[unused] Delete unused code
Change-Id: Id7887ab419f70e8e7d192149eedb152d12099df1
diff --git a/gerrit-policy/gerrit-policy.py b/gerrit-policy/gerrit-policy.py
deleted file mode 100755
index ebfb2c0..0000000
--- a/gerrit-policy/gerrit-policy.py
+++ /dev/null
@@ -1,259 +0,0 @@
-#!/usr/bin/env python3
-"""Checks and enforces Gerrit configuration policies.
-
-Run with "help" for usage.
-"""
-
-# TODO(dbort): Add more policy checks, refactoring as we go.
-# Possible checks:
-# - Projects are either public or hidden/read-only
-# - No rules.pl files exist outside of All-Projects
-# - rules.pl is in sync across all hosts
-# - Upstream sync configs are in place for all third_party repos
-# - All upstreams point to gob-mirrored repos
-# TODO(dbort): Rewrite in Go if it seems worth the trouble.
-
-import collections
-import json
-import logging
-import subprocess
-import sys
-import textwrap
-
-
-class GerritHost(object):
- """Represents a remote Gerrit Git-on-Borg host."""
-
- def __init__(self, gob_name):
- self.__url = 'https://{}-review.googlesource.com/a'.format(gob_name)
-
- @property
- def url(self):
- return self.__url
-
- def __GetJson(self, query):
- """Performs a GET query against the host and returns parsed JSON.
-
- Args:
- query: The HTTP query string; e.g., '/projects/?t'.
- Returns:
- Parsed JSON from the body of the HTTP response.
- """
-
- url = '{}/{}'.format(self.__url, query.lstrip('/'))
-
- # check=True raises subprocess.CalledProcessError on failure.
- args = ['gob-curl', '--nointeractive', url]
- logging.debug('Run: %s', ' '.join(args))
- p = subprocess.run(args, stdout=subprocess.PIPE, check=True)
- stdout = p.stdout.decode('utf-8')
-
- # Remove the first line, which contains the )]}' guard.
- _, body = stdout.split('\n', 1)
-
- return json.loads(body)
-
- def GetProjects(self):
- """Returns a dict that maps project names to ProjectInfo entries.
-
- https://gerrit-review.googlesource.com/Documentation/rest-api-projects.html#project-info
- """
- # 't' requests "tree view", which includes the parent projects.
- return self.__GetJson('/projects/?t')
-
-
-class ThirdPartyParents(object):
- # XParent fields:
- # name: Gerrit project name
- # id: Gerrit project id
- # has: Project's current parent ID
- # needs: Project's required parent ID, according to policy
- ValidParent = collections.namedtuple('ValidParent', ('name', 'id', 'has'))
- ChangeParent = collections.namedtuple('ChangeParent',
- ('name', 'id', 'has', 'needs'))
- UnknownParent = collections.namedtuple('UnknownParent',
- ('name', 'id', 'has'))
- # Contains sequences of ValidParent/ChangeParent/UnknownParent.
- Checks = collections.namedtuple('Checks', ('valid', 'change', 'unknown'))
-
- def __init__(self, projects):
- # Only hold onto //third_party projects.
- self.__projects = {
- name: project
- for name, project in projects.items()
- if name.startswith('third_party/')
- }
-
- def __Validate(self):
- valid = []
- change = []
- unknown = []
- for name, info in self.__projects.items():
- pid = info.get('id', '')
- if not pid:
- raise KeyError('No id for project "{}"'.format(name))
- parent = info.get('parent', '')
- entry = {
- 'name': name,
- 'id': pid,
- 'has': parent,
- }
-
- if parent in ('Third-Party-Projects',
- 'Third-Party-Commit-Queue-Projects'):
- valid.append(self.ValidParent(**entry))
- continue
- elif parent == 'Public-Projects':
- entry['needs'] = 'Third-Party-Projects'
- change.append(self.ChangeParent(**entry))
- elif parent in ('Commit-Queue', 'gerrit/commit-queue-projects'):
- entry['needs'] = 'Third-Party-Commit-Queue-Projects'
- change.append(self.ChangeParent(**entry))
- else:
- # TODO(dbort): Figure out what to do with All-Projects.
- # If they're supposed to be visible, they should at
- # least be Public-Projects. Look at the hidden and
- # read-only states. That should be a separate policy
- # even for non-third_party repos.
- unknown.append(self.UnknownParent(**entry))
- return self.Checks(
- valid=tuple(sorted(valid)),
- change=tuple(sorted(change)),
- unknown=tuple(sorted(unknown)))
-
- def Check(self):
- checks = self.__Validate()
- for p in checks.valid:
- print(p)
- for p in checks.change:
- print(p)
- for p in checks.unknown:
- print(p)
- print("%d total //third_party projects:" %
- (len(checks.valid) + len(checks.change) + len(checks.unknown)))
- print(" %d with valid parents" % len(checks.valid))
- print(" %d need to change parents" % len(checks.change))
- print(" %d with unrecognized parents" % len(checks.unknown))
- if checks.unknown:
- print(" [%s]" % ', '.join(
- sorted(set([p.has for p in checks.unknown]))))
- # TODO(dbort): Return failure if change/unknown are non-empty
-
- def Enforce(self, gerrit_host, out_script):
- """Creates a shell script to enforce the policy.
-
- Args:
- gerrit_host: The host that the script should modify.
- out_script: The file-like object to write a bash script to.
- """
- checks = self.__Validate()
- header = textwrap.dedent(r"""
- # Generated by gerrit-policy.py:%(gen)s
-
- set -o nounset
- set -o errexit
- set -o pipefail
-
- ### TODO: Set to a non-empty value
- readonly BUG_ID=""
-
- ### TODO: Set DRY_RUN=0 to enable this script
- readonly DRY_RUN=1
-
- ### No edits required below this line ###
-
- readonly HOST_URL='%(host_url)s'
-
- if [[ -z "${BUG_ID}" ]]; then
- echo "ERROR: Must set BUG_ID by editing this file ($0)"
- exit 1
- fi
-
- # run [<args>...]
- # Prints the args, and runs them if DRY_RUN == 0
- run() {
- if (( DRY_RUN )); then
- echo -n "DRY_RUN:"
- printf " %%q" "$@"
- echo ""
- else
- echo -n "RUNNING:"
- printf " %%q" "$@"
- echo ""
- "$@"
- return $?
- fi
- }
-
- # change-parent <project-name> <new-parent>
- change-parent() {
- local project="$1"
- local new_parent="$2"
- run gob-curl \
- -d '{"parent": "'${new_parent}'", "commit_message": "Set parent to '${new_parent}'\n\nBug: '${BUG_ID}'"}' \
- -H "Content-Type: application/json" \
- -X PUT \
- "${HOST_URL}/projects/${project}/parent"
- }
- """ % {
- 'gen': self.__class__.__name__,
- 'host_url': gerrit_host.url
- })
- lines = [
- '#!/bin/bash',
- header,
- ]
-
- if checks.valid:
- lines.extend([
- '# Nothing to do for %d valid projects' % len(checks.valid),
- '',
- ])
- lines.append('# %d projects to change' % len(checks.change))
- for p in checks.change:
- lines.append('change-parent \'%s\' \'%s\'' % (p.id, p.needs))
- lines.append(
- '\n# %d projects with unhandled status' % len(checks.unknown))
- lines.append('\necho DONE')
-
- out_script.write('\n'.join(lines))
-
-
-def main(argv):
- def Usage(argv):
- print(textwrap.dedent("""\
- Usage: {argv0} <command> <gob-host>
-
- command:
- check: Print repo policy violations but do not modify anything
- enforce: Generate a script to fix policy violations
-
- gob-host: "fuchsia", "cobalt-analytics", etc.
- """.format(argv0=argv[0])))
-
- if len(argv) < 3:
- Usage(argv)
- sys.exit(1)
- if argv[1] in ('help', '-help', '--help', '-h'):
- Usage(argv)
- sys.exit(0)
-
- host = GerritHost(argv[2])
- projects = host.GetProjects()
-
- tpp = ThirdPartyParents(projects)
- if argv[1] == 'check':
- tpp.Check()
- elif argv[1] == 'enforce':
- # TODO(dbort): Add a flag to allow specifying the bug ID to be injected
- # into the generated script
- # TODO(dbort): Make out_script a flag
- out_script = '/tmp/policy.sh'
- with open(out_script, 'w') as f:
- tpp.Enforce(host, f)
- logging.info('Enforcement script written to %s', out_script)
-
-
-if __name__ == '__main__':
- logging.basicConfig(level=logging.DEBUG)
- main(sys.argv)
diff --git a/tools/new-github-repo.sh b/tools/new-github-repo.sh
deleted file mode 100755
index 83c64cf..0000000
--- a/tools/new-github-repo.sh
+++ /dev/null
@@ -1,106 +0,0 @@
-#!/bin/bash
-# Copyright 2018 The Fuchsia Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file
-
-# Prints to stdout a script that creates a new third_party fuchsia mirror of a
-# github project. Sets appropriate ACLs, copy config, and Gerrit access.
-#
-# Usage:
-# $ new-github-repo <github-project-name> > generated-script
-# $ bash generated-script
-#
-# TODO(dbort): Don't create non-upstream versions of branches, only master.
-# E.g., it's fine to have 'origin/upstream/release-b', but we don't need
-# 'origin/release-b' as well. We only want 'origin/master'.
-
-set -o errexit
-set -o nounset
-set -o pipefail
-
-if [[ "$#" -ne 1 ]]; then
- echo "Usage: $0 <github-project-name>" >&2
- echo " github-project-name is relative to, "$(
- )"and does not include, 'github.com'" >&2
- exit 1
-fi
-readonly GITHUB_PROJECT="$1"
-readonly UPSTREAM_GOB="github/${GITHUB_PROJECT}"
-readonly REPO_BASENAME="$(basename "${UPSTREAM_GOB}")"
-readonly MIRROR_GOB="fuchsia/third_party/${REPO_BASENAME}"
-
-# Prints a gob-ctl command to stdout. If args are supplied, prints them. If
-# not, reads from stdin and emits HERE-style lines to write that same data to
-# gob-ctl.
-run-gob-ctl() {
- if [[ "$#" -gt 0 ]]; then
- echo "gob-ctl $@"
- else
- echo "gob-ctl <<EOF"
- cat
- echo "EOF"
- fi
-}
-
-echo "#!/bin/bash"
-echo "set -eu"
-echo "set -o pipefail"
-
-run-gob-ctl create -fork "${UPSTREAM_GOB}" "${MIRROR_GOB}"
-echo 'echo "Waiting 5 seconds for the creation to finish..."'
-# Without this sleep, the acl commands sometimes fail.
-echo 'sleep 5'
-
-run-gob-ctl acl "${MIRROR_GOB}" --reader 'all_users'
-run-gob-ctl acl "${MIRROR_GOB}" --owner 'mdbgroup/fuchsia-team'
-run-gob-ctl acl "${MIRROR_GOB}" --revoke "mdbuser/${USER}"
-run-gob-ctl acl "${MIRROR_GOB}" --revoke "email/${USER}@google.com"
-
-run-gob-ctl <<EOF
-copy {
- source: "${UPSTREAM_GOB}"
- destination: "${MIRROR_GOB}"
- create: <
- source_scope: <
- all: USERS
- >
- destination_scope: <
- mdb_group: "fuchsia-git-admins"
- >
- add_refspec: <
- source: "refs/heads/*"
- destination: "refs/heads/upstream/*"
- >
- add_refspec: <
- source: "refs/tags/*"
- destination: "refs/tags/*"
- >
- >
-}
-EOF
-
-run-gob-ctl show "${MIRROR_GOB}"
-
-# fix_parent <MIRROR_GOB>
-fix_parent() {
- local gob_name="$1"
- # The part before the first slash
- local host_name="$(echo "${gob_name}" | sed -e 's,/.*,,')"
- # The part after the first slash, with slashes URL-encoded
- local project_id="$(echo "${gob_name}" | sed -e 's,[^/]*/,,;s,/,%2F,g')"
-
- local host_url="https://${host_name}-review.googlesource.com/a"
- local new_parent='Third-Party-Projects'
-
- cat <<HERE
-gob-curl \
- -d '{"parent": "${new_parent}", "commit_message": "Set parent to ${new_parent}"}' \
- -H "Content-Type: application/json" \
- -X PUT \
- "${host_url}/projects/${project_id}/parent"
-HERE
-}
-
-echo 'read -p "Press enter to set the parent project..."'
-fix_parent "${MIRROR_GOB}"
-echo 'echo Done.'
