| #!/usr/bin/env lucicfg |
| # Copyright 2021 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| """Generate Tricium configs for Fuchsia repos. |
| |
| These configs only exist separate from the main fuchsia LUCI configs because |
| Tricium doesn't allow different CQ groups within a single project to declare |
| different sets of analyzers. Once LUCI CV is deployed, we can merge these |
| configs into the main fuchsia LUCI config codebase and delete all of these |
| Tricium-only projects. |
| """ |
| |
| repo_var = lucicfg.var(expose_as = "repo") |
| builder_var = lucicfg.var(expose_as = "builder") |
| |
| # Update this version whenever relying on new lucicfg features. |
| lucicfg.check_version("1.29.0", "Please update lucicfg") |
| |
| # Enable LUCI Realms support. |
| lucicfg.enable_experiment("crbug.com/1085650") |
| |
| def generate(repo, builder): |
| """Generate the Tricium configs for a repo. |
| |
| Args: |
| repo (str): The name of the repo, i.e. the path of its remote URL. For |
| example: "infra/recipes". |
| builder (str): The name of the Tricium builder to trigger. Assumed to be |
| in the "fuchsia" project and the "tricium" bucket. |
| """ |
| if not repo or not builder: |
| fail("`repo` and `builder` vars are required") |
| lucicfg.config( |
| config_dir = "repositories/" + repo, |
| fail_on_warnings = True, |
| lint_checks = [ |
| "-function-docstring-args", |
| "-function-docstring-header", |
| "-function-docstring-return", |
| "-function-docstring", |
| "-module-docstring", |
| ], |
| # Make sure to ignore commit-queue.cfg, otherwise CQ would break due to |
| # Tricium being weird. |
| tracked_files = ["project.cfg", "realms.cfg", "tricium-prod.cfg"], |
| ) |
| |
| luci.project( |
| name = "fuchsia-" + repo.replace("/", "-"), |
| tricium = "tricium-prod.appspot.com", |
| acls = [ |
| acl.entry( |
| roles = [acl.CQ_COMMITTER], |
| groups = ["project-fuchsia-committers"], |
| ), |
| acl.entry(roles = [acl.PROJECT_CONFIGS_READER], groups = ["all"]), |
| ], |
| bindings = [ |
| luci.binding( |
| roles = "role/configs.validator", |
| groups = ["project-fuchsia-config-validation"], |
| ), |
| ], |
| ) |
| |
| luci.cq_group( |
| # We don't generate CQ configs for these projects so the name doesn't |
| # matter. |
| name = "arbitrary", |
| watch = cq.refset("https://fuchsia.googlesource.com/" + repo), |
| verifiers = [ |
| luci.cq_tryjob_verifier( |
| builder = "fuchsia:tricium/" + builder, |
| owner_whitelist = ["project-fuchsia-committers"], |
| mode_allowlist = [cq.MODE_ANALYZER_RUN], |
| ), |
| ], |
| ) |
| |
| generate(repo_var.get(), builder_var.get()) |