airship/charts
Code Issues Proposed changes
charts/tools/gate/jarvis/500-deploy-gerrit.sh
Danny Massa baec5970e5 feat(CI) optional gating 
This change adds two repositories intended to be used as templates to the Gerrit setup. One repository will utilize the 'Verified' label, one repository will not. This will divide the repositories into two groups, a group where the checks provided by Jarvis is enforced as CI, and a group where the checks provided by Jarvis are informational only, and do not block patch sets. This is configurable in the Jarvis-Project Helm chart.

Change-Id: Iff8a2b1a29883837ac7dab49056fe0c64d675e10
2021-02-19 12:53:06 -06:00

169 lines
5.6 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -ex
gerrit_source=$(mktemp -d)
repo_sha="251041b192ef8acf1963d747482126d0e9e66e75"
repo_remote="https://gerrit.googlesource.com/k8s-gerrit"
function get_repo() {
pushd "${1}"
git init
git remote add origin "${2}"
git fetch origin --depth=1 "${3}"
git reset --hard FETCH_HEAD
popd
}
get_repo "${gerrit_source}" "${repo_remote}" "${repo_sha}"
# TODO: This needs fixed upstream
patch ${gerrit_source}/helm-charts/gerrit/templates/gerrit.stateful-set.yaml <<'EOF'
--- /tmp/tmp.8ZADMTe64b/helm-charts/gerrit/templates/gerrit.stateful-set.yaml 2021-01-16 21:33:32.331105033 +0000
+++ /tmp/tmp.z8R6CX0Gqg/helm-charts/gerrit/templates/gerrit.stateful-set.yaml 2021-01-16 20:11:36.275929405 +0000
@@ -57,9 +57,14 @@
imagePullPolicy: {{ .Values.images.imagePullPolicy }}
command:
- /bin/ash
- - -ce
+ - -cex
args:
- |
+ python3 /var/tools/gerrit-initializer \
+ -c /var/config/gerrit-init.yaml \
+ -s /var/gerrit \
+ init
+
symlink_config_to_site(){
for file in /var/mnt/etc/config/* /var/mnt/etc/secret/*; do
ln -sf $file /var/gerrit/etc/$(basename $file)
EOF
function generate_ssh_host_key_override() {
local work_dir
work_dir="$(mktemp -d)"
mkdir -p "${work_dir}/etc/ssh"
ssh-keygen -A -f "${work_dir}"
local output_file
output_file="$(mktemp -d)/gerrit-host-rsa-key.yaml"
tee "${output_file}" <<EOF
gerrit:
service:
ssh:
rsaKey: |-
$(awk '{ print " " $0 }' "${work_dir}/etc/ssh/ssh_host_rsa_key")
EOF
export ssh_host_key_override="${output_file}"
}
generate_ssh_host_key_override
# shellcheck disable=SC2046
helm upgrade \
--create-namespace \
--install \
--namespace=gerrit \
gerrit \
"${gerrit_source}/helm-charts/gerrit" \
--values="${ssh_host_key_override}" \
$(./tools/deployment/common/get-values-overrides.sh gerrit)
./tools/deployment/common/wait-for-pods.sh gerrit
#TODO(portdirect): Update chart to support SSH via TCP ingress, in addition to being able to spec nodeport
kubectl patch -n gerrit svc gerrit-gerrit-service --patch '{
"spec": {
"ports": [
{
"name": "ssh",
"nodePort": 29418,
"port": 29418,
"protocol": "TCP",
"targetPort": 29418
}
]
}
}'
sleep 30
function gerrit_bootstrap() {
# Define creds to use for gerrit.
ldap_username="jarvis"
ldap_password="password"
# Login to gerrit, to provision admin account
curl --verbose \
-d "username=${ldap_username}&password=${ldap_password}" \
-X POST \
https://gerrit.jarvis.local/login
# Create SSH Keys if the private key does not already exist, note this will fail if a public key already
# exists at the default location without a corresponding private key.
mkdir -p "${HOME}/.ssh"
if [[ ! -f "${HOME}/.ssh/id_rsa" ]]; then
ssh-keygen -t rsa -f "${HOME}/.ssh/id_rsa" -q -N ""
fi
# Add SSH Public key to gerrit
curl --verbose \
-u "${ldap_username}:${ldap_password}" \
-X POST \
-H "Content-Type: text/plain" \
--data "@${HOME}/.ssh/id_rsa.pub" \
https://gerrit.jarvis.local/a/accounts/self/sshkeys/
# Add Gerrit HostKey to SSH known hosts
ssh-keyscan -p 29418 -H gerrit.jarvis.local >> "${HOME}/.ssh/known_hosts"
# Validate access to gerrit via SSH
ssh -p 29418 ${ldap_username}@gerrit.jarvis.local gerrit version
# Configure Git
git config --global user.name "Edwin Jarvis"
git config --global user.email "jarvis@cluster.local"
git config --global --add gitreview.username "jarvis"
# Clone, fetch and checkout project config repo
all_projects_repo=$(mktemp -d)
git clone ssh://${ldap_username}@gerrit.jarvis.local:29418/All-Projects.git "${all_projects_repo}"
pushd "${all_projects_repo}"
git fetch origin refs/meta/config:refs/remotes/origin/meta/config
git checkout meta/config
# Give Admins, Service Users and Project Owners voting rights for the Verified Label
sed -i '/\[access "refs\/heads\/\*"\]/a\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Administrators\n\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Service Users\n\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Project Owners' project.config
# Give Admins, Service Users and Project Owners voting rights for the Verified Label
sed -i '/\[capability\]/a\ \ \ \ \ \ \ \ checks-administrateCheckers = group Administrators' project.config
# Commit and push config
git add .
git commit -asm "Create Verified Label"
git push origin HEAD:refs/meta/config
popd
# Create template repositories for voting and non-voting CI
ssh -p 29418 ${ldap_username}@gerrit.jarvis.local gerrit create-project "Verified-Label-Projects" --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit
ssh -p 29418 ${ldap_username}@gerrit.jarvis.local gerrit create-project "Non-Verified-Label-Projects" --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit
# Configure Verified Label for the parent repository that will utilize it
verified_repo=$(mktemp -d)
git clone ssh://${ldap_username}@gerrit.jarvis.local:29418/Verified-Label-Projects.git "${verified_repo}"
pushd "${verified_repo}"
git fetch origin refs/meta/config:refs/remotes/origin/meta/config
git checkout meta/config
tee --append project.config <<EOF
[label "Verified"]
function = MaxWithBlock
defaultValue = 0
value = -1 Fails
value = 0 No score
value = +1 Verified
copyAllScoresIfNoCodeChange = true
EOF
# Commit and push config
git add .
git commit -asm "Create Submission Rules"
git push origin HEAD:refs/meta/config
popd
}
gerrit_bootstrap
View Git Blame Copy Permalink