+++ /dev/null
-{
- "tag": "6f5a6e9-master",
- "meta": {
- "name": "buildbot_common",
- "url": "gitolite@git.immae.eu:perso/Immae/Projets/Buildbot/common",
- "branch": "master"
- },
- "git": {
- "url": "gitolite@git.immae.eu:perso/Immae/Projets/Buildbot/common",
- "rev": "6f5a6e926b23a80358c62ff2e8021128839b31bc",
- "sha256": "1s2jhgg7wfyrsyv2qk44ylfzgviq4prhlz9yv2sxzcmypkqbjpm9",
- "fetchSubmodules": true
- }
-}
--- /dev/null
+from buildbot.plugins import util, steps, schedulers
+from buildbot_buildslist import BuildsList
+
+__all__ = [
+ "force_scheduler", "deploy_scheduler", "hook_scheduler",
+ "clean_branch", "package_and_upload", "SlackStatusPush"
+ ]
+
+# Small helpers"
+@util.renderer
+def clean_branch(props):
+ if props.hasProperty("branch") and len(props["branch"]) > 0:
+ return props["branch"].replace("/", "_")
+ else:
+ return "HEAD"
+
+def package_and_upload(package, package_dest, package_url):
+ return [
+ steps.ShellCommand(name="build package",
+ logEnviron=False, haltOnFailure=True, workdir="source",
+ command=["git", "archive", "HEAD", "-o", package]),
+
+ steps.FileUpload(name="upload package", workersrc=package,
+ workdir="source", masterdest=package_dest,
+ url=package_url, mode=0o644),
+
+ steps.ShellCommand(name="cleanup package", logEnviron=False,
+ haltOnFailure=True, workdir="source", alwaysRun=True,
+ command=["rm", "-f", package]),
+ ]
+
+# Schedulers
+def force_scheduler(name, builders):
+ return schedulers.ForceScheduler(name=name,
+ label="Force build", buttonName="Force build",
+ reason=util.StringParameter(name="reason", label="Reason", default="Force build"),
+ codebases=[
+ util.CodebaseParameter("",
+ branch=util.StringParameter(
+ name="branch", label="Git reference (tag, branch)", required=True),
+ revision=util.FixedParameter(name="revision", default=""),
+ repository=util.FixedParameter(name="repository", default=""),
+ project=util.FixedParameter(name="project", default=""),
+ ),
+ ],
+ username=util.FixedParameter(name="username", default="Web button"),
+ builderNames=builders)
+
+def deploy_scheduler(name, builders):
+ return schedulers.ForceScheduler(name=name,
+ builderNames=builders,
+ label="Deploy built package", buttonName="Deploy",
+ username=util.FixedParameter(name="username", default="Web button"),
+ codebases=[
+ util.CodebaseParameter(codebase="",
+ branch=util.FixedParameter(name="branch", default=""),
+ revision=util.FixedParameter(name="revision", default=""),
+ repository=util.FixedParameter(name="repository", default=""),
+ project=util.FixedParameter(name="project", default=""))],
+ reason=util.FixedParameter(name="reason", default="Deploy"),
+ properties=[
+ util.ChoiceStringParameter(label="Environment",
+ name="environment", default="integration",
+ choices=["integration", "production"]),
+ BuildsList(label="Build to deploy", name="build"),
+ ]
+ )
+
+def hook_scheduler(project, timer=10):
+ return schedulers.AnyBranchScheduler(
+ change_filter=util.ChangeFilter(category="hooks", project=project),
+ name=project, treeStableTimer=timer, builderNames=["{}_build".format(project)])
+
+# Slack status push
+from buildbot.reporters.http import HttpStatusPushBase
+from twisted.internet import defer
+from twisted.python import log
+from buildbot.util import httpclientservice
+from buildbot.reporters import utils
+from buildbot.process import results
+
+class SlackStatusPush(HttpStatusPushBase):
+ name = "SlackStatusPush"
+
+ @defer.inlineCallbacks
+ def reconfigService(self, serverUrl, **kwargs):
+ yield HttpStatusPushBase.reconfigService(self, **kwargs)
+ self._http = yield httpclientservice.HTTPClientService.getService(
+ self.master, serverUrl)
+
+ @defer.inlineCallbacks
+ def send(self, build):
+ yield utils.getDetailsForBuild(self.master, build, wantProperties=True)
+ response = yield self._http.post("", json=self.format(build))
+ if response.code != 200:
+ log.msg("%s: unable to upload status: %s" %
+ (response.code, response.content))
+
+ def format(self, build):
+ colors = [
+ "#36A64F", # success
+ "#F1E903", # warnings
+ "#DA0505", # failure
+ "#FFFFFF", # skipped
+ "#000000", # exception
+ "#FFFFFF", # retry
+ "#D02CA9", # cancelled
+ ]
+
+ if "environment" in build["properties"]:
+ msg = "{} environment".format(build["properties"]["environment"][0])
+ if "build" in build["properties"]:
+ msg = "of archive {} in ".format(build["properties"]["build"][0]) + msg
+ elif len(build["buildset"]["sourcestamps"][0]["branch"]) > 0:
+ msg = "revision {}".format(build["buildset"]["sourcestamps"][0]["branch"])
+ else:
+ msg = "build"
+
+ if build["complete"]:
+ timedelta = int((build["complete_at"] - build["started_at"]).total_seconds())
+ hours, rest = divmod(timedelta, 3600)
+ minutes, seconds = divmod(rest, 60)
+ if hours > 0:
+ duration = "{}h {}min {}s".format(hours, minutes, seconds)
+ elif minutes > 0:
+ duration = "{}min {}s".format(minutes, seconds)
+ else:
+ duration = "{}s".format(seconds)
+
+ text = "Build <{}|{}> of {}'s {} was {} in {}.".format(
+ build["url"], build["buildid"],
+ build["builder"]["name"],
+ msg,
+ results.Results[build["results"]],
+ duration,
+ )
+ fields = [
+ {
+ "title": "Build",
+ "value": "<{}|{}>".format(build["url"], build["buildid"]),
+ "short": True,
+ },
+ {
+ "title": "Project",
+ "value": build["builder"]["name"],
+ "short": True,
+ },
+ {
+ "title": "Build status",
+ "value": results.Results[build["results"]],
+ "short": True,
+ },
+ {
+ "title": "Build duration",
+ "value": duration,
+ "short": True,
+ },
+ ]
+ if "environment" in build["properties"]:
+ fields.append({
+ "title": "Environment",
+ "value": build["properties"]["environment"][0],
+ "short": True,
+ })
+ if "build" in build["properties"]:
+ fields.append({
+ "title": "Archive",
+ "value": build["properties"]["build"][0],
+ "short": True,
+ })
+ attachments = [{
+ "fallback": "",
+ "color": colors[build["results"]],
+ "fields": fields
+ }]
+ else:
+ text = "Build <{}|{}> of {}'s {} started.".format(
+ build["url"], build["buildid"],
+ build["builder"]["name"],
+ msg,
+ )
+ attachments = []
+
+ return {
+ "username": "Buildbot",
+ "icon_url": "http://docs.buildbot.net/current/_static/icon.png",
+ "text": text,
+ "attachments": attachments,
+ }
+
+
+
--- /dev/null
+# -*- python -*-
+# ex: set filetype=python:
+
+from buildbot.plugins import secrets, util, webhooks
+from buildbot.util import bytes2unicode
+import re
+import os
+from buildbot_config import E, configure
+import json
+
+class CustomBase(webhooks.base):
+ def getChanges(self, request):
+ try:
+ content = request.content.read()
+ args = json.loads(bytes2unicode(content))
+ except Exception as e:
+ raise ValueError("Error loading JSON: " + str(e))
+
+ args.setdefault("comments", "")
+ args.setdefault("repository", "")
+ args.setdefault("author", args.get("who"))
+
+ return ([args], None)
+
+userInfoProvider = util.LdapUserInfo(
+ uri=E.LDAP_URL,
+ bindUser=E.LDAP_ADMIN_USER,
+ bindPw=open(E.SECRETS_FILE + "/ldap", "r").read().rstrip(),
+ accountBase=E.LDAP_BASE,
+ accountPattern=E.LDAP_PATTERN,
+ accountFullName='cn',
+ accountEmail='mail',
+ avatarData="jpegPhoto",
+ groupBase=E.LDAP_BASE,
+ groupName="cn",
+ groupMemberPattern=E.LDAP_GROUP_PATTERN,
+ )
+
+c = BuildmasterConfig = {
+ "title": E.TITLE,
+ "titleURL": E.TITLE_URL,
+ "db": {
+ "db_url": "sqlite:///state.sqlite"
+ },
+ "protocols": { "pb": { "port": E.PB_SOCKET } },
+ "workers": [],
+ "change_source": [],
+ "schedulers": [],
+ "builders": [],
+ "services": [],
+ "secretsProviders": [
+ secrets.SecretInAFile(E.SECRETS_FILE),
+ ],
+ "www": {
+ "change_hook_dialects": { "base": { "custom_class": CustomBase } },
+ "plugins": {
+ "waterfall_view": {},
+ "console_view": {},
+ "grid_view": {},
+ "buildslist": {},
+ },
+ "auth": util.RemoteUserAuth(
+ header=b"X-Remote-User",
+ userInfoProvider=userInfoProvider,
+ headerRegex=re.compile(br"(?P<username>[^ @]+)")),
+ }
+ }
+
+configure(c)
doCheck = false;
src = buildslist_src.src;
};
- buildbot_common = pkgsNext.python3Packages.buildPythonPackage (mylibs.fetchedGitPrivate ./buildbot_common.json // rec {
+ buildbot_common = pkgsNext.python3Packages.buildPythonPackage rec {
+ name = "buildbot_common";
+ src = ./common;
format = "other";
installPhase = ''
mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages}
cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common
'';
- });
+ };
buildbot = pkgsNext.python3Packages.buildbot-full.withPlugins ([ buildslist ]);
in
{
ProxyPassReverse /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/
<Location /buildbot/${project.name}/>
Use LDAPConnect
- Require ldap-group cn=users,cn=buildbot,ou=services,dc=immae,dc=eu
+ Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu
SetEnvIf X-Url-Scheme https HTTPS=1
ProxyPreserveHost On
deps = [ "users" "wrappers" ];
text = let
master-cfg = "${buildbot_common}/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg";
- puppet_notify = pkgs.writeText "puppet_notify" (builtins.readFile "${myconfig.privateFiles}/buildbot_puppet_notify");
+ buildbot_key = pkgs.writeText "buildbot_key" (builtins.readFile "${myconfig.privateFiles}/buildbot_ssh_key");
+ tac_file = pkgs.writeText "buildbot.tac" ''
+ import os
+
+ from twisted.application import service
+ from buildbot.master import BuildMaster
+
+ basedir = '${varDir}/${project.name}'
+ rotateLength = 10000000
+ maxRotatedFiles = 10
+ configfile = '${master-cfg}'
+
+ # Default umask for server
+ umask = None
+
+ # if this is a relocatable tac file, get the directory containing the TAC
+ if basedir == '.':
+ import os
+ basedir = os.path.abspath(os.path.dirname(__file__))
+
+ # note: this line is matched against to check that this is a buildmaster
+ # directory; do not edit it.
+ application = service.Application('buildmaster')
+ from twisted.python.logfile import LogFile
+ from twisted.python.log import ILogObserver, FileLogObserver
+ logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength,
+ maxRotatedFiles=maxRotatedFiles)
+ application.setComponent(ILogObserver, FileLogObserver(logfile).emit)
+
+ m = BuildMaster(basedir, configfile, umask)
+ m.setServiceParent(application)
+ m.log_rotation.rotateLength = rotateLength
+ m.log_rotation.maxRotatedFiles = maxRotatedFiles
+ '';
in ''
install -m 0755 -o buildbot -g buildbot -d /run/buildbot/
install -m 0755 -o buildbot -g buildbot -d ${varDir}
if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then
$wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}"
rm -f ${varDir}/${project.name}/master.cfg.sample
+ rm -f ${varDir}/${project.name}/buildbot.tac
fi
- install -Dm600 -o buildbot -g buildbot -T ${puppet_notify} ${varDir}/puppet_notify
+ ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac
+ install -Dm600 -o buildbot -g buildbot -T ${buildbot_key} ${varDir}/buildbot_key
buildbot_secrets=${varDir}/${project.name}/secrets
install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets
echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap
project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment;
buildbot_config = pkgsNext.python3Packages.buildPythonPackage (rec {
name = "buildbot_config-${project.name}";
- src = "${./projects}/${project.name}";
+ src = ./projects + "/${project.name}";
format = "other";
installPhase = ''
mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages}
--- /dev/null
+from buildbot.plugins import *
+from buildbot_common.build_helpers import *
+import os
+
+__all__ = [ "configure", "E" ]
+
+class E():
+ PROJECT = "caldance"
+ BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
+ SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT)
+ PB_SOCKET = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT)
+ RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
+ RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT)
+ GIT_URL = "gitolite@git.immae.eu:perso/simon_descarpentries/www.cal-dance.com"
+ SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key"
+ SSH_HOST_KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF"
+ LDAP_HOST = "ldap.immae.eu"
+ LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu"
+ LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu"
+
+ PUPPET_HOST = {
+ "integration": "root@caldance.immae.eu",
+ }
+
+ # master.cfg
+ SECRETS_FILE = os.getcwd() + "/secrets"
+ LDAP_URL = "ldaps://ldap.immae.eu:636"
+ LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu"
+ LDAP_BASE = "dc=immae,dc=eu"
+ LDAP_PATTERN = "(uid=%(username)s)"
+ LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=caldance,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
+ TITLE_URL = "https://caldance.immae.eu"
+ TITLE = "Caldance"
+
+def configure(c):
+ c["buildbotURL"] = E.BUILDBOT_URL
+ c["www"]["port"] = E.SOCKET
+
+ c['workers'].append(worker.LocalWorker("generic-worker"))
+ c['workers'].append(worker.LocalWorker("deploy-worker"))
+
+ c['schedulers'].append(hook_scheduler("Caldance", timer=1))
+ c['schedulers'].append(force_scheduler("force_caldance", ["Caldance_build"]))
+ c['schedulers'].append(deploy_scheduler("deploy_caldance", ["Caldance_deploy"]))
+
+ c['builders'].append(factory("caldance"))
+
+ c['builders'].append(deploy_factory("caldance"))
+
+ c['services'].append(SlackStatusPush(
+ name="slack_status_caldance",
+ builders=["Caldance_build", "Caldance_deploy"],
+ serverUrl=open(E.SECRETS_FILE + "/slack_webhook", "r").read().rstrip()))
+
+def factory(project, ignore_fails=False):
+ release_file = "{1}/{0}_%(kw:clean_branch)s.tar.gz"
+
+ package = util.Interpolate("{0}_%(kw:clean_branch)s.tar.gz".format(project), clean_branch=clean_branch)
+ package_dest = util.Interpolate(release_file.format(project, E.RELEASE_PATH), clean_branch=clean_branch)
+ package_url = util.Interpolate(release_file.format(project, E.RELEASE_URL), clean_branch=clean_branch)
+
+ factory = util.BuildFactory()
+ factory.addStep(steps.Git(logEnviron=False, repourl=E.GIT_URL,
+ sshPrivateKey=open(E.SSH_KEY_PATH).read().rstrip(),
+ sshHostKey=E.SSH_HOST_KEY, mode="full", method="copy"))
+ factory.addSteps(package_and_upload(package, package_dest, package_url))
+
+ return util.BuilderConfig(
+ name="{}_build".format(project.capitalize()),
+ workernames=["generic-worker"], factory=factory)
+
+def compute_build_infos(project):
+ @util.renderer
+ def compute(props):
+ import re, hashlib
+ build_file = props.getProperty("build")
+ package_dest = "{1}/{0}".format(build_file, E.RELEASE_PATH)
+ version = re.match(r"{0}_(.*).tar.gz".format(project), build_file).group(1)
+ with open(package_dest, "rb") as f:
+ sha = hashlib.sha256(f.read()).hexdigest()
+ return {
+ "build_version": version,
+ "build_hash": sha,
+ }
+ return compute
+
+@util.renderer
+def puppet_host(props):
+ environment = props["environment"] if props.hasProperty("environment") else "integration"
+ return E.PUPPET_HOST.get(environment, "host.invalid")
+
+def deploy_factory(project):
+ package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH))
+
+ factory = util.BuildFactory()
+ factory.addStep(steps.MasterShellCommand(command=["test", "-f", package_dest]))
+ factory.addStep(steps.SetProperties(properties=compute_build_infos(project)))
+ factory.addStep(LdapPush(environment=util.Property("environment"),
+ project=project, build_version=util.Property("build_version"),
+ build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap")))
+ factory.addStep(steps.MasterShellCommand(command=[
+ "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host]))
+ return util.BuilderConfig(name="{}_deploy".format(project.capitalize()), workernames=["deploy-worker"], factory=factory)
+
+from twisted.internet import defer
+from buildbot.process.buildstep import FAILURE
+from buildbot.process.buildstep import SUCCESS
+from buildbot.process.buildstep import BuildStep
+
+class LdapPush(BuildStep):
+ name = "LdapPush"
+ renderables = ["environment", "project", "build_version", "build_hash", "ldap_password"]
+
+ def __init__(self, **kwargs):
+ self.environment = kwargs.pop("environment")
+ self.project = kwargs.pop("project")
+ self.build_version = kwargs.pop("build_version")
+ self.build_hash = kwargs.pop("build_hash")
+ self.ldap_password = kwargs.pop("ldap_password")
+ self.ldap_host = kwargs.pop("ldap_host", E.LDAP_HOST)
+ super().__init__(**kwargs)
+
+ def run(self):
+ import json
+ from ldap3 import Reader, Writer, Server, Connection, ObjectDef
+ server = Server(self.ldap_host)
+ conn = Connection(server,
+ user=E.LDAP_DN,
+ password=self.ldap_password)
+ conn.bind()
+ obj = ObjectDef("immaePuppetClass", conn)
+ r = Reader(conn, obj,
+ "cn=caldance.{},{}".format(self.environment, E.LDAP_ROLES_BASE))
+ r.search()
+ if len(r) > 0:
+ w = Writer.from_cursor(r)
+ for value in w[0].immaePuppetJson.values:
+ config = json.loads(value)
+ if "role::caldance::{}_version".format(self.project) in config:
+ config["role::caldance::{}_version".format(self.project)] = self.build_version
+ config["role::caldance::{}_sha256".format(self.project)] = self.build_hash
+ w[0].immaePuppetJson -= value
+ w[0].immaePuppetJson += json.dumps(config, indent=" ")
+ w.commit()
+ return defer.succeed(SUCCESS)
+ return defer.succeed(FAILURE)
PROJECT = "cryptoportfolio"
BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT)
+ PB_SOCKET = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT)
RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT)
GIT_URL = "https://git.immae.eu/perso/Immae/Projets/Cryptomonnaies/Cryptoportfolio/{0}.git"
- SSH_KEY_PATH = "/var/lib/buildbot/puppet_notify"
+ SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key"
LDAP_HOST = "ldap.immae.eu"
LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu"
LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu"
LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu"
LDAP_BASE = "dc=immae,dc=eu"
LDAP_PATTERN = "(uid=%(username)s)"
- LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
+ LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=cryptoportfolio,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
TITLE_URL = "https://git.immae.eu"
TITLE = "Cryptoportfolio"
PROJECT = "test"
BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT)
+ PB_SOCKET = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT)
RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT)
GIT_URL = "https://git.immae.eu/perso/Immae/TestProject.git"
- SSH_KEY_PATH = "/var/lib/buildbot/puppet_notify"
+ SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key"
PUPPET_HOST = "root@backup-1.v.immae.eu"
LDAP_HOST = "ldap.immae.eu"
LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu"
LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu"
LDAP_BASE = "dc=immae,dc=eu"
LDAP_PATTERN = "(uid=%(username)s)"
- LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
+ LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=test,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
TITLE_URL = "https://git.immae.eu/?p=perso/Immae/TestProject.git;a=summary"
TITLE = "Test project"