aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/buildbot/projects/caldance
diff options
context:
space:
mode:
Diffstat (limited to 'nixops/modules/buildbot/projects/caldance')
-rw-r--r--nixops/modules/buildbot/projects/caldance/__init__.py146
1 files changed, 146 insertions, 0 deletions
diff --git a/nixops/modules/buildbot/projects/caldance/__init__.py b/nixops/modules/buildbot/projects/caldance/__init__.py
new file mode 100644
index 0000000..e28ef72
--- /dev/null
+++ b/nixops/modules/buildbot/projects/caldance/__init__.py
@@ -0,0 +1,146 @@
1from buildbot.plugins import *
2from buildbot_common.build_helpers import *
3import os
4
5__all__ = [ "configure", "E" ]
6
7class E():
8 PROJECT = "caldance"
9 BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
10 SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT)
11 PB_SOCKET = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT)
12 RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
13 RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT)
14 GIT_URL = "gitolite@git.immae.eu:perso/simon_descarpentries/www.cal-dance.com"
15 SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key"
16 SSH_HOST_KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF"
17 LDAP_HOST = "ldap.immae.eu"
18 LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu"
19 LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu"
20
21 PUPPET_HOST = {
22 "integration": "root@caldance.immae.eu",
23 }
24
25 # master.cfg
26 SECRETS_FILE = os.getcwd() + "/secrets"
27 LDAP_URL = "ldaps://ldap.immae.eu:636"
28 LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu"
29 LDAP_BASE = "dc=immae,dc=eu"
30 LDAP_PATTERN = "(uid=%(username)s)"
31 LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=caldance,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
32 TITLE_URL = "https://caldance.immae.eu"
33 TITLE = "Caldance"
34
35def configure(c):
36 c["buildbotURL"] = E.BUILDBOT_URL
37 c["www"]["port"] = E.SOCKET
38
39 c['workers'].append(worker.LocalWorker("generic-worker"))
40 c['workers'].append(worker.LocalWorker("deploy-worker"))
41
42 c['schedulers'].append(hook_scheduler("Caldance", timer=1))
43 c['schedulers'].append(force_scheduler("force_caldance", ["Caldance_build"]))
44 c['schedulers'].append(deploy_scheduler("deploy_caldance", ["Caldance_deploy"]))
45
46 c['builders'].append(factory("caldance"))
47
48 c['builders'].append(deploy_factory("caldance"))
49
50 c['services'].append(SlackStatusPush(
51 name="slack_status_caldance",
52 builders=["Caldance_build", "Caldance_deploy"],
53 serverUrl=open(E.SECRETS_FILE + "/slack_webhook", "r").read().rstrip()))
54
55def factory(project, ignore_fails=False):
56 release_file = "{1}/{0}_%(kw:clean_branch)s.tar.gz"
57
58 package = util.Interpolate("{0}_%(kw:clean_branch)s.tar.gz".format(project), clean_branch=clean_branch)
59 package_dest = util.Interpolate(release_file.format(project, E.RELEASE_PATH), clean_branch=clean_branch)
60 package_url = util.Interpolate(release_file.format(project, E.RELEASE_URL), clean_branch=clean_branch)
61
62 factory = util.BuildFactory()
63 factory.addStep(steps.Git(logEnviron=False, repourl=E.GIT_URL,
64 sshPrivateKey=open(E.SSH_KEY_PATH).read().rstrip(),
65 sshHostKey=E.SSH_HOST_KEY, mode="full", method="copy"))
66 factory.addSteps(package_and_upload(package, package_dest, package_url))
67
68 return util.BuilderConfig(
69 name="{}_build".format(project.capitalize()),
70 workernames=["generic-worker"], factory=factory)
71
72def compute_build_infos(project):
73 @util.renderer
74 def compute(props):
75 import re, hashlib
76 build_file = props.getProperty("build")
77 package_dest = "{1}/{0}".format(build_file, E.RELEASE_PATH)
78 version = re.match(r"{0}_(.*).tar.gz".format(project), build_file).group(1)
79 with open(package_dest, "rb") as f:
80 sha = hashlib.sha256(f.read()).hexdigest()
81 return {
82 "build_version": version,
83 "build_hash": sha,
84 }
85 return compute
86
87@util.renderer
88def puppet_host(props):
89 environment = props["environment"] if props.hasProperty("environment") else "integration"
90 return E.PUPPET_HOST.get(environment, "host.invalid")
91
92def deploy_factory(project):
93 package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH))
94
95 factory = util.BuildFactory()
96 factory.addStep(steps.MasterShellCommand(command=["test", "-f", package_dest]))
97 factory.addStep(steps.SetProperties(properties=compute_build_infos(project)))
98 factory.addStep(LdapPush(environment=util.Property("environment"),
99 project=project, build_version=util.Property("build_version"),
100 build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap")))
101 factory.addStep(steps.MasterShellCommand(command=[
102 "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host]))
103 return util.BuilderConfig(name="{}_deploy".format(project.capitalize()), workernames=["deploy-worker"], factory=factory)
104
105from twisted.internet import defer
106from buildbot.process.buildstep import FAILURE
107from buildbot.process.buildstep import SUCCESS
108from buildbot.process.buildstep import BuildStep
109
110class LdapPush(BuildStep):
111 name = "LdapPush"
112 renderables = ["environment", "project", "build_version", "build_hash", "ldap_password"]
113
114 def __init__(self, **kwargs):
115 self.environment = kwargs.pop("environment")
116 self.project = kwargs.pop("project")
117 self.build_version = kwargs.pop("build_version")
118 self.build_hash = kwargs.pop("build_hash")
119 self.ldap_password = kwargs.pop("ldap_password")
120 self.ldap_host = kwargs.pop("ldap_host", E.LDAP_HOST)
121 super().__init__(**kwargs)
122
123 def run(self):
124 import json
125 from ldap3 import Reader, Writer, Server, Connection, ObjectDef
126 server = Server(self.ldap_host)
127 conn = Connection(server,
128 user=E.LDAP_DN,
129 password=self.ldap_password)
130 conn.bind()
131 obj = ObjectDef("immaePuppetClass", conn)
132 r = Reader(conn, obj,
133 "cn=caldance.{},{}".format(self.environment, E.LDAP_ROLES_BASE))
134 r.search()
135 if len(r) > 0:
136 w = Writer.from_cursor(r)
137 for value in w[0].immaePuppetJson.values:
138 config = json.loads(value)
139 if "role::caldance::{}_version".format(self.project) in config:
140 config["role::caldance::{}_version".format(self.project)] = self.build_version
141 config["role::caldance::{}_sha256".format(self.project)] = self.build_hash
142 w[0].immaePuppetJson -= value
143 w[0].immaePuppetJson += json.dumps(config, indent=" ")
144 w.commit()
145 return defer.succeed(SUCCESS)
146 return defer.succeed(FAILURE)