better gerrit integration #5
|
@ -316,25 +316,9 @@ def nix_eval_config(
|
|||
)
|
||||
|
||||
|
||||
@dataclass
|
||||
class CachixConfig:
|
||||
name: str
|
||||
signing_key_secret_name: str | None = None
|
||||
auth_token_secret_name: str | None = None
|
||||
|
||||
def cachix_env(self) -> dict[str, str]:
|
||||
env = {}
|
||||
if self.signing_key_secret_name is not None:
|
||||
env["CACHIX_SIGNING_KEY"] = util.Secret(self.signing_key_secret_name)
|
||||
if self.auth_token_secret_name is not None:
|
||||
env["CACHIX_AUTH_TOKEN"] = util.Secret(self.auth_token_secret_name)
|
||||
return env
|
||||
|
||||
|
||||
def nix_build_config(
|
||||
project: GerritProject,
|
||||
worker_names: list[str],
|
||||
cachix: CachixConfig | None = None,
|
||||
outputs_path: Path | None = None,
|
||||
) -> util.BuilderConfig:
|
||||
"""Builds one nix flake attribute."""
|
||||
|
@ -365,19 +349,6 @@ def nix_build_config(
|
|||
haltOnFailure=True,
|
||||
),
|
||||
)
|
||||
if cachix:
|
||||
factory.addStep(
|
||||
steps.ShellCommand(
|
||||
name="Upload cachix",
|
||||
env=cachix.cachix_env(),
|
||||
command=[
|
||||
"cachix",
|
||||
"push",
|
||||
cachix.name,
|
||||
util.Interpolate("result-%(prop:attr)s"),
|
||||
],
|
||||
),
|
||||
)
|
||||
|
||||
factory.addStep(
|
||||
steps.ShellCommand(
|
||||
|
@ -468,7 +439,6 @@ def config_for_project(
|
|||
nix_eval_worker_count: int,
|
||||
nix_eval_max_memory_size: int,
|
||||
eval_lock: util.MasterLock,
|
||||
cachix: CachixConfig | None = None,
|
||||
outputs_path: Path | None = None,
|
||||
) -> Project:
|
||||
config["projects"].append(Project(project.name))
|
||||
|
@ -530,7 +500,6 @@ def config_for_project(
|
|||
nix_build_config(
|
||||
project,
|
||||
worker_names,
|
||||
cachix=cachix,
|
||||
outputs_path=outputs_path,
|
||||
),
|
||||
nix_skipped_build_config(project, [SKIPPED_BUILDER_NAME]),
|
||||
|
@ -672,7 +641,6 @@ class GerritNixConfigurator(ConfiguratorBase):
|
|||
nix_eval_worker_count: int | None,
|
||||
nix_eval_max_memory_size: int,
|
||||
nix_workers_secret_name: str = "buildbot-nix-workers", # noqa: S107
|
||||
cachix: CachixConfig | None = None,
|
||||
outputs_path: str | None = None,
|
||||
) -> None:
|
||||
super().__init__()
|
||||
|
@ -685,7 +653,6 @@ class GerritNixConfigurator(ConfiguratorBase):
|
|||
self.nix_supported_systems = nix_supported_systems
|
||||
self.gerrit_change_source = GerritChangeSource(gerrit_server, gerrit_user, gerritport=gerrit_port, identity_file=gerrit_sshkey_path)
|
||||
self.url = url
|
||||
self.cachix = cachix
|
||||
if outputs_path is None:
|
||||
self.outputs_path = None
|
||||
else:
|
||||
|
@ -717,7 +684,6 @@ class GerritNixConfigurator(ConfiguratorBase):
|
|||
self.nix_eval_worker_count or multiprocessing.cpu_count(),
|
||||
self.nix_eval_max_memory_size,
|
||||
eval_lock,
|
||||
self.cachix,
|
||||
self.outputs_path,
|
||||
)
|
||||
|
||||
|
|
|
@ -46,14 +46,6 @@ in
|
|||
# optional nix-eval-jobs settings
|
||||
# evalWorkerCount = 8; # limit number of concurrent evaluations
|
||||
# evalMaxMemorySize = "2048"; # limit memory usage per evaluation
|
||||
|
||||
# optional cachix
|
||||
#cachix = {
|
||||
# name = "my-cachix";
|
||||
# # One of the following is required:
|
||||
# signingKey = "/var/lib/secrets/cachix-key";
|
||||
# authToken = "/var/lib/secrets/cachix-token";
|
||||
#};
|
||||
};
|
||||
})
|
||||
buildbot-nix.nixosModules.buildbot-master
|
||||
|
|
|
@ -15,25 +15,6 @@ in
|
|||
default = "postgresql://@/buildbot";
|
||||
description = "Postgresql database url";
|
||||
};
|
||||
cachix = {
|
||||
name = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = null;
|
||||
description = "Cachix name";
|
||||
};
|
||||
|
||||
signingKeyFile = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
description = "Cachix signing key";
|
||||
};
|
||||
|
||||
authTokenFile = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = null;
|
||||
description = "Cachix auth token";
|
||||
};
|
||||
};
|
||||
workersFile = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
description = "File containing a list of nix workers";
|
||||
|
@ -88,13 +69,6 @@ in
|
|||
isSystemUser = true;
|
||||
};
|
||||
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.cachix.name != null -> cfg.cachix.signingKeyFile != null || cfg.cachix.authTokenFile != null;
|
||||
message = "if cachix.name is provided, then cachix.signingKeyFile and cachix.authTokenFile must be set";
|
||||
}
|
||||
];
|
||||
|
||||
services.buildbot-master = {
|
||||
enable = true;
|
||||
|
||||
|
@ -106,7 +80,7 @@ in
|
|||
home = "/var/lib/buildbot";
|
||||
extraImports = ''
|
||||
from datetime import timedelta
|
||||
from buildbot_nix import GerritNixConfigurator, CachixConfig
|
||||
from buildbot_nix import GerritNixConfigurator
|
||||
'';
|
||||
configurators = [
|
||||
''
|
||||
|
@ -150,11 +124,7 @@ in
|
|||
LoadCredential = [
|
||||
"buildbot-nix-workers:${cfg.workersFile}"
|
||||
"buildbot-oauth2-secret:${cfg.oauth2SecretFile}"
|
||||
]
|
||||
++ lib.optional (cfg.cachix.signingKeyFile != null)
|
||||
"cachix-signing-key:${builtins.toString cfg.cachix.signingKeyFile}"
|
||||
++ lib.optional (cfg.cachix.authTokenFile != null)
|
||||
"cachix-auth-token:${builtins.toString cfg.cachix.authTokenFile}";
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue