blob: 0b673d79569d116515a4559d3357db0ee78797de [file] [log] [blame]
#!/usr/bin/env lucicfg
# Copyright 2019 The Flutter Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""
LUCI project configuration for the production instance of LUCI.
After modifying this file execute it ('./main.star') to regenerate the configs.
This file uses a Python-like syntax known as Starlark:
https://docs.bazel.build/versions/master/skylark/language.html
The documentation for lucicfg can be found here:
https://chromium.googlesource.com/infra/luci/luci-go/+/refs/heads/master/lucicfg/doc/README.md
"""
load("//lib/common.star", "common")
load("//lib/repos.star", "repos")
load("//lib/release_branches/release_branches.star", "release_branches")
load("//cocoon_config.star", "cocoon_config")
load("//devicelab_staging_config.star", "devicelab_staging_config")
load("//flutter_config.star", "flutter_config")
load("//recipes_config.star", "recipes_config")
load("//engine_config.star", "engine_config")
load("//infra_config.star", "infra_config")
load("//iostools_config.star", "iostools_config")
load("//packages_config.star", "packages_config")
load("//packaging_config.star", "packaging_config")
load("//plugins_config.star", "plugins_config")
# Avoid jumping back and forth with configs being updated by lower version
# lucicfg.
LUCICFG_VERSION = "1.30.9"
lucicfg.check_version(LUCICFG_VERSION)
# Use LUCI Scheduler BBv2 names and add Scheduler realms configs.
lucicfg.enable_experiment("crbug.com/1182002")
lucicfg.config(
config_dir = "generated/flutter",
tracked_files = ["**/*"],
fail_on_warnings = True,
lint_checks = ["default"],
)
luci.project(
name = "flutter",
config_dir = "luci",
buildbucket = "cr-buildbucket.appspot.com",
logdog = "luci-logdog.appspot.com",
milo = "luci-milo.appspot.com",
scheduler = "luci-scheduler.appspot.com",
swarming = "chromium-swarm.appspot.com",
notify = "luci-notify.appspot.com",
acls = [
acl.entry(
roles = [
acl.BUILDBUCKET_READER,
acl.LOGDOG_READER,
acl.PROJECT_CONFIGS_READER,
acl.SCHEDULER_READER,
],
groups = "all",
),
acl.entry(
roles = [
acl.BUILDBUCKET_TRIGGERER,
acl.SCHEDULER_TRIGGERER,
],
groups = [
"project-flutter-prod-schedulers",
"project-flutter-staging-schedulers",
],
),
acl.entry(
roles = [
acl.BUILDBUCKET_OWNER,
acl.SCHEDULER_OWNER,
],
groups = "project-flutter-admins",
),
acl.entry(
acl.LOGDOG_WRITER,
groups = "luci-logdog-chromium-writers",
),
acl.entry(
roles = [acl.CQ_COMMITTER, acl.CQ_DRY_RUNNER],
groups = ["project-flutter-try-schedulers"],
),
],
bindings = [
luci.binding(
roles = "role/configs.validator",
groups = [
"project-flutter-try-task-accounts",
"project-flutter-prod-task-accounts",
"project-flutter-staging-task-accounts",
],
),
luci.binding(
roles = "role/swarming.poolOwner",
groups = "project-flutter-admins",
),
luci.binding(
roles = "role/swarming.poolViewer",
groups = "all", # public
),
],
)
# Allow admins to use LED and "Debug" button on every builder and bot.
luci.binding(
realm = "@root",
roles = "role/swarming.poolUser",
groups = "project-flutter-admins",
)
luci.binding(
realm = "@root",
roles = "role/swarming.taskTriggerer",
groups = "project-flutter-admins",
)
# These 4 pool security realms are effectively no-ops,
# as they inherit ACLs from the @root realm (defined via acls/bindings above).
# However, they are left here to ensure humans can search & find them,
# since they are referenced from LUCI's side of configs in `pools.cfg` file.
luci.realm(name = "pools/prod")
luci.realm(name = "pools/try")
luci.realm(name = "pools/staging")
luci.realm(name = "pools/tests")
def task_triggerers(*, pool_realm, builder_realms, users = None, groups = None):
# Allow submitting tasks to the pool.
luci.binding(
realm = pool_realm,
roles = "role/swarming.poolUser",
users = users,
groups = groups,
)
# Allow associating tasks with a particular builder realm.
luci.binding(
realm = builder_realms,
roles = "role/swarming.taskTriggerer",
users = users,
groups = groups,
)
# Permissions to run LED jobs with try builds.
task_triggerers(
pool_realm = "pools/try",
builder_realms = ["try"],
users = ["flutter-try-builder@chops-service-accounts.iam.gserviceaccount.com"],
groups = [
"project-flutter-led-users",
"project-flutter-try-schedulers",
],
)
# Permissions to run LED jobs with staging builds.
task_triggerers(
pool_realm = "pools/staging",
builder_realms = ["staging"],
groups = [
"project-flutter-led-users",
"project-flutter-staging-schedulers",
],
)
luci.logdog(gs_bucket = "chromium-luci-logdog")
luci.milo(
logo =
"https://storage.googleapis.com/chrome-infra-public/logo/flutter-logo.svg",
favicon = "https://storage.googleapis.com/flutter_infra/favicon.ico",
)
luci.bucket(
name = "prod",
acls = [
acl.entry(
acl.BUILDBUCKET_TRIGGERER,
groups = "project-flutter-prod-schedulers",
),
acl.entry(
acl.SCHEDULER_TRIGGERER,
groups = "project-flutter-prod-schedulers",
),
],
)
luci.bucket(
name = "try",
acls = [
acl.entry(
acl.BUILDBUCKET_TRIGGERER,
groups =
"project-flutter-try-schedulers",
),
],
)
luci.bucket(
name = "staging",
acls = [
acl.entry(
acl.BUILDBUCKET_TRIGGERER,
groups = "project-flutter-staging-schedulers",
),
],
)
# CQ group configurations. Only FLUTTER_RECIPES is using
# LUCI CQ but we still need the CQ configurations for all
# the try configurations for led recipe tests.
common.cq_group(repos.FLUTTER_INFRA)
common.cq_group(repos.FLUTTER_RECIPES)
luci.builder.defaults.properties.set({
"$kitchen": {
"emulate_gce": True,
},
"$fuchsia/goma": {
"server": "rbe-prod1.endpoints.fuchsia-infra-goma-prod.cloud.goog",
},
"$recipe_engine/isolated": {
"server": "https://isolateserver.appspot.com",
},
"$recipe_engine/swarming": {
"server": "https://chromium-swarm.appspot.com",
},
"mastername": "client.flutter",
"goma_jobs": "200",
"upload_packages": False,
"clobber": False,
})
############################ End Global Defaults ############################
cocoon_config.setup()
devicelab_staging_config.setup()
# While it doens't make alphabetical sense, temporarily it does
flutter_config.setup()
engine_config.setup()
infra_config.setup()
iostools_config.setup()
packages_config.setup()
packaging_config.setup(release_branches)
recipes_config.setup()
plugins_config.setup()
######################### Console Definitions #################################