From f40daf58a097f9c1d158384b1d3a172a58a53bf5 Mon Sep 17 00:00:00 2001 From: Andrii Shyshkalov Date: Tue, 27 Apr 2021 17:12:19 +0200 Subject: [PATCH] [realms] generate realms.cfg but don't use it yet. libyuv doesn't have its own swarming pools, so this is trivial. Follow up will opt in libyuv to actually use realms when creating builds. Bug: chromium:1203285 Change-Id: Idc38be967992255cb1b852edcf114ac98df4fc5d Reviewed-on: https://chromium-review.googlesource.com/c/libyuv/libyuv/+/2854458 Commit-Queue: Andrii Shyshkalov Reviewed-by: Mirko Bonadei --- luci-scheduler.cfg | 34 +++++++++++++++++++++++++ main.star | 6 ++++- realms.cfg | 63 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 realms.cfg diff --git a/luci-scheduler.cfg b/luci-scheduler.cfg index a80af70e9..a04324f3d 100644 --- a/luci-scheduler.cfg +++ b/luci-scheduler.cfg @@ -6,6 +6,7 @@ job { id: "Android ARM64 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -15,6 +16,7 @@ job { } job { id: "Android Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -24,6 +26,7 @@ job { } job { id: "Android Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -33,6 +36,7 @@ job { } job { id: "Android Tester ARM32 Debug (Nexus 5X)" + realm: "ci" acls { role: TRIGGERER granted_to: "libyuv-ci-builder@chops-service-accounts.iam.gserviceaccount.com" @@ -46,6 +50,7 @@ job { } job { id: "Android Tester ARM32 Release (Nexus 5X)" + realm: "ci" acls { role: TRIGGERER granted_to: "libyuv-ci-builder@chops-service-accounts.iam.gserviceaccount.com" @@ -59,6 +64,7 @@ job { } job { id: "Android Tester ARM64 Debug (Nexus 5X)" + realm: "ci" acls { role: TRIGGERER granted_to: "libyuv-ci-builder@chops-service-accounts.iam.gserviceaccount.com" @@ -72,6 +78,7 @@ job { } job { id: "Android32 x86 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -81,6 +88,7 @@ job { } job { id: "Android64 x64 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -90,6 +98,7 @@ job { } job { id: "DEPS Autoroller" + realm: "cron" schedule: "0 14 * * *" acl_sets: "cron" buildbucket { @@ -100,6 +109,7 @@ job { } job { id: "Linux Asan" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -109,6 +119,7 @@ job { } job { id: "Linux MSan" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -118,6 +129,7 @@ job { } job { id: "Linux Tsan v2" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -127,6 +139,7 @@ job { } job { id: "Linux UBSan" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -136,6 +149,7 @@ job { } job { id: "Linux UBSan vptr" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -145,6 +159,7 @@ job { } job { id: "Linux32 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -154,6 +169,7 @@ job { } job { id: "Linux32 Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -163,6 +179,7 @@ job { } job { id: "Linux64 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -172,6 +189,7 @@ job { } job { id: "Linux64 Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -181,6 +199,7 @@ job { } job { id: "Mac Asan" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -190,6 +209,7 @@ job { } job { id: "Mac64 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -199,6 +219,7 @@ job { } job { id: "Mac64 Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -208,6 +229,7 @@ job { } job { id: "Win32 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -217,6 +239,7 @@ job { } job { id: "Win32 Debug (Clang)" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -226,6 +249,7 @@ job { } job { id: "Win32 Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -235,6 +259,7 @@ job { } job { id: "Win32 Release (Clang)" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -244,6 +269,7 @@ job { } job { id: "Win64 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -253,6 +279,7 @@ job { } job { id: "Win64 Debug (Clang)" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -262,6 +289,7 @@ job { } job { id: "Win64 Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -271,6 +299,7 @@ job { } job { id: "Win64 Release (Clang)" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -280,6 +309,7 @@ job { } job { id: "iOS ARM64 Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -289,6 +319,7 @@ job { } job { id: "iOS ARM64 Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -298,6 +329,7 @@ job { } job { id: "iOS Debug" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -307,6 +339,7 @@ job { } job { id: "iOS Release" + realm: "ci" acl_sets: "ci" buildbucket { server: "cr-buildbucket.appspot.com" @@ -316,6 +349,7 @@ job { } trigger { id: "master-gitiles-trigger" + realm: "ci" acl_sets: "ci" triggers: "Android ARM64 Debug" triggers: "Android Debug" diff --git a/main.star b/main.star index 019421b7c..ecfd0070f 100755 --- a/main.star +++ b/main.star @@ -3,7 +3,7 @@ """LUCI project configuration for libyuv CQ and CI.""" -lucicfg.check_version("1.15.0") +lucicfg.check_version("1.23.0") LIBYUV_GIT = "https://chromium.googlesource.com/libyuv/libyuv" LIBYUV_GERRIT = "https://chromium-review.googlesource.com/libyuv/libyuv" @@ -19,6 +19,9 @@ GOMA_BACKEND_RBE_ATS_PROD = { "enable_ats": True, } +# Enable LUCI Realms support. +lucicfg.enable_experiment("crbug.com/1085650") + lucicfg.config( lint_checks = ["default"], config_dir = ".", @@ -29,6 +32,7 @@ lucicfg.config( "luci-milo.cfg", "luci-scheduler.cfg", "project.cfg", + "realms.cfg", ], ) diff --git a/realms.cfg b/realms.cfg new file mode 100644 index 000000000..93969f5a4 --- /dev/null +++ b/realms.cfg @@ -0,0 +1,63 @@ +# Auto-generated by lucicfg. +# Do not modify manually. +# +# For the schema of this file, see RealmsCfg message: +# https://luci-config.appspot.com/schemas/projects:realms.cfg + +realms { + name: "@root" + bindings { + role: "role/buildbucket.owner" + principals: "group:project-libyuv-admins" + } + bindings { + role: "role/buildbucket.reader" + principals: "group:all" + } + bindings { + role: "role/configs.reader" + principals: "group:all" + } + bindings { + role: "role/logdog.reader" + principals: "group:all" + } + bindings { + role: "role/logdog.writer" + principals: "group:luci-logdog-chromium-writers" + } + bindings { + role: "role/scheduler.owner" + principals: "group:project-libyuv-admins" + } + bindings { + role: "role/scheduler.reader" + principals: "group:all" + } +} +realms { + name: "ci" + bindings { + role: "role/buildbucket.builderServiceAccount" + principals: "user:libyuv-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + } +} +realms { + name: "cron" + bindings { + role: "role/buildbucket.builderServiceAccount" + principals: "user:libyuv-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com" + } +} +realms { + name: "try" + bindings { + role: "role/buildbucket.builderServiceAccount" + principals: "user:libyuv-try-builder@chops-service-accounts.iam.gserviceaccount.com" + } + bindings { + role: "role/buildbucket.triggerer" + principals: "group:project-libyuv-tryjob-access" + principals: "group:service-account-cq" + } +}