chore(gerrit): offer projects configuration and factor out private SSH keys

Previously, we needed to hardcode the URL for private SSH keys,
this is cleaned up and we can iterate over each project for its
configuration.

Configuration is at deployment time.

Signed-off-by: Raito Bezarius <raito@lix.systems>
This commit is contained in:
raito 2024-05-06 19:39:16 +02:00 committed by Jade Lovelace
parent 9eb92e76e7
commit b4ab40f746
2 changed files with 35 additions and 15 deletions

View file

@ -81,6 +81,8 @@ class BuildbotNixError(Exception):
class GerritProject:
# `project` field.
name: str
# Private SSH key path to access Gerrit API
private_sshkey_path: str
class BuildTrigger(steps.BuildStep):
def __init__(
@ -652,7 +654,7 @@ def config_for_project(
],
)
gerrit_private_key = None
with open('/var/lib/buildbot/master/id_gerrit', 'r') as f:
with open(project.private_sshkey_path, 'r') as f:
gerrit_private_key = f.read()
if gerrit_private_key is None:
@ -775,6 +777,7 @@ class GerritNixConfigurator(ConfiguratorBase):
gerrit_user: str,
gerrit_port: int,
gerrit_sshkey_path: str,
projects: list[str],
url: str,
nix_supported_systems: list[str],
nix_eval_worker_count: int | None,
@ -788,17 +791,24 @@ class GerritNixConfigurator(ConfiguratorBase):
self.gerrit_server = gerrit_server
self.gerrit_user = gerrit_user
self.gerrit_port = gerrit_port
self.gerrit_sshkey_path = gerrit_sshkey_path
self.projects = projects
self.nix_workers_secret_name = nix_workers_secret_name
self.nix_eval_max_memory_size = nix_eval_max_memory_size
self.nix_eval_worker_count = nix_eval_worker_count
self.nix_supported_systems = nix_supported_systems
self.gerrit_change_source = GerritChangeSource(gerrit_server, gerrit_user, gerritport=gerrit_port, identity_file=gerrit_sshkey_path)
self.url = url
self.prometheus_config = prometheus_config
if binary_cache_config is not None:
self.binary_cache_config = S3BinaryCacheConfig(**binary_cache_config)
else:
self.binary_cache_config = None
self.signing_keyfile = signing_keyfile
def configure(self, config: dict[str, Any]) -> None:
@ -819,10 +829,10 @@ class GerritNixConfigurator(ConfiguratorBase):
eval_lock = util.MasterLock("nix-eval")
# Configure the Lix project.
for project in self.projects:
config_for_project(
config,
GerritProject(name="lix"),
GerritProject(name=project, private_sshkey_path=self.gerrit_sshkey_path),
worker_names,
self.nix_supported_systems,
self.nix_eval_worker_count or multiprocessing.cpu_count(),
@ -835,8 +845,8 @@ class GerritNixConfigurator(ConfiguratorBase):
config["change_source"] = self.gerrit_change_source
config["services"].append(
reporters.GerritStatusPush(self.gerrit_server, self.gerrit_user,
port=2022,
identity_file='/var/lib/buildbot/master/id_gerrit',
port=self.gerrit_port,
identity_file=self.gerrit_sshkey_path,
summaryCB=None,
startCB=None,
wantSteps=True,
@ -853,6 +863,7 @@ class GerritNixConfigurator(ConfiguratorBase):
if not ref.startswith('refs/changes/'):
return ref
return ref.rsplit('/', 1)[0]
config["services"].append(
util.OldBuildCanceller(
"lix_build_canceller",

View file

@ -98,6 +98,14 @@ in
'';
example = "/var/lib/buildbot/master/id_gerrit";
};
projects = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = ''
List of projects which are to check on Gerrit.
'';
example = [ "lix" ];
};
};
binaryCache = {
@ -162,6 +170,7 @@ in
"${cfg.gerrit.username}",
"${toString cfg.gerrit.port}",
"${cfg.gerrit.privateKeyFile}",
projects=${builtins.toJSON cfg.gerrit.projects},
url=${builtins.toJSON config.services.buildbot-master.buildbotUrl},
nix_eval_max_memory_size=${builtins.toJSON cfg.evalMaxMemorySize},
nix_eval_worker_count=${if cfg.evalWorkerCount == null then "None" else builtins.toString cfg.evalWorkerCount},