Early try of poddlers

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

playbooks/openshift-apps/poddlers.yml

@@ -0,0 +1,90 @@
+- name: make the app be real
+  # hosts: os_control[0]:os_control_stg[0]
+  hosts: os_control_stg[0]
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - /srv/private/ansible/vars.yml
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+    - role: openshift/project
+      app: poddlers
+      description: Small fedora-messaging toddlers that keep running around in pods.
+      appowners:
+        - abompard
+        - zlopez
+        - kevin
+        - amedvede
+        - jnsamyak
+      tags:
+        - appowners
+
+    - role: rabbit/user
+      username: toddlers{{ env_suffix }}
+      sent_topics: ^org\.fedoraproject\.{{ env_short }}\.toddlers\..*
+
+    - role: rabbit/queue
+      username: toddlers{{ env_suffix }}
+      queue_name: toddlers{{ env_suffix }}-{{ item.name }}
+      routing_keys: "{{ item.topics }}"
+      thresholds:
+        warning: 10
+        critical: 100
+      loop: "{{ poddlers_toddlers }}"
+
+    - role: openshift/keytab
+      app: poddlers
+      key: service.keytab
+      secret_name: keytab
+      service: toddlers
+
+    - role: openshift/ipa-client
+      app: poddlers
+
+    - role: openshift/object
+      app: poddlers
+      template: buildconfig.yml
+      objectname: buildconfig.yml
+
+    - role: openshift/secret-file
+      app: poddlers
+      secret_name: toddlers-fedora-messaging-key
+      key: toddlers.key
+      privatefile: "rabbitmq/{{env}}/pki/private/toddlers{{env_suffix}}.key"
+
+    - role: openshift/secret-file
+      app: poddlers
+      secret_name: toddlers-fedora-messaging-crt
+      key: toddlers.crt
+      privatefile: "rabbitmq/{{env}}/pki/issued/toddlers{{env_suffix}}.crt"
+
+    - role: openshift/secret-file
+      app: poddlers
+      secret_name: toddlers-fedora-messaging-ca
+      key: toddlers.ca
+      privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+
+    - role: openshift/object
+      app: poddlers
+      template: cron-playtime.yml
+      objectname: cron-playtime.yml
+      tags:
+        - cron-job
+
+    - role: openshift/object
+      app: poddlers
+      template: deploymentconfig.yml
+      objectname: deploymentconfig.yml
+
+    - role: openshift/object
+      app: poddlers
+      template: secret.yml
+      objectname: secret.yml
+
+    - role: openshift/object
+      app: poddlers
+      file: imagestream.yml
+      objectname: imagestream.yml

roles/openshift-apps/poddlers/files/imagestream.yml

@@ -0,0 +1,10 @@
+---
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  name: toddlers
+spec:
+  lookupPolicy:
+    local: false
+status:
+  dockerImageRepository: ""

roles/openshift-apps/poddlers/templates/_macros.yml

@@ -0,0 +1,55 @@
+{% macro common_volume_mounts() -%}
+            - name: toddlers-secret-volume
+              mountPath: /etc/fedora-messaging
+              readOnly: true
+            - name: fedora-messaging-ca-volume
+              mountPath: /etc/pki/rabbitmq/ca
+              readOnly: true
+            - name: fedora-messaging-key-volume
+              mountPath: /etc/pki/rabbitmq/key
+              readOnly: true
+            - name: fedora-messaging-cert-volume
+              mountPath: /etc/pki/rabbitmq/cert
+              readOnly: true
+            - name: ipa-config-volume
+              mountPath: /etc/ipa
+              readOnly: true
+            - name: keytab-volume
+              mountPath: /etc/keytabs
+              readOnly: true
+            - name: temp-volume
+              mountPath: /var/tmp
+{% endmacro %}
+
+
+{% macro common_volumes() -%}
+        - name: toddlers-secret-volume
+          secret:
+            secretName: toddlers-secret
+        - name: fedora-messaging-ca-volume
+          secret:
+            secretName: toddlers-fedora-messaging-ca
+        - name: fedora-messaging-key-volume
+          secret:
+          secretName: toddlers-fedora-messaging-key
+        - name: fedora-messaging-cert-volume
+          secret:
+            secretName: toddlers-fedora-messaging-crt
+        - name: ipa-config-volume
+          configMap:
+            name: ipa-client-config
+        - name: keytab-volume
+          secret:
+            secretName: keytab
+        - name: temp-volume
+{% endmacro %}
+
+
+{% macro common_env() -%}
+            - name: PYTHONPATH
+              value: "/code"
+            - name: KRB5_CONFIG
+              value: /etc/ipa/krb5.conf
+            - name: KRB5_CLIENT_KTNAME
+              value: /etc/keytabs/service.keytab
+{% endmacro %}

roles/openshift-apps/poddlers/templates/buildconfig.yml

@@ -0,0 +1,39 @@
+---
+apiVersion: build.openshift.io/v1
+kind: BuildConfig
+metadata:
+  name: toddlers
+  labels:
+    app: poddlers
+spec:
+  source:
+    type: Git
+    git:
+#       uri: https://pagure.io/fedora-infra/toddlers.git
+# {% if env == 'staging' %}
+#       ref: "staging"
+# {% else %}
+#       ref: "production"
+# {% endif %}
+      uri: https://pagure.io/fork/abompard/fedora-infra/toddlers.git
+      ref: poddlers
+  strategy:
+    type: Source
+    sourceStrategy:
+      from:
+        kind: ImageStreamTag
+        name: python-310:latest
+  output:
+    to:
+      kind: ImageStreamTag
+      name: toddlers:latest
+  triggers:
+  - type: ConfigChange
+  - type: ImageChange
+  - type: GitHub
+    github:
+{% if env == 'staging' %}
+      secret: "{{ toddlers_stg_github_secret }}"
+{% elif env == 'production' %}
+      secret: "{{ toddlers_prod_github_secret }}"
+{% endif %}

roles/openshift-apps/poddlers/templates/cron-playtime.yml

@@ -0,0 +1,33 @@
+{% from "_macros.yml" import common_volume_mounts, common_volumes, common_env %}
+{% for cronjob in poddlers_cronjobs %}
+{% if not cronjob.only_env|defined or cronjob.only_env == env %}
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: playtime-{{ cronjob.name }}
+spec:
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  concurrencyPolicy: Forbid
+  schedule: "{{ cronjob.name }}"
+  startingDeadlineSeconds: 500
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            parent: "cron_playtime_toddlers"
+        spec:
+          restartPolicy: Never
+          containers:
+            - name: toddlers
+              image: image-registry.openshift-image-registry.svc:5000/toddlers/toddlers:latest
+              command: ["/usr/bin/python3", "/code/toddlers/playtime.py", "{{ cronjob.command }}"]
+              env:
+                {{ common_env() | indent(4) }}
+              volumeMounts:
+                {{ common_volume_mounts() | indent(4) }}
+          volumes:
+            {{ common_volumes() | indent(4) }}
+{% endfor %}

roles/openshift-apps/poddlers/templates/deploymentconfig.yml

@@ -0,0 +1,47 @@
+{% from "_macros.yml" import common_volume_mounts, common_volumes, common_env %}
+{% for toddler in poddlers_command %}
+---
+apiVersion: apps.openshift.io/v1
+kind: DeploymentConfig
+metadata:
+  name: {{ toddler.name }}
+  labels:
+    app: poddlers
+spec:
+  replicas: {{ toddler.replicas|default(1) }}
+  selector:
+    app: poddlers
+    deploymentconfig: {{ toddler.name }}
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: poddlers
+        deploymentconfig: {{ toddler.name }}
+    spec:
+      containers:
+        - name: toddlers
+          image: toddlers:latest
+          env:
+            - name: FEDORA_MESSAGING_CONF
+              value: /etc/fedora-messaging/{{ toddler.name }}.toml
+            {{ common_env() }}
+
+          volumeMounts:
+            {{ common_volume_mounts() }}
+
+      volumes:
+        {{ common_volumes() }}
+
+  triggers:
+    - type: ConfigChange
+    - type: ImageChange
+      imageChangeParams:
+        automatic: true
+        containerNames:
+          - toddlers
+        from:
+          kind: ImageStreamTag
+          name: toddlers:latest
+{% endfor %}

roles/openshift-apps/poddlers/templates/email_overrides.toml

@@ -0,0 +1,117 @@
+# This file contains the list of FAS email addresses to override for bugzilla.
+# By default we expect that the email address set in FAS corresponds to
+# the bugzilla account of the person.
+# However, some people prefer to use different addresses in FAS and in
+# bugzilla (for example if they want to use their @fedoraproject alias in
+# bugzilla). To support these requests, this file maps FAS email addresses to
+# Bugzilla email addresses where they differ.
+#
+# Example:
+# "foo@bar.com" = "bar@foo.org"
+
+# Control Center Team: Bugzilla user but email doesn"t exist
+# 9908: "control-center-maint@redhat.com"
+# Matt Domsch"s rebuild script -- bz email goes to /dev/null
+# 103590: "ftbfs@fedoraproject.org"
+
+
+# /!\ WARNING: do not use templating instructions in this file
+#     while being in a template folder it is loaded/processed as
+#     a plain file by toddlers. Adding templating instructions here
+#     will break toddlers!
+
+
+# icon - Konstantin Ryabitsev
+"mricon@gmail.com" = "icon@fedoraproject.org"
+# jafo - Sean Reifschneider
+"jafo@tummy.com" = "jafo-redhat@tummy.com"
+# robert - Robert Scheck
+"redhat@linuxnetz.de" = "redhat-bugzilla@linuxnetz.de"
+# byte - Colin Charles:
+"byte@aeon.com.my" = "byte@fedoraproject.org"
+# mikep - W. Michael Petullo:
+"mike@flyn.org" = "redhat@flyn.org"
+# duffy - Máirín Duffy
+"fedora@linuxgrrl.com" = "duffy@redhat.com"
+# jmrodri - Jesus M. Rodriguez:
+"jmrodri@gmail.com" = "jesusr@redhat.com"
+# mdehaan - Michael DeHaan:
+"michael.dehaan@gmail.com" = "mdehaan@redhat.com"
+# ceski - Davide Cescato:
+"davide.cescato@iaeste.ch" = "ceski@fedoraproject.org"
+# nb - Nick Bebout:
+"nick@bebout.net" = "nb@fedoraproject.org"
+# arxs - Niels Haase:
+"haase.niels@gmail.com" = "arxs@fedoraproject.org"
+# thomasj - Thomas Janssen:
+"th.p.janssen@googlemail.com" = "thomasj@fedoraproject.org"
+# mjg - Michael J Gruber:
+"michaeljgruber+fedoraproject@gmail.com" = "mjg@fedoraproject.org"
+# nushio - Juan Manuel Rodriguez Moreno:
+"nushio@gmail.com" = "nushio@fedoraproject.org"
+# cagney - Andrew Cagney:
+"andrew.cagney@gmail.com" = "cagney@fedoraproject.org"
+# katzj - Jeremy Katz:
+"jeremy@katzbox.net" = "katzj@fedoraproject.org"
+# dmaphy - Dominic Hopf:
+"dmaphy@googlemail.com" = "dmaphy@fedoraproject.org"
+# tomspur - Thomas Spura:
+"thomas.spura@googlemail.com" = "tomspur@fedoraproject.org"
+# maxamillion - Adam Miller:
+"maxamillion@gmail.com" = "admiller@redhat.com"
+# gholms - Garrett Holmstrom:
+"garrett.holmstrom@gmail.com" = "gholms@fedoraproject.org"
+# taljurf - Tareq Al Jurf:
+"taljurf.fedora@gmail.com" = "taljurf@fedoraproject.org"
+# jokajak - Josh Kayse:
+"jokajak@gmail.com" = "jokajak@fedoraproject.org"
+# behdad - Behdad Esfahbod:
+"fedora@behdad.org" = "behdad@fedoraproject.org"
+# dbruno - Daniel Bruno:
+"danielbrunos@gmail.com" = "dbruno@fedoraproject.org"
+# bethlynn - Beth Lynn Eicher:
+"bethlynneicher@gmail.com" = "bethlynn@fedoraproject.org"
+# sheltren - Jeff Sheltren:
+"jeff@tag1consulting.com" = "sheltren@fedoraproject.org"
+# mattdm - Matthew Miller:
+"mattdm@mattdm.org" = "mattdm@redhat.com"
+# jamielinux - Jamie Nguyen:
+"j@jamielinux.com" = "jamielinux@fedoraproject.org"
+# comzeradd - Nikos Roussos:
+"nikos@roussos.cc" = "comzeradd@fedoraproject.org"
+# ib54003- Benedikt Schäfer:
+"b.schaefer@flieden.org" = "ib54003@fedoraproject.org"
+# codeblock - Ricky Elrod:
+"codeblock@elrod.me" = "relrod@redhat.com"
+# fschwarz - Felix Schwarz:
+"felix.schwarz@oss.schwarz.eu" = "fschwarz@fedoraproject.org"
+# jdulaney - John Dulaney:
+"jdulaney@gnu.org" = "jdulaney@fedoraproject.org"
+# devos - Niels de Vos:
+"niels@nixpanic.net" = "ndevos@redhat.com"
+# shawndwells - Shawn Wells:
+"shawn@redhat.com" = "swells@redhat.com"
+# ctubbsii - Christopher Tubbs:
+"ctubbsii+fedora@gmail.com" = "ctubbsii@fedoraproject.org"
+# besser82 - Björn Esser:
+"besser82.fpo@gmail.com" = "besser82@fedoraproject.org"
+# mjw - Mark Wielard:
+"fedora@wildebeest.org" = "mjw@fedoraproject.org"
+# roshi - Mike Ruckman:
+"roshi@mykolab.com" = "roshi@fedoraproject.org"
+# dustymabe - Dusty Mabe:
+"dusty@dustymabe.com" = "dustymabe@redhat.com"
+# jbwillia - Ben Williams:
+"vaioof@gmail.com" = "jbwillia@math.vt.edu"
+# thofmann - Till Hofmann:
+"till.hofmann@posteo.de" = "thofmann@fedoraproject.org"
+# pkfed - Philip Kovacs:
+"phil@mxbits.io" = "pkfed@fedoraproject.org"
+# marcdeop - Marc Deop i Argemí:
+"fedora@marcdeop.com" = "marcdeop@fedoraproject.org"
+# etingof
+"etingof@gmail.com" = "ietingof@redhat.com"
+# lzap - Lukas Zapletal:
+"lukas@zapletalovi.com" = "lzap@redhat.com"
+# anoopcs - Anoop C S:
+"anoopcs@disr.it" = "anoopcs@redhat.com"

roles/openshift-apps/poddlers/templates/fedora-messaging.toml

@@ -0,0 +1,413 @@
+## Fedora Messaging configuration for toddler {{ toddler.name }}
+
+# Broker address
+amqp_url = "amqps://toddlers{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+callback = "toddlers.plugins.{{ toddler.callback }}"
+
+# Just check if the queue exist, don't try to create it as you won't be allowed
+# to (this is done in the ansible playbook)
+passive_declares = true
+
+# The topic_prefix configuration value will add a prefix to the topics of every sent message.
+# This is used for migrating from fedmsg, and should not be used afterwards.
+{% if env == "staging" %}
+topic_prefix = "org.fedoraproject.stg"
+{% else %}
+topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+[tls]
+ca_cert = "/etc/pki/rabbitmq/ca/toddlers.ca"
+keyfile = "/etc/pki/rabbitmq/key/toddlers.key"
+certfile = "/etc/pki/rabbitmq/cert/toddlers.crt"
+
+[client_properties]
+app = "toddlers-{{ toddler.name }}"
+app_url = "https://pagure.io/fedora-infra/toddlers"
+
+[queues."toddlers{{ env_suffix }}-{{ toddler.name }}"]
+durable = true
+auto_delete = false
+exclusive = false
+arguments = {}
+
+[[bindings]]
+queue = "toddlers{{ env_suffix }}-{{ toddler.name }}"
+exchange = "amq.topic"
+{# Use the fact that lists in TOML and JSON are represented the same way #}
+routing_keys = {{ toddler.topics|tojson }}
+
+[consumer_config]
+# Comment out or remove this line if you want to enable the debug toddler.
+# Or add more toddlers to the list (using their name) if you want to disable
+# more of them.
+blocked_toddlers = [
+    "debug",
+    # Block pdc_modules toddler – MBS is retired. Can be removed once toddler has been updated to a
+    # version which doesn’t come with pdc_modules.
+    "pdc_modules",
+{% if env != "staging" %}
+    "distgit_commit_processor",
+{% endif %}
+]
+
+[consumer_config.default]
+# Configuration common to all toddlers.
+#
+# You can override any of these in the section of a particular toddler, e.g.:
+#
+# [consumer_config.default]
+# somekey = "somevalue"
+# ...
+# [consumer_config.sometoddler]
+# somekey = "someothervalue"
+
+
+# Configuration used when sending notifications:
+{% if env == "staging" %}
+mail_server = "bastion.stg.fedoraproject.org"
+admin_email = "admin@stg.fedoraproject.org"
+{% else %}
+mail_server = "bastion.fedoraproject.org"
+admin_email = "admin@fedoraproject.org"
+{% endif %}
+
+# Use fasjson instead of FAS
+fasjson = true
+
+# Account to use to connect to FAS/FASJSON
+fas_url = "https://fasjson{{ env_suffix }}.fedoraproject.org/"
+{% if env != "staging" %}
+fas_username = "{{ fedoraDummyUser }}"
+fas_password = "{{ fedoraDummyUserPassword }}"
+{% else %}
+fas_username = "{{ fedoraStagingDummyUser }}"
+fas_password = "{{ fedoraStagingDummyUserPassword }}"
+{% endif %}
+
+# Account to use to connect to pagure
+# FAS username of the user that will comment on behalf of toddler
+{% if env == "staging" %}
+pagure_user = "releng-bot"
+pagure_url = "https://stg.pagure.io"
+pagure_api_key = "{{ toddlers_stg_pagure_scm_request_processor_token }}"
+{% else %}
+pagure_user = "releng-bot"
+pagure_url = "https://pagure.io"
+pagure_api_key = "{{ toddlers_pagure_scm_request_processor_token }}"
+{% endif %}
+
+# Account to use to connect to bugzilla
+{% if env != "staging" %}
+bugzilla_url = "https://bugzilla.redhat.com"
+bugzilla_api_key = "{{ toddlers_bz_api_key }}"
+{% else %}
+bugzilla_url = "https://bugzilla.stage.redhat.com"
+bugzilla_api_key = "{{ toddlers_stg_bz_api_key }}"
+{% endif %}
+bugzilla_group = "fedora_contrib"
+
+# Base URL for the Koji build system
+koji_url = "https://koji{{ env_suffix }}.fedoraproject.org"
+
+# Base URL for the Koji package db
+kojipkgs_url = "https://kojipkgs{{ env_suffix }}.fedoraproject.org"
+
+# Account to use to connect to Pagure-as-dist-git
+dist_git_url = "https://src{{ env_suffix }}.fedoraproject.org"
+{% if env == "staging" %}
+dist_git_token = "{{ toddlers_stg_dist_git_token }}"
+{% else %}
+dist_git_token_seed = "{{ toddlers_flag_ci_seed }}"
+dist_git_token = "{{ toddlers_dist_git_token }}"
+{% endif %}
+
+#  Configuration file storing all the email overrides in the form of:
+# "foo@bar.com" = "bar@foo.org"
+# This is the same format as used by the distgit_bugzilla_sync cron/app
+email_overrides_file = "/etc/fedora-messaging/email_overrides.toml"
+
+# List of accounts we do not want to report about
+ignorable_accounts = ["packagerbot", "zuul", "cockpit"]
+
+# Temp folder to use for toddlers temp files
+temp_folder = "/var/tmp"
+
+
+[consumer_config.default.pdc_config]
+# Configuration to talk to PDC, as understood by pdc-client.
+server = "https://pdc{{ env_suffix }}.fedoraproject.org/rest_api/v1/"
+ssl_verify = false  # Enable if using a self-signed cert
+{% if env == "staging" %}
+token = "{{ pdc_updater_api_token_stg }}"
+{% else %}
+token = "{{ pdc_updater_api_token_prod }}"
+{% endif %}
+
+[consumer_config.flag_ci_pr]
+
+[consumer_config.flag_commit_build]
+
+[consumer_config.packager_bugzilla_sync]
+
+[consumer_config.pdc_retired_packages]
+file_check_url = "https://src{{ env_suffix }}.fedoraproject.org/%(namespace)s/%(repo)s/blob/%(branch)s/f/%(file)s"
+
+[consumer_config.pdc_import_compose]
+old_composes_url = "https://kojipkgs{{ env_suffix }}.fedoraproject.org/compose/"
+
+[consumer_config.check_email_overrides]
+email_overrides_url = "https://pagure.io/fedora-infra/ansible/raw/main/f/roles/openshift-apps/toddlers/templates/email_overrides.toml"
+
+[consumer_config.clean_retired_packages]
+pdc_active_branches = "https://pdc{{ env_suffix }}.fedoraproject.org/extras/active_branches.json"
+
+[consumer_config.packagers_without_bugzilla]
+ignorable_namespaces = ["tests"]
+
+
+[consumer_config.distgit_bugzilla_sync]
+# FAS username of default QA contact for bugzilla tickets
+# default_qa_contact = "extras-qa@fedoraproject.org"
+# Admin addresses to notify
+{% if env == "staging" %}
+# Don't notify anyone on staging
+notify_admins = []
+{% else %}
+notify_admins = [
+    "kevin@fedoraproject.org",
+    "pingou@fedoraproject.org",
+]
+{% endif %}
+
+# PDC types mapping for distgit_bugzilla_sync toddler
+[consumer_config.distgit_bugzilla_sync.pdc_types]
+"rpms" = "rpm"
+"modules" = "module"
+"container" = "container"
+
+# Bugzilla products informations for Fedora
+[consumer_config.distgit_bugzilla_sync.products]
+
+[consumer_config.distgit_bugzilla_sync.products.Fedora]
+namespace = "rpms"
+versions = ["rawhide", "39", "38", "37", "36"]
+
+[consumer_config.distgit_bugzilla_sync.products."Fedora Container Images"]
+namespace = "container"
+versions = ["rawhide", "39", "38", "37", "36"]
+
+[consumer_config.distgit_bugzilla_sync.products."Fedora Modules"]
+namespace = "modules"
+versions = []
+
+[consumer_config.distgit_bugzilla_sync.products."Fedora EPEL"]
+branch_regex = '^epel\d+$'
+versions = ["epel9", "epel8"]
+
+
+# Configuration section for scm_request_processor
+[consumer_config.scm_request_processor]
+# Monitoring choices for release-monitoring.org
+monitor_choices = ['no-monitoring', 'monitoring', 'monitoring-with-scratch']
+# What we should look for in validation comment
+validation_comment = "valid"
+# Text for the ping if the ticket needs to be manually verified
+ping_comment = "This request wants to skip bugzilla validation! {maintainers} could you check if this is correct? If yes, please respond to this ticket with 'valid' comment"
+
+# Pagure mapping to bugzilla
+[consumer_config.scm_request_processor.pagure_namespace_to_component]
+rpms = 'Package Review'
+container = 'Container Review'
+modules = 'Module Review'
+test-modules = 'Module Review'
+
+[consumer_config.scm_request_processor.pagure_namespace_to_product]
+rpms = ['Fedora', 'Fedora EPEL']
+container = ['Fedora Container Images']
+modules = ['Fedora Modules']
+test-modules = ['Fedora']
+
+# SLAS configuration for scm_request_processor
+[consumer_config.scm_request_processor.branch_slas]
+
+[consumer_config.scm_request_processor.branch_slas.rawhide]
+rawhide = '2222-01-01'
+
+[consumer_config.scm_request_processor.branch_slas.stable]
+rawhide = '2222-01-01'
+
+[consumer_config.scm_request_processor.branch_slas.main]
+rawhide = '2222-01-01'
+
+[consumer_config.scm_request_processor.branch_slas.epel9]
+stable_api = '2032-05-31'
+security_fixes = '2032-05-31'
+bug_fixes = '2032-05-31'
+
+[consumer_config.scm_request_processor.branch_slas.epel9-next]
+stable_api = '2027-05-31'
+security_fixes = '2027-05-31'
+bug_fixes = '2027-05-31'
+
+[consumer_config.scm_request_processor.branch_slas.epel8]
+stable_api = '2029-05-31'
+security_fixes = '2029-05-31'
+bug_fixes = '2029-05-31'
+
+[consumer_config.scm_request_processor.branch_slas.epel8-next]
+stable_api = '2024-05-31'
+security_fixes = '2024-05-31'
+bug_fixes = '2024-05-31'
+
+[consumer_config.scm_request_processor.branch_slas.f40]
+bug_fixes = '2025-05-13'
+security_fixes = '2025-05-13'
+
+[consumer_config.scm_request_processor.branch_slas.f39]
+bug_fixes = '2024-11-12'
+security_fixes = '2024-11-12'
+
+[consumer_config.scm_request_processor.branch_slas.f38]
+bug_fixes = '2024-05-14'
+security_fixes = '2024-05-14'
+
+[consumer_config.scm_request_processor.branch_slas.f37]
+bug_fixes = '2023-12-15'
+security_fixes = '2023-12-15'
+
+[consumer_config.scm_request_processor.branch_slas.f36]
+bug_fixes = '2023-05-16'
+security_fixes = '2023-05-16'
+
+[consumer_config.scm_request_processor.branch_slas.f35]
+security_fixes = '2022-12-13'
+bug_fixes = '2022-12-13'
+
+# Configuration section for check_commit_rights
+[consumer_config.check_commit_rights]
+exclude_users = []
+{% if env == "staging" %}
+notify_emails = [
+#    "nobody@fedoraproject.org",
+    "fedora_stg@sparebit.simplelogin.com",
+]
+{% else %}
+notify_emails = [
+    "admin@fedoraproject.org",
+]
+{% endif %}
+
+# Configuration section for distgit_commit_processor
+[consumer_config.distgit_commit_processor]
+mail_from = "notifications@{{ env_prefix }}fedoraproject.org"
+mail_to = "scm-commits@lists.{{ env_prefix }}fedoraproject.org"
+# This is the default subject
+# mail_subject_tmpl = "{message.summary}"
+mail_content_tmpl = """Notification time stamped {headers['sent-at']}
+
+{message}
+
+    {commit['url']}
+"""
+
+
+[qos]
+prefetch_size = 0
+prefetch_count = 1
+
+[log_config]
+version = 1
+disable_existing_loggers = true
+
+[log_config.formatters.simple]
+format = "%(asctime)s - [%(levelname)s %(name)s] %(message)s"
+
+[log_config.handlers.console]
+class = "logging.StreamHandler"
+formatter = "simple"
+stream = "ext://sys.stdout"
+
+[log_config.loggers.fedora_messaging]
+level = "INFO"
+propagate = false
+handlers = ["console"]
+
+[log_config.loggers.twisted]
+level = "INFO"
+propagate = false
+handlers = ["console"]
+
+[log_config.loggers.pika]
+level = "WARNING"
+propagate = false
+handlers = ["console"]
+
+# Toddlers logger, feel free to bump the level to DEBUG if you need to
+[log_config.loggers.toddlers]
+{% if env == "staging" %}
+level = "DEBUG"
+{% else %}
+level = "INFO"
+{% endif %}
+propagate = false
+handlers = ["console"]
+
+[log_config.loggers.toddlers.utils.bugzilla_system]
+{% if env == "staging" %}
+level = "DEBUG"
+{% else %}
+level = "INFO"
+{% endif %}
+propagate = false
+handlers = ["console"]
+
+[log_config.loggers.toddlers.utils.pagure]
+{% if env == "staging" %}
+level = "DEBUG"
+{% else %}
+level = "INFO"
+{% endif %}
+propagate = false
+handlers = ["console"]
+
+[log_config.loggers.toddlers.plugins.pdc_retired_packages]
+{% if env == "staging" %}
+level = "DEBUG"
+{% else %}
+level = "INFO"
+{% endif %}
+propagate = false
+handlers = ["console"]
+
+[log_config.loggers.toddlers.plugins.pdc_import_compose]
+{% if env == "staging" %}
+level = "DEBUG"
+{% else %}
+level = "INFO"
+{% endif %}
+propagate = false
+handlers = ["console"]
+
+[log_config.loggers.toddlers.plugins.distgit_bugzilla_sync]
+{% if env == "staging" %}
+level = "DEBUG"
+{% else %}
+level = "INFO"
+{% endif %}
+propagate = false
+handlers = ["console"]
+
+[log_config.loggers.toddlers.plugins.scm_request_processor]
+{% if env == "staging" %}
+level = "DEBUG"
+{% else %}
+level = "INFO"
+{% endif %}
+propagate = false
+handlers = ["console"]
+
+[log_config.root]
+level = "ERROR"
+handlers = ["console"]

roles/openshift-apps/poddlers/templates/secret-webhook.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: github-webhook-secret
+data:
+  WebHookSecretKey: "{{ (env == 'production')|ternary(toddlers_prod_github_secret, toddlers_stg_github_secret) }}"
+type: Opaque

roles/openshift-apps/poddlers/templates/secrets.yml

@@ -0,0 +1,15 @@
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secrets
+  labels:
+    app: poddlers
+stringData:
+  email_overrides.toml: |-
+    {{ load_file('email_overrides.toml') | indent }}
+{% for toddler in poddlers_command %}
+  {{ toddler.name }}.toml: |-
+    {{ load_file('fedora-messaging.toml') | indent }}
+{% endfor %}

vars/apps/poddlers.yml

@@ -0,0 +1,107 @@
+---
+poddlers_toddlers:
+  - name: check-commit-rights
+    callback: check_commit_rights.CheckCommitRights
+    topics:
+      - "org.fedoraproject.*.toddlers.trigger.check_commit_rights"
+
+  - name: check_email_overrides
+    callback: check_email_overrides.CheckEmailOverrides
+    topics:
+      - "org.fedoraproject.*.toddlers.trigger.check_email_overrides"
+
+  - name: clean_retired_packages
+    callback: clean_retired_packages.CleanRetiredPackages
+    topics:
+      - "org.fedoraproject.*.toddlers.trigger.clean_retired_packages"
+
+  - name: distgit_bugilla_sync
+    callback: distgit_bugilla_sync
+    topics:
+      - "org.fedoraproject.*.toddlers.trigger.distgit_bugzilla_sync"
+
+  - name: distgit_commit_processor
+    callback: distgit_commit_processor.DistGitCommitProcessor
+    topics:
+      - "org.fedoraproject.*.git.receive"
+
+  - name: flag_ci_pr
+    callback: flag_ci_pr.FlagCIPR
+    topics:
+      - "org.centos.*.ci.dist-git-pr.test.error"
+      - "org.centos.*.ci.dist-git-pr.test.complete"
+      - "org.centos.*.ci.dist-git-pr.test.running"
+
+  - name: flag_commit_build
+    callback: flag_commit_build.FlagCommitBuild
+    topics:
+      - "org.fedoraproject.*.buildsys.build.state.change"
+
+  - name: koji_block_retired
+    callback: koji_block_retired.KojiBlockRetired
+    topics:
+      - "org.fedoraproject.*.git.receive"
+
+  - name: packager_bugilla_sync
+    callback: packager_bugilla_sync.PackagerBugzillaSync
+    topics:
+      - "org.fedoraproject.*.toddlers.trigger.packager_bugzilla_sync"
+
+  - name: packagers_without_bugzilla
+    callback: packagers_without_bugzilla.PackagerWithoutBugzilla
+    topics:
+      - "org.fedoraproject.*.toddlers.trigger.packagers_without_bugzilla"
+
+  - name: pdc_import_compose
+    callback: pdc_import_compose.PDCImportCompose
+    topics:
+      - "org.fedoraproject.*.toddlers.trigger.pdc_import_compose"
+      - "org.fedoraproject.*.pungi.compose.status.change"
+
+  - name: pdc_modules
+    callback: pdc_modules.PDCModules
+    topics:
+      - "org.fedoraproject.*.mbs.module.state.change"
+
+  - name: pdc_unretire_packages
+    callback: pdc_unretire_packages
+    topics:
+      - "io.pagure.*.pagure.issue.new"
+
+  - name: pdc_update_critpath
+    callback: pdc_update_critpath
+    topics:
+      - "org.fedoraproject.*.toddlers.trigger.pdc_update_critpath"
+
+  - name: scm_request_processor
+    callback: scm_request_processor
+    topics:
+      - "org.fedoraproject.*.pagure.issue.new"
+      - "org.fedoraproject.*.pagure.issue.edit"
+      - "org.fedoraproject.*.pagure.issue.comment.added"
+
+poddlers_cronjobs:
+  - name: packager-bugzilla-sync
+    schedule: "0 */6 * * *"
+    only_env: production
+    command: packager_bugzilla_sync
+  - name: packager-check-email-overrides
+    schedule: "0 6 * * *"
+    only_env: production
+    command: check_email_overrides
+  - name: clean-retired-packages
+    schedule: "0 8 1 * *"
+    only_env: production
+    command: clean_retired_packages
+  - name: packagers-without-bugzilla
+    schedule: "0 7 * * *"
+    only_env: production
+    command: packagers_without_bugzilla
+  - name: distgit-bugzilla-sync
+    schedule: "0 */12 * * *"
+    only_env: production
+    command: distgit_bugzilla_sync
+  - name: check-commit-rights
+    schedule: "0 8 */2 * *"
+    only_env: staging
+    command: check-commit-rights