From 82dc712d9312f06e653213d030b6db21529a422f Mon Sep 17 00:00:00 2001 From: Jade Lovelace Date: Sun, 9 Jun 2024 01:26:21 -0700 Subject: [PATCH] releng: add prod environment, ready for release I am *reasonably* confident that this releng infrastructure can actually build a Lix 2.90 and release it successfully. Let's make it possible to do, and add some cute colours to the confirmation message. Change-Id: I85e498b6fb49ffc5e75c0a72c5e45fb1f69030d3 --- releng/create_release.xsh | 5 ++-- releng/docker.xsh | 4 ++-- releng/environment.py | 50 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 55 insertions(+), 4 deletions(-) diff --git a/releng/create_release.xsh b/releng/create_release.xsh index 373c079bc..94c78a83f 100644 --- a/releng/create_release.xsh +++ b/releng/create_release.xsh @@ -240,9 +240,10 @@ def upload_artifacts(env: RelengEnvironment, noconfirm=False, no_check_git=False tree @(ARTIFACTS) + env_part = f'environment {env.name}' not noconfirm and confirm( - f'Would you like to release {ARTIFACTS} as {VERSION}? Type "I want to release this" to confirm\n', - 'I want to release this' + f'Would you like to release {ARTIFACTS} as {VERSION} in {env.colour(env_part)}? Type "I want to release this to {env.name}" to confirm\n', + f'I want to release this to {env.name}' ) docker_images = list((ARTIFACTS / f'lix/lix-{VERSION}').glob(f'lix-{VERSION}-docker-image-*.tar.gz')) diff --git a/releng/docker.xsh b/releng/docker.xsh index f45a69d27..20fb30cd3 100644 --- a/releng/docker.xsh +++ b/releng/docker.xsh @@ -49,7 +49,7 @@ def upload_docker_images(target: DockerTarget, paths: list[Path]): docker_os = inspection['Os'] meta = inspection['Labels'] - log.info('Pushing image %s for %s', path, docker_arch) + log.info('Pushing image %s for %s to %s', path, docker_arch, target.registry_path) # insecure-policy: we don't have any signature policy, we are just uploading an image # We upload to a junk tag, because otherwise it will upload to `latest`, which is undesirable @@ -67,7 +67,7 @@ def upload_docker_images(target: DockerTarget, paths: list[Path]): # FIXME: this is not possible because GitHub only has a proprietary API for it. amazing. 11/10. # reg.delete_tag(target.registry_path, 'temp') - log.info('Pushed images, building a bigger and more menacing manifest from %r with metadata %r', manifests, meta) + log.info('Pushed images to %r, building a bigger and more menacing manifest from %r with metadata %r', target, manifests, meta) # send the multiarch manifest to each tag index = OCIIndex(manifests=manifests, annotations=meta) for tag in tag_names: diff --git a/releng/environment.py b/releng/environment.py index b2278491a..ca8194fe5 100644 --- a/releng/environment.py +++ b/releng/environment.py @@ -1,4 +1,8 @@ +from typing import Callable import urllib.parse +import re +import functools +import subprocess import dataclasses S3_HOST = 's3.lix.systems' @@ -41,6 +45,7 @@ class DockerTarget: @dataclasses.dataclass class RelengEnvironment: name: str + colour: Callable[[str], str] cache_store_overlay: dict[str, str] cache_bucket: str @@ -56,8 +61,19 @@ class RelengEnvironment: return self.cache_bucket + "?" + urllib.parse.urlencode(qs) +SGR = '\x1b[' +RED = '31;1m' +GREEN = '32;1m' +RESET = '0m' + + +def sgr(colour: str, text: str) -> str: + return f'{SGR}{colour}{text}{SGR}{RESET}' + + STAGING = RelengEnvironment( name='staging', + colour=functools.partial(sgr, GREEN), docs_bucket='s3://staging-docs', cache_bucket='s3://staging-cache', cache_store_overlay={'secret-key': 'staging.key'}, @@ -72,8 +88,42 @@ STAGING = RelengEnvironment( ], ) +GERRIT_REMOTE_RE = re.compile(r'^ssh://(\w+@)?gerrit.lix.systems:2022/lix$') + + +def guess_gerrit_remote(): + """ + Deals with people having unknown gerrit username. + """ + out = [ + x.split()[1] for x in subprocess.check_output( + ['git', 'remote', '-v']).decode().splitlines() + ] + return next(x for x in out if GERRIT_REMOTE_RE.match(x)) + + +PROD = RelengEnvironment( + name='production', + colour=functools.partial(sgr, RED), + docs_bucket='s3://docs', + cache_bucket='s3://cache', + # FIXME: we should decrypt this with age into a tempdir in the future, but + # the issue is how to deal with the recipients file. For now, we should + # just delete it after doing a release. + cache_store_overlay={'secret-key': 'prod.key'}, + releases_bucket='s3://releases', + git_repo=guess_gerrit_remote(), + docker_targets=[ + # latest will be auto tagged if appropriate + DockerTarget('git.lix.systems/lix-project/lix', + tags=['{version}', '{major}']), + DockerTarget('ghcr.io/lix-project/lix', tags=['{version}', '{major}']), + ], +) + ENVIRONMENTS = { 'staging': STAGING, + 'production': PROD, }