This repository has been archived by the owner on May 17, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
/
master.cfg
139 lines (116 loc) · 4.06 KB
/
master.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# -*- python -*-
# ex: set filetype=python:
# Copyright 2019 RStudio, Inc.
# All rights reserved.
#
# Use of this source code is governed by a BSD 2-Clause
# license that can be found in the LICENSE_BSD file.
import os
from pathlib import Path
import toolz
from dotenv import load_dotenv
from buildbot.plugins import util
from ursabot.auth import GithubAuth, Authz
from ursabot.hooks import UrsabotHook
from ursabot.secrets import SecretInPass
from ursabot.configs import ProjectConfig, MasterConfig
from ursabot.workers import load_workers_from
load_dotenv()
cwd = projects = Path(__file__).parent.absolute()
workers = load_workers_from(
cwd / 'workers.yaml',
auto_pull=True,
always_pull=True
)
############################# LOAD PROJECTS ###################################
ursabot = ProjectConfig.load_from(
cwd / 'projects' / 'ursabot' / 'master.cfg',
variable='ursabot',
inject_globals=dict(
workers=workers,
with_pollers=False,
with_reporters=True
)
)
arrow = ProjectConfig.load_from(
cwd / 'projects' / 'arrow' / 'master.cfg',
variable='arrow',
inject_globals=dict(
workers=workers,
with_pollers=False,
with_reporters=True
)
)
############################# AUTHENTICATION ##################################
auth = GithubAuth(
clientId=util.Secret('ursabot/github_client_id'),
clientSecret=util.Secret('ursabot/github_client_secret'),
apiVersion=4,
getTeamsMembership=True
)
authz = Authz(
# 'admin' organization is unavalable on github so it is used to grant
# access for specific users outside of allowed organizations
allowRules=[
util.AnyControlEndpointMatcher(role='ursa-labs'),
util.AnyControlEndpointMatcher(role='apache'),
util.AnyControlEndpointMatcher(role='admin')
],
roleMatchers=[
# github organization names becomes the roles assigned to the user
util.RolesFromGroups(),
# explicitly assign admin role to specific users
util.RolesFromUsername(
roles=['admin'],
usernames=['xhochy', 'kou']
)
]
)
secret_providers = [
SecretInPass(dirname=Path('~/.ursalabs-pass').expanduser())
]
############################## CHANGE HOOK ####################################
# Accept HTTP requests and translate them into changes for buildbot. We use a
# specialized hook which also processes the pull request comments.
class ChangeHook(UrsabotHook):
# currently there is only a single command, in the future we'll need a
# combiner which turns multiple callbacks into a single one
comment_handler = toolz.first(arrow.commands)
change_hook = ChangeHook(
secret=util.Secret('ursabot/github_hook_secret'),
tokens=[util.Secret('ursabot/github_token')],
debug=False,
strict=True,
verify=True
)
############################# BUILDMASTER CONFIG ##############################
# MasterConfig is the object that the ursabot pays attention to.
# - `ursabot checkconfig` loads and validates it without actually
# running the services
# - `ursabot start|stop|restart` also loads this dictionary, indirectly
# through buildbot.tac
# secret interpolation is not yet available for setting database_url, so
# we read from the environment (can be defined with .env as well)
database_url = os.getenv('DATABASE_URL', default='sqlite:///ursabot.sqlite')
master = MasterConfig(
# The 'title' string will appear at the top of this buildbot installation's
# home pages (linked to the 'titleURL').
title='Ursabot',
# The 'buildbotURL' string should point to the location where the
# buildbot's internal web server is visible. This typically uses the port
# number set in the 'webui_port' entry below, but with an
# externally-visible host name which the buildbot cannot figure out without
# some help.
url='https://ci.ursalabs.org/',
webui_port=8010,
worker_port=9989,
auth=auth,
authz=authz,
change_hook=change_hook,
secret_providers=secret_providers,
database_url=database_url,
projects=[
arrow,
ursabot
]
)