config.star (14327B)
1 #!/usr/bin/env lucicfg 2 3 # Copyright (c) 2019 The WebRTC project authors. All Rights Reserved. 4 # 5 # Use of this source code is governed by a BSD-style license 6 # that can be found in the LICENSE file in the root of the source 7 # tree. An additional intellectual property rights grant can be found 8 # in the file PATENTS. All contributing project authors may 9 # be found in the AUTHORS file in the root of the source tree. 10 11 # https://chromium.googlesource.com/infra/luci/luci-go/+/main/lucicfg/doc/ 12 13 """LUCI project configuration for WebRTC CQ and CI.""" 14 15 load("@chromium-luci//chromium_luci.star", "chromium_luci") 16 load("@chromium-luci//recipe_experiments.star", "register_recipe_experiments") 17 18 WEBRTC_GIT = "https://webrtc.googlesource.com/src" 19 WEBRTC_GERRIT = "https://webrtc-review.googlesource.com/src" 20 WEBRTC_TROOPER_EMAIL = "webrtc-troopers-robots@google.com" 21 22 # Use LUCI Scheduler BBv2 names and add Scheduler realms configs. 23 lucicfg.enable_experiment("crbug.com/1182002") 24 25 luci.builder.defaults.test_presentation.set( 26 resultdb.test_presentation(grouping_keys = ["status", "v.test_suite"]), 27 ) 28 29 lucicfg.config( 30 config_dir = "generated", 31 tracked_files = [ 32 "luci/commit-queue.cfg", 33 "luci/cr-buildbucket.cfg", 34 "luci/luci-analysis.cfg", 35 "luci/luci-logdog.cfg", 36 "luci/luci-milo.cfg", 37 "luci/luci-notify.cfg", 38 "luci/luci-notify/**/*", 39 "luci/luci-scheduler.cfg", 40 "luci/project.cfg", 41 "luci/realms.cfg", 42 ], 43 ) 44 45 chromium_luci.configure_project( 46 name = "project", 47 is_main = True, 48 platforms = {}, 49 ) 50 51 chromium_luci.configure_builder_health_indicators( 52 unhealthy_period_days = 7, 53 pending_time_p50_min = 20, 54 ) 55 56 chromium_luci.configure_ci( 57 test_results_bq_dataset_name = "resultdb", 58 resultdb_index_by_timestamp = False, 59 ) 60 61 chromium_luci.configure_recipe_experiments( 62 # This can be removed once all builders use the chromium-luci wrappers for 63 # creating builders instead of directly calling luci.builder(). 64 require_builder_wrappers = False, 65 ) 66 67 luci.project( 68 name = "webrtc", 69 config_dir = "luci", 70 buildbucket = "cr-buildbucket.appspot.com", 71 logdog = "luci-logdog.appspot.com", 72 milo = "luci-milo.appspot.com", 73 notify = "luci-notify.appspot.com", 74 scheduler = "luci-scheduler.appspot.com", 75 swarming = "chromium-swarm.appspot.com", 76 acls = [ 77 acl.entry( 78 [acl.BUILDBUCKET_READER, acl.LOGDOG_READER, acl.PROJECT_CONFIGS_READER, acl.SCHEDULER_READER], 79 groups = ["all"], 80 ), 81 acl.entry(acl.LOGDOG_WRITER, groups = ["luci-logdog-chromium-writers"]), 82 acl.entry(acl.SCHEDULER_OWNER, groups = ["project-webrtc-admins"]), 83 ], 84 bindings = [ 85 luci.binding( 86 roles = "role/configs.validator", 87 users = [ 88 "webrtc-try-builder@chops-service-accounts.iam.gserviceaccount.com", 89 ], 90 ), 91 luci.binding( 92 roles = "role/swarming.poolOwner", 93 groups = "project-webrtc-admins", 94 ), 95 luci.binding( 96 roles = "role/swarming.poolViewer", 97 groups = "all", 98 ), 99 # Allow any WebRTC build to trigger a test ran under chromium-tester@ 100 # task service account. 101 luci.binding( 102 roles = "role/swarming.taskServiceAccount", 103 users = [ 104 "chromium-tester@chops-service-accounts.iam.gserviceaccount.com", 105 ], 106 ), 107 # Roles for LUCI Analysis. 108 luci.binding( 109 roles = "role/analysis.reader", 110 groups = "all", 111 ), 112 luci.binding( 113 roles = "role/analysis.queryUser", 114 groups = "authenticated-users", 115 ), 116 luci.binding( 117 roles = "role/analysis.editor", 118 groups = "googlers", 119 ), 120 ], 121 ) 122 123 luci.logdog( 124 gs_bucket = "chromium-luci-logdog", 125 ) 126 127 luci.milo( 128 logo = "https://storage.googleapis.com/chrome-infra/webrtc-logo-vert-retro-255x305.png", 129 ) 130 131 # Configure Weetbix (config is copied verbatim) 132 ################################################################################ 133 134 lucicfg.emit( 135 dest = "luci/luci-analysis.cfg", 136 data = io.read_file("luci-analysis.cfg"), 137 ) 138 139 ################################################################################ 140 141 luci.notify(tree_closing_enabled = True) 142 143 luci.cq( 144 status_host = "chromium-cq-status.appspot.com", 145 submit_max_burst = 1, 146 submit_burst_delay = 1 * time.minute, 147 ) 148 149 luci.gitiles_poller( 150 name = "webrtc-gitiles-trigger-main", 151 bucket = "ci", 152 repo = WEBRTC_GIT, 153 refs = ["refs/heads/main"], 154 ) 155 156 # Swarming permissions: 157 158 luci.realm(name = "pools/cron", bindings = [ 159 # Unlike WebRTC's own builders, other projects need an explicit grant to use this pool. 160 luci.binding( 161 roles = "role/swarming.poolUser", 162 projects = "libyuv", 163 ), 164 ]) 165 166 luci.realm(name = "pools/ci") 167 luci.realm(name = "pools/ci-tests", bindings = [ 168 # Allow task service accounts of .ci pool/bucket to trigger tasks here. 169 luci.binding( 170 roles = "role/swarming.poolUser", 171 groups = "project-webrtc-ci-task-accounts", 172 ), 173 # Allow tasks here to use .ci task service accounts. 174 luci.binding( 175 roles = "role/swarming.taskServiceAccount", 176 groups = "project-webrtc-ci-task-accounts", 177 ), 178 ]) 179 luci.realm( 180 name = "ci", 181 extends = "debug-bot-acls", 182 bindings = [ 183 # Allow CI builders to create invocations in their own builds. 184 luci.binding( 185 roles = "role/resultdb.invocationCreator", 186 groups = "project-webrtc-ci-task-accounts", 187 ), 188 ], 189 ) 190 191 luci.realm(name = "pools/try", bindings = [ 192 # Allow to use LED & Swarming "Debug" feature to a larger group but only on try bots / builders. 193 luci.binding( 194 roles = "role/swarming.poolUser", 195 groups = "project-webrtc-led-users", 196 ), 197 ]) 198 luci.realm(name = "pools/try-tests", bindings = [ 199 # Allow task service accounts of .try pool/bucket to trigger tasks here. 200 luci.binding( 201 roles = "role/swarming.poolUser", 202 groups = "project-webrtc-try-task-accounts", 203 ), 204 # Allow tasks here to use .try task service accounts. 205 luci.binding( 206 roles = "role/swarming.taskServiceAccount", 207 groups = "project-webrtc-try-task-accounts", 208 ), 209 ]) 210 luci.realm( 211 name = "try", 212 extends = "debug-bot-acls", 213 bindings = [ 214 luci.binding( 215 roles = "role/buildbucket.creator", 216 groups = "project-webrtc-led-users", 217 ), 218 luci.binding( 219 roles = "role/swarming.taskTriggerer", 220 groups = "project-webrtc-led-users", 221 ), 222 # Allow try builders to create invocations in their own builds. 223 luci.binding( 224 roles = "role/resultdb.invocationCreator", 225 groups = "project-webrtc-try-task-accounts", 226 ), 227 ], 228 ) 229 230 luci.realm(name = "pools/perf", bindings = [ 231 # Allow to use LED & Swarming "Debug" feature to a larger group but only on perf bots / builders. 232 luci.binding( 233 roles = "role/swarming.poolUser", 234 groups = "project-webrtc-led-users", 235 ), 236 ]) 237 luci.realm( 238 name = "perf", 239 extends = "debug-bot-acls", 240 bindings = [ 241 luci.binding( 242 roles = "role/buildbucket.creator", 243 groups = "project-webrtc-led-users", 244 ), 245 luci.binding( 246 roles = "role/swarming.taskTriggerer", 247 groups = "project-webrtc-led-users", 248 ), 249 ], 250 ) 251 252 # Allow admins to use LED & Swarming "Debug" feature on WebRTC bots where this permission is extended. 253 luci.realm(name = "debug-bot-acls", bindings = [ 254 luci.binding( 255 roles = "role/swarming.poolUser", 256 groups = "project-webrtc-admins", 257 ), 258 luci.binding( 259 roles = "role/buildbucket.creator", 260 groups = "project-webrtc-admins", 261 ), 262 luci.binding( 263 roles = "role/swarming.taskTriggerer", 264 groups = "project-webrtc-admins", 265 ), 266 ]) 267 268 # Bucket definitions: 269 270 luci.bucket( 271 name = "try", 272 acls = [ 273 acl.entry(acl.BUILDBUCKET_TRIGGERER, groups = [ 274 "service-account-cq", 275 "project-webrtc-tryjob-access", 276 ]), 277 ], 278 constraints = luci.bucket_constraints( 279 pools = ["luci.webrtc.try"], 280 service_accounts = ["webrtc-try-builder@chops-service-accounts.iam.gserviceaccount.com"], 281 ), 282 ) 283 284 luci.bucket( 285 name = "ci", 286 acls = [ 287 acl.entry(acl.BUILDBUCKET_TRIGGERER, groups = [ 288 "project-webrtc-ci-schedulers", 289 ]), 290 ], 291 constraints = luci.bucket_constraints( 292 pools = ["luci.webrtc.ci"], 293 service_accounts = ["webrtc-ci-builder@chops-service-accounts.iam.gserviceaccount.com"], 294 ), 295 ) 296 297 luci.bucket( 298 name = "perf", 299 acls = [ 300 acl.entry(acl.BUILDBUCKET_TRIGGERER, users = [ 301 "webrtc-ci-builder@chops-service-accounts.iam.gserviceaccount.com", 302 ]), 303 acl.entry(acl.BUILDBUCKET_TRIGGERER, groups = [ 304 # Allow Pinpoint to trigger builds for bisection 305 "service-account-chromeperf", 306 ]), 307 ], 308 constraints = luci.bucket_constraints( 309 pools = ["luci.webrtc.perf"], 310 service_accounts = ["webrtc-ci-builder@chops-service-accounts.iam.gserviceaccount.com"], 311 ), 312 ) 313 314 luci.bucket( 315 name = "cron", 316 ) 317 318 # Commit queue definitions: 319 320 luci.cq_group( 321 name = "cq", 322 tree_status_host = "webrtc-status.appspot.com", 323 watch = [cq.refset(repo = WEBRTC_GERRIT, refs = ["refs/heads/main"])], 324 acls = [ 325 acl.entry(acl.CQ_COMMITTER, groups = ["project-webrtc-submit-access"]), 326 acl.entry(acl.CQ_DRY_RUNNER, groups = ["project-webrtc-tryjob-access"]), 327 ], 328 allow_owner_if_submittable = cq.ACTION_DRY_RUN, 329 retry_config = cq.RETRY_ALL_FAILURES, 330 cancel_stale_tryjobs = True, 331 ) 332 333 luci.cq_group( 334 name = "cq_branch", 335 watch = [cq.refset(repo = WEBRTC_GERRIT, refs = ["refs/branch-heads/.+"])], 336 acls = [ 337 acl.entry(acl.CQ_COMMITTER, groups = ["project-webrtc-submit-access"]), 338 acl.entry(acl.CQ_DRY_RUNNER, groups = ["project-webrtc-tryjob-access"]), 339 ], 340 retry_config = cq.RETRY_ALL_FAILURES, 341 cancel_stale_tryjobs = True, 342 ) 343 344 luci.cq_group( 345 name = "cq_infra", 346 watch = [cq.refset(repo = WEBRTC_GERRIT, refs = ["refs/heads/infra/config"])], 347 acls = [ 348 acl.entry(acl.CQ_COMMITTER, groups = ["project-webrtc-admins"]), 349 acl.entry(acl.CQ_DRY_RUNNER, groups = ["project-webrtc-tryjob-access"]), 350 ], 351 retry_config = cq.RETRY_ALL_FAILURES, 352 cancel_stale_tryjobs = True, 353 ) 354 355 luci.cq_tryjob_verifier( 356 builder = "presubmit", 357 cq_group = "cq_infra", 358 ) 359 360 # Internal-only tryjob always included into CQ: 361 luci.cq_tryjob_verifier( 362 builder = "webrtc-internal:g3.webrtc-internal.try/internal_compile_lite", 363 owner_whitelist = ["project-webrtc-internal-tryjob-access"], 364 cq_group = "cq", 365 ) 366 367 # Includable via `Cq-Include-Trybots: webrtc-internal/g3.webrtc-internal.try:internal_compile`: 368 luci.cq_tryjob_verifier( 369 builder = "webrtc-internal:g3.webrtc-internal.try/internal_compile", 370 owner_whitelist = ["project-webrtc-internal-tryjob-access"], 371 cq_group = "cq", 372 includable_only = True, 373 ) 374 375 # Includable via `Cq-Include-Trybots: webrtc-internal/g3.webrtc-internal.try:internal_tests`: 376 luci.cq_tryjob_verifier( 377 builder = "webrtc-internal:g3.webrtc-internal.try/internal_tests", 378 owner_whitelist = ["project-webrtc-internal-tryjob-access"], 379 cq_group = "cq", 380 includable_only = True, 381 ) 382 383 # Notifier definitions: 384 385 luci.notifier( 386 name = "post_submit_failure_notifier", 387 on_new_status = ["FAILURE"], 388 notify_emails = [WEBRTC_TROOPER_EMAIL], 389 notify_blamelist = True, 390 template = luci.notifier_template( 391 name = "build_failure", 392 body = io.read_file("templates/build_failure.template"), 393 ), 394 ) 395 396 luci.notifier( 397 name = "cron_notifier", 398 on_new_status = ["FAILURE", "INFRA_FAILURE"], 399 notify_emails = [WEBRTC_TROOPER_EMAIL], 400 template = luci.notifier_template( 401 name = "cron", 402 body = io.read_file("templates/cron.template"), 403 ), 404 ) 405 406 luci.notifier( 407 name = "infra_failure_notifier", 408 on_new_status = ["INFRA_FAILURE"], 409 notify_emails = [WEBRTC_TROOPER_EMAIL], 410 template = luci.notifier_template( 411 name = "infra_failure", 412 body = io.read_file("templates/infra_failure.template"), 413 ), 414 ) 415 416 # Notify findit about completed builds for code coverage purposes 417 luci.buildbucket_notification_topic( 418 name = "projects/findit-for-me/topics/buildbucket_notification", 419 ) 420 421 # Tree closer definitions: 422 423 luci.tree_closer( 424 name = "webrtc_tree_closer", 425 tree_status_host = "webrtc-status.appspot.com", 426 # TODO: These step filters are copied verbatim from Gatekeeper, for testing 427 # that LUCI-Notify would take the exact same actions. Once we've switched 428 # over, this should be updated - several of these steps don't exist in 429 # WebRTC recipes. 430 failed_step_regexp = [ 431 "bot_update", 432 "compile", 433 "gclient runhooks", 434 "runhooks", 435 "update", 436 "extract build", 437 "cleanup_temp", 438 "taskkill", 439 "compile", 440 "gn", 441 ], 442 failed_step_regexp_exclude = ".*\\(experimental\\).*", 443 ) 444 445 # Recipe definitions: 446 447 def recipe(recipe): 448 return luci.recipe( 449 name = recipe.split("/")[-1], 450 cipd_package = "infra/recipe_bundles/chromium.googlesource.com/chromium/tools/build", 451 cipd_version = "refs/heads/main", 452 recipe = recipe, 453 ) 454 455 recipe("chromium_trybot") 456 recipe("run_presubmit") 457 recipe("webrtc/auto_roll_webrtc_deps") 458 recipe("webrtc/ios_api_framework") 459 recipe("webrtc/libfuzzer") 460 recipe("webrtc/standalone") 461 recipe("webrtc/update_webrtc_binary_version") 462 recipe("lkgr_finder") 463 register_recipe_experiments("standalone", {}) 464 465 # Console definitions: 466 467 luci.console_view(name = "ci", title = "Main", repo = WEBRTC_GIT, header = "console-header.textpb", refs = ["refs/heads/main"]) 468 luci.console_view(name = "perf", title = "Perf", repo = WEBRTC_GIT, header = "console-header.textpb", refs = ["refs/heads/main"]) 469 luci.list_view(name = "cron", title = "Cron") 470 luci.list_view(name = "try", title = "Tryserver") 471 472 exec("//builders.star")