[perso/Immae/Config/Nix.git] / modules / private / buildbot / projects / caldance / __init__.py

from buildbot.plugins import *
from buildbot_common.build_helpers import *
import os
from buildbot.util import bytes2unicode
import json

__all__ = [ "configure", "E" ]

class E():
    PROJECT       = "caldance"
    BUILDBOT_URL  = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
    SOCKET        = "unix:/run/buildbot/{}.sock".format(PROJECT)
    PB_SOCKET     = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT)
    RELEASE_PATH  = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
    RELEASE_URL   = "https://release.immae.eu/{}".format(PROJECT)
    GIT_URL       = "gitolite@git.immae.eu:perso/simon_descarpentries/www.cal-dance.com"
    SSH_KEY_PATH  = "/var/lib/buildbot/buildbot_key"
    SSH_HOST_KEY  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF"
    LDAP_HOST     = "ldap.immae.eu"
    LDAP_DN       = "cn=buildbot,ou=services,dc=immae,dc=eu"
    LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu"
    XMPP_RECIPIENTS = os.environ["BUILDBOT_XMPP_RECIPIENTS"].split(" ")

    PUPPET_HOST = {
            "integration": [ "-p8022", "root@caldance.cs.immae.dev"],
            }

    # master.cfg
    SECRETS_FILE       = os.getcwd() + "/secrets"
    LDAP_URL           = "ldaps://ldap.immae.eu:636"
    LDAP_ADMIN_USER    = "cn=buildbot,ou=services,dc=immae,dc=eu"
    LDAP_BASE          = "dc=immae,dc=eu"
    LDAP_PATTERN       = "(uid=%(username)s)"
    LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=caldance,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
    TITLE_URL          = "https://caldance.cs.immae.dev"
    TITLE              = "Caldance"

class CustomBase(webhooks.base):
    def getChanges(self, request):
        try:
            content = request.content.read()
            args = json.loads(bytes2unicode(content))
        except Exception as e:
            raise ValueError("Error loading JSON: " + str(e))

        args.setdefault("comments", "")
        args.setdefault("repository", "")
        args.setdefault("author", args.get("who", "unknown"))

        if args["category"] == "deploy_webhook":
            args = {
                    "category": "deploy_webhook",
                    "comments": "",
                    "repository": "",
                    "author": "webhook",
                    "project": "Caldance",
                    "properties": {
                        "environment": args.get("environment", "integration"),
                        "build": "caldance_{}.tar.gz".format(args.get("build", "master"))
                        }
                    }

        return ([args], None)

def deploy_hook_scheduler(project, timer=1):
    return schedulers.AnyBranchScheduler(
            change_filter=util.ChangeFilter(category="deploy_webhook", project=project),
            name="{}_deploy".format(project), treeStableTimer=timer, builderNames=["{}_deploy".format(project)])

def configure(c):
    c["buildbotURL"] = E.BUILDBOT_URL
    c["www"]["port"] = E.SOCKET

    c["www"]["change_hook_dialects"]["base"] = {
            "custom_class": CustomBase
            }
    c['workers'].append(worker.LocalWorker("generic-worker"))
    c['workers'].append(worker.LocalWorker("deploy-worker"))

    db_lock = util.MasterLock("deploy_after_build")

    c['schedulers'].append(hook_scheduler("Caldance", timer=1))
    c['schedulers'].append(force_scheduler("force_caldance", ["Caldance_build"]))
    c['schedulers'].append(deploy_scheduler("deploy_caldance", ["Caldance_deploy"]))
    c['schedulers'].append(deploy_hook_scheduler("Caldance", timer=1))

    c['builders'].append(factory("caldance", locks=[db_lock.access('exclusive')]))

    c['builders'].append(deploy_factory("caldance", locks=[db_lock.access('exclusive')]))

    c['services'].append(SlackStatusPush(
        name="slack_status_caldance",
        builders=["Caldance_build", "Caldance_deploy"],
        serverUrl=open(E.SECRETS_FILE + "/slack_webhook", "r").read().rstrip()))
    c['services'].append(XMPPStatusPush(
        name="xmpp_status_caldance",
        builders=["Caldance_build", "Caldance_deploy"],
        recipients=E.XMPP_RECIPIENTS,
        password=open(E.SECRETS_FILE + "/notify_xmpp_password", "r").read().rstrip()))

def factory(project, locks=[], ignore_fails=False):
    release_file = "{1}/{0}_%(kw:clean_branch)s.tar.gz"

    package = util.Interpolate("{0}_%(kw:clean_branch)s.tar.gz".format(project), clean_branch=clean_branch)
    package_dest = util.Interpolate(release_file.format(project, E.RELEASE_PATH), clean_branch=clean_branch)
    package_url = util.Interpolate(release_file.format(project, E.RELEASE_URL), clean_branch=clean_branch)

    factory = util.BuildFactory()
    factory.addStep(steps.Git(logEnviron=False, repourl=E.GIT_URL,
        sshPrivateKey=open(E.SSH_KEY_PATH).read().rstrip(),
        sshHostKey=E.SSH_HOST_KEY, mode="full", method="copy"))
    factory.addSteps(package_and_upload(package, package_dest, package_url))

    return util.BuilderConfig(
            name="{}_build".format(project.capitalize()),
            locks=locks,
            workernames=["generic-worker"], factory=factory)

def compute_build_infos(project):
    @util.renderer
    def compute(props):
        import re, hashlib
        build_file = props.getProperty("build")
        package_dest = "{1}/{0}".format(build_file, E.RELEASE_PATH)
        version = re.match(r"{0}_(.*).tar.gz".format(project), build_file).group(1)
        with open(package_dest, "rb") as f:
            sha = hashlib.sha256(f.read()).hexdigest()
        return {
                "build_version": version,
                "build_hash": sha,
                }
    return compute

@util.renderer
def puppet_ssh_command(props):
    environment = props["environment"] if props.hasProperty("environment") else "integration"
    ssh_command = [
            "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no",
            "-i", E.SSH_KEY_PATH ]
    return ssh_command + E.PUPPET_HOST.get(environment, ["host.invalid"])

def deploy_factory(project, locks=[]):
    package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH))

    factory = util.BuildFactory()
    factory.addStep(steps.MasterShellCommand(command=["test", "-f", package_dest]))
    factory.addStep(steps.SetProperties(properties=compute_build_infos(project)))
    factory.addStep(LdapPush(environment=util.Property("environment"),
        project=project, build_version=util.Property("build_version"),
        build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap")))
    factory.addStep(steps.MasterShellCommand(command=puppet_ssh_command))
    return util.BuilderConfig(
            name="{}_deploy".format(project.capitalize()),
            locks=locks,
            workernames=["deploy-worker"], factory=factory)

from twisted.internet import defer
from buildbot.process.buildstep import FAILURE
from buildbot.process.buildstep import SUCCESS
from buildbot.process.buildstep import BuildStep

class LdapPush(BuildStep):
    name = "LdapPush"
    renderables = ["environment", "project", "build_version", "build_hash", "ldap_password"]

    def __init__(self, **kwargs):
        self.environment = kwargs.pop("environment")
        self.project = kwargs.pop("project")
        self.build_version = kwargs.pop("build_version")
        self.build_hash = kwargs.pop("build_hash")
        self.ldap_password = kwargs.pop("ldap_password")
        self.ldap_host = kwargs.pop("ldap_host", E.LDAP_HOST)
        super().__init__(**kwargs)

    def run(self):
        import json
        from ldap3 import Reader, Writer, Server, Connection, ObjectDef
        server = Server(self.ldap_host)
        conn = Connection(server,
                user=E.LDAP_DN,
                password=self.ldap_password)
        conn.bind()
        obj = ObjectDef("immaePuppetClass", conn)
        r = Reader(conn, obj,
                "cn=caldance.{},{}".format(self.environment, E.LDAP_ROLES_BASE))
        r.search()
        if len(r) > 0:
            w = Writer.from_cursor(r)
            for value in w[0].immaePuppetJson.values:
                config = json.loads(value)
                if "role::caldance::{}_version".format(self.project) in config:
                    config["role::caldance::{}_version".format(self.project)] = self.build_version
                    config["role::caldance::{}_sha256".format(self.project)] = self.build_hash
                    w[0].immaePuppetJson -= value
                    w[0].immaePuppetJson += json.dumps(config, indent="  ")
                    w.commit()
                    return defer.succeed(SUCCESS)
        return defer.succeed(FAILURE)
Commit	Line	Data
e2b96bf5 IB	1	from buildbot.plugins import *
	2	from buildbot_common.build_helpers import *
	3	import os
85817848 IB	4	from buildbot.util import bytes2unicode
85817848 IB	5	import json
e2b96bf5 IB	6
	7	__all__ = [ "configure", "E" ]
	8
	9	class E():
	10	PROJECT = "caldance"
	11	BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
	12	SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT)
	13	PB_SOCKET = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT)
	14	RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
	15	RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT)
	16	GIT_URL = "gitolite@git.immae.eu:perso/simon_descarpentries/www.cal-dance.com"
	17	SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key"
	18	SSH_HOST_KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF"
	19	LDAP_HOST = "ldap.immae.eu"
	20	LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu"
	21	LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu"
256d607c	22	XMPP_RECIPIENTS = os.environ["BUILDBOT_XMPP_RECIPIENTS"].split(" ")
e2b96bf5 IB	23
e2b96bf5 IB	24	PUPPET_HOST = {
7c5e6fe8	25	"integration": [ "-p8022", "root@caldance.cs.immae.dev"],
e2b96bf5 IB	26	}
	27
	28	# master.cfg
	29	SECRETS_FILE = os.getcwd() + "/secrets"
	30	LDAP_URL = "ldaps://ldap.immae.eu:636"
	31	LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu"
	32	LDAP_BASE = "dc=immae,dc=eu"
	33	LDAP_PATTERN = "(uid=%(username)s)"
	34	LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=caldance,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
7c5e6fe8	35	TITLE_URL = "https://caldance.cs.immae.dev"
e2b96bf5 IB	36	TITLE = "Caldance"
e2b96bf5 IB	37
85817848 IB	38	class CustomBase(webhooks.base):
	39	def getChanges(self, request):
	40	try:
	41	content = request.content.read()
	42	args = json.loads(bytes2unicode(content))
	43	except Exception as e:
	44	raise ValueError("Error loading JSON: " + str(e))
	45
	46	args.setdefault("comments", "")
	47	args.setdefault("repository", "")
	48	args.setdefault("author", args.get("who", "unknown"))
	49
	50	if args["category"] == "deploy_webhook":
	51	args = {
	52	"category": "deploy_webhook",
	53	"comments": "",
	54	"repository": "",
	55	"author": "webhook",
	56	"project": "Caldance",
	57	"properties": {
	58	"environment": args.get("environment", "integration"),
	59	"build": "caldance_{}.tar.gz".format(args.get("build", "master"))
	60	}
	61	}
	62
	63	return ([args], None)
	64
	65	def deploy_hook_scheduler(project, timer=1):
	66	return schedulers.AnyBranchScheduler(
	67	change_filter=util.ChangeFilter(category="deploy_webhook", project=project),
	68	name="{}_deploy".format(project), treeStableTimer=timer, builderNames=["{}_deploy".format(project)])
	69
e2b96bf5 IB	70	def configure(c):
	71	c["buildbotURL"] = E.BUILDBOT_URL
	72	c["www"]["port"] = E.SOCKET
	73
85817848 IB	74	c["www"]["change_hook_dialects"]["base"] = {
	75	"custom_class": CustomBase
	76	}
e2b96bf5 IB	77	c['workers'].append(worker.LocalWorker("generic-worker"))
	78	c['workers'].append(worker.LocalWorker("deploy-worker"))
	79
bbd5220c IB	80	db_lock = util.MasterLock("deploy_after_build")
bbd5220c IB	81
e2b96bf5 IB	82	c['schedulers'].append(hook_scheduler("Caldance", timer=1))
	83	c['schedulers'].append(force_scheduler("force_caldance", ["Caldance_build"]))
	84	c['schedulers'].append(deploy_scheduler("deploy_caldance", ["Caldance_deploy"]))
85817848	85	c['schedulers'].append(deploy_hook_scheduler("Caldance", timer=1))
e2b96bf5	86
bbd5220c	87	c['builders'].append(factory("caldance", locks=[db_lock.access('exclusive')]))
e2b96bf5	88
bbd5220c	89	c['builders'].append(deploy_factory("caldance", locks=[db_lock.access('exclusive')]))
e2b96bf5 IB	90
	91	c['services'].append(SlackStatusPush(
	92	name="slack_status_caldance",
	93	builders=["Caldance_build", "Caldance_deploy"],
	94	serverUrl=open(E.SECRETS_FILE + "/slack_webhook", "r").read().rstrip()))
256d607c IB	95	c['services'].append(XMPPStatusPush(
	96	name="xmpp_status_caldance",
	97	builders=["Caldance_build", "Caldance_deploy"],
	98	recipients=E.XMPP_RECIPIENTS,
	99	password=open(E.SECRETS_FILE + "/notify_xmpp_password", "r").read().rstrip()))
e2b96bf5	100
bbd5220c	101	def factory(project, locks=[], ignore_fails=False):
e2b96bf5 IB	102	release_file = "{1}/{0}_%(kw:clean_branch)s.tar.gz"
	103
	104	package = util.Interpolate("{0}_%(kw:clean_branch)s.tar.gz".format(project), clean_branch=clean_branch)
	105	package_dest = util.Interpolate(release_file.format(project, E.RELEASE_PATH), clean_branch=clean_branch)
	106	package_url = util.Interpolate(release_file.format(project, E.RELEASE_URL), clean_branch=clean_branch)
	107
	108	factory = util.BuildFactory()
	109	factory.addStep(steps.Git(logEnviron=False, repourl=E.GIT_URL,
	110	sshPrivateKey=open(E.SSH_KEY_PATH).read().rstrip(),
	111	sshHostKey=E.SSH_HOST_KEY, mode="full", method="copy"))
	112	factory.addSteps(package_and_upload(package, package_dest, package_url))
	113
	114	return util.BuilderConfig(
	115	name="{}_build".format(project.capitalize()),
bbd5220c	116	locks=locks,
e2b96bf5 IB	117	workernames=["generic-worker"], factory=factory)
	118
	119	def compute_build_infos(project):
	120	@util.renderer
	121	def compute(props):
	122	import re, hashlib
	123	build_file = props.getProperty("build")
	124	package_dest = "{1}/{0}".format(build_file, E.RELEASE_PATH)
	125	version = re.match(r"{0}_(.*).tar.gz".format(project), build_file).group(1)
	126	with open(package_dest, "rb") as f:
	127	sha = hashlib.sha256(f.read()).hexdigest()
	128	return {
	129	"build_version": version,
	130	"build_hash": sha,
	131	}
	132	return compute
	133
	134	@util.renderer
6c95e93c	135	def puppet_ssh_command(props):
e2b96bf5	136	environment = props["environment"] if props.hasProperty("environment") else "integration"
6c95e93c IB	137	ssh_command = [
	138	"ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no",
	139	"-i", E.SSH_KEY_PATH ]
	140	return ssh_command + E.PUPPET_HOST.get(environment, ["host.invalid"])
e2b96bf5	141
bbd5220c	142	def deploy_factory(project, locks=[]):
e2b96bf5 IB	143	package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH))
	144
	145	factory = util.BuildFactory()
	146	factory.addStep(steps.MasterShellCommand(command=["test", "-f", package_dest]))
	147	factory.addStep(steps.SetProperties(properties=compute_build_infos(project)))
	148	factory.addStep(LdapPush(environment=util.Property("environment"),
	149	project=project, build_version=util.Property("build_version"),
	150	build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap")))
6c95e93c	151	factory.addStep(steps.MasterShellCommand(command=puppet_ssh_command))
bbd5220c IB	152	return util.BuilderConfig(
	153	name="{}_deploy".format(project.capitalize()),
	154	locks=locks,
	155	workernames=["deploy-worker"], factory=factory)
e2b96bf5 IB	156
	157	from twisted.internet import defer
	158	from buildbot.process.buildstep import FAILURE
	159	from buildbot.process.buildstep import SUCCESS
	160	from buildbot.process.buildstep import BuildStep
	161
	162	class LdapPush(BuildStep):
	163	name = "LdapPush"
	164	renderables = ["environment", "project", "build_version", "build_hash", "ldap_password"]
	165
	166	def __init__(self, **kwargs):
	167	self.environment = kwargs.pop("environment")
	168	self.project = kwargs.pop("project")
	169	self.build_version = kwargs.pop("build_version")
	170	self.build_hash = kwargs.pop("build_hash")
	171	self.ldap_password = kwargs.pop("ldap_password")
	172	self.ldap_host = kwargs.pop("ldap_host", E.LDAP_HOST)
	173	super().__init__(**kwargs)
	174
	175	def run(self):
	176	import json
	177	from ldap3 import Reader, Writer, Server, Connection, ObjectDef
	178	server = Server(self.ldap_host)
	179	conn = Connection(server,
	180	user=E.LDAP_DN,
	181	password=self.ldap_password)
	182	conn.bind()
	183	obj = ObjectDef("immaePuppetClass", conn)
	184	r = Reader(conn, obj,
	185	"cn=caldance.{},{}".format(self.environment, E.LDAP_ROLES_BASE))
	186	r.search()
	187	if len(r) > 0:
	188	w = Writer.from_cursor(r)
	189	for value in w[0].immaePuppetJson.values:
	190	config = json.loads(value)
	191	if "role::caldance::{}_version".format(self.project) in config:
	192	config["role::caldance::{}_version".format(self.project)] = self.build_version
	193	config["role::caldance::{}_sha256".format(self.project)] = self.build_hash
	194	w[0].immaePuppetJson -= value
	195	w[0].immaePuppetJson += json.dumps(config, indent=" ")
	196	w.commit()
	197	return defer.succeed(SUCCESS)
	198	return defer.succeed(FAILURE)