diff --git a/infra/config/cr-buildbucket.cfg b/infra/config/cr-buildbucket.cfg index 3388f02fb..3dc066c09 100644 --- a/infra/config/cr-buildbucket.cfg +++ b/infra/config/cr-buildbucket.cfg @@ -615,6 +615,7 @@ buckets { } constraints { pools: "luci.flex.ci" + service_accounts: "libyuv-ci-builder@chops-service-accounts.iam.gserviceaccount.com" } dynamic_builder_template {} } @@ -1173,6 +1174,7 @@ buckets { } constraints { pools: "luci.flex.try" + service_accounts: "libyuv-try-builder@chops-service-accounts.iam.gserviceaccount.com" } dynamic_builder_template {} } diff --git a/infra/config/main.star b/infra/config/main.star index 32e2505e4..50f464dea 100755 --- a/infra/config/main.star +++ b/infra/config/main.star @@ -177,6 +177,9 @@ luci.bucket( shadows = "ci", constraints = luci.bucket_constraints( pools = ["luci.flex.ci"], + service_accounts = [ + "libyuv-ci-builder@chops-service-accounts.iam.gserviceaccount.com", + ], ), bindings = [ # For led permissions. @@ -212,6 +215,9 @@ luci.bucket( shadows = "try", constraints = luci.bucket_constraints( pools = ["luci.flex.try"], + service_accounts = [ + "libyuv-try-builder@chops-service-accounts.iam.gserviceaccount.com", + ], ), bindings = [ # For led permissions. diff --git a/infra/config/realms.cfg b/infra/config/realms.cfg index ba9b20b89..b4bae90ea 100644 --- a/infra/config/realms.cfg +++ b/infra/config/realms.cfg @@ -64,6 +64,10 @@ realms { } realms { name: "ci.shadow" + bindings { + role: "role/buildbucket.builderServiceAccount" + principals: "user:libyuv-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + } bindings { role: "role/buildbucket.creator" principals: "group:chromium-led-users" @@ -93,6 +97,10 @@ realms { } realms { name: "try.shadow" + bindings { + role: "role/buildbucket.builderServiceAccount" + principals: "user:libyuv-try-builder@chops-service-accounts.iam.gserviceaccount.com" + } bindings { role: "role/buildbucket.creator" principals: "group:chromium-led-users"