Add buildbot

Fixes https://git.immae.eu/mantisbt/view.php?id=74
author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-03-23 00:21:59 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-03-23 00:21:59 +0100
commit: 9fb4205e2ceadb79a93cbe44bd77ebebe8c94625 (patch)
tree: b8e676c9a360eb47d78de6ec70f04f6c4dd0b546 /nixops/modules/buildbot/projects
parent: 80a3e0559c86d4f1fc2523b30db8a3d568cf1888 (diff)
download: Nix-9fb4205e2ceadb79a93cbe44bd77ebebe8c94625.tar.gz
Nix-9fb4205e2ceadb79a93cbe44bd77ebebe8c94625.tar.zst
Nix-9fb4205e2ceadb79a93cbe44bd77ebebe8c94625.zip
2 files changed, 311 insertions, 0 deletions
diff --git a/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py b/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py
new file mode 100644
index 0000000..1157b5c
--- /dev/null
+++ b/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py
@@ -0,0 +1,168 @@
+from buildbot.plugins import *
+from buildbot_common.build_helpers import *
+import os
+__all__ = [ "configure", "E" ]
+class E():
+    PROJECT       = "cryptoportfolio"
+    BUILDBOT_URL  = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
+    SOCKET        = "unix:/run/buildbot/{}.sock".format(PROJECT)
+    RELEASE_PATH  = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
+    RELEASE_URL   = "https://release.immae.eu/{}".format(PROJECT)
+    GIT_URL       = "https://git.immae.eu/perso/Immae/Projets/Cryptomonnaies/Cryptoportfolio/{0}.git"
+    SSH_KEY_PATH  = "/var/lib/buildbot/puppet_notify"
+    LDAP_HOST     = "ldap.immae.eu"
+    LDAP_DN       = "cn=buildbot,ou=services,dc=immae,dc=eu"
+    LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu"
+    PUPPET_HOST = {
+            "production": "root@cryptoportfolio.immae.eu",
+            "integration": "root@cryptoportfolio-dev.immae.eu"
+            }
+    # master.cfg
+    SECRETS_FILE       = os.getcwd() + "/secrets"
+    LDAP_URL           = "ldaps://ldap.immae.eu:636"
+    LDAP_ADMIN_USER    = "cn=buildbot,ou=services,dc=immae,dc=eu"
+    LDAP_BASE          = "dc=immae,dc=eu"
+    LDAP_PATTERN       = "(uid=%(username)s)"
+    LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
+    TITLE_URL          = "https://git.immae.eu"
+    TITLE              = "Cryptoportfolio"
+# eval .. dans .zshrc_local
+# mkdir -p $BUILD/go
+# export GOPATH=$BUILD/go
+# go get -u github.com/golang/dep/cmd/dep
+# export PATH=$PATH:$BUILD/go/bin
+# go get git.immae.eu/Cryptoportfolio/Front.git
+# cd $BUILD/go/src/git.immae.eu/Cryptoportfolio/Front.git
+# git checkout dev
+# dep ensure
+def configure(c):
+    c["buildbotURL"] = E.BUILDBOT_URL
+    c["www"]["port"] = E.SOCKET
+    c['workers'].append(worker.LocalWorker("generic-worker"))
+    c['workers'].append(worker.LocalWorker("deploy-worker"))
+    c['schedulers'].append(hook_scheduler("Trader"))
+    c['schedulers'].append(hook_scheduler("Front"))
+    c['schedulers'].append(force_scheduler(
+        "force_cryptoportfolio", ["Trader_build", "Front_build"]))
+    c['schedulers'].append(deploy_scheduler("deploy_cryptoportfolio",
+        ["Trader_deploy", "Front_deploy"]))
+    c['builders'].append(factory("trader"))
+    c['builders'].append(factory("front", ignore_fails=True))
+    c['builders'].append(deploy_factory("trader"))
+    c['builders'].append(deploy_factory("front"))
+    c['services'].append(SlackStatusPush(
+        name="slack_status_cryptoportfolio",
+        builders=["Front_build", "Trader_build", "Front_deploy", "Trader_deploy"],
+        serverUrl=open(E.SECRETS_FILE + "/slack_webhook", "r").read().rstrip()))
+def factory(project, ignore_fails=False):
+    release_file = "{1}/{0}/{0}_%(kw:clean_branch)s.tar.gz"
+    url = E.GIT_URL.format(project.capitalize())
+    package = util.Interpolate("{0}_%(kw:clean_branch)s.tar.gz".format(project), clean_branch=clean_branch)
+    package_dest = util.Interpolate(release_file.format(project, E.RELEASE_PATH), clean_branch=clean_branch)
+    package_url = util.Interpolate(release_file.format(project, E.RELEASE_URL), clean_branch=clean_branch)
+    factory = util.BuildFactory()
+    factory.addStep(steps.Git(logEnviron=False, repourl=url,
+        mode="full", method="copy"))
+    factory.addStep(steps.ShellCommand(name="make install",
+        logEnviron=False, haltOnFailure=(not ignore_fails),
+        warnOnFailure=ignore_fails, flunkOnFailure=(not ignore_fails),
+        command=["make", "install"]))
+    factory.addStep(steps.ShellCommand(name="make test",
+        logEnviron=False, haltOnFailure=(not ignore_fails),
+        warnOnFailure=ignore_fails, flunkOnFailure=(not ignore_fails),
+        command=["make", "test"]))
+    factory.addSteps(package_and_upload(package, package_dest, package_url))
+    return util.BuilderConfig(
+            name="{}_build".format(project.capitalize()),
+            workernames=["generic-worker"], factory=factory)
+def compute_build_infos(project):
+    @util.renderer
+    def compute(props):
+        import re, hashlib
+        build_file = props.getProperty("build")
+        package_dest = "{2}/{0}/{1}".format(project, build_file, E.RELEASE_PATH)
+        version = re.match(r"{0}_(.*).tar.gz".format(project), build_file).group(1)
+        with open(package_dest, "rb") as f:
+            sha = hashlib.sha256(f.read()).hexdigest()
+        return {
+                "build_version": version,
+                "build_hash": sha,
+                }
+    return compute
+@util.renderer
+def puppet_host(props):
+    environment = props["environment"] if props.hasProperty("environment") else "integration"
+    return E.PUPPET_HOST.get(environment, "host.invalid")
+def deploy_factory(project):
+    package_dest = util.Interpolate("{1}/{0}/%(prop:build)s".format(project, E.RELEASE_PATH))
+    factory = util.BuildFactory()
+    factory.addStep(steps.MasterShellCommand(command=["test", "-f", package_dest]))
+    factory.addStep(steps.SetProperties(properties=compute_build_infos(project)))
+    factory.addStep(LdapPush(environment=util.Property("environment"),
+        project=project, build_version=util.Property("build_version"),
+        build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap")))
+    factory.addStep(steps.MasterShellCommand(command=[
+        "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host]))
+    return util.BuilderConfig(name="{}_deploy".format(project.capitalize()), workernames=["deploy-worker"], factory=factory)
+from twisted.internet import defer
+from buildbot.process.buildstep import FAILURE
+from buildbot.process.buildstep import SUCCESS
+from buildbot.process.buildstep import BuildStep
+class LdapPush(BuildStep):
+    name = "LdapPush"
+    renderables = ["environment", "project", "build_version", "build_hash", "ldap_password"]
+    def __init__(self, **kwargs):
+        self.environment = kwargs.pop("environment")
+        self.project = kwargs.pop("project")
+        self.build_version = kwargs.pop("build_version")
+        self.build_hash = kwargs.pop("build_hash")
+        self.ldap_password = kwargs.pop("ldap_password")
+        self.ldap_host = kwargs.pop("ldap_host", E.LDAP_HOST)
+        super().__init__(**kwargs)
+    def run(self):
+        import json
+        from ldap3 import Reader, Writer, Server, Connection, ObjectDef
+        server = Server(self.ldap_host)
+        conn = Connection(server,
+                user=E.LDAP_DN,
+                password=self.ldap_password)
+        conn.bind()
+        obj = ObjectDef("immaePuppetClass", conn)
+        r = Reader(conn, obj,
+                "cn=cryptoportfolio.{},{}".format(self.environment, E.LDAP_ROLES_BASE))
+        r.search()
+        if len(r) > 0:
+            w = Writer.from_cursor(r)
+            for value in w[0].immaePuppetJson.values:
+                config = json.loads(value)
+                if "role::cryptoportfolio::{}_version".format(self.project) in config:
+                    config["role::cryptoportfolio::{}_version".format(self.project)] = self.build_version
+                    config["role::cryptoportfolio::{}_sha256".format(self.project)] = self.build_hash
+                    w[0].immaePuppetJson -= value
+                    w[0].immaePuppetJson += json.dumps(config, indent="  ")
+                    w.commit()
+                    return defer.succeed(SUCCESS)
+        return defer.succeed(FAILURE)
diff --git a/nixops/modules/buildbot/projects/test/__init__.py b/nixops/modules/buildbot/projects/test/__init__.py
new file mode 100644
index 0000000..c15788c
--- /dev/null
+++ b/nixops/modules/buildbot/projects/test/__init__.py
@@ -0,0 +1,143 @@
+from buildbot.plugins import *
+from buildbot_common.build_helpers import *
+import os
+__all__ = [ "configure", "E" ]
+class E():
+    PROJECT       = "test"
+    BUILDBOT_URL  = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
+    SOCKET        = "unix:/run/buildbot/{}.sock".format(PROJECT)
+    RELEASE_PATH  = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
+    RELEASE_URL   = "https://release.immae.eu/{}".format(PROJECT)
+    GIT_URL       = "https://git.immae.eu/perso/Immae/TestProject.git"
+    SSH_KEY_PATH  = "/var/lib/buildbot/puppet_notify"
+    PUPPET_HOST   = "root@backup-1.v.immae.eu"
+    LDAP_HOST     = "ldap.immae.eu"
+    LDAP_DN       = "cn=buildbot,ou=services,dc=immae,dc=eu"
+    LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu"
+    # master.cfg
+    SECRETS_FILE       = os.getcwd() + "/secrets"
+    LDAP_URL           = "ldaps://ldap.immae.eu:636"
+    LDAP_ADMIN_USER    = "cn=buildbot,ou=services,dc=immae,dc=eu"
+    LDAP_BASE          = "dc=immae,dc=eu"
+    LDAP_PATTERN       = "(uid=%(username)s)"
+    LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
+    TITLE_URL          = "https://git.immae.eu/?p=perso/Immae/TestProject.git;a=summary"
+    TITLE              = "Test project"
+def configure(c):
+    c["buildbotURL"] = E.BUILDBOT_URL
+    c["www"]["port"] = E.SOCKET
+    c['workers'].append(worker.LocalWorker("generic-worker-test"))
+    c['workers'].append(worker.LocalWorker("deploy-worker-test"))
+    c['schedulers'].append(hook_scheduler("TestProject", timer=1))
+    c['schedulers'].append(force_scheduler("force_test", ["TestProject_build"]))
+    c['schedulers'].append(deploy_scheduler("deploy_test", ["TestProject_deploy"]))
+    c['builders'].append(factory())
+    c['builders'].append(deploy_factory())
+    c['services'].append(SlackStatusPush(
+        name="slack_status_test_project",
+        builders=["TestProject_build", "TestProject_deploy"],
+        serverUrl=open(E.SECRETS_FILE + "/slack_webhook", "r").read().rstrip()))
+def factory():
+    package = util.Interpolate("test_%(kw:clean_branch)s.tar.gz", clean_branch=clean_branch)
+    package_dest = util.Interpolate("{}/test_%(kw:clean_branch)s.tar.gz".format(E.RELEASE_PATH), clean_branch=clean_branch)
+    package_url = util.Interpolate("{}/test_%(kw:clean_branch)s.tar.gz".format(E.RELEASE_URL), clean_branch=clean_branch)
+    factory = util.BuildFactory()
+    factory.addStep(steps.Git(logEnviron=False,
+        repourl=E.GIT_URL, mode="full", method="copy"))
+    factory.addStep(steps.ShellCommand(name="env",
+        logEnviron=False, command=["env"]))
+    factory.addStep(steps.ShellCommand(name="pwd",
+        logEnviron=False, command=["pwd"]))
+    factory.addStep(steps.ShellCommand(name="true",
+        logEnviron=False, command=["true"]))
+    factory.addStep(steps.ShellCommand(name="echo",
+        logEnviron=False, command=["echo", package]))
+    factory.addSteps(package_and_upload(package, package_dest, package_url))
+    return util.BuilderConfig(name="TestProject_build", workernames=["generic-worker-test"], factory=factory)
+def compute_build_infos():
+    @util.renderer
+    def compute(props):
+        import re, hashlib
+        build_file = props.getProperty("build")
+        package_dest = "{}/{}".format(E.RELEASE_PATH, build_file)
+        version = re.match(r"{0}_(.*).tar.gz".format("test"), build_file).group(1)
+        with open(package_dest, "rb") as f:
+            sha = hashlib.sha256(f.read()).hexdigest()
+        return {
+                "build_version": version,
+                "build_hash": sha,
+                }
+    return compute
+@util.renderer
+def puppet_host(props):
+    return E.PUPPET_HOST
+def deploy_factory():
+    package_dest = util.Interpolate("{}/%(prop:build)s".format(E.RELEASE_PATH))
+    factory = util.BuildFactory()
+    factory.addStep(steps.MasterShellCommand(command=["test", "-f", package_dest]))
+    factory.addStep(steps.SetProperties(properties=compute_build_infos()))
+    factory.addStep(LdapPush(environment=util.Property("environment"),
+        build_version=util.Property("build_version"),
+        build_hash=util.Property("build_hash"),
+        ldap_password=util.Secret("ldap")))
+    factory.addStep(steps.MasterShellCommand(command=[
+        "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host]))
+    return util.BuilderConfig(name="TestProject_deploy", workernames=["deploy-worker-test"], factory=factory)
+from twisted.internet import defer
+from buildbot.process.buildstep import FAILURE
+from buildbot.process.buildstep import SUCCESS
+from buildbot.process.buildstep import BuildStep
+class LdapPush(BuildStep):
+    name = "LdapPush"
+    renderables = ["environment", "build_version", "build_hash", "ldap_password"]
+    def __init__(self, **kwargs):
+        self.environment = kwargs.pop("environment")
+        self.build_version = kwargs.pop("build_version")
+        self.build_hash = kwargs.pop("build_hash")
+        self.ldap_password = kwargs.pop("ldap_password")
+        self.ldap_host = kwargs.pop("ldap_host", E.LDAP_HOST)
+        super().__init__(**kwargs)
+    def run(self):
+        import json
+        from ldap3 import Reader, Writer, Server, Connection, ObjectDef
+        server = Server(self.ldap_host)
+        conn = Connection(server,
+                user=E.LDAP_DN,
+                password=self.ldap_password)
+        conn.bind()
+        obj = ObjectDef("immaePuppetClass", conn)
+        r = Reader(conn, obj,
+                "cn=test.{},{}".format(self.environment, E.LDAP_ROLES_BASE))
+        r.search()
+        if len(r) > 0:
+            w = Writer.from_cursor(r)
+            for value in w[0].immaePuppetJson.values:
+                config = json.loads(value)
+                if "test_version" in config:
+                    config["test_version"] = self.build_version
+                    config["test_sha256"] = self.build_hash
+                    w[0].immaePuppetJson -= value
+                    w[0].immaePuppetJson += json.dumps(config, indent="  ")
+                    w.commit()
+                    return defer.succeed(SUCCESS)
+        return defer.succeed(FAILURE)
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-03-23 00:21:59 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-03-23 00:21:59 +0100
commit	9fb4205e2ceadb79a93cbe44bd77ebebe8c94625 (patch)
tree	b8e676c9a360eb47d78de6ec70f04f6c4dd0b546 /nixops/modules/buildbot/projects
parent	80a3e0559c86d4f1fc2523b30db8a3d568cf1888 (diff)
download	Nix-9fb4205e2ceadb79a93cbe44bd77ebebe8c94625.tar.gz Nix-9fb4205e2ceadb79a93cbe44bd77ebebe8c94625.tar.zst Nix-9fb4205e2ceadb79a93cbe44bd77ebebe8c94625.zip

diff --git a/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py b/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py new file mode 100644 index 0000000..1157b5c --- /dev/null +++ b/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py
@@ -0,0 +1,168 @@
	1	from buildbot.plugins import *
	2	from buildbot_common.build_helpers import *
	3	import os
	4
	5	__all__ = [ "configure", "E" ]
	6
	7	class E():
	8	PROJECT = "cryptoportfolio"
	9	BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
	10	SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT)
	11	RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
	12	RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT)
	13	GIT_URL = "https://git.immae.eu/perso/Immae/Projets/Cryptomonnaies/Cryptoportfolio/{0}.git"
	14	SSH_KEY_PATH = "/var/lib/buildbot/puppet_notify"
	15	LDAP_HOST = "ldap.immae.eu"
	16	LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu"
	17	LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu"
	18
	19	PUPPET_HOST = {
	20	"production": "root@cryptoportfolio.immae.eu",
	21	"integration": "root@cryptoportfolio-dev.immae.eu"
	22	}
	23
	24	# master.cfg
	25	SECRETS_FILE = os.getcwd() + "/secrets"
	26	LDAP_URL = "ldaps://ldap.immae.eu:636"
	27	LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu"
	28	LDAP_BASE = "dc=immae,dc=eu"
	29	LDAP_PATTERN = "(uid=%(username)s)"
	30	LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
	31	TITLE_URL = "https://git.immae.eu"
	32	TITLE = "Cryptoportfolio"
	33
	34	# eval .. dans .zshrc_local
	35	# mkdir -p $BUILD/go
	36	# export GOPATH=$BUILD/go
	37	# go get -u github.com/golang/dep/cmd/dep
	38	# export PATH=$PATH:$BUILD/go/bin
	39	# go get git.immae.eu/Cryptoportfolio/Front.git
	40	# cd $BUILD/go/src/git.immae.eu/Cryptoportfolio/Front.git
	41	# git checkout dev
	42	# dep ensure
	43	def configure(c):
	44	c["buildbotURL"] = E.BUILDBOT_URL
	45	c["www"]["port"] = E.SOCKET
	46
	47	c['workers'].append(worker.LocalWorker("generic-worker"))
	48	c['workers'].append(worker.LocalWorker("deploy-worker"))
	49
	50	c['schedulers'].append(hook_scheduler("Trader"))
	51	c['schedulers'].append(hook_scheduler("Front"))
	52	c['schedulers'].append(force_scheduler(
	53	"force_cryptoportfolio", ["Trader_build", "Front_build"]))
	54	c['schedulers'].append(deploy_scheduler("deploy_cryptoportfolio",
	55	["Trader_deploy", "Front_deploy"]))
	56
	57	c['builders'].append(factory("trader"))
	58	c['builders'].append(factory("front", ignore_fails=True))
	59
	60	c['builders'].append(deploy_factory("trader"))
	61	c['builders'].append(deploy_factory("front"))
	62
	63	c['services'].append(SlackStatusPush(
	64	name="slack_status_cryptoportfolio",
	65	builders=["Front_build", "Trader_build", "Front_deploy", "Trader_deploy"],
	66	serverUrl=open(E.SECRETS_FILE + "/slack_webhook", "r").read().rstrip()))
	67
	68	def factory(project, ignore_fails=False):
	69	release_file = "{1}/{0}/{0}_%(kw:clean_branch)s.tar.gz"
	70
	71	url = E.GIT_URL.format(project.capitalize())
	72
	73	package = util.Interpolate("{0}_%(kw:clean_branch)s.tar.gz".format(project), clean_branch=clean_branch)
	74	package_dest = util.Interpolate(release_file.format(project, E.RELEASE_PATH), clean_branch=clean_branch)
	75	package_url = util.Interpolate(release_file.format(project, E.RELEASE_URL), clean_branch=clean_branch)
	76
	77	factory = util.BuildFactory()
	78	factory.addStep(steps.Git(logEnviron=False, repourl=url,
	79	mode="full", method="copy"))
	80	factory.addStep(steps.ShellCommand(name="make install",
	81	logEnviron=False, haltOnFailure=(not ignore_fails),
	82	warnOnFailure=ignore_fails, flunkOnFailure=(not ignore_fails),
	83	command=["make", "install"]))
	84	factory.addStep(steps.ShellCommand(name="make test",
	85	logEnviron=False, haltOnFailure=(not ignore_fails),
	86	warnOnFailure=ignore_fails, flunkOnFailure=(not ignore_fails),
	87	command=["make", "test"]))
	88	factory.addSteps(package_and_upload(package, package_dest, package_url))
	89
	90	return util.BuilderConfig(
	91	name="{}_build".format(project.capitalize()),
	92	workernames=["generic-worker"], factory=factory)
	93
	94	def compute_build_infos(project):
	95	@util.renderer
	96	def compute(props):
	97	import re, hashlib
	98	build_file = props.getProperty("build")
	99	package_dest = "{2}/{0}/{1}".format(project, build_file, E.RELEASE_PATH)
	100	version = re.match(r"{0}_(.*).tar.gz".format(project), build_file).group(1)
	101	with open(package_dest, "rb") as f:
	102	sha = hashlib.sha256(f.read()).hexdigest()
	103	return {
	104	"build_version": version,
	105	"build_hash": sha,
	106	}
	107	return compute
	108
	109	@util.renderer
	110	def puppet_host(props):
	111	environment = props["environment"] if props.hasProperty("environment") else "integration"
	112	return E.PUPPET_HOST.get(environment, "host.invalid")
	113
	114	def deploy_factory(project):
	115	package_dest = util.Interpolate("{1}/{0}/%(prop:build)s".format(project, E.RELEASE_PATH))
	116
	117	factory = util.BuildFactory()
	118	factory.addStep(steps.MasterShellCommand(command=["test", "-f", package_dest]))
	119	factory.addStep(steps.SetProperties(properties=compute_build_infos(project)))
	120	factory.addStep(LdapPush(environment=util.Property("environment"),
	121	project=project, build_version=util.Property("build_version"),
	122	build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap")))
	123	factory.addStep(steps.MasterShellCommand(command=[
	124	"ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host]))
	125	return util.BuilderConfig(name="{}_deploy".format(project.capitalize()), workernames=["deploy-worker"], factory=factory)
	126
	127	from twisted.internet import defer
	128	from buildbot.process.buildstep import FAILURE
	129	from buildbot.process.buildstep import SUCCESS
	130	from buildbot.process.buildstep import BuildStep
	131
	132	class LdapPush(BuildStep):
	133	name = "LdapPush"
	134	renderables = ["environment", "project", "build_version", "build_hash", "ldap_password"]
	135
	136	def __init__(self, **kwargs):
	137	self.environment = kwargs.pop("environment")
	138	self.project = kwargs.pop("project")
	139	self.build_version = kwargs.pop("build_version")
	140	self.build_hash = kwargs.pop("build_hash")
	141	self.ldap_password = kwargs.pop("ldap_password")
	142	self.ldap_host = kwargs.pop("ldap_host", E.LDAP_HOST)
	143	super().__init__(**kwargs)
	144
	145	def run(self):
	146	import json
	147	from ldap3 import Reader, Writer, Server, Connection, ObjectDef
	148	server = Server(self.ldap_host)
	149	conn = Connection(server,
	150	user=E.LDAP_DN,
	151	password=self.ldap_password)
	152	conn.bind()
	153	obj = ObjectDef("immaePuppetClass", conn)
	154	r = Reader(conn, obj,
	155	"cn=cryptoportfolio.{},{}".format(self.environment, E.LDAP_ROLES_BASE))
	156	r.search()
	157	if len(r) > 0:
	158	w = Writer.from_cursor(r)
	159	for value in w[0].immaePuppetJson.values:
	160	config = json.loads(value)
	161	if "role::cryptoportfolio::{}_version".format(self.project) in config:
	162	config["role::cryptoportfolio::{}_version".format(self.project)] = self.build_version
	163	config["role::cryptoportfolio::{}_sha256".format(self.project)] = self.build_hash
	164	w[0].immaePuppetJson -= value
	165	w[0].immaePuppetJson += json.dumps(config, indent=" ")
	166	w.commit()
	167	return defer.succeed(SUCCESS)
	168	return defer.succeed(FAILURE)


diff --git a/nixops/modules/buildbot/projects/test/__init__.py b/nixops/modules/buildbot/projects/test/__init__.py new file mode 100644 index 0000000..c15788c --- /dev/null +++ b/nixops/modules/buildbot/projects/test/__init__.py
@@ -0,0 +1,143 @@
	1	from buildbot.plugins import *
	2	from buildbot_common.build_helpers import *
	3	import os
	4
	5	__all__ = [ "configure", "E" ]
	6
	7	class E():
	8	PROJECT = "test"
	9	BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
	10	SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT)
	11	RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
	12	RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT)
	13	GIT_URL = "https://git.immae.eu/perso/Immae/TestProject.git"
	14	SSH_KEY_PATH = "/var/lib/buildbot/puppet_notify"
	15	PUPPET_HOST = "root@backup-1.v.immae.eu"
	16	LDAP_HOST = "ldap.immae.eu"
	17	LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu"
	18	LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu"
	19
	20	# master.cfg
	21	SECRETS_FILE = os.getcwd() + "/secrets"
	22	LDAP_URL = "ldaps://ldap.immae.eu:636"
	23	LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu"
	24	LDAP_BASE = "dc=immae,dc=eu"
	25	LDAP_PATTERN = "(uid=%(username)s)"
	26	LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
	27	TITLE_URL = "https://git.immae.eu/?p=perso/Immae/TestProject.git;a=summary"
	28	TITLE = "Test project"
	29
	30	def configure(c):
	31	c["buildbotURL"] = E.BUILDBOT_URL
	32	c["www"]["port"] = E.SOCKET
	33
	34	c['workers'].append(worker.LocalWorker("generic-worker-test"))
	35	c['workers'].append(worker.LocalWorker("deploy-worker-test"))
	36
	37	c['schedulers'].append(hook_scheduler("TestProject", timer=1))
	38	c['schedulers'].append(force_scheduler("force_test", ["TestProject_build"]))
	39	c['schedulers'].append(deploy_scheduler("deploy_test", ["TestProject_deploy"]))
	40
	41	c['builders'].append(factory())
	42	c['builders'].append(deploy_factory())
	43
	44	c['services'].append(SlackStatusPush(
	45	name="slack_status_test_project",
	46	builders=["TestProject_build", "TestProject_deploy"],
	47	serverUrl=open(E.SECRETS_FILE + "/slack_webhook", "r").read().rstrip()))
	48
	49	def factory():
	50	package = util.Interpolate("test_%(kw:clean_branch)s.tar.gz", clean_branch=clean_branch)
	51	package_dest = util.Interpolate("{}/test_%(kw:clean_branch)s.tar.gz".format(E.RELEASE_PATH), clean_branch=clean_branch)
	52	package_url = util.Interpolate("{}/test_%(kw:clean_branch)s.tar.gz".format(E.RELEASE_URL), clean_branch=clean_branch)
	53
	54	factory = util.BuildFactory()
	55	factory.addStep(steps.Git(logEnviron=False,
	56	repourl=E.GIT_URL, mode="full", method="copy"))
	57	factory.addStep(steps.ShellCommand(name="env",
	58	logEnviron=False, command=["env"]))
	59	factory.addStep(steps.ShellCommand(name="pwd",
	60	logEnviron=False, command=["pwd"]))
	61	factory.addStep(steps.ShellCommand(name="true",
	62	logEnviron=False, command=["true"]))
	63	factory.addStep(steps.ShellCommand(name="echo",
	64	logEnviron=False, command=["echo", package]))
	65	factory.addSteps(package_and_upload(package, package_dest, package_url))
	66
	67	return util.BuilderConfig(name="TestProject_build", workernames=["generic-worker-test"], factory=factory)
	68
	69
	70	def compute_build_infos():
	71	@util.renderer
	72	def compute(props):
	73	import re, hashlib
	74	build_file = props.getProperty("build")
	75	package_dest = "{}/{}".format(E.RELEASE_PATH, build_file)
	76	version = re.match(r"{0}_(.*).tar.gz".format("test"), build_file).group(1)
	77	with open(package_dest, "rb") as f:
	78	sha = hashlib.sha256(f.read()).hexdigest()
	79	return {
	80	"build_version": version,
	81	"build_hash": sha,
	82	}
	83	return compute
	84
	85	@util.renderer
	86	def puppet_host(props):
	87	return E.PUPPET_HOST
	88
	89	def deploy_factory():
	90	package_dest = util.Interpolate("{}/%(prop:build)s".format(E.RELEASE_PATH))
	91
	92	factory = util.BuildFactory()
	93	factory.addStep(steps.MasterShellCommand(command=["test", "-f", package_dest]))
	94	factory.addStep(steps.SetProperties(properties=compute_build_infos()))
	95	factory.addStep(LdapPush(environment=util.Property("environment"),
	96	build_version=util.Property("build_version"),
	97	build_hash=util.Property("build_hash"),
	98	ldap_password=util.Secret("ldap")))
	99	factory.addStep(steps.MasterShellCommand(command=[
	100	"ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host]))
	101	return util.BuilderConfig(name="TestProject_deploy", workernames=["deploy-worker-test"], factory=factory)
	102
	103	from twisted.internet import defer
	104	from buildbot.process.buildstep import FAILURE
	105	from buildbot.process.buildstep import SUCCESS
	106	from buildbot.process.buildstep import BuildStep
	107
	108	class LdapPush(BuildStep):
	109	name = "LdapPush"
	110	renderables = ["environment", "build_version", "build_hash", "ldap_password"]
	111
	112	def __init__(self, **kwargs):
	113	self.environment = kwargs.pop("environment")
	114	self.build_version = kwargs.pop("build_version")
	115	self.build_hash = kwargs.pop("build_hash")
	116	self.ldap_password = kwargs.pop("ldap_password")
	117	self.ldap_host = kwargs.pop("ldap_host", E.LDAP_HOST)
	118	super().__init__(**kwargs)
	119
	120	def run(self):
	121	import json
	122	from ldap3 import Reader, Writer, Server, Connection, ObjectDef
	123	server = Server(self.ldap_host)
	124	conn = Connection(server,
	125	user=E.LDAP_DN,
	126	password=self.ldap_password)
	127	conn.bind()
	128	obj = ObjectDef("immaePuppetClass", conn)
	129	r = Reader(conn, obj,
	130	"cn=test.{},{}".format(self.environment, E.LDAP_ROLES_BASE))
	131	r.search()
	132	if len(r) > 0:
	133	w = Writer.from_cursor(r)
	134	for value in w[0].immaePuppetJson.values:
	135	config = json.loads(value)
	136	if "test_version" in config:
	137	config["test_version"] = self.build_version
	138	config["test_sha256"] = self.build_hash
	139	w[0].immaePuppetJson -= value
	140	w[0].immaePuppetJson += json.dumps(config, indent=" ")
	141	w.commit()
	142	return defer.succeed(SUCCESS)
	143	return defer.succeed(FAILURE)