From 5313c40b50f9666d874847cb2237db4d3218d5a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Thu, 4 Jul 2024 16:59:57 +0200 Subject: [PATCH] Early try of poddlers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bompard --- playbooks/openshift-apps/poddlers.yml | 90 ++++ .../poddlers/files/imagestream.yml | 10 + .../poddlers/templates/_macros.yml | 55 +++ .../poddlers/templates/buildconfig.yml | 39 ++ .../poddlers/templates/cron-playtime.yml | 33 ++ .../poddlers/templates/deploymentconfig.yml | 47 ++ .../poddlers/templates/email_overrides.toml | 117 +++++ .../poddlers/templates/fedora-messaging.toml | 413 ++++++++++++++++++ .../poddlers/templates/secret-webhook.yml | 7 + .../poddlers/templates/secrets.yml | 15 + vars/apps/poddlers.yml | 107 +++++ 11 files changed, 933 insertions(+) create mode 100644 playbooks/openshift-apps/poddlers.yml create mode 100644 roles/openshift-apps/poddlers/files/imagestream.yml create mode 100644 roles/openshift-apps/poddlers/templates/_macros.yml create mode 100644 roles/openshift-apps/poddlers/templates/buildconfig.yml create mode 100644 roles/openshift-apps/poddlers/templates/cron-playtime.yml create mode 100644 roles/openshift-apps/poddlers/templates/deploymentconfig.yml create mode 100644 roles/openshift-apps/poddlers/templates/email_overrides.toml create mode 100644 roles/openshift-apps/poddlers/templates/fedora-messaging.toml create mode 100644 roles/openshift-apps/poddlers/templates/secret-webhook.yml create mode 100644 roles/openshift-apps/poddlers/templates/secrets.yml create mode 100644 vars/apps/poddlers.yml diff --git a/playbooks/openshift-apps/poddlers.yml b/playbooks/openshift-apps/poddlers.yml new file mode 100644 index 0000000000..fbe6727cfd --- /dev/null +++ b/playbooks/openshift-apps/poddlers.yml @@ -0,0 +1,90 @@ +- name: make the app be real + # hosts: os_control[0]:os_control_stg[0] + hosts: os_control_stg[0] + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: openshift/project + app: poddlers + description: Small fedora-messaging toddlers that keep running around in pods. + appowners: + - abompard + - zlopez + - kevin + - amedvede + - jnsamyak + tags: + - appowners + + - role: rabbit/user + username: toddlers{{ env_suffix }} + sent_topics: ^org\.fedoraproject\.{{ env_short }}\.toddlers\..* + + - role: rabbit/queue + username: toddlers{{ env_suffix }} + queue_name: toddlers{{ env_suffix }}-{{ item.name }} + routing_keys: "{{ item.topics }}" + thresholds: + warning: 10 + critical: 100 + loop: "{{ poddlers_toddlers }}" + + - role: openshift/keytab + app: poddlers + key: service.keytab + secret_name: keytab + service: toddlers + + - role: openshift/ipa-client + app: poddlers + + - role: openshift/object + app: poddlers + template: buildconfig.yml + objectname: buildconfig.yml + + - role: openshift/secret-file + app: poddlers + secret_name: toddlers-fedora-messaging-key + key: toddlers.key + privatefile: "rabbitmq/{{env}}/pki/private/toddlers{{env_suffix}}.key" + + - role: openshift/secret-file + app: poddlers + secret_name: toddlers-fedora-messaging-crt + key: toddlers.crt + privatefile: "rabbitmq/{{env}}/pki/issued/toddlers{{env_suffix}}.crt" + + - role: openshift/secret-file + app: poddlers + secret_name: toddlers-fedora-messaging-ca + key: toddlers.ca + privatefile: "rabbitmq/{{env}}/pki/ca.crt" + + - role: openshift/object + app: poddlers + template: cron-playtime.yml + objectname: cron-playtime.yml + tags: + - cron-job + + - role: openshift/object + app: poddlers + template: deploymentconfig.yml + objectname: deploymentconfig.yml + + - role: openshift/object + app: poddlers + template: secret.yml + objectname: secret.yml + + - role: openshift/object + app: poddlers + file: imagestream.yml + objectname: imagestream.yml diff --git a/roles/openshift-apps/poddlers/files/imagestream.yml b/roles/openshift-apps/poddlers/files/imagestream.yml new file mode 100644 index 0000000000..3ba77035ab --- /dev/null +++ b/roles/openshift-apps/poddlers/files/imagestream.yml @@ -0,0 +1,10 @@ +--- +apiVersion: image.openshift.io/v1 +kind: ImageStream +metadata: + name: toddlers +spec: + lookupPolicy: + local: false +status: + dockerImageRepository: "" diff --git a/roles/openshift-apps/poddlers/templates/_macros.yml b/roles/openshift-apps/poddlers/templates/_macros.yml new file mode 100644 index 0000000000..31690f18e7 --- /dev/null +++ b/roles/openshift-apps/poddlers/templates/_macros.yml @@ -0,0 +1,55 @@ +{% macro common_volume_mounts() -%} + - name: toddlers-secret-volume + mountPath: /etc/fedora-messaging + readOnly: true + - name: fedora-messaging-ca-volume + mountPath: /etc/pki/rabbitmq/ca + readOnly: true + - name: fedora-messaging-key-volume + mountPath: /etc/pki/rabbitmq/key + readOnly: true + - name: fedora-messaging-cert-volume + mountPath: /etc/pki/rabbitmq/cert + readOnly: true + - name: ipa-config-volume + mountPath: /etc/ipa + readOnly: true + - name: keytab-volume + mountPath: /etc/keytabs + readOnly: true + - name: temp-volume + mountPath: /var/tmp +{% endmacro %} + + +{% macro common_volumes() -%} + - name: toddlers-secret-volume + secret: + secretName: toddlers-secret + - name: fedora-messaging-ca-volume + secret: + secretName: toddlers-fedora-messaging-ca + - name: fedora-messaging-key-volume + secret: + secretName: toddlers-fedora-messaging-key + - name: fedora-messaging-cert-volume + secret: + secretName: toddlers-fedora-messaging-crt + - name: ipa-config-volume + configMap: + name: ipa-client-config + - name: keytab-volume + secret: + secretName: keytab + - name: temp-volume +{% endmacro %} + + +{% macro common_env() -%} + - name: PYTHONPATH + value: "/code" + - name: KRB5_CONFIG + value: /etc/ipa/krb5.conf + - name: KRB5_CLIENT_KTNAME + value: /etc/keytabs/service.keytab +{% endmacro %} diff --git a/roles/openshift-apps/poddlers/templates/buildconfig.yml b/roles/openshift-apps/poddlers/templates/buildconfig.yml new file mode 100644 index 0000000000..3496419c18 --- /dev/null +++ b/roles/openshift-apps/poddlers/templates/buildconfig.yml @@ -0,0 +1,39 @@ +--- +apiVersion: build.openshift.io/v1 +kind: BuildConfig +metadata: + name: toddlers + labels: + app: poddlers +spec: + source: + type: Git + git: +# uri: https://pagure.io/fedora-infra/toddlers.git +# {% if env == 'staging' %} +# ref: "staging" +# {% else %} +# ref: "production" +# {% endif %} + uri: https://pagure.io/fork/abompard/fedora-infra/toddlers.git + ref: poddlers + strategy: + type: Source + sourceStrategy: + from: + kind: ImageStreamTag + name: python-310:latest + output: + to: + kind: ImageStreamTag + name: toddlers:latest + triggers: + - type: ConfigChange + - type: ImageChange + - type: GitHub + github: +{% if env == 'staging' %} + secret: "{{ toddlers_stg_github_secret }}" +{% elif env == 'production' %} + secret: "{{ toddlers_prod_github_secret }}" +{% endif %} diff --git a/roles/openshift-apps/poddlers/templates/cron-playtime.yml b/roles/openshift-apps/poddlers/templates/cron-playtime.yml new file mode 100644 index 0000000000..e5cb630276 --- /dev/null +++ b/roles/openshift-apps/poddlers/templates/cron-playtime.yml @@ -0,0 +1,33 @@ +{% from "_macros.yml" import common_volume_mounts, common_volumes, common_env %} +{% for cronjob in poddlers_cronjobs %} +{% if not cronjob.only_env|defined or cronjob.only_env == env %} +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: playtime-{{ cronjob.name }} +spec: + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 3 + concurrencyPolicy: Forbid + schedule: "{{ cronjob.name }}" + startingDeadlineSeconds: 500 + jobTemplate: + spec: + template: + metadata: + labels: + parent: "cron_playtime_toddlers" + spec: + restartPolicy: Never + containers: + - name: toddlers + image: image-registry.openshift-image-registry.svc:5000/toddlers/toddlers:latest + command: ["/usr/bin/python3", "/code/toddlers/playtime.py", "{{ cronjob.command }}"] + env: + {{ common_env() | indent(4) }} + volumeMounts: + {{ common_volume_mounts() | indent(4) }} + volumes: + {{ common_volumes() | indent(4) }} +{% endfor %} diff --git a/roles/openshift-apps/poddlers/templates/deploymentconfig.yml b/roles/openshift-apps/poddlers/templates/deploymentconfig.yml new file mode 100644 index 0000000000..0dcd615a9d --- /dev/null +++ b/roles/openshift-apps/poddlers/templates/deploymentconfig.yml @@ -0,0 +1,47 @@ +{% from "_macros.yml" import common_volume_mounts, common_volumes, common_env %} +{% for toddler in poddlers_command %} +--- +apiVersion: apps.openshift.io/v1 +kind: DeploymentConfig +metadata: + name: {{ toddler.name }} + labels: + app: poddlers +spec: + replicas: {{ toddler.replicas|default(1) }} + selector: + app: poddlers + deploymentconfig: {{ toddler.name }} + strategy: + type: Recreate + template: + metadata: + labels: + app: poddlers + deploymentconfig: {{ toddler.name }} + spec: + containers: + - name: toddlers + image: toddlers:latest + env: + - name: FEDORA_MESSAGING_CONF + value: /etc/fedora-messaging/{{ toddler.name }}.toml + {{ common_env() }} + + volumeMounts: + {{ common_volume_mounts() }} + + volumes: + {{ common_volumes() }} + + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - toddlers + from: + kind: ImageStreamTag + name: toddlers:latest +{% endfor %} diff --git a/roles/openshift-apps/poddlers/templates/email_overrides.toml b/roles/openshift-apps/poddlers/templates/email_overrides.toml new file mode 100644 index 0000000000..9aaace108d --- /dev/null +++ b/roles/openshift-apps/poddlers/templates/email_overrides.toml @@ -0,0 +1,117 @@ +# This file contains the list of FAS email addresses to override for bugzilla. +# By default we expect that the email address set in FAS corresponds to +# the bugzilla account of the person. +# However, some people prefer to use different addresses in FAS and in +# bugzilla (for example if they want to use their @fedoraproject alias in +# bugzilla). To support these requests, this file maps FAS email addresses to +# Bugzilla email addresses where they differ. +# +# Example: +# "foo@bar.com" = "bar@foo.org" + +# Control Center Team: Bugzilla user but email doesn"t exist +# 9908: "control-center-maint@redhat.com" +# Matt Domsch"s rebuild script -- bz email goes to /dev/null +# 103590: "ftbfs@fedoraproject.org" + + +# /!\ WARNING: do not use templating instructions in this file +# while being in a template folder it is loaded/processed as +# a plain file by toddlers. Adding templating instructions here +# will break toddlers! + + +# icon - Konstantin Ryabitsev +"mricon@gmail.com" = "icon@fedoraproject.org" +# jafo - Sean Reifschneider +"jafo@tummy.com" = "jafo-redhat@tummy.com" +# robert - Robert Scheck +"redhat@linuxnetz.de" = "redhat-bugzilla@linuxnetz.de" +# byte - Colin Charles: +"byte@aeon.com.my" = "byte@fedoraproject.org" +# mikep - W. Michael Petullo: +"mike@flyn.org" = "redhat@flyn.org" +# duffy - Máirín Duffy +"fedora@linuxgrrl.com" = "duffy@redhat.com" +# jmrodri - Jesus M. Rodriguez: +"jmrodri@gmail.com" = "jesusr@redhat.com" +# mdehaan - Michael DeHaan: +"michael.dehaan@gmail.com" = "mdehaan@redhat.com" +# ceski - Davide Cescato: +"davide.cescato@iaeste.ch" = "ceski@fedoraproject.org" +# nb - Nick Bebout: +"nick@bebout.net" = "nb@fedoraproject.org" +# arxs - Niels Haase: +"haase.niels@gmail.com" = "arxs@fedoraproject.org" +# thomasj - Thomas Janssen: +"th.p.janssen@googlemail.com" = "thomasj@fedoraproject.org" +# mjg - Michael J Gruber: +"michaeljgruber+fedoraproject@gmail.com" = "mjg@fedoraproject.org" +# nushio - Juan Manuel Rodriguez Moreno: +"nushio@gmail.com" = "nushio@fedoraproject.org" +# cagney - Andrew Cagney: +"andrew.cagney@gmail.com" = "cagney@fedoraproject.org" +# katzj - Jeremy Katz: +"jeremy@katzbox.net" = "katzj@fedoraproject.org" +# dmaphy - Dominic Hopf: +"dmaphy@googlemail.com" = "dmaphy@fedoraproject.org" +# tomspur - Thomas Spura: +"thomas.spura@googlemail.com" = "tomspur@fedoraproject.org" +# maxamillion - Adam Miller: +"maxamillion@gmail.com" = "admiller@redhat.com" +# gholms - Garrett Holmstrom: +"garrett.holmstrom@gmail.com" = "gholms@fedoraproject.org" +# taljurf - Tareq Al Jurf: +"taljurf.fedora@gmail.com" = "taljurf@fedoraproject.org" +# jokajak - Josh Kayse: +"jokajak@gmail.com" = "jokajak@fedoraproject.org" +# behdad - Behdad Esfahbod: +"fedora@behdad.org" = "behdad@fedoraproject.org" +# dbruno - Daniel Bruno: +"danielbrunos@gmail.com" = "dbruno@fedoraproject.org" +# bethlynn - Beth Lynn Eicher: +"bethlynneicher@gmail.com" = "bethlynn@fedoraproject.org" +# sheltren - Jeff Sheltren: +"jeff@tag1consulting.com" = "sheltren@fedoraproject.org" +# mattdm - Matthew Miller: +"mattdm@mattdm.org" = "mattdm@redhat.com" +# jamielinux - Jamie Nguyen: +"j@jamielinux.com" = "jamielinux@fedoraproject.org" +# comzeradd - Nikos Roussos: +"nikos@roussos.cc" = "comzeradd@fedoraproject.org" +# ib54003- Benedikt Schäfer: +"b.schaefer@flieden.org" = "ib54003@fedoraproject.org" +# codeblock - Ricky Elrod: +"codeblock@elrod.me" = "relrod@redhat.com" +# fschwarz - Felix Schwarz: +"felix.schwarz@oss.schwarz.eu" = "fschwarz@fedoraproject.org" +# jdulaney - John Dulaney: +"jdulaney@gnu.org" = "jdulaney@fedoraproject.org" +# devos - Niels de Vos: +"niels@nixpanic.net" = "ndevos@redhat.com" +# shawndwells - Shawn Wells: +"shawn@redhat.com" = "swells@redhat.com" +# ctubbsii - Christopher Tubbs: +"ctubbsii+fedora@gmail.com" = "ctubbsii@fedoraproject.org" +# besser82 - Björn Esser: +"besser82.fpo@gmail.com" = "besser82@fedoraproject.org" +# mjw - Mark Wielard: +"fedora@wildebeest.org" = "mjw@fedoraproject.org" +# roshi - Mike Ruckman: +"roshi@mykolab.com" = "roshi@fedoraproject.org" +# dustymabe - Dusty Mabe: +"dusty@dustymabe.com" = "dustymabe@redhat.com" +# jbwillia - Ben Williams: +"vaioof@gmail.com" = "jbwillia@math.vt.edu" +# thofmann - Till Hofmann: +"till.hofmann@posteo.de" = "thofmann@fedoraproject.org" +# pkfed - Philip Kovacs: +"phil@mxbits.io" = "pkfed@fedoraproject.org" +# marcdeop - Marc Deop i Argemí: +"fedora@marcdeop.com" = "marcdeop@fedoraproject.org" +# etingof +"etingof@gmail.com" = "ietingof@redhat.com" +# lzap - Lukas Zapletal: +"lukas@zapletalovi.com" = "lzap@redhat.com" +# anoopcs - Anoop C S: +"anoopcs@disr.it" = "anoopcs@redhat.com" diff --git a/roles/openshift-apps/poddlers/templates/fedora-messaging.toml b/roles/openshift-apps/poddlers/templates/fedora-messaging.toml new file mode 100644 index 0000000000..7f2c695d12 --- /dev/null +++ b/roles/openshift-apps/poddlers/templates/fedora-messaging.toml @@ -0,0 +1,413 @@ +## Fedora Messaging configuration for toddler {{ toddler.name }} + +# Broker address +amqp_url = "amqps://toddlers{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" + +callback = "toddlers.plugins.{{ toddler.callback }}" + +# Just check if the queue exist, don't try to create it as you won't be allowed +# to (this is done in the ansible playbook) +passive_declares = true + +# The topic_prefix configuration value will add a prefix to the topics of every sent message. +# This is used for migrating from fedmsg, and should not be used afterwards. +{% if env == "staging" %} +topic_prefix = "org.fedoraproject.stg" +{% else %} +topic_prefix = "org.fedoraproject.prod" +{% endif %} + +[tls] +ca_cert = "/etc/pki/rabbitmq/ca/toddlers.ca" +keyfile = "/etc/pki/rabbitmq/key/toddlers.key" +certfile = "/etc/pki/rabbitmq/cert/toddlers.crt" + +[client_properties] +app = "toddlers-{{ toddler.name }}" +app_url = "https://pagure.io/fedora-infra/toddlers" + +[queues."toddlers{{ env_suffix }}-{{ toddler.name }}"] +durable = true +auto_delete = false +exclusive = false +arguments = {} + +[[bindings]] +queue = "toddlers{{ env_suffix }}-{{ toddler.name }}" +exchange = "amq.topic" +{# Use the fact that lists in TOML and JSON are represented the same way #} +routing_keys = {{ toddler.topics|tojson }} + +[consumer_config] +# Comment out or remove this line if you want to enable the debug toddler. +# Or add more toddlers to the list (using their name) if you want to disable +# more of them. +blocked_toddlers = [ + "debug", + # Block pdc_modules toddler – MBS is retired. Can be removed once toddler has been updated to a + # version which doesn’t come with pdc_modules. + "pdc_modules", +{% if env != "staging" %} + "distgit_commit_processor", +{% endif %} +] + +[consumer_config.default] +# Configuration common to all toddlers. +# +# You can override any of these in the section of a particular toddler, e.g.: +# +# [consumer_config.default] +# somekey = "somevalue" +# ... +# [consumer_config.sometoddler] +# somekey = "someothervalue" + + +# Configuration used when sending notifications: +{% if env == "staging" %} +mail_server = "bastion.stg.fedoraproject.org" +admin_email = "admin@stg.fedoraproject.org" +{% else %} +mail_server = "bastion.fedoraproject.org" +admin_email = "admin@fedoraproject.org" +{% endif %} + +# Use fasjson instead of FAS +fasjson = true + +# Account to use to connect to FAS/FASJSON +fas_url = "https://fasjson{{ env_suffix }}.fedoraproject.org/" +{% if env != "staging" %} +fas_username = "{{ fedoraDummyUser }}" +fas_password = "{{ fedoraDummyUserPassword }}" +{% else %} +fas_username = "{{ fedoraStagingDummyUser }}" +fas_password = "{{ fedoraStagingDummyUserPassword }}" +{% endif %} + +# Account to use to connect to pagure +# FAS username of the user that will comment on behalf of toddler +{% if env == "staging" %} +pagure_user = "releng-bot" +pagure_url = "https://stg.pagure.io" +pagure_api_key = "{{ toddlers_stg_pagure_scm_request_processor_token }}" +{% else %} +pagure_user = "releng-bot" +pagure_url = "https://pagure.io" +pagure_api_key = "{{ toddlers_pagure_scm_request_processor_token }}" +{% endif %} + +# Account to use to connect to bugzilla +{% if env != "staging" %} +bugzilla_url = "https://bugzilla.redhat.com" +bugzilla_api_key = "{{ toddlers_bz_api_key }}" +{% else %} +bugzilla_url = "https://bugzilla.stage.redhat.com" +bugzilla_api_key = "{{ toddlers_stg_bz_api_key }}" +{% endif %} +bugzilla_group = "fedora_contrib" + +# Base URL for the Koji build system +koji_url = "https://koji{{ env_suffix }}.fedoraproject.org" + +# Base URL for the Koji package db +kojipkgs_url = "https://kojipkgs{{ env_suffix }}.fedoraproject.org" + +# Account to use to connect to Pagure-as-dist-git +dist_git_url = "https://src{{ env_suffix }}.fedoraproject.org" +{% if env == "staging" %} +dist_git_token = "{{ toddlers_stg_dist_git_token }}" +{% else %} +dist_git_token_seed = "{{ toddlers_flag_ci_seed }}" +dist_git_token = "{{ toddlers_dist_git_token }}" +{% endif %} + +# Configuration file storing all the email overrides in the form of: +# "foo@bar.com" = "bar@foo.org" +# This is the same format as used by the distgit_bugzilla_sync cron/app +email_overrides_file = "/etc/fedora-messaging/email_overrides.toml" + +# List of accounts we do not want to report about +ignorable_accounts = ["packagerbot", "zuul", "cockpit"] + +# Temp folder to use for toddlers temp files +temp_folder = "/var/tmp" + + +[consumer_config.default.pdc_config] +# Configuration to talk to PDC, as understood by pdc-client. +server = "https://pdc{{ env_suffix }}.fedoraproject.org/rest_api/v1/" +ssl_verify = false # Enable if using a self-signed cert +{% if env == "staging" %} +token = "{{ pdc_updater_api_token_stg }}" +{% else %} +token = "{{ pdc_updater_api_token_prod }}" +{% endif %} + +[consumer_config.flag_ci_pr] + +[consumer_config.flag_commit_build] + +[consumer_config.packager_bugzilla_sync] + +[consumer_config.pdc_retired_packages] +file_check_url = "https://src{{ env_suffix }}.fedoraproject.org/%(namespace)s/%(repo)s/blob/%(branch)s/f/%(file)s" + +[consumer_config.pdc_import_compose] +old_composes_url = "https://kojipkgs{{ env_suffix }}.fedoraproject.org/compose/" + +[consumer_config.check_email_overrides] +email_overrides_url = "https://pagure.io/fedora-infra/ansible/raw/main/f/roles/openshift-apps/toddlers/templates/email_overrides.toml" + +[consumer_config.clean_retired_packages] +pdc_active_branches = "https://pdc{{ env_suffix }}.fedoraproject.org/extras/active_branches.json" + +[consumer_config.packagers_without_bugzilla] +ignorable_namespaces = ["tests"] + + +[consumer_config.distgit_bugzilla_sync] +# FAS username of default QA contact for bugzilla tickets +# default_qa_contact = "extras-qa@fedoraproject.org" +# Admin addresses to notify +{% if env == "staging" %} +# Don't notify anyone on staging +notify_admins = [] +{% else %} +notify_admins = [ + "kevin@fedoraproject.org", + "pingou@fedoraproject.org", +] +{% endif %} + +# PDC types mapping for distgit_bugzilla_sync toddler +[consumer_config.distgit_bugzilla_sync.pdc_types] +"rpms" = "rpm" +"modules" = "module" +"container" = "container" + +# Bugzilla products informations for Fedora +[consumer_config.distgit_bugzilla_sync.products] + +[consumer_config.distgit_bugzilla_sync.products.Fedora] +namespace = "rpms" +versions = ["rawhide", "39", "38", "37", "36"] + +[consumer_config.distgit_bugzilla_sync.products."Fedora Container Images"] +namespace = "container" +versions = ["rawhide", "39", "38", "37", "36"] + +[consumer_config.distgit_bugzilla_sync.products."Fedora Modules"] +namespace = "modules" +versions = [] + +[consumer_config.distgit_bugzilla_sync.products."Fedora EPEL"] +branch_regex = '^epel\d+$' +versions = ["epel9", "epel8"] + + +# Configuration section for scm_request_processor +[consumer_config.scm_request_processor] +# Monitoring choices for release-monitoring.org +monitor_choices = ['no-monitoring', 'monitoring', 'monitoring-with-scratch'] +# What we should look for in validation comment +validation_comment = "valid" +# Text for the ping if the ticket needs to be manually verified +ping_comment = "This request wants to skip bugzilla validation! {maintainers} could you check if this is correct? If yes, please respond to this ticket with 'valid' comment" + +# Pagure mapping to bugzilla +[consumer_config.scm_request_processor.pagure_namespace_to_component] +rpms = 'Package Review' +container = 'Container Review' +modules = 'Module Review' +test-modules = 'Module Review' + +[consumer_config.scm_request_processor.pagure_namespace_to_product] +rpms = ['Fedora', 'Fedora EPEL'] +container = ['Fedora Container Images'] +modules = ['Fedora Modules'] +test-modules = ['Fedora'] + +# SLAS configuration for scm_request_processor +[consumer_config.scm_request_processor.branch_slas] + +[consumer_config.scm_request_processor.branch_slas.rawhide] +rawhide = '2222-01-01' + +[consumer_config.scm_request_processor.branch_slas.stable] +rawhide = '2222-01-01' + +[consumer_config.scm_request_processor.branch_slas.main] +rawhide = '2222-01-01' + +[consumer_config.scm_request_processor.branch_slas.epel9] +stable_api = '2032-05-31' +security_fixes = '2032-05-31' +bug_fixes = '2032-05-31' + +[consumer_config.scm_request_processor.branch_slas.epel9-next] +stable_api = '2027-05-31' +security_fixes = '2027-05-31' +bug_fixes = '2027-05-31' + +[consumer_config.scm_request_processor.branch_slas.epel8] +stable_api = '2029-05-31' +security_fixes = '2029-05-31' +bug_fixes = '2029-05-31' + +[consumer_config.scm_request_processor.branch_slas.epel8-next] +stable_api = '2024-05-31' +security_fixes = '2024-05-31' +bug_fixes = '2024-05-31' + +[consumer_config.scm_request_processor.branch_slas.f40] +bug_fixes = '2025-05-13' +security_fixes = '2025-05-13' + +[consumer_config.scm_request_processor.branch_slas.f39] +bug_fixes = '2024-11-12' +security_fixes = '2024-11-12' + +[consumer_config.scm_request_processor.branch_slas.f38] +bug_fixes = '2024-05-14' +security_fixes = '2024-05-14' + +[consumer_config.scm_request_processor.branch_slas.f37] +bug_fixes = '2023-12-15' +security_fixes = '2023-12-15' + +[consumer_config.scm_request_processor.branch_slas.f36] +bug_fixes = '2023-05-16' +security_fixes = '2023-05-16' + +[consumer_config.scm_request_processor.branch_slas.f35] +security_fixes = '2022-12-13' +bug_fixes = '2022-12-13' + +# Configuration section for check_commit_rights +[consumer_config.check_commit_rights] +exclude_users = [] +{% if env == "staging" %} +notify_emails = [ +# "nobody@fedoraproject.org", + "fedora_stg@sparebit.simplelogin.com", +] +{% else %} +notify_emails = [ + "admin@fedoraproject.org", +] +{% endif %} + +# Configuration section for distgit_commit_processor +[consumer_config.distgit_commit_processor] +mail_from = "notifications@{{ env_prefix }}fedoraproject.org" +mail_to = "scm-commits@lists.{{ env_prefix }}fedoraproject.org" +# This is the default subject +# mail_subject_tmpl = "{message.summary}" +mail_content_tmpl = """Notification time stamped {headers['sent-at']} + +{message} + + {commit['url']} +""" + + +[qos] +prefetch_size = 0 +prefetch_count = 1 + +[log_config] +version = 1 +disable_existing_loggers = true + +[log_config.formatters.simple] +format = "%(asctime)s - [%(levelname)s %(name)s] %(message)s" + +[log_config.handlers.console] +class = "logging.StreamHandler" +formatter = "simple" +stream = "ext://sys.stdout" + +[log_config.loggers.fedora_messaging] +level = "INFO" +propagate = false +handlers = ["console"] + +[log_config.loggers.twisted] +level = "INFO" +propagate = false +handlers = ["console"] + +[log_config.loggers.pika] +level = "WARNING" +propagate = false +handlers = ["console"] + +# Toddlers logger, feel free to bump the level to DEBUG if you need to +[log_config.loggers.toddlers] +{% if env == "staging" %} +level = "DEBUG" +{% else %} +level = "INFO" +{% endif %} +propagate = false +handlers = ["console"] + +[log_config.loggers.toddlers.utils.bugzilla_system] +{% if env == "staging" %} +level = "DEBUG" +{% else %} +level = "INFO" +{% endif %} +propagate = false +handlers = ["console"] + +[log_config.loggers.toddlers.utils.pagure] +{% if env == "staging" %} +level = "DEBUG" +{% else %} +level = "INFO" +{% endif %} +propagate = false +handlers = ["console"] + +[log_config.loggers.toddlers.plugins.pdc_retired_packages] +{% if env == "staging" %} +level = "DEBUG" +{% else %} +level = "INFO" +{% endif %} +propagate = false +handlers = ["console"] + +[log_config.loggers.toddlers.plugins.pdc_import_compose] +{% if env == "staging" %} +level = "DEBUG" +{% else %} +level = "INFO" +{% endif %} +propagate = false +handlers = ["console"] + +[log_config.loggers.toddlers.plugins.distgit_bugzilla_sync] +{% if env == "staging" %} +level = "DEBUG" +{% else %} +level = "INFO" +{% endif %} +propagate = false +handlers = ["console"] + +[log_config.loggers.toddlers.plugins.scm_request_processor] +{% if env == "staging" %} +level = "DEBUG" +{% else %} +level = "INFO" +{% endif %} +propagate = false +handlers = ["console"] + +[log_config.root] +level = "ERROR" +handlers = ["console"] diff --git a/roles/openshift-apps/poddlers/templates/secret-webhook.yml b/roles/openshift-apps/poddlers/templates/secret-webhook.yml new file mode 100644 index 0000000000..4f6e31aa79 --- /dev/null +++ b/roles/openshift-apps/poddlers/templates/secret-webhook.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: github-webhook-secret +data: + WebHookSecretKey: "{{ (env == 'production')|ternary(toddlers_prod_github_secret, toddlers_stg_github_secret) }}" +type: Opaque diff --git a/roles/openshift-apps/poddlers/templates/secrets.yml b/roles/openshift-apps/poddlers/templates/secrets.yml new file mode 100644 index 0000000000..b8d7328743 --- /dev/null +++ b/roles/openshift-apps/poddlers/templates/secrets.yml @@ -0,0 +1,15 @@ +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} +--- +apiVersion: v1 +kind: Secret +metadata: + name: secrets + labels: + app: poddlers +stringData: + email_overrides.toml: |- + {{ load_file('email_overrides.toml') | indent }} +{% for toddler in poddlers_command %} + {{ toddler.name }}.toml: |- + {{ load_file('fedora-messaging.toml') | indent }} +{% endfor %} diff --git a/vars/apps/poddlers.yml b/vars/apps/poddlers.yml new file mode 100644 index 0000000000..a0ea7dca91 --- /dev/null +++ b/vars/apps/poddlers.yml @@ -0,0 +1,107 @@ +--- +poddlers_toddlers: + - name: check-commit-rights + callback: check_commit_rights.CheckCommitRights + topics: + - "org.fedoraproject.*.toddlers.trigger.check_commit_rights" + + - name: check_email_overrides + callback: check_email_overrides.CheckEmailOverrides + topics: + - "org.fedoraproject.*.toddlers.trigger.check_email_overrides" + + - name: clean_retired_packages + callback: clean_retired_packages.CleanRetiredPackages + topics: + - "org.fedoraproject.*.toddlers.trigger.clean_retired_packages" + + - name: distgit_bugilla_sync + callback: distgit_bugilla_sync + topics: + - "org.fedoraproject.*.toddlers.trigger.distgit_bugzilla_sync" + + - name: distgit_commit_processor + callback: distgit_commit_processor.DistGitCommitProcessor + topics: + - "org.fedoraproject.*.git.receive" + + - name: flag_ci_pr + callback: flag_ci_pr.FlagCIPR + topics: + - "org.centos.*.ci.dist-git-pr.test.error" + - "org.centos.*.ci.dist-git-pr.test.complete" + - "org.centos.*.ci.dist-git-pr.test.running" + + - name: flag_commit_build + callback: flag_commit_build.FlagCommitBuild + topics: + - "org.fedoraproject.*.buildsys.build.state.change" + + - name: koji_block_retired + callback: koji_block_retired.KojiBlockRetired + topics: + - "org.fedoraproject.*.git.receive" + + - name: packager_bugilla_sync + callback: packager_bugilla_sync.PackagerBugzillaSync + topics: + - "org.fedoraproject.*.toddlers.trigger.packager_bugzilla_sync" + + - name: packagers_without_bugzilla + callback: packagers_without_bugzilla.PackagerWithoutBugzilla + topics: + - "org.fedoraproject.*.toddlers.trigger.packagers_without_bugzilla" + + - name: pdc_import_compose + callback: pdc_import_compose.PDCImportCompose + topics: + - "org.fedoraproject.*.toddlers.trigger.pdc_import_compose" + - "org.fedoraproject.*.pungi.compose.status.change" + + - name: pdc_modules + callback: pdc_modules.PDCModules + topics: + - "org.fedoraproject.*.mbs.module.state.change" + + - name: pdc_unretire_packages + callback: pdc_unretire_packages + topics: + - "io.pagure.*.pagure.issue.new" + + - name: pdc_update_critpath + callback: pdc_update_critpath + topics: + - "org.fedoraproject.*.toddlers.trigger.pdc_update_critpath" + + - name: scm_request_processor + callback: scm_request_processor + topics: + - "org.fedoraproject.*.pagure.issue.new" + - "org.fedoraproject.*.pagure.issue.edit" + - "org.fedoraproject.*.pagure.issue.comment.added" + +poddlers_cronjobs: + - name: packager-bugzilla-sync + schedule: "0 */6 * * *" + only_env: production + command: packager_bugzilla_sync + - name: packager-check-email-overrides + schedule: "0 6 * * *" + only_env: production + command: check_email_overrides + - name: clean-retired-packages + schedule: "0 8 1 * *" + only_env: production + command: clean_retired_packages + - name: packagers-without-bugzilla + schedule: "0 7 * * *" + only_env: production + command: packagers_without_bugzilla + - name: distgit-bugzilla-sync + schedule: "0 */12 * * *" + only_env: production + command: distgit_bugzilla_sync + - name: check-commit-rights + schedule: "0 8 */2 * *" + only_env: staging + command: check-commit-rights