diff options
Diffstat (limited to 'nixops')
-rw-r--r-- | nixops/modules/buildbot/buildbot_common.json | 14 | ||||
-rw-r--r-- | nixops/modules/buildbot/common/build_helpers.py | 192 | ||||
-rw-r--r-- | nixops/modules/buildbot/common/master.cfg | 69 | ||||
-rw-r--r-- | nixops/modules/buildbot/default.nix | 49 | ||||
-rw-r--r-- | nixops/modules/buildbot/projects/caldance/__init__.py | 146 | ||||
-rw-r--r-- | nixops/modules/buildbot/projects/cryptoportfolio/__init__.py | 5 | ||||
-rw-r--r-- | nixops/modules/buildbot/projects/test/__init__.py | 5 |
7 files changed, 456 insertions, 24 deletions
diff --git a/nixops/modules/buildbot/buildbot_common.json b/nixops/modules/buildbot/buildbot_common.json deleted file mode 100644 index 7a8d144..0000000 --- a/nixops/modules/buildbot/buildbot_common.json +++ /dev/null | |||
@@ -1,14 +0,0 @@ | |||
1 | { | ||
2 | "tag": "6f5a6e9-master", | ||
3 | "meta": { | ||
4 | "name": "buildbot_common", | ||
5 | "url": "gitolite@git.immae.eu:perso/Immae/Projets/Buildbot/common", | ||
6 | "branch": "master" | ||
7 | }, | ||
8 | "git": { | ||
9 | "url": "gitolite@git.immae.eu:perso/Immae/Projets/Buildbot/common", | ||
10 | "rev": "6f5a6e926b23a80358c62ff2e8021128839b31bc", | ||
11 | "sha256": "1s2jhgg7wfyrsyv2qk44ylfzgviq4prhlz9yv2sxzcmypkqbjpm9", | ||
12 | "fetchSubmodules": true | ||
13 | } | ||
14 | } | ||
diff --git a/nixops/modules/buildbot/common/build_helpers.py b/nixops/modules/buildbot/common/build_helpers.py new file mode 100644 index 0000000..f51de54 --- /dev/null +++ b/nixops/modules/buildbot/common/build_helpers.py | |||
@@ -0,0 +1,192 @@ | |||
1 | from buildbot.plugins import util, steps, schedulers | ||
2 | from buildbot_buildslist import BuildsList | ||
3 | |||
4 | __all__ = [ | ||
5 | "force_scheduler", "deploy_scheduler", "hook_scheduler", | ||
6 | "clean_branch", "package_and_upload", "SlackStatusPush" | ||
7 | ] | ||
8 | |||
9 | # Small helpers" | ||
10 | @util.renderer | ||
11 | def clean_branch(props): | ||
12 | if props.hasProperty("branch") and len(props["branch"]) > 0: | ||
13 | return props["branch"].replace("/", "_") | ||
14 | else: | ||
15 | return "HEAD" | ||
16 | |||
17 | def package_and_upload(package, package_dest, package_url): | ||
18 | return [ | ||
19 | steps.ShellCommand(name="build package", | ||
20 | logEnviron=False, haltOnFailure=True, workdir="source", | ||
21 | command=["git", "archive", "HEAD", "-o", package]), | ||
22 | |||
23 | steps.FileUpload(name="upload package", workersrc=package, | ||
24 | workdir="source", masterdest=package_dest, | ||
25 | url=package_url, mode=0o644), | ||
26 | |||
27 | steps.ShellCommand(name="cleanup package", logEnviron=False, | ||
28 | haltOnFailure=True, workdir="source", alwaysRun=True, | ||
29 | command=["rm", "-f", package]), | ||
30 | ] | ||
31 | |||
32 | # Schedulers | ||
33 | def force_scheduler(name, builders): | ||
34 | return schedulers.ForceScheduler(name=name, | ||
35 | label="Force build", buttonName="Force build", | ||
36 | reason=util.StringParameter(name="reason", label="Reason", default="Force build"), | ||
37 | codebases=[ | ||
38 | util.CodebaseParameter("", | ||
39 | branch=util.StringParameter( | ||
40 | name="branch", label="Git reference (tag, branch)", required=True), | ||
41 | revision=util.FixedParameter(name="revision", default=""), | ||
42 | repository=util.FixedParameter(name="repository", default=""), | ||
43 | project=util.FixedParameter(name="project", default=""), | ||
44 | ), | ||
45 | ], | ||
46 | username=util.FixedParameter(name="username", default="Web button"), | ||
47 | builderNames=builders) | ||
48 | |||
49 | def deploy_scheduler(name, builders): | ||
50 | return schedulers.ForceScheduler(name=name, | ||
51 | builderNames=builders, | ||
52 | label="Deploy built package", buttonName="Deploy", | ||
53 | username=util.FixedParameter(name="username", default="Web button"), | ||
54 | codebases=[ | ||
55 | util.CodebaseParameter(codebase="", | ||
56 | branch=util.FixedParameter(name="branch", default=""), | ||
57 | revision=util.FixedParameter(name="revision", default=""), | ||
58 | repository=util.FixedParameter(name="repository", default=""), | ||
59 | project=util.FixedParameter(name="project", default=""))], | ||
60 | reason=util.FixedParameter(name="reason", default="Deploy"), | ||
61 | properties=[ | ||
62 | util.ChoiceStringParameter(label="Environment", | ||
63 | name="environment", default="integration", | ||
64 | choices=["integration", "production"]), | ||
65 | BuildsList(label="Build to deploy", name="build"), | ||
66 | ] | ||
67 | ) | ||
68 | |||
69 | def hook_scheduler(project, timer=10): | ||
70 | return schedulers.AnyBranchScheduler( | ||
71 | change_filter=util.ChangeFilter(category="hooks", project=project), | ||
72 | name=project, treeStableTimer=timer, builderNames=["{}_build".format(project)]) | ||
73 | |||
74 | # Slack status push | ||
75 | from buildbot.reporters.http import HttpStatusPushBase | ||
76 | from twisted.internet import defer | ||
77 | from twisted.python import log | ||
78 | from buildbot.util import httpclientservice | ||
79 | from buildbot.reporters import utils | ||
80 | from buildbot.process import results | ||
81 | |||
82 | class SlackStatusPush(HttpStatusPushBase): | ||
83 | name = "SlackStatusPush" | ||
84 | |||
85 | @defer.inlineCallbacks | ||
86 | def reconfigService(self, serverUrl, **kwargs): | ||
87 | yield HttpStatusPushBase.reconfigService(self, **kwargs) | ||
88 | self._http = yield httpclientservice.HTTPClientService.getService( | ||
89 | self.master, serverUrl) | ||
90 | |||
91 | @defer.inlineCallbacks | ||
92 | def send(self, build): | ||
93 | yield utils.getDetailsForBuild(self.master, build, wantProperties=True) | ||
94 | response = yield self._http.post("", json=self.format(build)) | ||
95 | if response.code != 200: | ||
96 | log.msg("%s: unable to upload status: %s" % | ||
97 | (response.code, response.content)) | ||
98 | |||
99 | def format(self, build): | ||
100 | colors = [ | ||
101 | "#36A64F", # success | ||
102 | "#F1E903", # warnings | ||
103 | "#DA0505", # failure | ||
104 | "#FFFFFF", # skipped | ||
105 | "#000000", # exception | ||
106 | "#FFFFFF", # retry | ||
107 | "#D02CA9", # cancelled | ||
108 | ] | ||
109 | |||
110 | if "environment" in build["properties"]: | ||
111 | msg = "{} environment".format(build["properties"]["environment"][0]) | ||
112 | if "build" in build["properties"]: | ||
113 | msg = "of archive {} in ".format(build["properties"]["build"][0]) + msg | ||
114 | elif len(build["buildset"]["sourcestamps"][0]["branch"]) > 0: | ||
115 | msg = "revision {}".format(build["buildset"]["sourcestamps"][0]["branch"]) | ||
116 | else: | ||
117 | msg = "build" | ||
118 | |||
119 | if build["complete"]: | ||
120 | timedelta = int((build["complete_at"] - build["started_at"]).total_seconds()) | ||
121 | hours, rest = divmod(timedelta, 3600) | ||
122 | minutes, seconds = divmod(rest, 60) | ||
123 | if hours > 0: | ||
124 | duration = "{}h {}min {}s".format(hours, minutes, seconds) | ||
125 | elif minutes > 0: | ||
126 | duration = "{}min {}s".format(minutes, seconds) | ||
127 | else: | ||
128 | duration = "{}s".format(seconds) | ||
129 | |||
130 | text = "Build <{}|{}> of {}'s {} was {} in {}.".format( | ||
131 | build["url"], build["buildid"], | ||
132 | build["builder"]["name"], | ||
133 | msg, | ||
134 | results.Results[build["results"]], | ||
135 | duration, | ||
136 | ) | ||
137 | fields = [ | ||
138 | { | ||
139 | "title": "Build", | ||
140 | "value": "<{}|{}>".format(build["url"], build["buildid"]), | ||
141 | "short": True, | ||
142 | }, | ||
143 | { | ||
144 | "title": "Project", | ||
145 | "value": build["builder"]["name"], | ||
146 | "short": True, | ||
147 | }, | ||
148 | { | ||
149 | "title": "Build status", | ||
150 | "value": results.Results[build["results"]], | ||
151 | "short": True, | ||
152 | }, | ||
153 | { | ||
154 | "title": "Build duration", | ||
155 | "value": duration, | ||
156 | "short": True, | ||
157 | }, | ||
158 | ] | ||
159 | if "environment" in build["properties"]: | ||
160 | fields.append({ | ||
161 | "title": "Environment", | ||
162 | "value": build["properties"]["environment"][0], | ||
163 | "short": True, | ||
164 | }) | ||
165 | if "build" in build["properties"]: | ||
166 | fields.append({ | ||
167 | "title": "Archive", | ||
168 | "value": build["properties"]["build"][0], | ||
169 | "short": True, | ||
170 | }) | ||
171 | attachments = [{ | ||
172 | "fallback": "", | ||
173 | "color": colors[build["results"]], | ||
174 | "fields": fields | ||
175 | }] | ||
176 | else: | ||
177 | text = "Build <{}|{}> of {}'s {} started.".format( | ||
178 | build["url"], build["buildid"], | ||
179 | build["builder"]["name"], | ||
180 | msg, | ||
181 | ) | ||
182 | attachments = [] | ||
183 | |||
184 | return { | ||
185 | "username": "Buildbot", | ||
186 | "icon_url": "http://docs.buildbot.net/current/_static/icon.png", | ||
187 | "text": text, | ||
188 | "attachments": attachments, | ||
189 | } | ||
190 | |||
191 | |||
192 | |||
diff --git a/nixops/modules/buildbot/common/master.cfg b/nixops/modules/buildbot/common/master.cfg new file mode 100644 index 0000000..abe08e0 --- /dev/null +++ b/nixops/modules/buildbot/common/master.cfg | |||
@@ -0,0 +1,69 @@ | |||
1 | # -*- python -*- | ||
2 | # ex: set filetype=python: | ||
3 | |||
4 | from buildbot.plugins import secrets, util, webhooks | ||
5 | from buildbot.util import bytes2unicode | ||
6 | import re | ||
7 | import os | ||
8 | from buildbot_config import E, configure | ||
9 | import json | ||
10 | |||
11 | class CustomBase(webhooks.base): | ||
12 | def getChanges(self, request): | ||
13 | try: | ||
14 | content = request.content.read() | ||
15 | args = json.loads(bytes2unicode(content)) | ||
16 | except Exception as e: | ||
17 | raise ValueError("Error loading JSON: " + str(e)) | ||
18 | |||
19 | args.setdefault("comments", "") | ||
20 | args.setdefault("repository", "") | ||
21 | args.setdefault("author", args.get("who")) | ||
22 | |||
23 | return ([args], None) | ||
24 | |||
25 | userInfoProvider = util.LdapUserInfo( | ||
26 | uri=E.LDAP_URL, | ||
27 | bindUser=E.LDAP_ADMIN_USER, | ||
28 | bindPw=open(E.SECRETS_FILE + "/ldap", "r").read().rstrip(), | ||
29 | accountBase=E.LDAP_BASE, | ||
30 | accountPattern=E.LDAP_PATTERN, | ||
31 | accountFullName='cn', | ||
32 | accountEmail='mail', | ||
33 | avatarData="jpegPhoto", | ||
34 | groupBase=E.LDAP_BASE, | ||
35 | groupName="cn", | ||
36 | groupMemberPattern=E.LDAP_GROUP_PATTERN, | ||
37 | ) | ||
38 | |||
39 | c = BuildmasterConfig = { | ||
40 | "title": E.TITLE, | ||
41 | "titleURL": E.TITLE_URL, | ||
42 | "db": { | ||
43 | "db_url": "sqlite:///state.sqlite" | ||
44 | }, | ||
45 | "protocols": { "pb": { "port": E.PB_SOCKET } }, | ||
46 | "workers": [], | ||
47 | "change_source": [], | ||
48 | "schedulers": [], | ||
49 | "builders": [], | ||
50 | "services": [], | ||
51 | "secretsProviders": [ | ||
52 | secrets.SecretInAFile(E.SECRETS_FILE), | ||
53 | ], | ||
54 | "www": { | ||
55 | "change_hook_dialects": { "base": { "custom_class": CustomBase } }, | ||
56 | "plugins": { | ||
57 | "waterfall_view": {}, | ||
58 | "console_view": {}, | ||
59 | "grid_view": {}, | ||
60 | "buildslist": {}, | ||
61 | }, | ||
62 | "auth": util.RemoteUserAuth( | ||
63 | header=b"X-Remote-User", | ||
64 | userInfoProvider=userInfoProvider, | ||
65 | headerRegex=re.compile(br"(?P<username>[^ @]+)")), | ||
66 | } | ||
67 | } | ||
68 | |||
69 | configure(c) | ||
diff --git a/nixops/modules/buildbot/default.nix b/nixops/modules/buildbot/default.nix index cd5b260..9b661f1 100644 --- a/nixops/modules/buildbot/default.nix +++ b/nixops/modules/buildbot/default.nix | |||
@@ -34,13 +34,15 @@ let | |||
34 | doCheck = false; | 34 | doCheck = false; |
35 | src = buildslist_src.src; | 35 | src = buildslist_src.src; |
36 | }; | 36 | }; |
37 | buildbot_common = pkgsNext.python3Packages.buildPythonPackage (mylibs.fetchedGitPrivate ./buildbot_common.json // rec { | 37 | buildbot_common = pkgsNext.python3Packages.buildPythonPackage rec { |
38 | name = "buildbot_common"; | ||
39 | src = ./common; | ||
38 | format = "other"; | 40 | format = "other"; |
39 | installPhase = '' | 41 | installPhase = '' |
40 | mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages} | 42 | mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages} |
41 | cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common | 43 | cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common |
42 | ''; | 44 | ''; |
43 | }); | 45 | }; |
44 | buildbot = pkgsNext.python3Packages.buildbot-full.withPlugins ([ buildslist ]); | 46 | buildbot = pkgsNext.python3Packages.buildbot-full.withPlugins ([ buildslist ]); |
45 | in | 47 | in |
46 | { | 48 | { |
@@ -75,7 +77,7 @@ in | |||
75 | ProxyPassReverse /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/ | 77 | ProxyPassReverse /buildbot/${project.name}/ unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/ |
76 | <Location /buildbot/${project.name}/> | 78 | <Location /buildbot/${project.name}/> |
77 | Use LDAPConnect | 79 | Use LDAPConnect |
78 | Require ldap-group cn=users,cn=buildbot,ou=services,dc=immae,dc=eu | 80 | Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu |
79 | 81 | ||
80 | SetEnvIf X-Url-Scheme https HTTPS=1 | 82 | SetEnvIf X-Url-Scheme https HTTPS=1 |
81 | ProxyPreserveHost On | 83 | ProxyPreserveHost On |
@@ -89,15 +91,50 @@ in | |||
89 | deps = [ "users" "wrappers" ]; | 91 | deps = [ "users" "wrappers" ]; |
90 | text = let | 92 | text = let |
91 | master-cfg = "${buildbot_common}/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg"; | 93 | master-cfg = "${buildbot_common}/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg"; |
92 | puppet_notify = pkgs.writeText "puppet_notify" (builtins.readFile "${myconfig.privateFiles}/buildbot_puppet_notify"); | 94 | buildbot_key = pkgs.writeText "buildbot_key" (builtins.readFile "${myconfig.privateFiles}/buildbot_ssh_key"); |
95 | tac_file = pkgs.writeText "buildbot.tac" '' | ||
96 | import os | ||
97 | |||
98 | from twisted.application import service | ||
99 | from buildbot.master import BuildMaster | ||
100 | |||
101 | basedir = '${varDir}/${project.name}' | ||
102 | rotateLength = 10000000 | ||
103 | maxRotatedFiles = 10 | ||
104 | configfile = '${master-cfg}' | ||
105 | |||
106 | # Default umask for server | ||
107 | umask = None | ||
108 | |||
109 | # if this is a relocatable tac file, get the directory containing the TAC | ||
110 | if basedir == '.': | ||
111 | import os | ||
112 | basedir = os.path.abspath(os.path.dirname(__file__)) | ||
113 | |||
114 | # note: this line is matched against to check that this is a buildmaster | ||
115 | # directory; do not edit it. | ||
116 | application = service.Application('buildmaster') | ||
117 | from twisted.python.logfile import LogFile | ||
118 | from twisted.python.log import ILogObserver, FileLogObserver | ||
119 | logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength, | ||
120 | maxRotatedFiles=maxRotatedFiles) | ||
121 | application.setComponent(ILogObserver, FileLogObserver(logfile).emit) | ||
122 | |||
123 | m = BuildMaster(basedir, configfile, umask) | ||
124 | m.setServiceParent(application) | ||
125 | m.log_rotation.rotateLength = rotateLength | ||
126 | m.log_rotation.maxRotatedFiles = maxRotatedFiles | ||
127 | ''; | ||
93 | in '' | 128 | in '' |
94 | install -m 0755 -o buildbot -g buildbot -d /run/buildbot/ | 129 | install -m 0755 -o buildbot -g buildbot -d /run/buildbot/ |
95 | install -m 0755 -o buildbot -g buildbot -d ${varDir} | 130 | install -m 0755 -o buildbot -g buildbot -d ${varDir} |
96 | if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then | 131 | if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then |
97 | $wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}" | 132 | $wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}" |
98 | rm -f ${varDir}/${project.name}/master.cfg.sample | 133 | rm -f ${varDir}/${project.name}/master.cfg.sample |
134 | rm -f ${varDir}/${project.name}/buildbot.tac | ||
99 | fi | 135 | fi |
100 | install -Dm600 -o buildbot -g buildbot -T ${puppet_notify} ${varDir}/puppet_notify | 136 | ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac |
137 | install -Dm600 -o buildbot -g buildbot -T ${buildbot_key} ${varDir}/buildbot_key | ||
101 | buildbot_secrets=${varDir}/${project.name}/secrets | 138 | buildbot_secrets=${varDir}/${project.name}/secrets |
102 | install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets | 139 | install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets |
103 | echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap | 140 | echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap |
@@ -119,7 +156,7 @@ in | |||
119 | project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment; | 156 | project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment; |
120 | buildbot_config = pkgsNext.python3Packages.buildPythonPackage (rec { | 157 | buildbot_config = pkgsNext.python3Packages.buildPythonPackage (rec { |
121 | name = "buildbot_config-${project.name}"; | 158 | name = "buildbot_config-${project.name}"; |
122 | src = "${./projects}/${project.name}"; | 159 | src = ./projects + "/${project.name}"; |
123 | format = "other"; | 160 | format = "other"; |
124 | installPhase = '' | 161 | installPhase = '' |
125 | mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages} | 162 | mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages} |
diff --git a/nixops/modules/buildbot/projects/caldance/__init__.py b/nixops/modules/buildbot/projects/caldance/__init__.py new file mode 100644 index 0000000..e28ef72 --- /dev/null +++ b/nixops/modules/buildbot/projects/caldance/__init__.py | |||
@@ -0,0 +1,146 @@ | |||
1 | from buildbot.plugins import * | ||
2 | from buildbot_common.build_helpers import * | ||
3 | import os | ||
4 | |||
5 | __all__ = [ "configure", "E" ] | ||
6 | |||
7 | class E(): | ||
8 | PROJECT = "caldance" | ||
9 | BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT) | ||
10 | SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT) | ||
11 | PB_SOCKET = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT) | ||
12 | RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT) | ||
13 | RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT) | ||
14 | GIT_URL = "gitolite@git.immae.eu:perso/simon_descarpentries/www.cal-dance.com" | ||
15 | SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key" | ||
16 | SSH_HOST_KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF" | ||
17 | LDAP_HOST = "ldap.immae.eu" | ||
18 | LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu" | ||
19 | LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu" | ||
20 | |||
21 | PUPPET_HOST = { | ||
22 | "integration": "root@caldance.immae.eu", | ||
23 | } | ||
24 | |||
25 | # master.cfg | ||
26 | SECRETS_FILE = os.getcwd() + "/secrets" | ||
27 | LDAP_URL = "ldaps://ldap.immae.eu:636" | ||
28 | LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu" | ||
29 | LDAP_BASE = "dc=immae,dc=eu" | ||
30 | LDAP_PATTERN = "(uid=%(username)s)" | ||
31 | LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=caldance,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))" | ||
32 | TITLE_URL = "https://caldance.immae.eu" | ||
33 | TITLE = "Caldance" | ||
34 | |||
35 | def configure(c): | ||
36 | c["buildbotURL"] = E.BUILDBOT_URL | ||
37 | c["www"]["port"] = E.SOCKET | ||
38 | |||
39 | c['workers'].append(worker.LocalWorker("generic-worker")) | ||
40 | c['workers'].append(worker.LocalWorker("deploy-worker")) | ||
41 | |||
42 | c['schedulers'].append(hook_scheduler("Caldance", timer=1)) | ||
43 | c['schedulers'].append(force_scheduler("force_caldance", ["Caldance_build"])) | ||
44 | c['schedulers'].append(deploy_scheduler("deploy_caldance", ["Caldance_deploy"])) | ||
45 | |||
46 | c['builders'].append(factory("caldance")) | ||
47 | |||
48 | c['builders'].append(deploy_factory("caldance")) | ||
49 | |||
50 | c['services'].append(SlackStatusPush( | ||
51 | name="slack_status_caldance", | ||
52 | builders=["Caldance_build", "Caldance_deploy"], | ||
53 | serverUrl=open(E.SECRETS_FILE + "/slack_webhook", "r").read().rstrip())) | ||
54 | |||
55 | def factory(project, ignore_fails=False): | ||
56 | release_file = "{1}/{0}_%(kw:clean_branch)s.tar.gz" | ||
57 | |||
58 | package = util.Interpolate("{0}_%(kw:clean_branch)s.tar.gz".format(project), clean_branch=clean_branch) | ||
59 | package_dest = util.Interpolate(release_file.format(project, E.RELEASE_PATH), clean_branch=clean_branch) | ||
60 | package_url = util.Interpolate(release_file.format(project, E.RELEASE_URL), clean_branch=clean_branch) | ||
61 | |||
62 | factory = util.BuildFactory() | ||
63 | factory.addStep(steps.Git(logEnviron=False, repourl=E.GIT_URL, | ||
64 | sshPrivateKey=open(E.SSH_KEY_PATH).read().rstrip(), | ||
65 | sshHostKey=E.SSH_HOST_KEY, mode="full", method="copy")) | ||
66 | factory.addSteps(package_and_upload(package, package_dest, package_url)) | ||
67 | |||
68 | return util.BuilderConfig( | ||
69 | name="{}_build".format(project.capitalize()), | ||
70 | workernames=["generic-worker"], factory=factory) | ||
71 | |||
72 | def compute_build_infos(project): | ||
73 | @util.renderer | ||
74 | def compute(props): | ||
75 | import re, hashlib | ||
76 | build_file = props.getProperty("build") | ||
77 | package_dest = "{1}/{0}".format(build_file, E.RELEASE_PATH) | ||
78 | version = re.match(r"{0}_(.*).tar.gz".format(project), build_file).group(1) | ||
79 | with open(package_dest, "rb") as f: | ||
80 | sha = hashlib.sha256(f.read()).hexdigest() | ||
81 | return { | ||
82 | "build_version": version, | ||
83 | "build_hash": sha, | ||
84 | } | ||
85 | return compute | ||
86 | |||
87 | @util.renderer | ||
88 | def puppet_host(props): | ||
89 | environment = props["environment"] if props.hasProperty("environment") else "integration" | ||
90 | return E.PUPPET_HOST.get(environment, "host.invalid") | ||
91 | |||
92 | def deploy_factory(project): | ||
93 | package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH)) | ||
94 | |||
95 | factory = util.BuildFactory() | ||
96 | factory.addStep(steps.MasterShellCommand(command=["test", "-f", package_dest])) | ||
97 | factory.addStep(steps.SetProperties(properties=compute_build_infos(project))) | ||
98 | factory.addStep(LdapPush(environment=util.Property("environment"), | ||
99 | project=project, build_version=util.Property("build_version"), | ||
100 | build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap"))) | ||
101 | factory.addStep(steps.MasterShellCommand(command=[ | ||
102 | "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host])) | ||
103 | return util.BuilderConfig(name="{}_deploy".format(project.capitalize()), workernames=["deploy-worker"], factory=factory) | ||
104 | |||
105 | from twisted.internet import defer | ||
106 | from buildbot.process.buildstep import FAILURE | ||
107 | from buildbot.process.buildstep import SUCCESS | ||
108 | from buildbot.process.buildstep import BuildStep | ||
109 | |||
110 | class LdapPush(BuildStep): | ||
111 | name = "LdapPush" | ||
112 | renderables = ["environment", "project", "build_version", "build_hash", "ldap_password"] | ||
113 | |||
114 | def __init__(self, **kwargs): | ||
115 | self.environment = kwargs.pop("environment") | ||
116 | self.project = kwargs.pop("project") | ||
117 | self.build_version = kwargs.pop("build_version") | ||
118 | self.build_hash = kwargs.pop("build_hash") | ||
119 | self.ldap_password = kwargs.pop("ldap_password") | ||
120 | self.ldap_host = kwargs.pop("ldap_host", E.LDAP_HOST) | ||
121 | super().__init__(**kwargs) | ||
122 | |||
123 | def run(self): | ||
124 | import json | ||
125 | from ldap3 import Reader, Writer, Server, Connection, ObjectDef | ||
126 | server = Server(self.ldap_host) | ||
127 | conn = Connection(server, | ||
128 | user=E.LDAP_DN, | ||
129 | password=self.ldap_password) | ||
130 | conn.bind() | ||
131 | obj = ObjectDef("immaePuppetClass", conn) | ||
132 | r = Reader(conn, obj, | ||
133 | "cn=caldance.{},{}".format(self.environment, E.LDAP_ROLES_BASE)) | ||
134 | r.search() | ||
135 | if len(r) > 0: | ||
136 | w = Writer.from_cursor(r) | ||
137 | for value in w[0].immaePuppetJson.values: | ||
138 | config = json.loads(value) | ||
139 | if "role::caldance::{}_version".format(self.project) in config: | ||
140 | config["role::caldance::{}_version".format(self.project)] = self.build_version | ||
141 | config["role::caldance::{}_sha256".format(self.project)] = self.build_hash | ||
142 | w[0].immaePuppetJson -= value | ||
143 | w[0].immaePuppetJson += json.dumps(config, indent=" ") | ||
144 | w.commit() | ||
145 | return defer.succeed(SUCCESS) | ||
146 | return defer.succeed(FAILURE) | ||
diff --git a/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py b/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py index 1157b5c..5d70f95 100644 --- a/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py +++ b/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py | |||
@@ -8,10 +8,11 @@ class E(): | |||
8 | PROJECT = "cryptoportfolio" | 8 | PROJECT = "cryptoportfolio" |
9 | BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT) | 9 | BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT) |
10 | SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT) | 10 | SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT) |
11 | PB_SOCKET = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT) | ||
11 | RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT) | 12 | RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT) |
12 | RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT) | 13 | RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT) |
13 | GIT_URL = "https://git.immae.eu/perso/Immae/Projets/Cryptomonnaies/Cryptoportfolio/{0}.git" | 14 | GIT_URL = "https://git.immae.eu/perso/Immae/Projets/Cryptomonnaies/Cryptoportfolio/{0}.git" |
14 | SSH_KEY_PATH = "/var/lib/buildbot/puppet_notify" | 15 | SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key" |
15 | LDAP_HOST = "ldap.immae.eu" | 16 | LDAP_HOST = "ldap.immae.eu" |
16 | LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu" | 17 | LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu" |
17 | LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu" | 18 | LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu" |
@@ -27,7 +28,7 @@ class E(): | |||
27 | LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu" | 28 | LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu" |
28 | LDAP_BASE = "dc=immae,dc=eu" | 29 | LDAP_BASE = "dc=immae,dc=eu" |
29 | LDAP_PATTERN = "(uid=%(username)s)" | 30 | LDAP_PATTERN = "(uid=%(username)s)" |
30 | LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))" | 31 | LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=cryptoportfolio,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))" |
31 | TITLE_URL = "https://git.immae.eu" | 32 | TITLE_URL = "https://git.immae.eu" |
32 | TITLE = "Cryptoportfolio" | 33 | TITLE = "Cryptoportfolio" |
33 | 34 | ||
diff --git a/nixops/modules/buildbot/projects/test/__init__.py b/nixops/modules/buildbot/projects/test/__init__.py index c15788c..adda289 100644 --- a/nixops/modules/buildbot/projects/test/__init__.py +++ b/nixops/modules/buildbot/projects/test/__init__.py | |||
@@ -8,10 +8,11 @@ class E(): | |||
8 | PROJECT = "test" | 8 | PROJECT = "test" |
9 | BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT) | 9 | BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT) |
10 | SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT) | 10 | SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT) |
11 | PB_SOCKET = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT) | ||
11 | RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT) | 12 | RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT) |
12 | RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT) | 13 | RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT) |
13 | GIT_URL = "https://git.immae.eu/perso/Immae/TestProject.git" | 14 | GIT_URL = "https://git.immae.eu/perso/Immae/TestProject.git" |
14 | SSH_KEY_PATH = "/var/lib/buildbot/puppet_notify" | 15 | SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key" |
15 | PUPPET_HOST = "root@backup-1.v.immae.eu" | 16 | PUPPET_HOST = "root@backup-1.v.immae.eu" |
16 | LDAP_HOST = "ldap.immae.eu" | 17 | LDAP_HOST = "ldap.immae.eu" |
17 | LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu" | 18 | LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu" |
@@ -23,7 +24,7 @@ class E(): | |||
23 | LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu" | 24 | LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu" |
24 | LDAP_BASE = "dc=immae,dc=eu" | 25 | LDAP_BASE = "dc=immae,dc=eu" |
25 | LDAP_PATTERN = "(uid=%(username)s)" | 26 | LDAP_PATTERN = "(uid=%(username)s)" |
26 | LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))" | 27 | LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=test,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))" |
27 | TITLE_URL = "https://git.immae.eu/?p=perso/Immae/TestProject.git;a=summary" | 28 | TITLE_URL = "https://git.immae.eu/?p=perso/Immae/TestProject.git;a=summary" |
28 | TITLE = "Test project" | 29 | TITLE = "Test project" |
29 | 30 | ||