
|
||||||
def configure(self, config: dict[str, Any]) -> None:
|
def configure(self, config: dict[str, Any]) -> None:
|
||||||
|
@ -819,24 +829,24 @@ class GerritNixConfigurator(ConfiguratorBase):
|
||||||
|
|
||||||
eval_lock = util.MasterLock("nix-eval")
|
eval_lock = util.MasterLock("nix-eval")
|
||||||
|
|
||||||
# Configure the Lix project.
|
for project in self.projects:
|
||||||
config_for_project(
|
config_for_project(
|
||||||
config,
|
config,
|
||||||
GerritProject(name="lix"),
|
GerritProject(name=project, private_sshkey_path=self.gerrit_sshkey_path),
|
||||||
worker_names,
|
worker_names,
|
||||||
self.nix_supported_systems,
|
self.nix_supported_systems,
|
||||||
self.nix_eval_worker_count or multiprocessing.cpu_count(),
|
self.nix_eval_worker_count or multiprocessing.cpu_count(),
|
||||||
self.nix_eval_max_memory_size,
|
self.nix_eval_max_memory_size,
|
||||||
eval_lock,
|
eval_lock,
|
||||||
signing_keyfile=self.signing_keyfile,
|
signing_keyfile=self.signing_keyfile,
|
||||||
binary_cache_config=self.binary_cache_config
|
binary_cache_config=self.binary_cache_config
|
||||||
)
|
)
|
||||||
|
|
||||||
config["change_source"] = self.gerrit_change_source
|
config["change_source"] = self.gerrit_change_source
|
||||||
config["services"].append(
|
config["services"].append(
|
||||||
reporters.GerritStatusPush(self.gerrit_server, self.gerrit_user,
|
reporters.GerritStatusPush(self.gerrit_server, self.gerrit_user,
|
||||||
port=2022,
|
port=self.gerrit_port,
|
||||||
identity_file='/var/lib/buildbot/master/id_gerrit',
|
identity_file=self.gerrit_sshkey_path,
|
||||||
summaryCB=None,
|
summaryCB=None,
|
||||||
startCB=None,
|
startCB=None,
|
||||||
wantSteps=True,
|
wantSteps=True,
|
||||||
|
@ -853,6 +863,7 @@ class GerritNixConfigurator(ConfiguratorBase):
|
||||||
if not ref.startswith('refs/changes/'):
|
if not ref.startswith('refs/changes/'):
|
||||||
return ref
|
return ref
|
||||||
return ref.rsplit('/', 1)[0]
|
return ref.rsplit('/', 1)[0]
|
||||||
|
|
||||||
config["services"].append(
|
config["services"].append(
|
||||||
util.OldBuildCanceller(
|
util.OldBuildCanceller(
|
||||||
"lix_build_canceller",
|
"lix_build_canceller",
|
||||||
|
|
|
@ -98,6 +98,14 @@ in
|
||||||
'';
|
'';
|
||||||
example = "/var/lib/buildbot/master/id_gerrit";
|
example = "/var/lib/buildbot/master/id_gerrit";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
projects = lib.mkOption {
|
||||||
|
type = lib.types.listOf lib.types.str;
|
||||||
|
description = ''
|
||||||
|
List of projects which are to check on Gerrit.
|
||||||
|
'';
|
||||||
|
example = [ "lix" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
binaryCache = {
|
binaryCache = {
|
||||||
|
@ -162,6 +170,7 @@ in
|
||||||
"${cfg.gerrit.username}",
|
"${cfg.gerrit.username}",
|
||||||
"${toString cfg.gerrit.port}",
|
"${toString cfg.gerrit.port}",
|
||||||
"${cfg.gerrit.privateKeyFile}",
|
"${cfg.gerrit.privateKeyFile}",
|
||||||
|
projects=${builtins.toJSON cfg.gerrit.projects},
|
||||||
url=${builtins.toJSON config.services.buildbot-master.buildbotUrl},
|
url=${builtins.toJSON config.services.buildbot-master.buildbotUrl},
|
||||||
nix_eval_max_memory_size=${builtins.toJSON cfg.evalMaxMemorySize},
|
nix_eval_max_memory_size=${builtins.toJSON cfg.evalMaxMemorySize},
|
||||||
nix_eval_worker_count=${if cfg.evalWorkerCount == null then "None" else builtins.toString cfg.evalWorkerCount},
|
nix_eval_worker_count=${if cfg.evalWorkerCount == null then "None" else builtins.toString cfg.evalWorkerCount},
|
||||||
|
|
Loading…
Reference in a new issue