schutzbot: add basic schutzbot structure
Simply builds the rpm and installs it.
This commit is contained in:
Sanne Raymaekers
parent
35bb95438b
commit
747b718933
9 changed files with 346 additions and 0 deletions
109
.github/workflows/trigger-gitlab.yml
vendored
Normal file
109
.github/workflows/trigger-gitlab.yml
vendored
Normal file
|
|
@ -0,0 +1,109 @@
|
||||||
|
# inspired by rhinstaller/anaconda
|
||||||
|
|
||||||
|
name: Trigger GitLab CI
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_run:
|
||||||
|
workflows: ["Development checks"]
|
||||||
|
types: [completed]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
trigger-gitlab:
|
||||||
|
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
env:
|
||||||
|
IMAGEBUILDER_BOT_GITLAB_SSH_KEY: ${{ secrets.IMAGEBUILDER_BOT_GITLAB_SSH_KEY }}
|
||||||
|
GITLAB_TOKEN: ${{ secrets.IMAGEBUILDER_BOT_GITLAB_PIPELINE_TRIGGER_TOKEN }}
|
||||||
|
steps:
|
||||||
|
- name: Report status
|
||||||
|
uses: haya14busa/action-workflow_run-status@v1
|
||||||
|
|
||||||
|
- name: Install Dependencies
|
||||||
|
run: |
|
||||||
|
sudo apt install -y jq
|
||||||
|
|
||||||
|
- name: Clone repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
ref: ${{ github.event.workflow_run.head_sha }}
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- uses: octokit/request-action@v2.x
|
||||||
|
id: fetch_pulls
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
with:
|
||||||
|
route: GET /repos/${{ github.repository }}/pulls
|
||||||
|
per_page: 100
|
||||||
|
|
||||||
|
- name: Checkout branch
|
||||||
|
id: pr_data
|
||||||
|
env:
|
||||||
|
BRANCH: ${{ github.event.workflow_run.head_branch }}
|
||||||
|
run: |
|
||||||
|
PR_DATA=$(mktemp)
|
||||||
|
# use uuid as a file terminator to avoid conflicts with data content
|
||||||
|
cat > "$PR_DATA" <<'a21b3e7f-d5eb-44a3-8be0-c2412851d2e6'
|
||||||
|
${{ steps.fetch_pulls.outputs.data }}
|
||||||
|
a21b3e7f-d5eb-44a3-8be0-c2412851d2e6
|
||||||
|
|
||||||
|
PR=$(jq -rc '.[] | select(.head.sha | contains("${{ github.event.workflow_run.head_sha }}")) | select(.state | contains("open"))' "$PR_DATA" | jq -r .number)
|
||||||
|
if [ ! -z "$PR" ]; then
|
||||||
|
echo "pr_branch=PR-$PR" >> "$GITHUB_OUTPUT"
|
||||||
|
git checkout -b PR-$PR
|
||||||
|
else
|
||||||
|
git checkout "${BRANCH}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Download artifacts
|
||||||
|
uses: actions/github-script@v7
|
||||||
|
with:
|
||||||
|
script: |
|
||||||
|
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
|
||||||
|
owner: context.repo.owner,
|
||||||
|
repo: context.repo.repo,
|
||||||
|
run_id: context.payload.workflow_run.id,
|
||||||
|
});
|
||||||
|
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
|
||||||
|
return artifact.name == "PR_STATUS"
|
||||||
|
})[0];
|
||||||
|
let download = await github.rest.actions.downloadArtifact({
|
||||||
|
owner: context.repo.owner,
|
||||||
|
repo: context.repo.repo,
|
||||||
|
artifact_id: matchArtifact.id,
|
||||||
|
archive_format: 'zip',
|
||||||
|
});
|
||||||
|
let fs = require('fs');
|
||||||
|
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/PR_STATUS.zip`, Buffer.from(download.data));
|
||||||
|
|
||||||
|
- name: Unzip artifact
|
||||||
|
run: unzip PR_STATUS.zip
|
||||||
|
|
||||||
|
- name: Push to gitlab
|
||||||
|
run: |
|
||||||
|
mkdir -p ~/.ssh
|
||||||
|
echo "${IMAGEBUILDER_BOT_GITLAB_SSH_KEY}" > ~/.ssh/id_rsa
|
||||||
|
chmod 400 ~/.ssh/id_rsa
|
||||||
|
touch ~/.ssh/known_hosts
|
||||||
|
ssh-keyscan -t rsa gitlab.com >> ~/.ssh/known_hosts
|
||||||
|
git remote add ci git@gitlab.com:redhat/services/products/image-builder/ci/image-builder-frontend.git
|
||||||
|
SKIP_CI=$(cat SKIP_CI.txt)
|
||||||
|
if [[ "${SKIP_CI}" == true ]];then
|
||||||
|
git push -f -o ci.variable="SKIP_CI=true" ci
|
||||||
|
else
|
||||||
|
git push -f ci
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Trigger GitLab nightly pipeline against this PR
|
||||||
|
if: env.GITLAB_TOKEN && steps.pr_data.outputs.pr_branch
|
||||||
|
run: |
|
||||||
|
# image-builder-frontend
|
||||||
|
PROJECT_ID=38992397
|
||||||
|
|
||||||
|
# Simulate a nightly CI pipeline against this PR
|
||||||
|
curl --request POST --fail --form "token=$GITLAB_TOKEN" \
|
||||||
|
--form ref=${{ steps.pr_data.outputs.pr_branch }} \
|
||||||
|
--form "variables[CI_PIPELINE_SOURCE]=schedule" \
|
||||||
|
--form "variables[NIGHTLY]=true" \
|
||||||
|
--form "variables[RHEL_MAJOR]=9" \
|
||||||
|
"https://gitlab.com/api/v4/projects/$PROJECT_ID/trigger/pipeline"
|
||||||
42
.gitlab-ci.yml
Normal file
42
.gitlab-ci.yml
Normal file
|
|
@ -0,0 +1,42 @@
|
||||||
|
stages:
|
||||||
|
- init
|
||||||
|
- test
|
||||||
|
- finish
|
||||||
|
|
||||||
|
init:
|
||||||
|
stage: init
|
||||||
|
interruptible: true
|
||||||
|
tags:
|
||||||
|
- shell
|
||||||
|
script:
|
||||||
|
- schutzbot/update_github_status.sh start
|
||||||
|
|
||||||
|
test:
|
||||||
|
before_script:
|
||||||
|
- mkdir -p /tmp/artifacts
|
||||||
|
- schutzbot/ci_details.sh > /tmp/artifacts/ci-details-before-run.txt
|
||||||
|
- cat schutzbot/team_ssh_keys.txt | tee -a ~/.ssh/authorized_keys > /dev/null
|
||||||
|
script:
|
||||||
|
- schutzbot/make_rpm_and_install.sh
|
||||||
|
after_script:
|
||||||
|
- schutzbot/ci_details.sh > /tmp/artifacts/ci-details-after-run.txt || true
|
||||||
|
- schutzbot/unregister.sh || true
|
||||||
|
- schutzbot/update_github_status.sh update || true
|
||||||
|
- schutzbot/save_journal.sh || true
|
||||||
|
- schutzbot/upload_artifacts.sh
|
||||||
|
tags:
|
||||||
|
- terraform
|
||||||
|
parallel:
|
||||||
|
matrix:
|
||||||
|
- RUNNER:
|
||||||
|
INTERNAL_NETWORK: ["true"]
|
||||||
|
- aws/rhel-9.6-nightly-x86_64
|
||||||
|
- aws/rhel-10.0-nightly-x86_64
|
||||||
|
|
||||||
|
finish:
|
||||||
|
stage: finish
|
||||||
|
dependencies: []
|
||||||
|
tags:
|
||||||
|
- shell
|
||||||
|
script:
|
||||||
|
- schutzbot/update_github_status.sh finish
|
||||||
56
schutzbot/ci_details.sh
Executable file
56
schutzbot/ci_details.sh
Executable file
|
|
@ -0,0 +1,56 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Dumps details about the instance running the CI job.
|
||||||
|
|
||||||
|
PRIMARY_IP=$(ip route get 8.8.8.8 | head -n 1 | cut -d' ' -f7)
|
||||||
|
EXTERNAL_IP=$(curl --retry 5 -s -4 icanhazip.com)
|
||||||
|
PTR=$(curl --retry 5 -s -4 icanhazptr.com)
|
||||||
|
CPUS=$(nproc)
|
||||||
|
MEM=$(free -m | grep -oP '\d+' | head -n 1)
|
||||||
|
DISK=$(df --output=size -h / | sed '1d;s/[^0-9]//g')
|
||||||
|
HOSTNAME=$(uname -n)
|
||||||
|
USER=$(whoami)
|
||||||
|
ARCH=$(uname -m)
|
||||||
|
KERNEL=$(uname -r)
|
||||||
|
|
||||||
|
echo -e "\033[0;36m"
|
||||||
|
cat << EOF
|
||||||
|
------------------------------------------------------------------------------
|
||||||
|
CI MACHINE SPECS
|
||||||
|
------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
Hostname: ${HOSTNAME}
|
||||||
|
User: ${USER}
|
||||||
|
Primary IP: ${PRIMARY_IP}
|
||||||
|
External IP: ${EXTERNAL_IP}
|
||||||
|
Reverse DNS: ${PTR}
|
||||||
|
CPUs: ${CPUS}
|
||||||
|
RAM: ${MEM} GB
|
||||||
|
DISK: ${DISK} GB
|
||||||
|
ARCH: ${ARCH}
|
||||||
|
KERNEL: ${KERNEL}
|
||||||
|
|
||||||
|
------------------------------------------------------------------------------
|
||||||
|
EOF
|
||||||
|
echo -e "\033[0m"
|
||||||
|
|
||||||
|
echo "List of system repositories:"
|
||||||
|
sudo yum repolist -v
|
||||||
|
|
||||||
|
echo "------------------------------------------------------------------------------"
|
||||||
|
|
||||||
|
echo "List of installed packages:"
|
||||||
|
rpm -qa | sort
|
||||||
|
echo "------------------------------------------------------------------------------"
|
||||||
|
|
||||||
|
# gcp runners don't use cloud-init and some of the images have python36 installed
|
||||||
|
if [[ "$RUNNER" != *"gcp"* ]];then
|
||||||
|
# Ensure cloud-init has completely finished on the instance. This ensures that
|
||||||
|
# the instance is fully ready to go.
|
||||||
|
while true; do
|
||||||
|
if [[ -f /var/lib/cloud/instance/boot-finished ]]; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
echo -e "\n🤔 Waiting for cloud-init to finish running..."
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
fi
|
||||||
12
schutzbot/make_rpm_and_install.sh
Executable file
12
schutzbot/make_rpm_and_install.sh
Executable file
|
|
@ -0,0 +1,12 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
sudo dnf install -y \
|
||||||
|
nodejs-npm \
|
||||||
|
libappstream-glib
|
||||||
|
|
||||||
|
npm ci
|
||||||
|
|
||||||
|
make rpm
|
||||||
|
|
||||||
|
sudo dnf install -y rpmbuild/RPMS/noarch/*rpm
|
||||||
20
schutzbot/team_ssh_keys.txt
Normal file
20
schutzbot/team_ssh_keys.txt
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
# SSH keys from members of the osbuild team that are used in CI.
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQR4bv/n0rVI0ZHV4QoEjNrnHsUFFAcLJ6FWnnJyI31aFXWjjPf3NkbynPqqv3ksk9mj6jJzIBnlo2lZ0kLKIlnblJAyz0GVctxPsBQjzijgLPWTWXS/cLoyLZNS7AsqyTe9rzUATDHmBSje5FaJ6Shas2fybiD5V56fVekgen+sKVBWyFAKsxlWV1EytH5WLn0X0H6K50eCA7sNDfNlGs8k8EXmQPmLOEV55nGI4xBxLmAwx/dn9F3t2EhBwGzw1B6Zc4HA/ayWtJcoARO3gNiazTHKZUz37AAoJ2MnLB698L39aYZ/M55zduSLcyUqF+DBHMfzHH3QRsG0kzv+X9 tgunders-1@redhat.com
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVEWxKewbfPFa12txqpwGyAXpDs5CipvO0Xcq1uyz3mLEo5txp/FFCoRjtc4k+suys3sxRm+WUEKYQAot014/ibMMBIX1+eJmDuJ11h9uxBuo7eLSRYT1Qo1wa07wENgEjTDveG7xcaPkOhvGT7wGPmMFjdARNRvjFaBRK/IxvV/V4aEHZTZPOCFv2oczMUgZm6xDaaSuw5OscN0eiHAPYBy7S7M1TamLq6+7EFLOELhOke9450vynjScLApNAYxYkdFH66FLpre18h6H92N+sJkuIvyuDo2ZhZZthZoeN2Jvvdi7W0SEP6n8Bo3/FMhwRQldu8VZNRPaiIu4I+wExK+hwVa5or/HVHUNH4JXhglFUJcJ92kIwi3ZbASG6AwvwT/iGdE/CFiwTl6JLT/QMNPpEqVQ1zrh8h5teLCXMqD6PE0wSxCq/yTmF4k+kxCKhsHlWe0QdgFQjlY9gCnIz6MhHVGX0h+M5yx9x+fQ/ppoFVotFwvN1b4BKe4AD71M= tgunders-2@redhat.com
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPB1jFl4p6FTBixHT6wOk6X8nj/Z7eoPNQE/M0wK485K obudai@redhat.com
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAw6IgsAlMJQlOtJXvtlY1racZPntLiy4+iDwrPMCgbYbsylY5TI2S4JCzC3OsnOF/abozKOhTrX04KOSOPkG8iZjBEUsMX4rQXtdViyec8pAdKOimzN9tdlfC2joW8jPlr/wpKMnMRCQmNDUZIOl1ujyTeY592JE8sj9TTqyc+fk= bcl@redhat.com
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQqwlSYW+lD0qlxrol3JQgcN0QSaT9sm3vmhxX18OnP/3XyxZwgnEiJtIDnoZ2FAWOEKTQ9PP0Ab9gfko9mWl6OP5Nj0wT37ZeWYAJoOA3qLw1PCUF8caHs9NcgTEc2Gd+yKIxObQo2xGZQFLBW7owI4S9Rl1a30+5oLFRZJXx8Yd5+b1xFUU/4oOSkc3birHlwTZrFrW6H+AYT4u9ioSvBKtmj7KCqzbRW7p6Sk40p0EoCYU83ZsevzYXTHTAFRHD/gsRS4N7SOUClz+ZnakVBV7fa0ETLkfSmVplhlklBQjBM7OVLeghjlSRXhAcVV63iJfTMNlTjM47MB/C48L+AlH9KMYmbR1ur44NsNGFKTe08B3Q1YfcSR4no6B5iR+zgb6fpDolklAcW5qbHiOOad3Gd8M7VGpDrHZzQe7QGe6fVMKjVq7xfJFgvOaW44F7RTgL6FnT3bNoi6k26enl1O7WlM0v8j/SwtJlSl3I0HpJXLWP/sgr7U590hZSRgG2U5hoXV9YXUCyLFy4pom82CSkAPT2DybdbnhCf4FAnW2CuZMr7KXuVrHC11LA+S2HLN9Fc9f8SA745+0gO5GTvoSWEt6oAgqPWgK6xj3aeHqWN4WQvMHzdftLh4ZxjHd+c7VxreEMQgZJ124W5nUttn4S0xpJHFMADJ44Kjxg6w== jkozol-1@redhat.com
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMk4+D+GkL/se9RYdQ6mmv0v7cG3gXPiZdLvsbRFk+JMgnLEFUu4uwRN9+huMWdTXYLVcCZVw1l9kmDAOwPKYCGwetOwYI73nYt4n7i9zSQqKknxEO2w+16PvWy6kbgk7zQp9YEqJlIeZbVXiDuFeFyqEH5TxdAfDLu0VG/Db0M1Cor3v7g0/utHWVfS0QiLMQ5xLZ3jAbn/uTjOzsvtA219BTfdx7IVxKmG9/zeLUqyHBcOquI2rUjgHj1FN4yMCob2pSmAfV2u1iQZYHghXlw/kzh4BODjOSWCO9v+621eBdDJ36hdMHWizevxLz9Tj7X1Pwz+4TS/WABXs5MXBFcxx65wpSBr84LfZfWebe+vFe3Kkmdop3FPt7uuZyl8xdRsvfoIG3qZg2izX4IAtXo9tR++yIsEkP/5k/NVwkq158molT0HUruuK9regPRRvf7j6psAH4bMhV3o430eD7ibC5g1yT3kKbGnbJJX+HHL0+lt8IKMPCHWEWOT8uR0x9VUbT4RYFXt53I/ZXHXop+eypEctoKlsgMv1rpPGwSnrhtK1hgf399ph7GDjixZiuzcTP+Ulmj3atB32UHR7mRjarnaCI1w7PJt8pmg9K+8/XUa51q7bap1PGwsJS0lZ3zJEXFPdJfqO8/fkhDb4NYPlX0/bg/LNI9YqPg8CWSw== jkozol-2@redhat.com
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDY/ylCrPBzil4TnZR4tWULpz3QgfBMQyEnMOHDAJNp/FK70hD+PUiRm3UY96pmGXonQvqiDoyPuVh025FkWshPK91Dyq8QD8h25q5C5Cg6kMgBpdGzbX44ksms1KyOHmSZ48MpWw3PFOrlNP1vysr6Imjz9Jixmx4sOZvqKnrbsbOW04gowVzpZM8m048lvf6/KhqeImfeSRc9Rtpos8GqEQVlwRevE1qBON963V1QtFOrm9weoQgb369SdqRRdxaGNAymNh3d78DneOWXmEyBflLSpIDx5I2s/1NB1Dp95Bp3VvlV3CH1HC7LAFKYi+xsz3/KHdgtvgShX6LFSdsp rvykydal@dhcp-lab-144.englab.brq.redhat.com
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtJv3QKdqQ+0+jJND7bXVq9ux87yyi4qyJk7iOsX2VsgAUuYXpBf337p5yNB3N1kjOwGYSDjvDvS7GuhdatuvJI3/xzcyodbwJp32AT76e9uvUQHTBBGmUvBLzw3nk8ZDNp5d4rt2cZvlhv7lzDSt30DF14ivg5Xp/V0tK0BEfFlvYHuHheDeiSOQRQ392J7TefPQOW+JpxANU4Bxc1aHIettaIqQMWm9r4ZELd8M83IYt5Btp1bPsnfYywQMYqNXyDuhwhcsBTR5kVObP0DwxKZbMNPmA2lBvrX2GMIa+qfvKIW87KooaoPLt7CR7/DKfQ1S492L1wIwNUPUBLsQD xiaofwan@dhcp-8-203.nay.redhat.com
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAYU2wzSk9r1l3iOwsvaJXCsfQIUga3xzShZJAM1zHv akoutsou-R@redhat.com
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+4pso8s0M0hKFW6XoEvM6loZp0C7D9ZlmwXQbhxyV0 akoutsou-i@redhat.com
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC61wMCjOSHwbVb4VfVyl5sn497qW4PsdQ7Ty7aD6wDNZ/QjjULkDV/yW5WjDlDQ7UqFH0Sr7vywjqDizUAqK7zM5FsUKsUXWHWwg/ehKg8j9xKcMv11AkFoUoujtfAujnKODkk58XSA9whPr7qcw3vPrmog680pnMSzf9LC7J6kXfs6lkoKfBh9VnlxusCrw2yg0qI1fHAZBLPx7mW6+me71QZsS6sVz8v8KXyrXsKTdnF50FjzHcK9HXDBtSJS5wA3fkcRYymJe0o6WMWNdgSRVpoSiWaHHmFgdMUJaYoCfhXzyl7LtNb3Q+Sveg+tJK7JaRXBLMUllOlJ6ll5Hod yih-redhat@redhat.com
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYB3SyAYj+V/kmAt594RlpZlXRvVJ2r8+G1Jgnr6ft8Y6vpNkWZxpTVWEJicLczGYpzvq2AjkNStigU9Q1M2F21Te3SzT2kgNVXsMTqou4X//ZX20zej3gyI+25mc4LdBWxFaLsyrFqD76Fro2rAuCoylrfeIQBvFWbilrR+cAV9tFrJT9I4RWYVL8v7EUtBeXarVFIjwcCALzLHxFl7S/pZuuWMyhyXup1UPR3Oirpuv3kWOsElVzGOxMWREE0eoCnGYKN2VCBx+igwQbi+x/cVSf49sFBVfdpPHUGse3KwS7ukfvpmmYm06dy2JS93JrRaCUUUw2DN8VjW7dIODv jrusz@redhat.com
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPExjjH74MOM6wrXEpRUg6I0dtRdAV3bAUY+u7WMc2G sanne@redhat.com
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjNynFZPCEPVDyOB2yzrww5kxwK6MAb1D0GN5yP8y/iw+gtx+Hj3CqojHMTa/9r3q3R1TMgCITdvzAiKylbx/owV8bgXS1p8je2KirWx3o/Dy80AYsas2F+sodm5/FOz6LvcUZw2vZiVs1wp8dz7ak+pm6Xg7xa7511xO4T/HStzNUE/XSPYmC9LNJ+uVWTiCjTWlZxp1JcDVfO7k69F60u8D42e1Ty60IeNeJItX/o8FUjB/rMAAJRpjFpd/uyfPTWamjNoVzrB7chFxaemg2Nf8na6PHLAx8Gcxz2fdnnsg+M5vr6z0yVYz1cc8VOhYynQm9iISvTt6bDVEbWc2T thozza@redhat.com
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINDRWitNwQc/YsOSC7Reeh7x57mSzcc+4+SayHHu/NCG sdevlieg-0@redhat.com
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNh/u8oWHfYwr01X8G8ijSC3hPfKfLpK8MISxg2mq1O sdevlieg-1@redhat.com
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCWAwAqV3weCALKWrSAAHir+oIga1TU5VL4hnjWWU2x gzuccare@redhat.com
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOYiBGthrSNqUJdN9h9PHzXQL8cP8gj5pP9LZDx7BVgt/Knm9NwAe9hD/7fs9zmyECmZ5ubHDqG0x7Hb7DAjl+oPkCOxqRj5Npfvl1VRwwgXl3ymfI3JJpF7Cna4n0XdylBsTiwOL1/zoVXEJgTYEDEsP4gv65i8M/uWlsrfFwHLDEr3EQKnA0H4Ekz1CU2n9MFprX1hzA5IItozQUsYxKTPr1mxNTi1AFMhDEztMelvPO1OuC8MBZURR9S/+SlZ8ydCUcwl0gdCcgpUfouiuN9Yr9UbiV/yrAxEY3oKX8OegFmWEioUIZoFSiXl3sNP39ntOR4i+GV54g4omN6JbN3ios9LXBPMuvCy1NgFYPmDmmSEuo7n2IsP3pcXjZXpl4Ymwvn4RJviOZq8vghF5p0YMtCis1LxHL90epibxGoV6nc5isrOzqfgNUA9IS1zx7ZMoaF1PT8QcT8NzgNocrrhH4xGeTLD7WOOxykVASBnIXea8p7dl29/G0ThmS7Bc= atodorov@redhat.com
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQ5RGN0FtkkdhNZFQJMbh4+BXFoGon5ikrD3S1DRZ0+ mvogt@redhat.com
|
||||||
1
schutzbot/terraform
Normal file
1
schutzbot/terraform
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
2c51ba92065231c4986894cc2bc214dea1b2c157
|
||||||
22
schutzbot/unregister.sh
Executable file
22
schutzbot/unregister.sh
Executable file
|
|
@ -0,0 +1,22 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Colorful output.
|
||||||
|
function greenprint {
|
||||||
|
echo -e "\033[1;32m[$(date -Isecond)] ${1}\033[0m"
|
||||||
|
}
|
||||||
|
function redprint {
|
||||||
|
echo -e "\033[1;31m[$(date -Isecond)] ${1}\033[0m"
|
||||||
|
}
|
||||||
|
|
||||||
|
if ! hash subscription-manager; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if ! sudo subscription-manager status; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if sudo subscription-manager unregister; then
|
||||||
|
greenprint "Host unregistered."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
redprint "Failed to unregister"
|
||||||
|
exit 1
|
||||||
50
schutzbot/update_github_status.sh
Executable file
50
schutzbot/update_github_status.sh
Executable file
|
|
@ -0,0 +1,50 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# if a user is logged in to the runner, wait until they're done
|
||||||
|
while (( $(who -s | wc -l) > 0 )); do
|
||||||
|
echo "Waiting for user(s) to log off"
|
||||||
|
sleep 30
|
||||||
|
done
|
||||||
|
|
||||||
|
if [[ $1 == "start" ]]; then
|
||||||
|
GITHUB_NEW_STATE="pending"
|
||||||
|
GITHUB_NEW_DESC="I'm currently testing this commit, be patient."
|
||||||
|
elif [[ $1 == "finish" ]]; then
|
||||||
|
GITHUB_NEW_STATE="success"
|
||||||
|
GITHUB_NEW_DESC="I like this commit!"
|
||||||
|
elif [[ $1 == "update" ]]; then
|
||||||
|
if [[ $CI_JOB_STATUS == "canceled" ]]; then
|
||||||
|
GITHUB_NEW_STATE="failure"
|
||||||
|
GITHUB_NEW_DESC="Someone told me to cancel this test run."
|
||||||
|
elif [[ $CI_JOB_STATUS == "failed" ]]; then
|
||||||
|
GITHUB_NEW_STATE="failure"
|
||||||
|
GITHUB_NEW_DESC="I'm sorry, something is odd about this commit."
|
||||||
|
else
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "unknown command"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
CONTEXT="Schutzbot on GitLab"
|
||||||
|
if [[ "$CI_PIPELINE_SOURCE" == "schedule" ]]; then
|
||||||
|
CONTEXT="$CONTEXT, RHEL-${RHEL_MAJOR:-}-nightly"
|
||||||
|
fi
|
||||||
|
|
||||||
|
curl \
|
||||||
|
-u "${SCHUTZBOT_LOGIN}" \
|
||||||
|
-X POST \
|
||||||
|
-H "Accept: application/vnd.github.v3+json" \
|
||||||
|
"https://api.github.com/repos/osbuild/osbuild-composer/statuses/${CI_COMMIT_SHA}" \
|
||||||
|
-d '{"state":"'"${GITHUB_NEW_STATE}"'", "description": "'"${GITHUB_NEW_DESC}"'", "context": "'"${CONTEXT}"'", "target_url": "'"${CI_PIPELINE_URL}"'"}'
|
||||||
|
|
||||||
|
# ff release branch on github if this ran on main
|
||||||
|
if [ "$CI_COMMIT_BRANCH" = "main" ] && [ "$GITHUB_NEW_STATE" = "success" ]; then
|
||||||
|
if [ ! -d "release-ff-clone" ]; then
|
||||||
|
git clone --bare "https://${SCHUTZBOT_LOGIN#*:}@github.com/osbuild/osbuild-composer.git" release-ff-clone
|
||||||
|
fi
|
||||||
|
git -C release-ff-clone fetch origin
|
||||||
|
# || true to ignore non fast-forwards
|
||||||
|
git -C release-ff-clone push origin "${CI_COMMIT_SHA}:refs/heads/release" || true
|
||||||
|
fi
|
||||||
34
schutzbot/upload_artifacts.sh
Executable file
34
schutzbot/upload_artifacts.sh
Executable file
|
|
@ -0,0 +1,34 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This script uploads all files from ARTIFACTS folder to S3
|
||||||
|
|
||||||
|
S3_URL="s3://image-builder-ci-artifacts/osbuild-composer/$CI_COMMIT_BRANCH/$CI_JOB_ID/"
|
||||||
|
BROWSER_URL="https://s3.console.aws.amazon.com/s3/buckets/image-builder-ci-artifacts?region=us-east-1&prefix=osbuild-composer/$CI_COMMIT_BRANCH/$CI_JOB_ID/&showversions=false"
|
||||||
|
ARTIFACTS=${ARTIFACTS:-/tmp/artifacts}
|
||||||
|
|
||||||
|
# Colorful output.
|
||||||
|
function greenprint {
|
||||||
|
echo -e "\033[1;32m[$(date -Isecond)] ${1}\033[0m"
|
||||||
|
}
|
||||||
|
source /etc/os-release
|
||||||
|
# s3cmd is in epel, add if it's not present
|
||||||
|
# TODO: Adjust this condition, once EPEL-10 is enabled
|
||||||
|
if [[ ($ID == rhel || $ID == centos) && ${VERSION_ID%.*} -lt 10 ]] && ! rpm -q epel-release; then
|
||||||
|
curl -Ls --retry 5 --output /tmp/epel.rpm \
|
||||||
|
https://dl.fedoraproject.org/pub/epel/epel-release-latest-"${VERSION_ID%.*}".noarch.rpm
|
||||||
|
sudo rpm -Uvh /tmp/epel.rpm
|
||||||
|
fi
|
||||||
|
|
||||||
|
# TODO: Remove this workaround, once EPEL-10 is enabled
|
||||||
|
if [[ ($ID == rhel || $ID == centos) && ${VERSION_ID%.*} == 10 ]]; then
|
||||||
|
sudo dnf copr enable -y @osbuild/centpkg "centos-stream-10-$(uname -m)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
sudo dnf -y install s3cmd
|
||||||
|
greenprint "Job artifacts will be uploaded to: $S3_URL"
|
||||||
|
|
||||||
|
AWS_SECRET_ACCESS_KEY="$V2_AWS_SECRET_ACCESS_KEY" \
|
||||||
|
AWS_ACCESS_KEY_ID="$V2_AWS_ACCESS_KEY_ID" \
|
||||||
|
s3cmd --acl-private put "$ARTIFACTS"/* "$S3_URL"
|
||||||
|
|
||||||
|
greenprint "Please login to 438669297788 AWS account and visit $BROWSER_URL to access job artifacts."
|
||||||
Loading…
Add table
Add a link
Reference in a new issue