Refactor repo and add README
- Each repo's config is moved to it's own .star file.
- unify indentation (2 spaces)
- remove luci-test "ci" stuff, focusing on "try" work
Change-Id: I357d874e4d8dc6a113c4a54654615bae307ab313
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..f7c6890
--- /dev/null
+++ b/README.md
@@ -0,0 +1,53 @@
+# LUCI Configuration
+
+This repo holds all the configuration for LUCI, the CI system Gerrit uses. You
+can find recent verification runs and logs at
+https://ci.chromium.org/ui/p/gerrit/builders.
+
+## Concepts
+
+- `Recipe`: a python script to verify a change, and a test for that verification
+- `Builder`: a recipe configured to run on a specific machine type
+- `CQ Group`: a watcher that triggers on new votes/patchsets on the specified
+repo+refs
+- `CQ Tryjob Verifier`: combines a CQ group with a builder to run a recipe when
+a new vote or patchset comes in
+
+## Layout
+
+- `/main.star`: overall starlark configuration for the entire host. It is also
+executable to generate the config data
+- `/repos/*.star`: repo-specific starlark configuration for builders, CQ groups,
+CQ tryjob verifiers, etc
+- `/recipes/recipes/*.py`: recipes for testing a change based on the repo
+- `/recipes/recipes.py`: executes recipe tests and compares/generates expected
+JSON goldens. 100% coverage is expected.
+- `/recipes/recipe_modules/`: dependencies shared by modules
+- `/recipes/*.expected/*.json`: expected commands executed by the recipe
+- `/infra/config/recipes.cfg`: versions and URLs of external recipe dependencies
+
+## Prerequisites
+
+- `lucicfg` - CLI tool to generate the configuration from the starlark scripts.
+To install, clone [depot_tools](https://chromium.googlesource.com/chromium/tools/depot_tools.git/).
+- `python` - Due to an ongoing migration, the `recipes.py` script still relies
+on python 2.7, but the recipes themselves are written for python 3.
+
+## Imporant commands
+
+Regenerate config data after making changes (lucicfg):
+
+> `$ ./main.star`
+
+Run recipe tests (python 2.7):
+
+> `$ python recipes/recipes.py test run`
+
+Update recipe test goldens (python 2.7):
+
+> `$ python recipes/recipes.py test train`
+
+## Documentation
+
+- [Configuration API](https://chromium.googlesource.com/infra/luci/luci-go/+/HEAD/lucicfg/doc/README.md)
+- [Recipe User Guide](https://chromium.googlesource.com/infra/luci/recipes-py/+/HEAD/doc/user_guide.md)
\ No newline at end of file
diff --git a/generated/commit-queue.cfg b/generated/commit-queue.cfg
index 1da4eb0..59baa0f 100644
--- a/generated/commit-queue.cfg
+++ b/generated/commit-queue.cfg
@@ -21,7 +21,7 @@
}
tryjob {
builders {
- name: "gerrit/try/Verify gerrit CL for web"
+ name: "gerrit/try/Verify gerrit CL"
mode_allowlist: "DRY_RUN"
mode_allowlist: "FULL_RUN"
mode_allowlist: "NEW_PATCHSET_RUN"
diff --git a/generated/cr-buildbucket.cfg b/generated/cr-buildbucket.cfg
index 0b096fa..008c696 100644
--- a/generated/cr-buildbucket.cfg
+++ b/generated/cr-buildbucket.cfg
@@ -6,29 +6,6 @@
buckets {
name: "ci"
- swarming {
- builders {
- name: "Verify luci-test CL"
- swarming_host: "chromium-swarm.appspot.com"
- dimensions: "cpu:x86-64"
- dimensions: "os:Ubuntu"
- dimensions: "pool:luci.gerrit.ci"
- exe {
- cipd_package: "infra/recipe_bundles/gerrit.googlesource.com/luci-config"
- cipd_version: "refs/heads/main"
- cmd: "luciexe"
- }
- properties:
- '{'
- ' "recipe": "luci-test"'
- '}'
- service_account: "gerrit-luci-ci-builder@gerritcodereview-ci.iam.gserviceaccount.com"
- experiments {
- key: "luci.recipes.use_python3"
- value: 100
- }
- }
- }
}
buckets {
name: "prod"
@@ -37,7 +14,7 @@
name: "try"
swarming {
builders {
- name: "Verify gerrit CL for web"
+ name: "Verify gerrit CL"
swarming_host: "chromium-swarm.appspot.com"
dimensions: "cpu:x86-64"
dimensions: "os:Ubuntu"
@@ -49,7 +26,7 @@
}
properties:
'{'
- ' "recipe": "gerrit-web-tests"'
+ ' "recipe": "gerrit"'
'}'
service_account: "gerrit-luci-try-builder@gerritcodereview-ci.iam.gserviceaccount.com"
experiments {
diff --git a/generated/luci-milo.cfg b/generated/luci-milo.cfg
index 42c5880..2c52a71 100644
--- a/generated/luci-milo.cfg
+++ b/generated/luci-milo.cfg
@@ -4,15 +4,4 @@
# For the schema of this file, see Project message:
# https://luci-config.appspot.com/schemas/projects:luci-milo.cfg
-consoles {
- id: "luci-test CI builders"
- name: "luci-test CI builders"
- repo_url: "https://gerrit.googlesource.com/luci-test"
- refs: "regexp:refs/heads/main"
- manifest_name: "REVISION"
- builders {
- name: "buildbucket/luci.gerrit.ci/Verify luci-test CL"
- }
- favicon_url: "https://storage.googleapis.com/static-assets-luci/favicon.ico"
-}
logo_url: "https://storage.googleapis.com/static-assets-luci/diffymute.svg"
diff --git a/generated/luci-scheduler.cfg b/generated/luci-scheduler.cfg
deleted file mode 100644
index 1b7735c..0000000
--- a/generated/luci-scheduler.cfg
+++ /dev/null
@@ -1,24 +0,0 @@
-# Auto-generated by lucicfg.
-# Do not modify manually.
-#
-# For the schema of this file, see ProjectConfig message:
-# https://luci-config.appspot.com/schemas/projects:luci-scheduler.cfg
-
-job {
- id: "Verify luci-test CL"
- realm: "ci"
- buildbucket {
- server: "cr-buildbucket.appspot.com"
- bucket: "ci"
- builder: "Verify luci-test CL"
- }
-}
-trigger {
- id: "luci-test main source"
- realm: "ci"
- triggers: "Verify luci-test CL"
- gitiles {
- repo: "https://gerrit.googlesource.com/luci-test"
- refs: "regexp:refs/heads/main"
- }
-}
diff --git a/generated/realms.cfg b/generated/realms.cfg
index fd704ea..93b9117 100644
--- a/generated/realms.cfg
+++ b/generated/realms.cfg
@@ -37,10 +37,6 @@
}
realms {
name: "ci"
- bindings {
- role: "role/buildbucket.builderServiceAccount"
- principals: "user:gerrit-luci-ci-builder@gerritcodereview-ci.iam.gserviceaccount.com"
- }
}
realms {
name: "pools/ci"
diff --git a/main.star b/main.star
index 686ae1e..37680a6 100755
--- a/main.star
+++ b/main.star
@@ -1,75 +1,71 @@
#!/usr/bin/env lucicfg
+# This file sets up global LUCI configuration for our entire host and then
+# executes each per-repo configuration.
+
lucicfg.check_version("1.33.2", "Please update depot_tools")
lucicfg.config(
- config_dir = "generated",
- tracked_files = ["*.cfg"],
- fail_on_warnings = True,
- lint_checks = ["default", "-module-docstring"],
-)
-
-# Milo is the UI powering https://ci.chromium.org/, configuration is optional
-# but we want to have a nice logo.
-luci.milo(
- logo = "https://storage.googleapis.com/static-assets-luci/diffymute.svg",
- favicon = "https://storage.googleapis.com/static-assets-luci/favicon.ico",
+ config_dir = "generated",
+ tracked_files = ["*.cfg"],
+ fail_on_warnings = True,
+ lint_checks = ["default", "-module-docstring"],
)
luci.project(
- name = "gerrit",
+ name = "gerrit",
- buildbucket = "cr-buildbucket.appspot.com",
- logdog = "luci-logdog.appspot.com",
- milo = "luci-milo.appspot.com",
- notify = "luci-notify.appspot.com",
- scheduler = "luci-scheduler.appspot.com",
- swarming = "chromium-swarm.appspot.com",
- tricium = "tricium-prod.appspot.com",
+ buildbucket = "cr-buildbucket.appspot.com",
+ logdog = "luci-logdog.appspot.com",
+ milo = "luci-milo.appspot.com",
+ notify = "luci-notify.appspot.com",
+ scheduler = "luci-scheduler.appspot.com",
+ swarming = "chromium-swarm.appspot.com",
+ tricium = "tricium-prod.appspot.com",
- bindings = [
- # Allow owners to submit any task in any pool.
- luci.binding(
- roles = [
- "role/swarming.poolOwner",
- "role/swarming.poolUser",
- "role/swarming.taskTriggerer",
- ],
- groups = "gerritcodereview-eng",
- ),
+ bindings = [
+ # Allow owners to submit any task in any pool.
+ luci.binding(
+ roles = [
+ "role/swarming.poolOwner",
+ "role/swarming.poolUser",
+ "role/swarming.taskTriggerer",
+ ],
+ groups = "gerritcodereview-eng",
+ ),
- # Allow any googler to see all bots and tasks there.
- luci.binding(
- roles = "role/swarming.poolViewer",
- groups = "googlers",
- ),
+ # Allow any googler to see all bots and tasks.
+ luci.binding(
+ roles = "role/swarming.poolViewer",
+ groups = "googlers",
+ ),
- # Allow any googler to read/validate/reimport the project configs.
- luci.binding(
- roles = "role/configs.developer",
- groups = "googlers",
- ),
+ # Allow any googler to read/validate/reimport the project configs.
+ luci.binding(
+ roles = "role/configs.developer",
+ groups = "googlers",
+ ),
- # Allow buildbucket to read config and recipes.
- luci.binding(
- roles = "role/buildbucket.reader",
- groups = "all",
- ),
+ # Allow buildbucket to read config and recipes.
+ luci.binding(
+ roles = "role/buildbucket.reader",
+ groups = "all",
+ ),
- # Allow everyone to load the config to render console and builder pages.
- # https://ci.chromium.org/p/gerrit
- # https://ci.chromium.org/ui/p/gerrit/builders
- luci.binding(
- roles = "role/configs.reader",
- groups = "all",
- )
- ],
- acls = [
- acl.entry(
- roles = acl.PROJECT_CONFIGS_READER,
- groups = "all",
- ),
- ],
+ # Allow everyone to load the config to render console and builder pages.
+ # https://ci.chromium.org/p/gerrit
+ # https://ci.chromium.org/ui/p/gerrit/builders
+ luci.binding(
+ roles = "role/configs.reader",
+ groups = "all",
+ )
+ ],
+ acls = [
+ acl.entry(
+ roles = acl.PROJECT_CONFIGS_READER,
+ groups = "all",
+ ),
+ ],
)
# Per-service tweaks.
@@ -80,14 +76,16 @@
luci.realm(name = "pools/try")
# Global recipe defaults
+
+# Refers to https://chromium.googlesource.com/infra/luci/recipes-py/+/refs/heads/main
luci.recipe.defaults.cipd_version.set("refs/heads/main")
luci.recipe.defaults.use_python3.set(True)
-# The try bucket will include builders which work on pre-commit or pre-review
+# The "try" bucket will include builders which work on pre-commit or pre-review
# code.
luci.bucket(name = "try")
-# The ci bucket will include builders which work on post-commit code.
+# The "ci" bucket will include builders which work on post-commit code.
luci.bucket(name = "ci")
# The prod bucket will include builders which work on post-commit code and
@@ -97,8 +95,8 @@
# Builders
# This is the cipd package where the recipe bundler will put the built recipes.
-# This line makes it the default value for all `luci.recipe` invocations in
-# this configuration.
+# This line makes it the default value for all `luci.recipe` invocations in this
+# configuration.
luci.recipe.defaults.cipd_package.set("infra/recipe_bundles/gerrit.googlesource.com/luci-config")
# This sets the default CIPD ref to use in builds to get the right version of
@@ -107,142 +105,16 @@
# The recipe bundler sets CIPD refs equal in name to the git refs that it
# processed the recipe code from.
#
-# Note: This will cause all recipe commits to automatically deploy as soon
-# as the recipe bundler compiles them from your refs/heads/main branch.
+# Note: This will cause all recipe commits to automatically deploy as soon as
+# the recipe bundler compiles them from your refs/heads/main branch.
cipd_version = "refs/heads/main"
-# Defines a builder to run the "luci-test" recipe in a given bucket. This will
-# be hooked up to the CQ label rather than having a set schedule.
-def verify_luci_test_builder(bucket):
- luci.builder(
- name = "Verify luci-test CL",
- bucket = bucket,
- executable = luci.recipe(
- # The name of the recipe we just made.
- name = "luci-test",
- ),
- service_account = "gerrit-luci-%s-builder@gerritcodereview-ci.iam.gserviceaccount.com" % bucket,
- dimensions = {
- "os": "Ubuntu",
- "cpu": "x86-64",
- "pool": "luci.gerrit.%s" % bucket,
- },
- )
-
-verify_luci_test_builder("try")
-verify_luci_test_builder("ci")
-
-# Create a CQ group to watch luci-test repo for changes.
-luci.cq_group(
- name = "luci-test_repo",
- acls = [
- # Everyone can trigger dry runs by voting CQ+1
- acl.entry(
- acl.CQ_DRY_RUNNER,
- groups = "all",
- ),
- # Trigger dry runs automatically on new patchsets for everyone
- acl.entry(
- acl.CQ_NEW_PATCHSET_RUN_TRIGGERER,
- groups = "all",
- ),
- # Only project-gerrit-committers can submit by voting CQ+2
- acl.entry(
- acl.CQ_COMMITTER,
- groups = "project-gerrit-committers",
- ),
- ],
- watch = cq.refset(
- repo = "https://gerrit.googlesource.com/luci-test",
- refs = ["refs/heads/.+"], # will watch all branches
- ),
+# Milo is the UI powering https://ci.chromium.org/
+luci.milo(
+ logo = "https://storage.googleapis.com/static-assets-luci/diffymute.svg",
+ favicon = "https://storage.googleapis.com/static-assets-luci/favicon.ico",
)
-# Attach our "Verify luci-test CL" builder to this CQ group.
-luci.cq_tryjob_verifier(
- builder = "try/Verify luci-test CL",
- cq_group = "luci-test_repo",
- # Add NEW_PATCHSET_RUN to the defaults DRY_RUN and FULL_RUN
- mode_allowlist = [
- cq.MODE_DRY_RUN, cq.MODE_FULL_RUN, cq.MODE_NEW_PATCHSET_RUN
- ],
-)
-
-# Runs luci-test tests after any merged change
-luci.gitiles_poller(
- name = "luci-test main source",
- bucket = "ci",
- repo = "https://gerrit.googlesource.com/luci-test",
-
- # by default this will scan "refs/heads/main"; Supply the `refs` argument
- # if you want something else.
-
- triggers = ["ci/Verify luci-test CL"],
-)
-
-# This console view will appear on https://ci.chromium.org/p/gerrit and display
-# current luci-test build status at HEAD
-luci.console_view(
- name = 'luci-test CI builders',
- refs = ["refs/heads/main"],
- repo = "https://gerrit.googlesource.com/luci-test",
- entries = [
- luci.console_view_entry(builder='ci/Verify luci-test CL'),
- ],
-)
-
-# Defines a builder to run the "gerrit-web-tests" recipe in a given bucket. This
-# will be hooked up to the CQ label rather than having a set schedule.
-def verify_gerrit_web_tests_builder(bucket):
- luci.builder(
- name = "Verify gerrit CL for web",
- bucket = bucket,
- executable = luci.recipe(
- # The name of the recipe we just made.
- name = "gerrit-web-tests",
- ),
- service_account = "gerrit-luci-%s-builder@gerritcodereview-ci.iam.gserviceaccount.com" % bucket,
- dimensions = {
- "os": "Ubuntu",
- "cpu": "x86-64",
- "pool": "luci.gerrit.%s" % bucket,
- },
- )
-
-verify_gerrit_web_tests_builder("try")
-
-# Create a CQ group to watch gerrit repo for changes.
-luci.cq_group(
- name = "gerrit_repo",
- acls = [
- # Everyone can trigger dry runs by voting CQ+1
- acl.entry(
- acl.CQ_DRY_RUNNER,
- groups = "all",
- ),
- # Everyone can Trigger dry runs by uploading a new patchset
- acl.entry(
- acl.CQ_NEW_PATCHSET_RUN_TRIGGERER,
- groups = "all",
- ),
- # Only project-gerrit-committers can submit by voting CQ+2
- acl.entry(
- acl.CQ_COMMITTER,
- groups = "project-gerrit-committers",
- ),
- ],
- watch = cq.refset(
- repo = "https://gerrit.googlesource.com/gerrit",
- refs = ["refs/heads/.+"], # will watch all branches
- ),
-)
-
-# Attach our "Verify gerrit CL for web" builder to this CQ group.
-luci.cq_tryjob_verifier(
- builder = "try/Verify gerrit CL for web",
- cq_group = "gerrit_repo",
- # Add NEW_PATCHSET_RUN to the defaults DRY_RUN and FULL_RUN
- mode_allowlist = [
- cq.MODE_DRY_RUN, cq.MODE_FULL_RUN, cq.MODE_NEW_PATCHSET_RUN
- ],
-)
+# Per-repo configurations
+exec("//repos/gerrit.star")
+exec("//repos/luci-test.star")
\ No newline at end of file
diff --git a/recipes/README.recipes.md b/recipes/README.recipes.md
index 5199977..862ade3 100644
--- a/recipes/README.recipes.md
+++ b/recipes/README.recipes.md
@@ -6,7 +6,7 @@
* [zip](#recipe_modules-zip) (Python3 ✅)
**[Recipes](#Recipes)**
- * [gerrit-web-tests](#recipes-gerrit-web-tests) (Python3 ✅)
+ * [gerrit](#recipes-gerrit) (Python3 ✅)
* [luci-test](#recipes-luci-test) (Python3 ✅)
* [zip:examples/full](#recipes-zip_examples_full) (Python3 ✅)
## Recipe Modules
@@ -95,13 +95,13 @@
ZipPackage object.
## Recipes
-### *recipes* / [gerrit-web-tests](/recipes/recipes/gerrit-web-tests.py)
+### *recipes* / [gerrit](/recipes/recipes/gerrit.py)
-[DEPS](/recipes/recipes/gerrit-web-tests.py#7): [depot\_tools/bot\_update][depot_tools/recipe_modules/bot_update], [depot\_tools/gclient][depot_tools/recipe_modules/gclient], [depot\_tools/gsutil][depot_tools/recipe_modules/gsutil], [zip](#recipe_modules-zip), [recipe\_engine/buildbucket][recipe_engine/recipe_modules/buildbucket], [recipe\_engine/context][recipe_engine/recipe_modules/context], [recipe\_engine/file][recipe_engine/recipe_modules/file], [recipe\_engine/nodejs][recipe_engine/recipe_modules/nodejs], [recipe\_engine/path][recipe_engine/recipe_modules/path], [recipe\_engine/platform][recipe_engine/recipe_modules/platform], [recipe\_engine/step][recipe_engine/recipe_modules/step]
+[DEPS](/recipes/recipes/gerrit.py#7): [depot\_tools/bot\_update][depot_tools/recipe_modules/bot_update], [depot\_tools/gclient][depot_tools/recipe_modules/gclient], [depot\_tools/gsutil][depot_tools/recipe_modules/gsutil], [zip](#recipe_modules-zip), [recipe\_engine/buildbucket][recipe_engine/recipe_modules/buildbucket], [recipe\_engine/context][recipe_engine/recipe_modules/context], [recipe\_engine/file][recipe_engine/recipe_modules/file], [recipe\_engine/nodejs][recipe_engine/recipe_modules/nodejs], [recipe\_engine/path][recipe_engine/recipe_modules/path], [recipe\_engine/platform][recipe_engine/recipe_modules/platform], [recipe\_engine/step][recipe_engine/recipe_modules/step]
PYTHON_VERSION_COMPATIBILITY: PY3
-— **def [RunSteps](/recipes/recipes/gerrit-web-tests.py#23)(api):**
+— **def [RunSteps](/recipes/recipes/gerrit.py#23)(api):**
### *recipes* / [luci-test](/recipes/recipes/luci-test.py)
[DEPS](/recipes/recipes/luci-test.py#7): [depot\_tools/bot\_update][depot_tools/recipe_modules/bot_update], [depot\_tools/gclient][depot_tools/recipe_modules/gclient], [depot\_tools/gsutil][depot_tools/recipe_modules/gsutil], [zip](#recipe_modules-zip), [recipe\_engine/buildbucket][recipe_engine/recipe_modules/buildbucket], [recipe\_engine/context][recipe_engine/recipe_modules/context], [recipe\_engine/file][recipe_engine/recipe_modules/file], [recipe\_engine/nodejs][recipe_engine/recipe_modules/nodejs], [recipe\_engine/path][recipe_engine/recipe_modules/path], [recipe\_engine/platform][recipe_engine/recipe_modules/platform], [recipe\_engine/step][recipe_engine/recipe_modules/step]
diff --git a/recipes/recipes/gerrit-web-tests.expected/basic.json b/recipes/recipes/gerrit.expected/basic.json
similarity index 100%
rename from recipes/recipes/gerrit-web-tests.expected/basic.json
rename to recipes/recipes/gerrit.expected/basic.json
diff --git a/recipes/recipes/gerrit-web-tests.py b/recipes/recipes/gerrit.py
similarity index 100%
rename from recipes/recipes/gerrit-web-tests.py
rename to recipes/recipes/gerrit.py
diff --git a/repos/gerrit.star b/repos/gerrit.star
new file mode 100644
index 0000000..81b146d
--- /dev/null
+++ b/repos/gerrit.star
@@ -0,0 +1,57 @@
+# This is configuration for LUCI for the gerrit repo
+# https://gerrit.googlesource.com/gerrit
+
+# Builders
+
+# Defines a builder to run the "gerrit" recipe in a given bucket. This
+# will be hooked up to the CQ label rather than having a set schedule.
+luci.builder(
+ name = "Verify gerrit CL",
+ bucket = "try",
+ executable = luci.recipe(
+ # The name of the recipe we just made.
+ name = "gerrit",
+ ),
+ service_account = "gerrit-luci-try-builder@gerritcodereview-ci.iam.gserviceaccount.com",
+ dimensions = {
+ "os": "Ubuntu",
+ "cpu": "x86-64",
+ "pool": "luci.gerrit.try",
+ },
+)
+
+# Create a CQ group to watch gerrit repo for changes.
+luci.cq_group(
+ name = "gerrit_repo",
+ acls = [
+ # Everyone can trigger dry runs by voting CQ+1
+ acl.entry(
+ acl.CQ_DRY_RUNNER,
+ groups = "all",
+ ),
+ # Everyone can Trigger dry runs by uploading a new patchset
+ acl.entry(
+ acl.CQ_NEW_PATCHSET_RUN_TRIGGERER,
+ groups = "all",
+ ),
+ # Only project-gerrit-committers can submit by voting CQ+2
+ acl.entry(
+ acl.CQ_COMMITTER,
+ groups = "project-gerrit-committers",
+ ),
+ ],
+ watch = cq.refset(
+ repo = "https://gerrit.googlesource.com/gerrit",
+ refs = ["refs/heads/.+"], # will watch all branches
+ ),
+)
+
+# Attach our "Verify gerrit CL" builder to this CQ group.
+luci.cq_tryjob_verifier(
+ builder = "try/Verify gerrit CL",
+ cq_group = "gerrit_repo",
+ # Add NEW_PATCHSET_RUN to the defaults DRY_RUN and FULL_RUN
+ mode_allowlist = [
+ cq.MODE_DRY_RUN, cq.MODE_FULL_RUN, cq.MODE_NEW_PATCHSET_RUN
+ ],
+)
\ No newline at end of file
diff --git a/repos/luci-test.star b/repos/luci-test.star
new file mode 100644
index 0000000..407f171
--- /dev/null
+++ b/repos/luci-test.star
@@ -0,0 +1,57 @@
+# This is configuration for LUCI for the luci-test repo
+# https://gerrit.googlesource.com/luci-test
+
+# Builders
+
+# Defines a builder to run the "luci-test" recipe in a given bucket. This will
+# be hooked up to the CQ label rather than having a set schedule.
+luci.builder(
+ name = "Verify luci-test CL",
+ bucket = "try",
+ executable = luci.recipe(
+ # The name of the recipe we just made.
+ name = "luci-test",
+ ),
+ service_account = "gerrit-luci-try-builder@gerritcodereview-ci.iam.gserviceaccount.com",
+ dimensions = {
+ "os": "Ubuntu",
+ "cpu": "x86-64",
+ "pool": "luci.gerrit.try",
+ },
+)
+
+# Create a CQ group to watch luci-test repo for changes.
+luci.cq_group(
+ name = "luci-test_repo",
+ acls = [
+ # Everyone can trigger dry runs by voting CQ+1
+ acl.entry(
+ acl.CQ_DRY_RUNNER,
+ groups = "all",
+ ),
+ # Everyone can Trigger dry runs by uploading a new patchset
+ acl.entry(
+ acl.CQ_NEW_PATCHSET_RUN_TRIGGERER,
+ groups = "all",
+ ),
+ # Only project-gerrit-committers can submit by voting CQ+2
+ acl.entry(
+ acl.CQ_COMMITTER,
+ groups = "project-gerrit-committers",
+ ),
+ ],
+ watch = cq.refset(
+ repo = "https://gerrit.googlesource.com/luci-test",
+ refs = ["refs/heads/.+"], # will watch all branches
+ ),
+)
+
+# Attach our "Verify luci-test CL" builder to this CQ group.
+luci.cq_tryjob_verifier(
+ builder = "try/Verify luci-test CL",
+ cq_group = "luci-test_repo",
+ # Add NEW_PATCHSET_RUN to the defaults DRY_RUN and FULL_RUN
+ mode_allowlist = [
+ cq.MODE_DRY_RUN, cq.MODE_FULL_RUN, cq.MODE_NEW_PATCHSET_RUN
+ ],
+)
\ No newline at end of file