diff --git a/luci-scheduler.cfg b/luci-scheduler.cfg index a80af70e9..a04324f3d 100644 --- a/luci-scheduler.cfg +++ b/luci-scheduler.cfg @@ -6,6 +6,7 @@ job { id: "Android ARM64 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -15,6 +16,7 @@ job { } job { id: "Android Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -24,6 +26,7 @@ job { } job { id: "Android Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -33,6 +36,7 @@ job { } job { id: "Android Tester ARM32 Debug (Nexus 5X)" + realm: "ci" acls { role: TRIGGERER granted_to: "libyuv-ci-builder@chops-service-accounts.iam.gserviceaccount.com" @@ -46,6 +50,7 @@ job { } job { id: "Android Tester ARM32 Release (Nexus 5X)" + realm: "ci" acls { role: TRIGGERER granted_to: "libyuv-ci-builder@chops-service-accounts.iam.gserviceaccount.com" @@ -59,6 +64,7 @@ job { } job { id: "Android Tester ARM64 Debug (Nexus 5X)" + realm: "ci" acls { role: TRIGGERER granted_to: "libyuv-ci-builder@chops-service-accounts.iam.gserviceaccount.com" @@ -72,6 +78,7 @@ job { } job { id: "Android32 x86 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -81,6 +88,7 @@ job { } job { id: "Android64 x64 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -90,6 +98,7 @@ job { } job { id: "DEPS Autoroller" + realm: "cron" schedule: "0 14 * * *" acl_sets: "cron" buildbucket { @@ -100,6 +109,7 @@ job { } job { id: "Linux Asan" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -109,6 +119,7 @@ job { } job { id: "Linux MSan" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -118,6 +129,7 @@ job { } job { id: "Linux Tsan v2" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -127,6 +139,7 @@ job { } job { id: "Linux UBSan" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -136,6 +149,7 @@ job { } job { id: "Linux UBSan vptr" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -145,6 +159,7 @@ job { } job { id: "Linux32 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -154,6 +169,7 @@ job { } job { id: "Linux32 Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -163,6 +179,7 @@ job { } job { id: "Linux64 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -172,6 +189,7 @@ job { } job { id: "Linux64 Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -181,6 +199,7 @@ job { } job { id: "Mac Asan" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -190,6 +209,7 @@ job { } job { id: "Mac64 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -199,6 +219,7 @@ job { } job { id: "Mac64 Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -208,6 +229,7 @@ job { } job { id: "Win32 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -217,6 +239,7 @@ job { } job { id: "Win32 Debug (Clang)" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -226,6 +249,7 @@ job { } job { id: "Win32 Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -235,6 +259,7 @@ job { } job { id: "Win32 Release (Clang)" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -244,6 +269,7 @@ job { } job { id: "Win64 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -253,6 +279,7 @@ job { } job { id: "Win64 Debug (Clang)" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -262,6 +289,7 @@ job { } job { id: "Win64 Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -271,6 +299,7 @@ job { } job { id: "Win64 Release (Clang)" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -280,6 +309,7 @@ job { } job { id: "iOS ARM64 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -289,6 +319,7 @@ job { } job { id: "iOS ARM64 Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -298,6 +329,7 @@ job { } job { id: "iOS Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -307,6 +339,7 @@ job { } job { id: "iOS Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -316,6 +349,7 @@ job { } trigger { id: "master-gitiles-trigger" + realm: "ci" acl_sets: "ci" triggers: "Android ARM64 Debug" triggers: "Android Debug" diff --git a/main.star b/main.star index 019421b7c..ecfd0070f 100755 --- a/main.star +++ b/main.star @@ -3,7 +3,7 @@ """LUCI project configuration for libyuv CQ and CI.""" -lucicfg.check_version("1.15.0") +lucicfg.check_version("1.23.0") LIBYUV_GIT = "https://chromium.googlesource.com/libyuv/libyuv" LIBYUV_GERRIT = "https://chromium-review.googlesource.com/libyuv/libyuv" @@ -19,6 +19,9 @@ GOMA_BACKEND_RBE_ATS_PROD = { "enable_ats": True, } +# Enable LUCI Realms support. +lucicfg.enable_experiment("crbug.com/1085650") + lucicfg.config( lint_checks = ["default"], config_dir = ".", @@ -29,6 +32,7 @@ lucicfg.config( "luci-milo.cfg", "luci-scheduler.cfg", "project.cfg", + "realms.cfg", ], ) diff --git a/realms.cfg b/realms.cfg new file mode 100644 index 000000000..93969f5a4 --- /dev/null +++ b/realms.cfg @@ -0,0 +1,63 @@ +# Auto-generated by lucicfg. +# Do not modify manually. +# +# For the schema of this file, see RealmsCfg message: +# https://luci-config.appspot.com/schemas/projects:realms.cfg + +realms { + name: "@root" + bindings { + role: "role/buildbucket.owner" + principals: "group:project-libyuv-admins" + } + bindings { + role: "role/buildbucket.reader" + principals: "group:all" + } + bindings { + role: "role/configs.reader" + principals: "group:all" + } + bindings { + role: "role/logdog.reader" + principals: "group:all" + } + bindings { + role: "role/logdog.writer" + principals: "group:luci-logdog-chromium-writers" + } + bindings { + role: "role/scheduler.owner" + principals: "group:project-libyuv-admins" + } + bindings { + role: "role/scheduler.reader" + principals: "group:all" + } +} +realms { + name: "ci" + bindings { + role: "role/buildbucket.builderServiceAccount" + principals: "user:libyuv-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + } +} +realms { + name: "cron" + bindings { + role: "role/buildbucket.builderServiceAccount" + principals: "user:libyuv-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com" + } +} +realms { + name: "try" + bindings { + role: "role/buildbucket.builderServiceAccount" + principals: "user:libyuv-try-builder@chops-service-accounts.iam.gserviceaccount.com" + } + bindings { + role: "role/buildbucket.triggerer" + principals: "group:project-libyuv-tryjob-access" + principals: "group:service-account-cq" + } +}