main.star - infra/config - Git at Google

 #!/usr/bin/env lucicfg
 # Copyright 2021 The Fuchsia Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 """Generate Tricium configs for Fuchsia repos.

 These configs only exist separate from the main fuchsia LUCI configs because
 Tricium doesn't allow different CQ groups within a single project to declare
 different sets of analyzers. Once LUCI CV is deployed, we can merge these
 configs into the main fuchsia LUCI config codebase and delete all of these
 Tricium-only projects.
 """

 repo_var = lucicfg.var(expose_as = "repo")
 builder_var = lucicfg.var(expose_as = "builder")

 # Update this version whenever relying on new lucicfg features.
 lucicfg.check_version("1.30.9", "Please update lucicfg")

 def generate(repo, builder):
     """Generate the Tricium configs for a repo.

     Args:
         repo (str): The name of the repo, i.e. the path of its remote URL. For
             example: "infra/recipes".
         builder (str): The name of the Tricium builder to trigger. Assumed to be
             in the "fuchsia" project and the "tricium" bucket.
     """
     if not repo or not builder:
         fail("`repo` and `builder` vars are required")
     lucicfg.config(
         config_dir = "repositories/" + repo,
         fail_on_warnings = True,
         lint_checks = [
             "-function-docstring-args",
             "-function-docstring-header",
             "-function-docstring-return",
             "-function-docstring",
             "-module-docstring",
         ],
         # Make sure to ignore commit-queue.cfg, otherwise CQ would break due to
         # Tricium being weird.
         tracked_files = ["project.cfg", "realms.cfg", "tricium-prod.cfg"],
     )

     luci.project(
         name = "fuchsia-" + repo.replace("/", "-"),
         tricium = "tricium-prod.appspot.com",
         acls = [
             acl.entry(
                 roles = [acl.CQ_COMMITTER],
                 groups = ["project-fuchsia-committers"],
             ),
             acl.entry(roles = [acl.PROJECT_CONFIGS_READER], groups = ["all"]),
         ],
         bindings = [
             luci.binding(
                 roles = "role/configs.validator",
                 groups = ["project-fuchsia-config-validation"],
             ),
         ],
     )

     luci.cq_group(
         # We don't generate CQ configs for these projects so the name doesn't
         # matter.
         name = "arbitrary",
         watch = cq.refset("https://fuchsia.googlesource.com/" + repo),
         verifiers = [
             luci.cq_tryjob_verifier(
                 builder = "fuchsia:tricium/" + builder,
                 owner_whitelist = ["project-fuchsia-committers"],
                 mode_allowlist = [cq.MODE_ANALYZER_RUN],
             ),
         ],
     )

 generate(repo_var.get(), builder_var.get())
	#!/usr/bin/env lucicfg
	# Copyright 2021 The Fuchsia Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	"""Generate Tricium configs for Fuchsia repos.

	These configs only exist separate from the main fuchsia LUCI configs because
	Tricium doesn't allow different CQ groups within a single project to declare
	different sets of analyzers. Once LUCI CV is deployed, we can merge these
	configs into the main fuchsia LUCI config codebase and delete all of these
	Tricium-only projects.
	"""

	repo_var = lucicfg.var(expose_as = "repo")
	builder_var = lucicfg.var(expose_as = "builder")

	# Update this version whenever relying on new lucicfg features.
	lucicfg.check_version("1.30.9", "Please update lucicfg")

	def generate(repo, builder):
	"""Generate the Tricium configs for a repo.

	Args:
	repo (str): The name of the repo, i.e. the path of its remote URL. For
	example: "infra/recipes".
	builder (str): The name of the Tricium builder to trigger. Assumed to be
	in the "fuchsia" project and the "tricium" bucket.
	"""
	if not repo or not builder:
	fail("`repo` and `builder` vars are required")
	lucicfg.config(
	config_dir = "repositories/" + repo,
	fail_on_warnings = True,
	lint_checks = [
	"-function-docstring-args",
	"-function-docstring-header",
	"-function-docstring-return",
	"-function-docstring",
	"-module-docstring",
	],
	# Make sure to ignore commit-queue.cfg, otherwise CQ would break due to
	# Tricium being weird.
	tracked_files = ["project.cfg", "realms.cfg", "tricium-prod.cfg"],
	)

	luci.project(
	name = "fuchsia-" + repo.replace("/", "-"),
	tricium = "tricium-prod.appspot.com",
	acls = [
	acl.entry(
	roles = [acl.CQ_COMMITTER],
	groups = ["project-fuchsia-committers"],
	),
	acl.entry(roles = [acl.PROJECT_CONFIGS_READER], groups = ["all"]),
	],
	bindings = [
	luci.binding(
	roles = "role/configs.validator",
	groups = ["project-fuchsia-config-validation"],
	),
	],
	)

	luci.cq_group(
	# We don't generate CQ configs for these projects so the name doesn't
	# matter.
	name = "arbitrary",
	watch = cq.refset("https://fuchsia.googlesource.com/" + repo),
	verifiers = [
	luci.cq_tryjob_verifier(
	builder = "fuchsia:tricium/" + builder,
	owner_whitelist = ["project-fuchsia-committers"],
	mode_allowlist = [cq.MODE_ANALYZER_RUN],
	),
	],
	)

	generate(repo_var.get(), builder_var.get())