chore(gerrit): offer projects configuration and factor out private SSH keys
Previously, we needed to hardcode the URL for private SSH keys, this is cleaned up and we can iterate over each project for its configuration. Configuration is at deployment time. Signed-off-by: Raito Bezarius <raito@lix.systems>
This commit is contained in:
parent
9eb92e76e7
commit
b4ab40f746
|
@ -81,6 +81,8 @@ class BuildbotNixError(Exception):
|
|||
class GerritProject:
|
||||
# `project` field.
|
||||
name: str
|
||||
# Private SSH key path to access Gerrit API
|
||||
private_sshkey_path: str
|
||||
|
||||
class BuildTrigger(steps.BuildStep):
|
||||
def __init__(
|
||||
|
@ -652,7 +654,7 @@ def config_for_project(
|
|||
],
|
||||
)
|
||||
gerrit_private_key = None
|
||||
with open('/var/lib/buildbot/master/id_gerrit', 'r') as f:
|
||||
with open(project.private_sshkey_path, 'r') as f:
|
||||
gerrit_private_key = f.read()
|
||||
|
||||
if gerrit_private_key is None:
|
||||
|
@ -775,6 +777,7 @@ class GerritNixConfigurator(ConfiguratorBase):
|
|||
gerrit_user: str,
|
||||
gerrit_port: int,
|
||||
gerrit_sshkey_path: str,
|
||||
projects: list[str],
|
||||
url: str,
|
||||
nix_supported_systems: list[str],
|
||||
nix_eval_worker_count: int | None,
|
||||
|
@ -788,17 +791,24 @@ class GerritNixConfigurator(ConfiguratorBase):
|
|||
self.gerrit_server = gerrit_server
|
||||
self.gerrit_user = gerrit_user
|
||||
self.gerrit_port = gerrit_port
|
||||
self.gerrit_sshkey_path = gerrit_sshkey_path
|
||||
self.projects = projects
|
||||
|
||||
self.nix_workers_secret_name = nix_workers_secret_name
|
||||
self.nix_eval_max_memory_size = nix_eval_max_memory_size
|
||||
self.nix_eval_worker_count = nix_eval_worker_count
|
||||
self.nix_supported_systems = nix_supported_systems
|
||||
|
||||
self.gerrit_change_source = GerritChangeSource(gerrit_server, gerrit_user, gerritport=gerrit_port, identity_file=gerrit_sshkey_path)
|
||||
|
||||
self.url = url
|
||||
self.prometheus_config = prometheus_config
|
||||
|
||||
if binary_cache_config is not None:
|
||||
self.binary_cache_config = S3BinaryCacheConfig(**binary_cache_config)
|
||||
else:
|
||||
self.binary_cache_config = None
|
||||
|
||||
self.signing_keyfile = signing_keyfile
|
||||
|
||||
def configure(self, config: dict[str, Any]) -> None:
|
||||
|
@ -819,10 +829,10 @@ class GerritNixConfigurator(ConfiguratorBase):
|
|||
|
||||
eval_lock = util.MasterLock("nix-eval")
|
||||
|
||||
# Configure the Lix project.
|
||||
for project in self.projects:
|
||||
config_for_project(
|
||||
config,
|
||||
GerritProject(name="lix"),
|
||||
GerritProject(name=project, private_sshkey_path=self.gerrit_sshkey_path),
|
||||
worker_names,
|
||||
self.nix_supported_systems,
|
||||
self.nix_eval_worker_count or multiprocessing.cpu_count(),
|
||||
|
@ -835,8 +845,8 @@ class GerritNixConfigurator(ConfiguratorBase):
|
|||
config["change_source"] = self.gerrit_change_source
|
||||
config["services"].append(
|
||||
reporters.GerritStatusPush(self.gerrit_server, self.gerrit_user,
|
||||
port=2022,
|
||||
identity_file='/var/lib/buildbot/master/id_gerrit',
|
||||
port=self.gerrit_port,
|
||||
identity_file=self.gerrit_sshkey_path,
|
||||
summaryCB=None,
|
||||
startCB=None,
|
||||
wantSteps=True,
|
||||
|
@ -853,6 +863,7 @@ class GerritNixConfigurator(ConfiguratorBase):
|
|||
if not ref.startswith('refs/changes/'):
|
||||
return ref
|
||||
return ref.rsplit('/', 1)[0]
|
||||
|
||||
config["services"].append(
|
||||
util.OldBuildCanceller(
|
||||
"lix_build_canceller",
|
||||
|
|
|
@ -98,6 +98,14 @@ in
|
|||
'';
|
||||
example = "/var/lib/buildbot/master/id_gerrit";
|
||||
};
|
||||
|
||||
projects = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = ''
|
||||
List of projects which are to check on Gerrit.
|
||||
'';
|
||||
example = [ "lix" ];
|
||||
};
|
||||
};
|
||||
|
||||
binaryCache = {
|
||||
|
@ -162,6 +170,7 @@ in
|
|||
"${cfg.gerrit.username}",
|
||||
"${toString cfg.gerrit.port}",
|
||||
"${cfg.gerrit.privateKeyFile}",
|
||||
projects=${builtins.toJSON cfg.gerrit.projects},
|
||||
url=${builtins.toJSON config.services.buildbot-master.buildbotUrl},
|
||||
nix_eval_max_memory_size=${builtins.toJSON cfg.evalMaxMemorySize},
|
||||
nix_eval_worker_count=${if cfg.evalWorkerCount == null then "None" else builtins.toString cfg.evalWorkerCount},
|
||||
|
|
Loading…
Reference in a new issue