buildbot_nix/__init__.py

@@ -130,7 +130,7 @@ class GerritConfig:
         """
         Returns the prefix to build a repourl using that gerrit configuration.
         """
-        return 'ssh://{self.username}@{self.domain}:{self.port}/'
+        return f'ssh://{self.username}@{self.domain}:{self.port}/'
 
 class BuildTrigger(steps.BuildStep):
     def __init__(
@@ -148,7 +148,7 @@ class BuildTrigger(steps.BuildStep):
         self.ended = False
         self.waitForFinishDeferred = None
         self.brids = []
-        self.description = f"building {len(jobs)} hydra jobs"
+        self.description = f"building {len(jobs)} jobs"
         super().__init__(**kwargs)
 
     def interrupt(self, reason):
@@ -177,15 +177,14 @@ class BuildTrigger(steps.BuildStep):
         return sch
 
     def schedule_one(self, build_props: Properties, job):
-        project_name = build_props.getProperty('event.project')
+        project_name = build_props.getProperty("event.refUpdate.project") or build_props.getProperty("event.change.project")
-        source = f"{project_name}-eval-lix"
+        source = f"{project_name}-eval"
         attr = job.get("attr", "eval-error")
-        name = attr
+        name = f"buildbotJobs.{attr}"
-        name = f"{FLAKE_TARGET_ATTRIBUTE_FOR_JOBS}.{name}"
         error = job.get("error")
         props = Properties()
         props.setProperty("virtual_builder_name", name, source)
-        props.setProperty("status_name", f"nix-build .#{FLAKE_TARGET_ATTRIBUTE_FOR_JOBS}.{attr}", source)
+        props.setProperty("status_name", f"building buildbotJobs.{attr}", source)
         props.setProperty("virtual_builder_tags", "", source)
 
         if error is not None:
@@ -372,7 +371,8 @@ class NixEvalCommand(buildstep.ShellMixin, steps.BuildStep):
         # run nix-eval-jobs --flake .#$FLAKE_TARGET_ATTRIBUTE_FOR_JOBS to generate the dict of stages
         cmd: remotecommand.RemoteCommand = yield self.makeRemoteShellCommand()
         build_props = self.build.getProperties()
-        project_name = build_props.get('event.project')
+        project_name = build_props.getProperty("event.refUpdate.project") or build_props.getProperty("event.change.project")
+        assert project_name is not None, "`event.refUpdate.project` or `event.change.project` is not available on the build properties, unexpected build type!"
 
         yield self.runCommand(cmd)
 
@@ -396,26 +396,11 @@ class NixEvalCommand(buildstep.ShellMixin, steps.BuildStep):
                 if not system or system in self.supported_systems:  # report eval errors
                     filtered_jobs.append(job)
 
+            # Filter out failed evaluations
+            succeeded_jobs = [job for job in filtered_jobs if job.get('error') is None]
+
             drv_show_log: Log = yield self.getLog("stdio")
-            drv_show_log.addStdout(f"getting derivation infos\n")
-            cmd = yield self.makeRemoteShellCommand(
-                stdioLogName=None,
-                collectStdout=True,
-                command=(
-                    ["nix", "derivation", "show", "--recursive"]
-                    + [ drv for drv in (job.get("drvPath") for job in filtered_jobs) if drv ]
-                ),
-            )
-            yield self.runCommand(cmd)
-            drv_show_log.addStdout(f"done\n")
-            try:
-                drv_info = json.loads(cmd.stdout)
-            except json.JSONDecodeError as e:
-                msg = f"Failed to parse `nix derivation show` output for {cmd.command}"
-                raise BuildbotNixError(msg) from e
             all_deps = dict()
-            for drv, info in drv_info.items():
-                all_deps[drv] = set(info.get("inputDrvs").keys())
 
             def closure_of(key, deps):
                 r, size = set([key]), 0
@@ -424,8 +409,28 @@ class NixEvalCommand(buildstep.ShellMixin, steps.BuildStep):
                     r.update(*[ deps[k] for k in r ])
                 return r.difference([key])
 
-            job_set = set(( drv for drv in ( job.get("drvPath") for job in filtered_jobs ) if drv ))
+            if succeeded_jobs:
-            all_deps = { k: list(closure_of(k, all_deps).intersection(job_set)) for k in job_set }
+                drv_show_log.addStdout(f"getting derivation infos for valid derivations\n")
+                cmd = yield self.makeRemoteShellCommand(
+                    stdioLogName=None,
+                    collectStdout=True,
+                    command=(
+                        ["nix", "derivation", "show", "--recursive"]
+                        + [ drv for drv in (job.get("drvPath") for job in succeeded_jobs) if drv ]
+                    ),
+                )
+                yield self.runCommand(cmd)
+                drv_show_log.addStdout(f"done\n")
+                try:
+                    drv_info = json.loads(cmd.stdout)
+                except json.JSONDecodeError as e:
+                    msg = f"Failed to parse `nix derivation show` output for {cmd.command}"
+                    raise BuildbotNixError(msg) from e
+                for drv, info in drv_info.items():
+                    all_deps[drv] = set(info.get("inputDrvs").keys())
+
+                job_set = set(( drv for drv in ( job.get("drvPath") for job in filtered_jobs ) if drv ))
+                all_deps = { k: list(closure_of(k, all_deps).intersection(job_set)) for k in job_set }
 
             self.build.addStepsAfterCurrentStep(
                 [
@@ -485,6 +490,14 @@ def nix_eval_config(
     For each evaluated attribute a new build pipeline is started.
     """
     factory = util.BuildFactory()
+
+    gerrit_private_key = None
+    with open(project.private_sshkey_path, 'r') as f:
+        gerrit_private_key = f.read()
+
+    if gerrit_private_key is None:
+        raise RuntimeError('No gerrit private key to fetch the repositories')
+
     # check out the source
     factory.addStep(
         steps.Gerrit(
@@ -492,9 +505,10 @@ def nix_eval_config(
             mode="full",
             retry=[60, 60],
             timeout=3600,
-            sshPrivateKey=project.private_sshkey_path
+            sshPrivateKey=gerrit_private_key
         ),
     )
+
     # use one gcroots directory per worker. this should be scoped to the largest unique resource
     # in charge of builds (ie, buildnumber is too narrow) to not litter the system with permanent
     # gcroots in case of worker restarts.
@@ -712,12 +726,6 @@ def config_for_project(
             ),
         ],
     )
-    gerrit_private_key = None
-    with open(project.private_sshkey_path, 'r') as f:
-        gerrit_private_key = f.read()
-
-    if gerrit_private_key is None:
-        raise RuntimeError('No gerrit private key to fetch the repositories')
 
     config["builders"].extend(
         [
@@ -824,13 +832,15 @@ class GerritNixConfigurator(ConfiguratorBase):
         prometheus_config: dict[str, int | str] | None = None,
         binary_cache_config: dict[str, str] | None = None,
         auth_method: AuthBase | None = None,
+        manhole: Any = None,
     ) -> None:
         super().__init__()
+        self.manhole = manhole
         self.allowed_origins = allowed_origins
         self.gerrit_server = gerrit_server
         self.gerrit_user = gerrit_user
         self.gerrit_port = gerrit_port
-        self.gerrit_sshkey_path = gerrit_sshkey_path
+        self.gerrit_sshkey_path = str(gerrit_sshkey_path)
         self.gerrit_config = GerritConfig(domain=self.gerrit_server,
                                           username=self.gerrit_user,
                                           port=self.gerrit_port)
@@ -860,6 +870,9 @@ class GerritNixConfigurator(ConfiguratorBase):
         worker_config = json.loads(read_secret_file(self.nix_workers_secret_name))
         worker_names = []
 
+        if self.manhole is not None:
+            config["manhole"] = self.manhole
+
         config.setdefault("projects", [])
         config.setdefault("secretsProviders", [])
         config.setdefault("www", {

nix/coordinator.nix

@@ -7,6 +7,9 @@
 let
   inherit (lib) filterAttrs;
   cfg = config.services.buildbot-nix.coordinator;
+  debuggingManhole = if cfg.debugging.enable then
+  "manhole.TelnetManhole(${toString cfg.debugging.port}, 'admin', 'admin')"
+  else "None";
 in
 {
   options = {
@@ -28,6 +31,14 @@ in
         description = "List of local remote builders machines associated to that Buildbot instance";
       };
 
+      debugging = {
+        enable = lib.mkEnableOption "manhole's buildbot debugging on localhost using `admin:admin`";
+        port = lib.mkOption {
+          type = lib.types.port;
+          default = 15000;
+        };
+      };
+
       oauth2 = {
         name = lib.mkOption {
           type = lib.types.str;
@@ -163,6 +174,14 @@ in
           '';
           example = [ "lix" ];
         };
+
+        projects = lib.mkOption {
+          type = lib.types.listOf lib.types.str;
+          description = ''
+            List of projects which are to check on Gerrit.
+          '';
+          example = [ "lix" ];
+        };
       };
 
       binaryCache = {
@@ -216,6 +235,7 @@ in
       extraImports = ''
         from datetime import timedelta
         from buildbot_nix import GerritNixConfigurator, read_secret_file, make_oauth2_method, OAuth2Config, assemble_secret_file_path
+        from buildbot import manhole
 
         # TODO(raito): make me configurable from the NixOS module.
         # how?
@@ -257,7 +277,8 @@ in
               auth_method=CustomOAuth2(${builtins.toJSON cfg.oauth2.clientId},
                 read_secret_file('buildbot-oauth2-secret'),
                 autologin=True
-              )
+              ),
+              manhole=${debuggingManhole}
           )
         ''
       ];