From 7450719b87ad6a067bb68d058ef7424fe4531ef8 Mon Sep 17 00:00:00 2001 From: Lily Chung Date: Sat, 18 Apr 2020 19:45:44 -0700 Subject: [PATCH 1/3] bors-ng: Document setup of bot on hijinks. --- docs/bors-ng-setup.txt | 94 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 docs/bors-ng-setup.txt diff --git a/docs/bors-ng-setup.txt b/docs/bors-ng-setup.txt new file mode 100644 index 000000000..2d5c311a4 --- /dev/null +++ b/docs/bors-ng-setup.txt @@ -0,0 +1,94 @@ +exit # not quite a script; some parts are interactive. + +# Requires nginx setup from jenkins-setup.txt +# https://github.com/bors-ng/bors-ng#step-1-register-a-new-github-app +# Dashboard URL: https://hijinks.mit.edu:4002/ + +wget -q -O - https://packages.erlang-solutions.com/debian/erlang_solutions.asc | apt-key add - +echo 'deb https://packages.erlang-solutions.com/debian stretch contrib' >/etc/apt/sources.list.d/erlang-solutions.list +apt-get update +apt-get install esl-erlang elixir postgresql + + +# use this command to generate random secrets when called for +borsng.service +[Unit] +Description=Bors-NG +After=network.target + +[Service] +Type=simple +User=borsng +WorkingDirectory=/home/borsng/bors-ng +EnvironmentFile=/home/borsng/bors-env +Restart=on-failure +ExecStart=/home/borsng/bors-ng/_build/prod/rel/bors/bin/bors start +ExecStop=/home/borsng/bors-ng/_build/prod/rel/bors/bin/bors stop + +[Install] +WantedBy=multi-user.target +EOF +ln -s "$(realpath borsng.service)" /etc/systemd/system +systemctl enable borsng + + +sudo -iu borsng # run all remaining commands as borsng +umask go= + +git clone https://github.com/bors-ng/bors-ng.git + +cd bors-ng +mix local.hex --force +mix deps.get --only prod +mix local.rebar --force +MIX_ENV=prod mix compile +MIX_ENV=prod mix release + +cat >~/bors-env < +DATABASE_URL='ecto://borsng:@localhost/borsng' +GITHUB_INTEGRATION_ID= +GITHUB_INTEGRATION_PEM='' +GITHUB_WEBHOOK_SECRET= +GITHUB_CLIENT_ID= +GITHUB_CLIENT_SECRET= +PUBLIC_HOST=localhost +EOF +echo "GITHUB_INTEGRATION_PEM='$(base64 -w0 /path/to/file.private-key.pem)'" >>~bors-env + +sh -ac '. ~/bors-env && POOL_SIZE=1 mix ecto.migrate' From 0c3efcc1d0f542857da3cb9d4acfdacc37492cab Mon Sep 17 00:00:00 2001 From: Lily Chung Date: Sat, 18 Apr 2020 19:46:19 -0700 Subject: [PATCH 2/3] bors-ng: Initial configuration --- .circleci/config.yml | 13 ++++++++++- bors.toml | 11 +++++++++ docs/bors-ng-setup.txt | 51 +++++++++++++++++++++++++++++------------- 3 files changed, 59 insertions(+), 16 deletions(-) create mode 100644 bors.toml diff --git a/.circleci/config.yml b/.circleci/config.yml index 2e51ec2e8..65f4bde58 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,4 +1,4 @@ -version: 2 +version: 2.1 jobs: build: machine: @@ -32,3 +32,14 @@ jobs: - run: name: Launch build with bazel command: echo "bazel build //upload --verbose_failures" | HOMEWORLD_CHROOT="$HOME/autobuild-chroot" USER="circleci" ./build-chroot/enter-ci.sh +workflows: + version: 2 + build: + jobs: + - build: + filters: + branches: + only: + - staging + - trying + - master diff --git a/bors.toml b/bors.toml new file mode 100644 index 000000000..a7922c6d1 --- /dev/null +++ b/bors.toml @@ -0,0 +1,11 @@ +status = [ + "ci/circleci: build", + "continuous-integration/jenkins/branch", +] +required_approvals = 1 +timeout_sec = 10800 # three hour timeout +cut_body_after = "---" + +[committer] +name = "hyades-bors[bot]" +email = "sipb-hyades@mit.edu" diff --git a/docs/bors-ng-setup.txt b/docs/bors-ng-setup.txt index 2d5c311a4..b7566b33b 100644 --- a/docs/bors-ng-setup.txt +++ b/docs/bors-ng-setup.txt @@ -1,25 +1,38 @@ -exit # not quite a script; some parts are interactive. +exit # this isn't quite a script; some parts are interactive. -# Requires nginx setup from jenkins-setup.txt +### Register Github App # https://github.com/bors-ng/bors-ng#step-1-register-a-new-github-app # Dashboard URL: https://hijinks.mit.edu:4002/ +# Generate and download a private key (.pem file) + + +### Install dependencies wget -q -O - https://packages.erlang-solutions.com/debian/erlang_solutions.asc | apt-key add - echo 'deb https://packages.erlang-solutions.com/debian stretch contrib' >/etc/apt/sources.list.d/erlang-solutions.list + +wget -q -O - https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - +echo 'deb https://deb.nodesource.com/node_13.x stretch main' >/etc/apt/sources.list.d/nodesource.list + apt-get update -apt-get install esl-erlang elixir postgresql +apt-get install esl-erlang elixir postgresql nodejs -# use this command to generate random secrets when called for -borsng.service [Unit] Description=Bors-NG @@ -74,21 +88,28 @@ cd bors-ng mix local.hex --force mix deps.get --only prod mix local.rebar --force + +pushd assets +npm install +popd +npm run deploy --prefix ./assets +MIX_ENV=prod mix phx.digest + MIX_ENV=prod mix compile MIX_ENV=prod mix release + cat >~/bors-env < -DATABASE_URL='ecto://borsng:@localhost/borsng' -GITHUB_INTEGRATION_ID= -GITHUB_INTEGRATION_PEM='' -GITHUB_WEBHOOK_SECRET= -GITHUB_CLIENT_ID= -GITHUB_CLIENT_SECRET= +SECRET_KEY_BASE=??? # generate this randomly +DATABASE_URL='ecto://borsng:@localhost/borsng' # password from earlier +GITHUB_INTEGRATION_ID=??? # App id in github +GITHUB_WEBHOOK_SECRET=??? # generate this randomly and input it to github +GITHUB_CLIENT_ID=??? # from github +GITHUB_CLIENT_SECRET=??? # from github PUBLIC_HOST=localhost EOF -echo "GITHUB_INTEGRATION_PEM='$(base64 -w0 /path/to/file.private-key.pem)'" >>~bors-env +echo "GITHUB_INTEGRATION_PEM='$(base64 -w0 /path/to/file.private-key.pem)'" >>~bors-env # private key from github sh -ac '. ~/bors-env && POOL_SIZE=1 mix ecto.migrate' From 54235a606d8f0ecff40a1da50b4b6526fe66d8a5 Mon Sep 17 00:00:00 2001 From: Lily Chung Date: Sat, 18 Apr 2020 18:43:50 -0700 Subject: [PATCH 3/3] bors-ng: check linear git history before building This blocks pull requests if they contain merge commits. --- .circleci/config.yml | 17 ++++++++++++++++- bors.toml | 3 +++ tools/check-linear.sh | 12 ++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100755 tools/check-linear.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 65f4bde58..fd719d9b0 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,5 +1,13 @@ version: 2.1 jobs: + check-linear: + machine: + image: ubuntu-1604:201903-01 + steps: + - checkout + - run: + name: Check git history of branch is linear + command: tools/check-linear.sh build: machine: image: ubuntu-1604:201903-01 @@ -34,8 +42,15 @@ jobs: command: echo "bazel build //upload --verbose_failures" | HOMEWORLD_CHROOT="$HOME/autobuild-chroot" USER="circleci" ./build-chroot/enter-ci.sh workflows: version: 2 - build: + workflow: jobs: + - check-linear: + filters: + branches: + ignore: + - staging + - trying + - master - build: filters: branches: diff --git a/bors.toml b/bors.toml index a7922c6d1..adb5c6e78 100644 --- a/bors.toml +++ b/bors.toml @@ -2,6 +2,9 @@ status = [ "ci/circleci: build", "continuous-integration/jenkins/branch", ] +pr_status = [ + "ci/circleci: check-linear", +] required_approvals = 1 timeout_sec = 10800 # three hour timeout cut_body_after = "---" diff --git a/tools/check-linear.sh b/tools/check-linear.sh new file mode 100755 index 000000000..2d7f85c60 --- /dev/null +++ b/tools/check-linear.sh @@ -0,0 +1,12 @@ +#!/bin/bash +set -euo pipefail + +if [ 0 = "$(git rev-list --min-parents=2 --count "$(git merge-base origin/master HEAD)"..HEAD)" ] +then + echo 'git history is linear' +else + echo 'error: nonlinear branch git history' + echo 'merge commits:' + git rev-list --min-parents=2 "$(git merge-base origin/master HEAD)"..HEAD + exit 1 +fi