| #!/usr/bin/env lucicfg |
| |
| lucicfg.check_version("1.33.2", "Please update depot_tools") |
| |
| lucicfg.config( |
| config_dir = "generated", |
| tracked_files = ["*.cfg"], |
| fail_on_warnings = True, |
| lint_checks = ["default", "-module-docstring"], |
| ) |
| |
| # Milo is the UI powering https://ci.chromium.org/, configuration is optional |
| # but we want to have a nice logo. |
| luci.milo( |
| logo = "https://storage.googleapis.com/static-assets-luci/diffymute.svg", |
| favicon = "https://storage.googleapis.com/static-assets-luci/favicon.ico", |
| ) |
| |
| luci.project( |
| name = "gerrit", |
| |
| buildbucket = "cr-buildbucket.appspot.com", |
| logdog = "luci-logdog.appspot.com", |
| milo = "luci-milo.appspot.com", |
| notify = "luci-notify.appspot.com", |
| scheduler = "luci-scheduler.appspot.com", |
| swarming = "chromium-swarm.appspot.com", |
| tricium = "tricium-prod.appspot.com", |
| |
| bindings = [ |
| # Allow owners to submit any task in any pool. |
| luci.binding( |
| roles = [ |
| "role/swarming.poolOwner", |
| "role/swarming.poolUser", |
| "role/swarming.taskTriggerer", |
| ], |
| groups = "gerritcodereview-eng", |
| ), |
| |
| # Allow any googler to see all bots and tasks there. |
| luci.binding( |
| roles = "role/swarming.poolViewer", |
| groups = "googlers", |
| ), |
| |
| # Allow any googler to read/validate/reimport the project configs. |
| luci.binding( |
| roles = "role/configs.developer", |
| groups = "googlers", |
| ), |
| |
| # Allow buildbucket to read config and recipes. |
| luci.binding( |
| roles = "role/buildbucket.reader", |
| groups = "all", |
| ), |
| |
| # Allow everyone to load the config to render console and builder pages. |
| # https://ci.chromium.org/p/gerrit |
| # https://ci.chromium.org/ui/p/gerrit/builders |
| luci.binding( |
| roles = "role/configs.reader", |
| groups = "all", |
| ) |
| ], |
| acls = [ |
| acl.entry( |
| roles = acl.PROJECT_CONFIGS_READER, |
| groups = "all", |
| ), |
| ], |
| ) |
| |
| # Per-service tweaks. |
| luci.logdog(gs_bucket = "logdog-gerrit-archive") |
| |
| # Realms with ACLs for corresponding Swarming pools. |
| luci.realm(name = "pools/ci") |
| luci.realm(name = "pools/try") |
| |
| # Global recipe defaults |
| luci.recipe.defaults.cipd_version.set("refs/heads/main") |
| luci.recipe.defaults.use_python3.set(True) |
| |
| # The try bucket will include builders which work on pre-commit or pre-review |
| # code. |
| luci.bucket(name = "try") |
| |
| # The ci bucket will include builders which work on post-commit code. |
| luci.bucket(name = "ci") |
| |
| # The prod bucket will include builders which work on post-commit code and |
| # generate executable artifacts used by other users or machines. |
| luci.bucket(name = "prod") |
| |
| # Builders |
| |
| # This is the cipd package where the recipe bundler will put the built recipes. |
| # This line makes it the default value for all `luci.recipe` invocations in |
| # this configuration. |
| luci.recipe.defaults.cipd_package.set("infra/recipe_bundles/gerrit.googlesource.com/luci-config") |
| |
| # This sets the default CIPD ref to use in builds to get the right version of |
| # recipes for the build. |
| # |
| # The recipe bundler sets CIPD refs equal in name to the git refs that it |
| # processed the recipe code from. |
| # |
| # Note: This will cause all recipe commits to automatically deploy as soon |
| # as the recipe bundler compiles them from your refs/heads/main branch. |
| cipd_version = "refs/heads/main" |
| |
| # Defines a builder to run the "luci-test" recipe in a given bucket. This will |
| # be hooked up to the CQ label rather than having a set schedule. |
| def verify_luci_test_builder(bucket): |
| luci.builder( |
| name = "Verify luci-test CL", |
| bucket = bucket, |
| executable = luci.recipe( |
| # The name of the recipe we just made. |
| name = "luci-test", |
| ), |
| service_account = "gerrit-luci-%s-builder@gerritcodereview-ci.iam.gserviceaccount.com" % bucket, |
| dimensions = { |
| "os": "Ubuntu", |
| "cpu": "x86-64", |
| "pool": "luci.gerrit.%s" % bucket, |
| }, |
| ) |
| |
| verify_luci_test_builder("try") |
| verify_luci_test_builder("ci") |
| |
| # Create a CQ group to watch luci-test repo for changes. |
| luci.cq_group( |
| name = "luci-test_repo", |
| acls = [ |
| # Everyone can trigger dry runs by voting CQ+1 |
| acl.entry( |
| acl.CQ_DRY_RUNNER, |
| groups = "all", |
| ), |
| # Trigger dry runs automatically on new patchsets for everyone |
| acl.entry( |
| acl.CQ_NEW_PATCHSET_RUN_TRIGGERER, |
| groups = "all", |
| ), |
| # Only project-gerrit-committers can submit by voting CQ+2 |
| acl.entry( |
| acl.CQ_COMMITTER, |
| groups = "project-gerrit-committers", |
| ), |
| ], |
| watch = cq.refset( |
| repo = "https://gerrit.googlesource.com/luci-test", |
| refs = ["refs/heads/.+"], # will watch all branches |
| ), |
| ) |
| |
| # Attach our "Verify luci-test CL" builder to this CQ group. |
| luci.cq_tryjob_verifier( |
| builder = "try/Verify luci-test CL", |
| cq_group = "luci-test_repo", |
| # Add NEW_PATCHSET_RUN to the defaults DRY_RUN and FULL_RUN |
| mode_allowlist = [ |
| cq.MODE_DRY_RUN, cq.MODE_FULL_RUN, cq.MODE_NEW_PATCHSET_RUN |
| ], |
| ) |
| |
| # Runs luci-test tests after any merged change |
| luci.gitiles_poller( |
| name = "luci-test main source", |
| bucket = "ci", |
| repo = "https://gerrit.googlesource.com/luci-test", |
| |
| # by default this will scan "refs/heads/main"; Supply the `refs` argument |
| # if you want something else. |
| |
| triggers = ["ci/Verify luci-test CL"], |
| ) |
| |
| # This console view will appear on https://ci.chromium.org/p/gerrit and display |
| # current luci-test build status at HEAD |
| luci.console_view( |
| name = 'luci-test CI builders', |
| refs = ["refs/heads/main"], |
| repo = "https://gerrit.googlesource.com/luci-test", |
| entries = [ |
| luci.console_view_entry(builder='ci/Verify luci-test CL'), |
| ], |
| ) |
| |
| # Defines a builder to run the "gerrit-web-tests" recipe in a given bucket. This |
| # will be hooked up to the CQ label rather than having a set schedule. |
| def verify_gerrit_web_tests_builder(bucket): |
| luci.builder( |
| name = "Verify gerrit CL for web", |
| bucket = bucket, |
| executable = luci.recipe( |
| # The name of the recipe we just made. |
| name = "gerrit-web-tests", |
| ), |
| service_account = "gerrit-luci-%s-builder@gerritcodereview-ci.iam.gserviceaccount.com" % bucket, |
| dimensions = { |
| "os": "Ubuntu", |
| "cpu": "x86-64", |
| "pool": "luci.gerrit.%s" % bucket, |
| }, |
| ) |
| |
| verify_gerrit_web_tests_builder("try") |
| |
| # Create a CQ group to watch gerrit repo for changes. |
| luci.cq_group( |
| name = "gerrit_repo", |
| acls = [ |
| # Everyone can trigger dry runs by voting CQ+1 |
| acl.entry( |
| acl.CQ_DRY_RUNNER, |
| groups = "all", |
| ), |
| # Everyone can Trigger dry runs by uploading a new patchset |
| acl.entry( |
| acl.CQ_NEW_PATCHSET_RUN_TRIGGERER, |
| groups = "all", |
| ), |
| # Only project-gerrit-committers can submit by voting CQ+2 |
| acl.entry( |
| acl.CQ_COMMITTER, |
| groups = "project-gerrit-committers", |
| ), |
| ], |
| watch = cq.refset( |
| repo = "https://gerrit.googlesource.com/gerrit", |
| refs = ["refs/heads/.+"], # will watch all branches |
| ), |
| ) |
| |
| # Attach our "Verify gerrit CL for web" builder to this CQ group. |
| luci.cq_tryjob_verifier( |
| builder = "try/Verify gerrit CL for web", |
| cq_group = "gerrit_repo", |
| # Add NEW_PATCHSET_RUN to the defaults DRY_RUN and FULL_RUN |
| mode_allowlist = [ |
| cq.MODE_DRY_RUN, cq.MODE_FULL_RUN, cq.MODE_NEW_PATCHSET_RUN |
| ], |
| ) |