| #!/usr/bin/env lucicfg |
| |
| # Copyright (c) 2019 The WebRTC project authors. All Rights Reserved. |
| # |
| # Use of this source code is governed by a BSD-style license |
| # that can be found in the LICENSE file in the root of the source |
| # tree. An additional intellectual property rights grant can be found |
| # in the file PATENTS. All contributing project authors may |
| # be found in the AUTHORS file in the root of the source tree. |
| |
| # https://chromium.googlesource.com/infra/luci/luci-go/+/main/lucicfg/doc/ |
| |
| """LUCI project configuration for WebRTC CQ and CI.""" |
| |
| load("@chromium-luci//chromium_luci.star", "chromium_luci") |
| load("@chromium-luci//recipe_experiments.star", "register_recipe_experiments") |
| |
| WEBRTC_GIT = "https://webrtc.googlesource.com/src" |
| WEBRTC_GERRIT = "https://webrtc-review.googlesource.com/src" |
| WEBRTC_TROOPER_EMAIL = "webrtc-troopers-robots@google.com" |
| |
| # Use LUCI Scheduler BBv2 names and add Scheduler realms configs. |
| lucicfg.enable_experiment("crbug.com/1182002") |
| |
| luci.builder.defaults.test_presentation.set( |
| resultdb.test_presentation(grouping_keys = ["status", "v.test_suite"]), |
| ) |
| |
| lucicfg.config( |
| config_dir = "generated", |
| tracked_files = [ |
| "luci/commit-queue.cfg", |
| "luci/cr-buildbucket.cfg", |
| "luci/luci-analysis.cfg", |
| "luci/luci-logdog.cfg", |
| "luci/luci-milo.cfg", |
| "luci/luci-notify.cfg", |
| "luci/luci-notify/**/*", |
| "luci/luci-scheduler.cfg", |
| "luci/project.cfg", |
| "luci/realms.cfg", |
| ], |
| ) |
| |
| chromium_luci.configure_project( |
| name = "project", |
| is_main = True, |
| platforms = {}, |
| ) |
| |
| chromium_luci.configure_builder_health_indicators( |
| unhealthy_period_days = 7, |
| pending_time_p50_min = 20, |
| ) |
| |
| chromium_luci.configure_ci( |
| test_results_bq_dataset_name = "resultdb", |
| resultdb_index_by_timestamp = False, |
| ) |
| |
| chromium_luci.configure_recipe_experiments( |
| # This can be removed once all builders use the chromium-luci wrappers for |
| # creating builders instead of directly calling luci.builder(). |
| require_builder_wrappers = False, |
| ) |
| |
| luci.project( |
| name = "webrtc", |
| config_dir = "luci", |
| buildbucket = "cr-buildbucket.appspot.com", |
| logdog = "luci-logdog.appspot.com", |
| milo = "luci-milo.appspot.com", |
| notify = "luci-notify.appspot.com", |
| scheduler = "luci-scheduler.appspot.com", |
| swarming = "chromium-swarm.appspot.com", |
| acls = [ |
| acl.entry( |
| [acl.BUILDBUCKET_READER, acl.LOGDOG_READER, acl.PROJECT_CONFIGS_READER, acl.SCHEDULER_READER], |
| groups = ["all"], |
| ), |
| acl.entry(acl.LOGDOG_WRITER, groups = ["luci-logdog-chromium-writers"]), |
| acl.entry(acl.SCHEDULER_OWNER, groups = ["project-webrtc-admins"]), |
| ], |
| bindings = [ |
| luci.binding( |
| roles = "role/configs.validator", |
| users = [ |
| "webrtc-try-builder@chops-service-accounts.iam.gserviceaccount.com", |
| ], |
| ), |
| luci.binding( |
| roles = "role/swarming.poolOwner", |
| groups = "project-webrtc-admins", |
| ), |
| luci.binding( |
| roles = "role/swarming.poolViewer", |
| groups = "all", |
| ), |
| # Allow any WebRTC build to trigger a test ran under chromium-tester@ |
| # task service account. |
| luci.binding( |
| roles = "role/swarming.taskServiceAccount", |
| users = [ |
| "chromium-tester@chops-service-accounts.iam.gserviceaccount.com", |
| ], |
| ), |
| # Roles for LUCI Analysis. |
| luci.binding( |
| roles = "role/analysis.reader", |
| groups = "all", |
| ), |
| luci.binding( |
| roles = "role/analysis.queryUser", |
| groups = "authenticated-users", |
| ), |
| luci.binding( |
| roles = "role/analysis.editor", |
| groups = "googlers", |
| ), |
| ], |
| ) |
| |
| luci.logdog( |
| gs_bucket = "chromium-luci-logdog", |
| ) |
| |
| luci.milo( |
| logo = "https://storage.googleapis.com/chrome-infra/webrtc-logo-vert-retro-255x305.png", |
| ) |
| |
| # Configure Weetbix (config is copied verbatim) |
| ################################################################################ |
| |
| lucicfg.emit( |
| dest = "luci/luci-analysis.cfg", |
| data = io.read_file("luci-analysis.cfg"), |
| ) |
| |
| ################################################################################ |
| |
| luci.notify(tree_closing_enabled = True) |
| |
| luci.cq( |
| status_host = "chromium-cq-status.appspot.com", |
| submit_max_burst = 1, |
| submit_burst_delay = 1 * time.minute, |
| ) |
| |
| luci.gitiles_poller( |
| name = "webrtc-gitiles-trigger-main", |
| bucket = "ci", |
| repo = WEBRTC_GIT, |
| refs = ["refs/heads/main"], |
| ) |
| |
| # Swarming permissions: |
| |
| luci.realm(name = "pools/cron", bindings = [ |
| # Unlike WebRTC's own builders, other projects need an explicit grant to use this pool. |
| luci.binding( |
| roles = "role/swarming.poolUser", |
| projects = "libyuv", |
| ), |
| ]) |
| |
| luci.realm(name = "pools/ci") |
| luci.realm(name = "pools/ci-tests", bindings = [ |
| # Allow task service accounts of .ci pool/bucket to trigger tasks here. |
| luci.binding( |
| roles = "role/swarming.poolUser", |
| groups = "project-webrtc-ci-task-accounts", |
| ), |
| # Allow tasks here to use .ci task service accounts. |
| luci.binding( |
| roles = "role/swarming.taskServiceAccount", |
| groups = "project-webrtc-ci-task-accounts", |
| ), |
| ]) |
| luci.realm( |
| name = "ci", |
| extends = "debug-bot-acls", |
| bindings = [ |
| # Allow CI builders to create invocations in their own builds. |
| luci.binding( |
| roles = "role/resultdb.invocationCreator", |
| groups = "project-webrtc-ci-task-accounts", |
| ), |
| ], |
| ) |
| |
| luci.realm(name = "pools/try", bindings = [ |
| # Allow to use LED & Swarming "Debug" feature to a larger group but only on try bots / builders. |
| luci.binding( |
| roles = "role/swarming.poolUser", |
| groups = "project-webrtc-led-users", |
| ), |
| ]) |
| luci.realm(name = "pools/try-tests", bindings = [ |
| # Allow task service accounts of .try pool/bucket to trigger tasks here. |
| luci.binding( |
| roles = "role/swarming.poolUser", |
| groups = "project-webrtc-try-task-accounts", |
| ), |
| # Allow tasks here to use .try task service accounts. |
| luci.binding( |
| roles = "role/swarming.taskServiceAccount", |
| groups = "project-webrtc-try-task-accounts", |
| ), |
| ]) |
| luci.realm( |
| name = "try", |
| extends = "debug-bot-acls", |
| bindings = [ |
| luci.binding( |
| roles = "role/buildbucket.creator", |
| groups = "project-webrtc-led-users", |
| ), |
| luci.binding( |
| roles = "role/swarming.taskTriggerer", |
| groups = "project-webrtc-led-users", |
| ), |
| # Allow try builders to create invocations in their own builds. |
| luci.binding( |
| roles = "role/resultdb.invocationCreator", |
| groups = "project-webrtc-try-task-accounts", |
| ), |
| ], |
| ) |
| |
| luci.realm(name = "pools/perf", bindings = [ |
| # Allow to use LED & Swarming "Debug" feature to a larger group but only on perf bots / builders. |
| luci.binding( |
| roles = "role/swarming.poolUser", |
| groups = "project-webrtc-led-users", |
| ), |
| ]) |
| luci.realm( |
| name = "perf", |
| extends = "debug-bot-acls", |
| bindings = [ |
| luci.binding( |
| roles = "role/buildbucket.creator", |
| groups = "project-webrtc-led-users", |
| ), |
| luci.binding( |
| roles = "role/swarming.taskTriggerer", |
| groups = "project-webrtc-led-users", |
| ), |
| ], |
| ) |
| |
| # Allow admins to use LED & Swarming "Debug" feature on WebRTC bots where this permission is extended. |
| luci.realm(name = "debug-bot-acls", bindings = [ |
| luci.binding( |
| roles = "role/swarming.poolUser", |
| groups = "project-webrtc-admins", |
| ), |
| luci.binding( |
| roles = "role/buildbucket.creator", |
| groups = "project-webrtc-admins", |
| ), |
| luci.binding( |
| roles = "role/swarming.taskTriggerer", |
| groups = "project-webrtc-admins", |
| ), |
| ]) |
| |
| # Bucket definitions: |
| |
| luci.bucket( |
| name = "try", |
| acls = [ |
| acl.entry(acl.BUILDBUCKET_TRIGGERER, groups = [ |
| "service-account-cq", |
| "project-webrtc-tryjob-access", |
| ]), |
| ], |
| constraints = luci.bucket_constraints( |
| pools = ["luci.webrtc.try"], |
| service_accounts = ["webrtc-try-builder@chops-service-accounts.iam.gserviceaccount.com"], |
| ), |
| ) |
| |
| luci.bucket( |
| name = "ci", |
| acls = [ |
| acl.entry(acl.BUILDBUCKET_TRIGGERER, groups = [ |
| "project-webrtc-ci-schedulers", |
| ]), |
| ], |
| constraints = luci.bucket_constraints( |
| pools = ["luci.webrtc.ci"], |
| service_accounts = ["webrtc-ci-builder@chops-service-accounts.iam.gserviceaccount.com"], |
| ), |
| ) |
| |
| luci.bucket( |
| name = "perf", |
| acls = [ |
| acl.entry(acl.BUILDBUCKET_TRIGGERER, users = [ |
| "webrtc-ci-builder@chops-service-accounts.iam.gserviceaccount.com", |
| ]), |
| acl.entry(acl.BUILDBUCKET_TRIGGERER, groups = [ |
| # Allow Pinpoint to trigger builds for bisection |
| "service-account-chromeperf", |
| ]), |
| ], |
| constraints = luci.bucket_constraints( |
| pools = ["luci.webrtc.perf"], |
| service_accounts = ["webrtc-ci-builder@chops-service-accounts.iam.gserviceaccount.com"], |
| ), |
| ) |
| |
| luci.bucket( |
| name = "cron", |
| ) |
| |
| # Commit queue definitions: |
| |
| luci.cq_group( |
| name = "cq", |
| tree_status_host = "webrtc-status.appspot.com", |
| watch = [cq.refset(repo = WEBRTC_GERRIT, refs = ["refs/heads/main"])], |
| acls = [ |
| acl.entry(acl.CQ_COMMITTER, groups = ["project-webrtc-submit-access"]), |
| acl.entry(acl.CQ_DRY_RUNNER, groups = ["project-webrtc-tryjob-access"]), |
| ], |
| allow_owner_if_submittable = cq.ACTION_DRY_RUN, |
| retry_config = cq.RETRY_ALL_FAILURES, |
| cancel_stale_tryjobs = True, |
| ) |
| |
| luci.cq_group( |
| name = "cq_branch", |
| watch = [cq.refset(repo = WEBRTC_GERRIT, refs = ["refs/branch-heads/.+"])], |
| acls = [ |
| acl.entry(acl.CQ_COMMITTER, groups = ["project-webrtc-submit-access"]), |
| acl.entry(acl.CQ_DRY_RUNNER, groups = ["project-webrtc-tryjob-access"]), |
| ], |
| retry_config = cq.RETRY_ALL_FAILURES, |
| cancel_stale_tryjobs = True, |
| ) |
| |
| luci.cq_group( |
| name = "cq_infra", |
| watch = [cq.refset(repo = WEBRTC_GERRIT, refs = ["refs/heads/infra/config"])], |
| acls = [ |
| acl.entry(acl.CQ_COMMITTER, groups = ["project-webrtc-admins"]), |
| acl.entry(acl.CQ_DRY_RUNNER, groups = ["project-webrtc-tryjob-access"]), |
| ], |
| retry_config = cq.RETRY_ALL_FAILURES, |
| cancel_stale_tryjobs = True, |
| ) |
| |
| luci.cq_tryjob_verifier( |
| builder = "presubmit", |
| cq_group = "cq_infra", |
| ) |
| |
| # Internal-only tryjob always included into CQ: |
| luci.cq_tryjob_verifier( |
| builder = "webrtc-internal:g3.webrtc-internal.try/internal_compile_lite", |
| owner_whitelist = ["project-webrtc-internal-tryjob-access"], |
| cq_group = "cq", |
| ) |
| |
| # Includable via `Cq-Include-Trybots: webrtc-internal/g3.webrtc-internal.try:internal_compile`: |
| luci.cq_tryjob_verifier( |
| builder = "webrtc-internal:g3.webrtc-internal.try/internal_compile", |
| owner_whitelist = ["project-webrtc-internal-tryjob-access"], |
| cq_group = "cq", |
| includable_only = True, |
| ) |
| |
| # Includable via `Cq-Include-Trybots: webrtc-internal/g3.webrtc-internal.try:internal_tests`: |
| luci.cq_tryjob_verifier( |
| builder = "webrtc-internal:g3.webrtc-internal.try/internal_tests", |
| owner_whitelist = ["project-webrtc-internal-tryjob-access"], |
| cq_group = "cq", |
| includable_only = True, |
| ) |
| |
| # Notifier definitions: |
| |
| luci.notifier( |
| name = "post_submit_failure_notifier", |
| on_new_status = ["FAILURE"], |
| notify_emails = [WEBRTC_TROOPER_EMAIL], |
| notify_blamelist = True, |
| template = luci.notifier_template( |
| name = "build_failure", |
| body = io.read_file("templates/build_failure.template"), |
| ), |
| ) |
| |
| luci.notifier( |
| name = "cron_notifier", |
| on_new_status = ["FAILURE", "INFRA_FAILURE"], |
| notify_emails = [WEBRTC_TROOPER_EMAIL], |
| template = luci.notifier_template( |
| name = "cron", |
| body = io.read_file("templates/cron.template"), |
| ), |
| ) |
| |
| luci.notifier( |
| name = "infra_failure_notifier", |
| on_new_status = ["INFRA_FAILURE"], |
| notify_emails = [WEBRTC_TROOPER_EMAIL], |
| template = luci.notifier_template( |
| name = "infra_failure", |
| body = io.read_file("templates/infra_failure.template"), |
| ), |
| ) |
| |
| # Notify findit about completed builds for code coverage purposes |
| luci.buildbucket_notification_topic( |
| name = "projects/findit-for-me/topics/buildbucket_notification", |
| ) |
| |
| # Tree closer definitions: |
| |
| luci.tree_closer( |
| name = "webrtc_tree_closer", |
| tree_status_host = "webrtc-status.appspot.com", |
| # TODO: These step filters are copied verbatim from Gatekeeper, for testing |
| # that LUCI-Notify would take the exact same actions. Once we've switched |
| # over, this should be updated - several of these steps don't exist in |
| # WebRTC recipes. |
| failed_step_regexp = [ |
| "bot_update", |
| "compile", |
| "gclient runhooks", |
| "runhooks", |
| "update", |
| "extract build", |
| "cleanup_temp", |
| "taskkill", |
| "compile", |
| "gn", |
| ], |
| failed_step_regexp_exclude = ".*\\(experimental\\).*", |
| ) |
| |
| # Recipe definitions: |
| |
| def recipe(recipe): |
| return luci.recipe( |
| name = recipe.split("/")[-1], |
| cipd_package = "infra/recipe_bundles/chromium.googlesource.com/chromium/tools/build", |
| cipd_version = "refs/heads/main", |
| recipe = recipe, |
| ) |
| |
| recipe("chromium_trybot") |
| recipe("run_presubmit") |
| recipe("webrtc/auto_roll_webrtc_deps") |
| recipe("webrtc/ios_api_framework") |
| recipe("webrtc/libfuzzer") |
| recipe("webrtc/standalone") |
| recipe("webrtc/update_webrtc_binary_version") |
| recipe("lkgr_finder") |
| register_recipe_experiments("standalone", {}) |
| |
| # Console definitions: |
| |
| luci.console_view(name = "ci", title = "Main", repo = WEBRTC_GIT, header = "console-header.textpb", refs = ["refs/heads/main"]) |
| luci.console_view(name = "perf", title = "Perf", repo = WEBRTC_GIT, header = "console-header.textpb", refs = ["refs/heads/main"]) |
| luci.list_view(name = "cron", title = "Cron") |
| luci.list_view(name = "try", title = "Tryserver") |
| |
| exec("//builders.star") |
