Commit graph

153 commits

Author SHA1 Message Date
eldritch horrors ab0767bedd feat: faster dependency computation
Co-authored-by: Raito Bezarius <raito@lix.systems> (just for wiring up
things)
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-27 18:35:14 +01:00
raito 879e9cdcdf feat: print which allowed origins are set for this buildbot server
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-13 18:46:31 +02:00
raito ea08a7f4a1 fix(reporters): restore old behavior for Gerrit reporting
This is an attempt to restore the old formatting, e.g. with failed
checks and a link to the URI.

At the same time, this attempts to fix the eager +1 Verified tag which
is sent when nix-eval is started (?) and not done or when the evaluation
is done instead of the whole nix-eval job seen as completed.

One of the root cause was the hell-ish expected builder name check…

This is also a big cleanup of all the typing issues we accumulated over
time.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-13 18:46:22 +02:00
raito 60860d3084 feat: introduce backward compat with Lix deployments
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-07 15:22:33 +02:00
Yureka ed8f940717 randomly pick a builder and pass it as --store 2024-10-05 23:01:55 +02:00
Yureka 935e5cba2f fix error: builtins.TypeError: object of type 'int' has no len() 2024-10-05 22:55:02 +02:00
raito 021e2064ae fix(build): use per-worker slot store
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 22:54:56 +02:00
raito 4aa1d7e78c feat: add incoming ref data to non-flakes entrypoint
We can now implement a Nix library for Buildbot CI. :)

We dump it into a file, it's better to pass large stuff and easier to
escape things.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 22:49:00 +02:00
raito b3a0b5a69e fix(auth): remove userinfoUri as a positional argument
This broke the authentication, because we were expecting the client ID &
client secret.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:43:45 +02:00
raito 77d0ed37d1 fix(args): pass the right string
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito 79bcbba46d fix(buildbot-name): nix_configure → determining jobs
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito 1484a875dc fix(ret): return success and write \n
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito c824b084e8 fix(steps): add *steps* not *step*
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito 2a2a2793e4 fix(workdir): rebase in build/ for ShellMixin
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito 97dee6cfec feat(nix-configure): name it
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito dfb9595f7d fix(log): add the stdio log if it doesn't exist
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito c5dea04717 feat: support non-flake entrypoint
The way to use Buildbot jobs without Flakes is via `.ci/buildbot.nix`.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito 1711bfd840 fix(eval): event.change.project is also a buildprop for project name
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito 2d51fda98e feat(eval): in case of total failure, do not derivation show
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito af13c5948e fix(eval): event.refUpdate.project instead of event.project
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito 253e44646d fix(properties): use getProperty
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito bbac51e09e fix(gerrit): pass properly the ssh private key and not its path
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito 83ac74f18f fix(gerrit): repourl was not formatted
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito 2411875825 fix(sshkey): PosixPath does not play well with Buildbot APIs
It expected a `str`, not a `PosixPath`.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 21:21:26 +02:00
raito fa83000f07 feat(debug): add manhole debugging
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-05 20:52:52 +02:00
raito 98c5d82bf8 chore(dataclass): use default_factory
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:13:01 -07:00
raito ea5e2c6b98 chore(builders): localize builders specification like Hydra does
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:13:01 -07:00
raito 235ff9b138 chore(entrypoint): hydraJobs → buildbotJobs
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:13:01 -07:00
raito 449837ed81 chore(reporters): make it 3.11+ (and 4.0) compatible!
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:13:01 -07:00
raito b20d0a17ba fix(gerrit): make buildbot able to read the priv ssh key
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:13:01 -07:00
raito bd8c11ed1e chore(origins): expose in a cuter way allowed origins
Worked around in our original deployment, here's a nicer way to set it.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:02:01 -07:00
raito 7102157055 chore(schedule): generalize source
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:02:01 -07:00
raito 2a1ed49ac8 chore(review-callback): generalize the event project name
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:02:01 -07:00
raito c1e7af1794 chore(nix-eval): generalize the builds_scheduler_group by project
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:02:01 -07:00
raito ec9834b0d3 chore(nix): make the target attribute a constant
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:02:01 -07:00
raito c09da505c1 chore(gerrit): put the gerrit configuration in one place and generate repo URLs templates
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:02:01 -07:00
raito 72b6757947 chore(canceller): generalize it to any project
Just iterate over all project names.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:02:00 -07:00
raito d284a8bc77 chore(auth): generalize authentication method to internals of NixOS module
This makes it easier to make it configurable, this is step 1.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 14:01:31 -07:00
raito 16726a55bf chore(*): cleanup unused code
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 12:51:14 -07:00
raito b4ab40f746 chore(gerrit): offer projects configuration and factor out private SSH keys
Previously, we needed to hardcode the URL for private SSH keys,
this is cleaned up and we can iterate over each project for its
configuration.

Configuration is at deployment time.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 12:49:36 -07:00
raito 9eb92e76e7 chore(web): remove outputsPath option
It was relying on GitHub stuff which we don't have and is not an option
we want to support.

If we wanted to do it, we would rather use S3 directly.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 12:48:45 -07:00
raito 4fa460f563 chore(statuses): clarify why we don't use {start, summary}CB
Instead of just commenting them out.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-10-04 12:45:51 -07:00
raito 7875db31eb fix: disable autologin for OAuth 2
Otherwise, read-only access constantly gets redirected to our login
page.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-09-29 15:54:21 +02:00
raito f2d7f25f86 feat: enable Lix admins to admin the Buildbot properly
This removes the need for a proxy and rely on the `groups` property of
the `userDetails` passed at the authentication layer.

To add a certain role, add the group `buildbot-$role` to that user via
Keycloak.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-09-29 00:17:00 +02:00
eldritch horrors 45135d249b fix silent timeout, set build timeout
using `--option` like this hid that the silent timeout was never
actually set, instead we set the unknown and thus ignored option
`--max-silent-time`. while we're at it we can also set a timeout
for the entire build, chosen as two hours because that should be
enough for all current jobs (and hopefully it'll stay that way).
2024-05-26 16:26:25 +02:00
eldritch horrors 2a528f9e53 remove accept-flake-config from n-e-j invocation
it's off by default and thus not representative of user flake setup, we
don't use it anyway, and it's a security risk to boot. there is no good
reason to enable this in any setting that is not perfectly trusted, and
even there it is not such a great idea due to the impurity it requires.
2024-05-26 15:50:55 +02:00
raito e42966e193 Merge pull request 'feat: support Prometheus exports' (#7) from prometheus into main
Reviewed-on: #7
Reviewed-by: jade <jade@noreply.git.lix.systems>
2024-05-11 17:58:16 +00:00
jade d2ad4745c1 Remove --accept-flake-config
This is a cursed option that is free root for anyone who puts hacks into
flake.nix. We don't actually use `nixConfig` in Lix, so we can just
delete this thing.

Fixes: #11
2024-05-06 19:08:23 -07:00
raito 3876a30117 feat: support Prometheus exports
We package a quite old plugin for Buildbot: https://github.com/claws/buildbot-prometheus
Ideally, we should probably vendor it and maintain it ourselves.

There seems to be no protection against the metrics endpoint for
Buildbot, this is not a big deal given that the CI is public.

Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-05-06 14:26:32 +02:00
eldritch horrors 131fc792f7 allow worker counts to be set per arch 2024-04-05 15:13:11 +02:00