From 747b7189331fc08fe35f610d6c1b30d91fae8e81 Mon Sep 17 00:00:00 2001 From: Sanne Raymaekers Date: Tue, 18 Feb 2025 16:30:12 +0100 Subject: [PATCH] schutzbot: add basic schutzbot structure Simply builds the rpm and installs it. --- .github/workflows/trigger-gitlab.yml | 109 +++++++++++++++++++++++++++ .gitlab-ci.yml | 42 +++++++++++ schutzbot/ci_details.sh | 56 ++++++++++++++ schutzbot/make_rpm_and_install.sh | 12 +++ schutzbot/team_ssh_keys.txt | 20 +++++ schutzbot/terraform | 1 + schutzbot/unregister.sh | 22 ++++++ schutzbot/update_github_status.sh | 50 ++++++++++++ schutzbot/upload_artifacts.sh | 34 +++++++++ 9 files changed, 346 insertions(+) create mode 100644 .github/workflows/trigger-gitlab.yml create mode 100644 .gitlab-ci.yml create mode 100755 schutzbot/ci_details.sh create mode 100755 schutzbot/make_rpm_and_install.sh create mode 100644 schutzbot/team_ssh_keys.txt create mode 100644 schutzbot/terraform create mode 100755 schutzbot/unregister.sh create mode 100755 schutzbot/update_github_status.sh create mode 100755 schutzbot/upload_artifacts.sh diff --git a/.github/workflows/trigger-gitlab.yml b/.github/workflows/trigger-gitlab.yml new file mode 100644 index 00000000..e4b97c47 --- /dev/null +++ b/.github/workflows/trigger-gitlab.yml @@ -0,0 +1,109 @@ +# inspired by rhinstaller/anaconda + +name: Trigger GitLab CI + +on: + workflow_run: + workflows: ["Development checks"] + types: [completed] + +jobs: + trigger-gitlab: + if: ${{ github.event.workflow_run.conclusion == 'success' }} + runs-on: ubuntu-latest + env: + IMAGEBUILDER_BOT_GITLAB_SSH_KEY: ${{ secrets.IMAGEBUILDER_BOT_GITLAB_SSH_KEY }} + GITLAB_TOKEN: ${{ secrets.IMAGEBUILDER_BOT_GITLAB_PIPELINE_TRIGGER_TOKEN }} + steps: + - name: Report status + uses: haya14busa/action-workflow_run-status@v1 + + - name: Install Dependencies + run: | + sudo apt install -y jq + + - name: Clone repository + uses: actions/checkout@v4 + with: + ref: ${{ github.event.workflow_run.head_sha }} + fetch-depth: 0 + + - uses: octokit/request-action@v2.x + id: fetch_pulls + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + route: GET /repos/${{ github.repository }}/pulls + per_page: 100 + + - name: Checkout branch + id: pr_data + env: + BRANCH: ${{ github.event.workflow_run.head_branch }} + run: | + PR_DATA=$(mktemp) + # use uuid as a file terminator to avoid conflicts with data content + cat > "$PR_DATA" <<'a21b3e7f-d5eb-44a3-8be0-c2412851d2e6' + ${{ steps.fetch_pulls.outputs.data }} + a21b3e7f-d5eb-44a3-8be0-c2412851d2e6 + + PR=$(jq -rc '.[] | select(.head.sha | contains("${{ github.event.workflow_run.head_sha }}")) | select(.state | contains("open"))' "$PR_DATA" | jq -r .number) + if [ ! -z "$PR" ]; then + echo "pr_branch=PR-$PR" >> "$GITHUB_OUTPUT" + git checkout -b PR-$PR + else + git checkout "${BRANCH}" + fi + + - name: Download artifacts + uses: actions/github-script@v7 + with: + script: | + let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: context.payload.workflow_run.id, + }); + let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { + return artifact.name == "PR_STATUS" + })[0]; + let download = await github.rest.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', + }); + let fs = require('fs'); + fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/PR_STATUS.zip`, Buffer.from(download.data)); + + - name: Unzip artifact + run: unzip PR_STATUS.zip + + - name: Push to gitlab + run: | + mkdir -p ~/.ssh + echo "${IMAGEBUILDER_BOT_GITLAB_SSH_KEY}" > ~/.ssh/id_rsa + chmod 400 ~/.ssh/id_rsa + touch ~/.ssh/known_hosts + ssh-keyscan -t rsa gitlab.com >> ~/.ssh/known_hosts + git remote add ci git@gitlab.com:redhat/services/products/image-builder/ci/image-builder-frontend.git + SKIP_CI=$(cat SKIP_CI.txt) + if [[ "${SKIP_CI}" == true ]];then + git push -f -o ci.variable="SKIP_CI=true" ci + else + git push -f ci + fi + + - name: Trigger GitLab nightly pipeline against this PR + if: env.GITLAB_TOKEN && steps.pr_data.outputs.pr_branch + run: | + # image-builder-frontend + PROJECT_ID=38992397 + + # Simulate a nightly CI pipeline against this PR + curl --request POST --fail --form "token=$GITLAB_TOKEN" \ + --form ref=${{ steps.pr_data.outputs.pr_branch }} \ + --form "variables[CI_PIPELINE_SOURCE]=schedule" \ + --form "variables[NIGHTLY]=true" \ + --form "variables[RHEL_MAJOR]=9" \ + "https://gitlab.com/api/v4/projects/$PROJECT_ID/trigger/pipeline" diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 00000000..31ef1084 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,42 @@ +stages: + - init + - test + - finish + +init: + stage: init + interruptible: true + tags: + - shell + script: + - schutzbot/update_github_status.sh start + +test: + before_script: + - mkdir -p /tmp/artifacts + - schutzbot/ci_details.sh > /tmp/artifacts/ci-details-before-run.txt + - cat schutzbot/team_ssh_keys.txt | tee -a ~/.ssh/authorized_keys > /dev/null + script: + - schutzbot/make_rpm_and_install.sh + after_script: + - schutzbot/ci_details.sh > /tmp/artifacts/ci-details-after-run.txt || true + - schutzbot/unregister.sh || true + - schutzbot/update_github_status.sh update || true + - schutzbot/save_journal.sh || true + - schutzbot/upload_artifacts.sh + tags: + - terraform + parallel: + matrix: + - RUNNER: + INTERNAL_NETWORK: ["true"] + - aws/rhel-9.6-nightly-x86_64 + - aws/rhel-10.0-nightly-x86_64 + +finish: + stage: finish + dependencies: [] + tags: + - shell + script: + - schutzbot/update_github_status.sh finish diff --git a/schutzbot/ci_details.sh b/schutzbot/ci_details.sh new file mode 100755 index 00000000..9e833d90 --- /dev/null +++ b/schutzbot/ci_details.sh @@ -0,0 +1,56 @@ +#!/bin/bash +# Dumps details about the instance running the CI job. + +PRIMARY_IP=$(ip route get 8.8.8.8 | head -n 1 | cut -d' ' -f7) +EXTERNAL_IP=$(curl --retry 5 -s -4 icanhazip.com) +PTR=$(curl --retry 5 -s -4 icanhazptr.com) +CPUS=$(nproc) +MEM=$(free -m | grep -oP '\d+' | head -n 1) +DISK=$(df --output=size -h / | sed '1d;s/[^0-9]//g') +HOSTNAME=$(uname -n) +USER=$(whoami) +ARCH=$(uname -m) +KERNEL=$(uname -r) + +echo -e "\033[0;36m" +cat << EOF +------------------------------------------------------------------------------ +CI MACHINE SPECS +------------------------------------------------------------------------------ + + Hostname: ${HOSTNAME} + User: ${USER} + Primary IP: ${PRIMARY_IP} + External IP: ${EXTERNAL_IP} + Reverse DNS: ${PTR} + CPUs: ${CPUS} + RAM: ${MEM} GB + DISK: ${DISK} GB + ARCH: ${ARCH} + KERNEL: ${KERNEL} + +------------------------------------------------------------------------------ +EOF +echo -e "\033[0m" + +echo "List of system repositories:" +sudo yum repolist -v + +echo "------------------------------------------------------------------------------" + +echo "List of installed packages:" +rpm -qa | sort +echo "------------------------------------------------------------------------------" + +# gcp runners don't use cloud-init and some of the images have python36 installed +if [[ "$RUNNER" != *"gcp"* ]];then + # Ensure cloud-init has completely finished on the instance. This ensures that + # the instance is fully ready to go. + while true; do + if [[ -f /var/lib/cloud/instance/boot-finished ]]; then + break + fi + echo -e "\n🤔 Waiting for cloud-init to finish running..." + sleep 5 + done +fi diff --git a/schutzbot/make_rpm_and_install.sh b/schutzbot/make_rpm_and_install.sh new file mode 100755 index 00000000..a6fddf7b --- /dev/null +++ b/schutzbot/make_rpm_and_install.sh @@ -0,0 +1,12 @@ +#!/bin/bash +set -euo pipefail + +sudo dnf install -y \ + nodejs-npm \ + libappstream-glib + +npm ci + +make rpm + +sudo dnf install -y rpmbuild/RPMS/noarch/*rpm diff --git a/schutzbot/team_ssh_keys.txt b/schutzbot/team_ssh_keys.txt new file mode 100644 index 00000000..ca8f726c --- /dev/null +++ b/schutzbot/team_ssh_keys.txt @@ -0,0 +1,20 @@ +# SSH keys from members of the osbuild team that are used in CI. +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQR4bv/n0rVI0ZHV4QoEjNrnHsUFFAcLJ6FWnnJyI31aFXWjjPf3NkbynPqqv3ksk9mj6jJzIBnlo2lZ0kLKIlnblJAyz0GVctxPsBQjzijgLPWTWXS/cLoyLZNS7AsqyTe9rzUATDHmBSje5FaJ6Shas2fybiD5V56fVekgen+sKVBWyFAKsxlWV1EytH5WLn0X0H6K50eCA7sNDfNlGs8k8EXmQPmLOEV55nGI4xBxLmAwx/dn9F3t2EhBwGzw1B6Zc4HA/ayWtJcoARO3gNiazTHKZUz37AAoJ2MnLB698L39aYZ/M55zduSLcyUqF+DBHMfzHH3QRsG0kzv+X9 tgunders-1@redhat.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVEWxKewbfPFa12txqpwGyAXpDs5CipvO0Xcq1uyz3mLEo5txp/FFCoRjtc4k+suys3sxRm+WUEKYQAot014/ibMMBIX1+eJmDuJ11h9uxBuo7eLSRYT1Qo1wa07wENgEjTDveG7xcaPkOhvGT7wGPmMFjdARNRvjFaBRK/IxvV/V4aEHZTZPOCFv2oczMUgZm6xDaaSuw5OscN0eiHAPYBy7S7M1TamLq6+7EFLOELhOke9450vynjScLApNAYxYkdFH66FLpre18h6H92N+sJkuIvyuDo2ZhZZthZoeN2Jvvdi7W0SEP6n8Bo3/FMhwRQldu8VZNRPaiIu4I+wExK+hwVa5or/HVHUNH4JXhglFUJcJ92kIwi3ZbASG6AwvwT/iGdE/CFiwTl6JLT/QMNPpEqVQ1zrh8h5teLCXMqD6PE0wSxCq/yTmF4k+kxCKhsHlWe0QdgFQjlY9gCnIz6MhHVGX0h+M5yx9x+fQ/ppoFVotFwvN1b4BKe4AD71M= tgunders-2@redhat.com +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPB1jFl4p6FTBixHT6wOk6X8nj/Z7eoPNQE/M0wK485K obudai@redhat.com +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAw6IgsAlMJQlOtJXvtlY1racZPntLiy4+iDwrPMCgbYbsylY5TI2S4JCzC3OsnOF/abozKOhTrX04KOSOPkG8iZjBEUsMX4rQXtdViyec8pAdKOimzN9tdlfC2joW8jPlr/wpKMnMRCQmNDUZIOl1ujyTeY592JE8sj9TTqyc+fk= bcl@redhat.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQqwlSYW+lD0qlxrol3JQgcN0QSaT9sm3vmhxX18OnP/3XyxZwgnEiJtIDnoZ2FAWOEKTQ9PP0Ab9gfko9mWl6OP5Nj0wT37ZeWYAJoOA3qLw1PCUF8caHs9NcgTEc2Gd+yKIxObQo2xGZQFLBW7owI4S9Rl1a30+5oLFRZJXx8Yd5+b1xFUU/4oOSkc3birHlwTZrFrW6H+AYT4u9ioSvBKtmj7KCqzbRW7p6Sk40p0EoCYU83ZsevzYXTHTAFRHD/gsRS4N7SOUClz+ZnakVBV7fa0ETLkfSmVplhlklBQjBM7OVLeghjlSRXhAcVV63iJfTMNlTjM47MB/C48L+AlH9KMYmbR1ur44NsNGFKTe08B3Q1YfcSR4no6B5iR+zgb6fpDolklAcW5qbHiOOad3Gd8M7VGpDrHZzQe7QGe6fVMKjVq7xfJFgvOaW44F7RTgL6FnT3bNoi6k26enl1O7WlM0v8j/SwtJlSl3I0HpJXLWP/sgr7U590hZSRgG2U5hoXV9YXUCyLFy4pom82CSkAPT2DybdbnhCf4FAnW2CuZMr7KXuVrHC11LA+S2HLN9Fc9f8SA745+0gO5GTvoSWEt6oAgqPWgK6xj3aeHqWN4WQvMHzdftLh4ZxjHd+c7VxreEMQgZJ124W5nUttn4S0xpJHFMADJ44Kjxg6w== jkozol-1@redhat.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMk4+D+GkL/se9RYdQ6mmv0v7cG3gXPiZdLvsbRFk+JMgnLEFUu4uwRN9+huMWdTXYLVcCZVw1l9kmDAOwPKYCGwetOwYI73nYt4n7i9zSQqKknxEO2w+16PvWy6kbgk7zQp9YEqJlIeZbVXiDuFeFyqEH5TxdAfDLu0VG/Db0M1Cor3v7g0/utHWVfS0QiLMQ5xLZ3jAbn/uTjOzsvtA219BTfdx7IVxKmG9/zeLUqyHBcOquI2rUjgHj1FN4yMCob2pSmAfV2u1iQZYHghXlw/kzh4BODjOSWCO9v+621eBdDJ36hdMHWizevxLz9Tj7X1Pwz+4TS/WABXs5MXBFcxx65wpSBr84LfZfWebe+vFe3Kkmdop3FPt7uuZyl8xdRsvfoIG3qZg2izX4IAtXo9tR++yIsEkP/5k/NVwkq158molT0HUruuK9regPRRvf7j6psAH4bMhV3o430eD7ibC5g1yT3kKbGnbJJX+HHL0+lt8IKMPCHWEWOT8uR0x9VUbT4RYFXt53I/ZXHXop+eypEctoKlsgMv1rpPGwSnrhtK1hgf399ph7GDjixZiuzcTP+Ulmj3atB32UHR7mRjarnaCI1w7PJt8pmg9K+8/XUa51q7bap1PGwsJS0lZ3zJEXFPdJfqO8/fkhDb4NYPlX0/bg/LNI9YqPg8CWSw== jkozol-2@redhat.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDY/ylCrPBzil4TnZR4tWULpz3QgfBMQyEnMOHDAJNp/FK70hD+PUiRm3UY96pmGXonQvqiDoyPuVh025FkWshPK91Dyq8QD8h25q5C5Cg6kMgBpdGzbX44ksms1KyOHmSZ48MpWw3PFOrlNP1vysr6Imjz9Jixmx4sOZvqKnrbsbOW04gowVzpZM8m048lvf6/KhqeImfeSRc9Rtpos8GqEQVlwRevE1qBON963V1QtFOrm9weoQgb369SdqRRdxaGNAymNh3d78DneOWXmEyBflLSpIDx5I2s/1NB1Dp95Bp3VvlV3CH1HC7LAFKYi+xsz3/KHdgtvgShX6LFSdsp rvykydal@dhcp-lab-144.englab.brq.redhat.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtJv3QKdqQ+0+jJND7bXVq9ux87yyi4qyJk7iOsX2VsgAUuYXpBf337p5yNB3N1kjOwGYSDjvDvS7GuhdatuvJI3/xzcyodbwJp32AT76e9uvUQHTBBGmUvBLzw3nk8ZDNp5d4rt2cZvlhv7lzDSt30DF14ivg5Xp/V0tK0BEfFlvYHuHheDeiSOQRQ392J7TefPQOW+JpxANU4Bxc1aHIettaIqQMWm9r4ZELd8M83IYt5Btp1bPsnfYywQMYqNXyDuhwhcsBTR5kVObP0DwxKZbMNPmA2lBvrX2GMIa+qfvKIW87KooaoPLt7CR7/DKfQ1S492L1wIwNUPUBLsQD xiaofwan@dhcp-8-203.nay.redhat.com +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAYU2wzSk9r1l3iOwsvaJXCsfQIUga3xzShZJAM1zHv akoutsou-R@redhat.com +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+4pso8s0M0hKFW6XoEvM6loZp0C7D9ZlmwXQbhxyV0 akoutsou-i@redhat.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC61wMCjOSHwbVb4VfVyl5sn497qW4PsdQ7Ty7aD6wDNZ/QjjULkDV/yW5WjDlDQ7UqFH0Sr7vywjqDizUAqK7zM5FsUKsUXWHWwg/ehKg8j9xKcMv11AkFoUoujtfAujnKODkk58XSA9whPr7qcw3vPrmog680pnMSzf9LC7J6kXfs6lkoKfBh9VnlxusCrw2yg0qI1fHAZBLPx7mW6+me71QZsS6sVz8v8KXyrXsKTdnF50FjzHcK9HXDBtSJS5wA3fkcRYymJe0o6WMWNdgSRVpoSiWaHHmFgdMUJaYoCfhXzyl7LtNb3Q+Sveg+tJK7JaRXBLMUllOlJ6ll5Hod yih-redhat@redhat.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYB3SyAYj+V/kmAt594RlpZlXRvVJ2r8+G1Jgnr6ft8Y6vpNkWZxpTVWEJicLczGYpzvq2AjkNStigU9Q1M2F21Te3SzT2kgNVXsMTqou4X//ZX20zej3gyI+25mc4LdBWxFaLsyrFqD76Fro2rAuCoylrfeIQBvFWbilrR+cAV9tFrJT9I4RWYVL8v7EUtBeXarVFIjwcCALzLHxFl7S/pZuuWMyhyXup1UPR3Oirpuv3kWOsElVzGOxMWREE0eoCnGYKN2VCBx+igwQbi+x/cVSf49sFBVfdpPHUGse3KwS7ukfvpmmYm06dy2JS93JrRaCUUUw2DN8VjW7dIODv jrusz@redhat.com +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPExjjH74MOM6wrXEpRUg6I0dtRdAV3bAUY+u7WMc2G sanne@redhat.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjNynFZPCEPVDyOB2yzrww5kxwK6MAb1D0GN5yP8y/iw+gtx+Hj3CqojHMTa/9r3q3R1TMgCITdvzAiKylbx/owV8bgXS1p8je2KirWx3o/Dy80AYsas2F+sodm5/FOz6LvcUZw2vZiVs1wp8dz7ak+pm6Xg7xa7511xO4T/HStzNUE/XSPYmC9LNJ+uVWTiCjTWlZxp1JcDVfO7k69F60u8D42e1Ty60IeNeJItX/o8FUjB/rMAAJRpjFpd/uyfPTWamjNoVzrB7chFxaemg2Nf8na6PHLAx8Gcxz2fdnnsg+M5vr6z0yVYz1cc8VOhYynQm9iISvTt6bDVEbWc2T thozza@redhat.com +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINDRWitNwQc/YsOSC7Reeh7x57mSzcc+4+SayHHu/NCG sdevlieg-0@redhat.com +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNh/u8oWHfYwr01X8G8ijSC3hPfKfLpK8MISxg2mq1O sdevlieg-1@redhat.com +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCWAwAqV3weCALKWrSAAHir+oIga1TU5VL4hnjWWU2x gzuccare@redhat.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOYiBGthrSNqUJdN9h9PHzXQL8cP8gj5pP9LZDx7BVgt/Knm9NwAe9hD/7fs9zmyECmZ5ubHDqG0x7Hb7DAjl+oPkCOxqRj5Npfvl1VRwwgXl3ymfI3JJpF7Cna4n0XdylBsTiwOL1/zoVXEJgTYEDEsP4gv65i8M/uWlsrfFwHLDEr3EQKnA0H4Ekz1CU2n9MFprX1hzA5IItozQUsYxKTPr1mxNTi1AFMhDEztMelvPO1OuC8MBZURR9S/+SlZ8ydCUcwl0gdCcgpUfouiuN9Yr9UbiV/yrAxEY3oKX8OegFmWEioUIZoFSiXl3sNP39ntOR4i+GV54g4omN6JbN3ios9LXBPMuvCy1NgFYPmDmmSEuo7n2IsP3pcXjZXpl4Ymwvn4RJviOZq8vghF5p0YMtCis1LxHL90epibxGoV6nc5isrOzqfgNUA9IS1zx7ZMoaF1PT8QcT8NzgNocrrhH4xGeTLD7WOOxykVASBnIXea8p7dl29/G0ThmS7Bc= atodorov@redhat.com +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQ5RGN0FtkkdhNZFQJMbh4+BXFoGon5ikrD3S1DRZ0+ mvogt@redhat.com diff --git a/schutzbot/terraform b/schutzbot/terraform new file mode 100644 index 00000000..f35674de --- /dev/null +++ b/schutzbot/terraform @@ -0,0 +1 @@ +2c51ba92065231c4986894cc2bc214dea1b2c157 diff --git a/schutzbot/unregister.sh b/schutzbot/unregister.sh new file mode 100755 index 00000000..c60a1f90 --- /dev/null +++ b/schutzbot/unregister.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# Colorful output. +function greenprint { + echo -e "\033[1;32m[$(date -Isecond)] ${1}\033[0m" +} +function redprint { + echo -e "\033[1;31m[$(date -Isecond)] ${1}\033[0m" +} + +if ! hash subscription-manager; then + exit 0 +fi +if ! sudo subscription-manager status; then + exit 0 +fi +if sudo subscription-manager unregister; then + greenprint "Host unregistered." + exit 0 +fi +redprint "Failed to unregister" +exit 1 diff --git a/schutzbot/update_github_status.sh b/schutzbot/update_github_status.sh new file mode 100755 index 00000000..4df42551 --- /dev/null +++ b/schutzbot/update_github_status.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +# if a user is logged in to the runner, wait until they're done +while (( $(who -s | wc -l) > 0 )); do + echo "Waiting for user(s) to log off" + sleep 30 +done + +if [[ $1 == "start" ]]; then + GITHUB_NEW_STATE="pending" + GITHUB_NEW_DESC="I'm currently testing this commit, be patient." +elif [[ $1 == "finish" ]]; then + GITHUB_NEW_STATE="success" + GITHUB_NEW_DESC="I like this commit!" +elif [[ $1 == "update" ]]; then + if [[ $CI_JOB_STATUS == "canceled" ]]; then + GITHUB_NEW_STATE="failure" + GITHUB_NEW_DESC="Someone told me to cancel this test run." + elif [[ $CI_JOB_STATUS == "failed" ]]; then + GITHUB_NEW_STATE="failure" + GITHUB_NEW_DESC="I'm sorry, something is odd about this commit." + else + exit 0 + fi +else + echo "unknown command" + exit 1 +fi + +CONTEXT="Schutzbot on GitLab" +if [[ "$CI_PIPELINE_SOURCE" == "schedule" ]]; then + CONTEXT="$CONTEXT, RHEL-${RHEL_MAJOR:-}-nightly" +fi + +curl \ + -u "${SCHUTZBOT_LOGIN}" \ + -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/osbuild/osbuild-composer/statuses/${CI_COMMIT_SHA}" \ + -d '{"state":"'"${GITHUB_NEW_STATE}"'", "description": "'"${GITHUB_NEW_DESC}"'", "context": "'"${CONTEXT}"'", "target_url": "'"${CI_PIPELINE_URL}"'"}' + +# ff release branch on github if this ran on main +if [ "$CI_COMMIT_BRANCH" = "main" ] && [ "$GITHUB_NEW_STATE" = "success" ]; then + if [ ! -d "release-ff-clone" ]; then + git clone --bare "https://${SCHUTZBOT_LOGIN#*:}@github.com/osbuild/osbuild-composer.git" release-ff-clone + fi + git -C release-ff-clone fetch origin + # || true to ignore non fast-forwards + git -C release-ff-clone push origin "${CI_COMMIT_SHA}:refs/heads/release" || true +fi diff --git a/schutzbot/upload_artifacts.sh b/schutzbot/upload_artifacts.sh new file mode 100755 index 00000000..17804132 --- /dev/null +++ b/schutzbot/upload_artifacts.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# This script uploads all files from ARTIFACTS folder to S3 + +S3_URL="s3://image-builder-ci-artifacts/osbuild-composer/$CI_COMMIT_BRANCH/$CI_JOB_ID/" +BROWSER_URL="https://s3.console.aws.amazon.com/s3/buckets/image-builder-ci-artifacts?region=us-east-1&prefix=osbuild-composer/$CI_COMMIT_BRANCH/$CI_JOB_ID/&showversions=false" +ARTIFACTS=${ARTIFACTS:-/tmp/artifacts} + +# Colorful output. +function greenprint { + echo -e "\033[1;32m[$(date -Isecond)] ${1}\033[0m" +} +source /etc/os-release +# s3cmd is in epel, add if it's not present +# TODO: Adjust this condition, once EPEL-10 is enabled +if [[ ($ID == rhel || $ID == centos) && ${VERSION_ID%.*} -lt 10 ]] && ! rpm -q epel-release; then + curl -Ls --retry 5 --output /tmp/epel.rpm \ + https://dl.fedoraproject.org/pub/epel/epel-release-latest-"${VERSION_ID%.*}".noarch.rpm + sudo rpm -Uvh /tmp/epel.rpm +fi + +# TODO: Remove this workaround, once EPEL-10 is enabled +if [[ ($ID == rhel || $ID == centos) && ${VERSION_ID%.*} == 10 ]]; then + sudo dnf copr enable -y @osbuild/centpkg "centos-stream-10-$(uname -m)" +fi + +sudo dnf -y install s3cmd +greenprint "Job artifacts will be uploaded to: $S3_URL" + +AWS_SECRET_ACCESS_KEY="$V2_AWS_SECRET_ACCESS_KEY" \ +AWS_ACCESS_KEY_ID="$V2_AWS_ACCESS_KEY_ID" \ +s3cmd --acl-private put "$ARTIFACTS"/* "$S3_URL" + +greenprint "Please login to 438669297788 AWS account and visit $BROWSER_URL to access job artifacts."