[webkit-changes] [295637] trunk/Tools/CISupport/ews-build

Fri, 17 Jun 2022 09:24:19 -0700

Title: [295637] trunk/Tools/CISupport/ews-build
Revision
295637
Author
jbed...@apple.com
Date
2022-06-17 09:23:05 -0700 (Fri, 17 Jun 2022)

Log Message

[ews-build.webkit.org] Seperate authentication for EWS and Merge-Queue
https://bugs.webkit.org/show_bug.cgi?id=241698
<rdar://problem/95328651>

Reviewed by Aakash Jain.

* Tools/CISupport/ews-build/events.py:
(Events.sendDataToGitHub): Allow caller to pick a different set of GitHub credentials.
(Events.buildFinishedGitHub): Pick GitHub credentials specific to builder.
(Events.stepStartedGitHub): Ditto.
* Tools/CISupport/ews-build/steps.py:
(GitHub):
(GitHub.user_for_queue): Map buildername to GitHub user.
(GitHub.credentials): Allow caller to pick a different set of GitHub credentials.
(GitHubMixin.fetch_data_from_url_with_authentication_github): Pick GitHub credentials
specific to builder.
(GitHubMixin.add_label): Ditto.
(GitHubMixin.remove_labels): Ditto.
(GitHubMixin.comment_on_pr): Ditto.
(GitHubMixin.update_pr): Ditto.
(GitHubMixin.close_pr): Ditto.
(CheckOutPullRequest.run): Ditto.
(PushPullRequestBranch.start): Ditto.
* Tools/CISupport/ews-build/steps_unittest.py:

Canonical link: https://commits.webkit.org/251642@main

Modified Paths

Diff

Modified: trunk/Tools/CISupport/ews-build/events.py (295636 => 295637)


--- trunk/Tools/CISupport/ews-build/events.py	2022-06-17 15:45:24 UTC (rev 295636)
+++ trunk/Tools/CISupport/ews-build/events.py	2022-06-17 16:23:05 UTC (rev 295637)
@@ -116,8 +116,8 @@
 
         agent.request(b'POST', self.EVENT_SERVER_ENDPOINT, Headers({'Content-Type': ['application/json']}), body)
 
-    def sendDataToGitHub(self, repository, sha, data):
-        username, access_token = GitHub.credentials()
+    def sendDataToGitHub(self, repository, sha, data, user=None):
+        username, access_token = GitHub.credentials(user=user)
 
         data['description'] = data.get('description', '')
         if len(data['description']) > self.MAX_GITHUB_DESCRIPTION:
@@ -196,7 +196,7 @@
             description=build.get('state_string'),
             context=build['description'] + custom_suffix,
         )
-        self.sendDataToGitHub(repository, sha, data_to_send)
+        self.sendDataToGitHub(repository, sha, data_to_send, user=GitHub.user_for_queue(self.extractProperty(build, 'buildername')))
 
     @defer.inlineCallbacks
     def buildFinished(self, key, build):
@@ -259,7 +259,7 @@
             description=state_string,
             context=builder.get('description', '?') + custom_suffix,
         )
-        self.sendDataToGitHub(repository, sha, data_to_send)
+        self.sendDataToGitHub(repository, sha, data_to_send, user=GitHub.user_for_queue(self.extractProperty(build, 'buildername')))
 
     @defer.inlineCallbacks
     def stepStarted(self, key, step):

Modified: trunk/Tools/CISupport/ews-build/steps.py (295636 => 295637)


--- trunk/Tools/CISupport/ews-build/steps.py	2022-06-17 15:45:24 UTC (rev 295636)
+++ trunk/Tools/CISupport/ews-build/steps.py	2022-06-17 16:23:05 UTC (rev 295637)
@@ -76,11 +76,19 @@
 
 
 class GitHub(object):
+    _cache = {}
+
     @classmethod
     def repository_urls(cls):
         return [GITHUB_URL + project for project in GITHUB_PROJECTS]
 
     @classmethod
+    def user_for_queue(cls, queue):
+        if queue.lower() in ['commit-queue', 'merge-queue', 'unsafe-merge-queue']:
+            return 'merge-queue'
+        return None
+
+    @classmethod
     def pr_url(cls, pr_number, repository_url=None):
         if not repository_url:
             repository_url = '{}{}'.format(GITHUB_URL, GITHUB_PROJECTS[0])
@@ -120,14 +128,21 @@
         return '{}/statuses/{}'.format(api_url, sha)
 
     @classmethod
-    def credentials(cls):
+    def credentials(cls, user=None):
+        prefix = f"GITHUB_COM_{user.upper().replace('-', '_')}_" if user else 'GITHUB_COM_'
+
+        if prefix in cls._cache:
+            return cls._cache[prefix]
+
         try:
             passwords = json.load(open('passwords.json'))
-            return passwords.get('GITHUB_COM_USERNAME', None), passwords.get('GITHUB_COM_ACCESS_TOKEN', None)
+            cls._cache[prefix] = passwords.get(f'{prefix}USERNAME', None), passwords.get(f'{prefix}ACCESS_TOKEN', None)
         except Exception as e:
             print('Error reading GitHub credentials')
-            return None, None
+            cls._cache[prefix] = None, None
 
+        return cls._cache[prefix]
+
     @classmethod
     def email_for_owners(cls, owners):
         if not owners:
@@ -147,7 +162,7 @@
     def fetch_data_from_url_with_authentication_github(self, url):
         response = None
         try:
-            username, access_token = GitHub.credentials()
+            username, access_token = GitHub.credentials(user=GitHub.user_for_queue(self.getProperty('buildername', '')))
             auth = HTTPBasicAuth(username, access_token) if username and access_token else None
             response = requests.get(
                 url, timeout=60, auth=auth,
@@ -257,7 +272,7 @@
 
         pr_label_url = '{}/issues/{}/labels'.format(api_url, pr_number)
         try:
-            username, access_token = GitHub.credentials()
+            username, access_token = GitHub.credentials(user=GitHub.user_for_queue(self.getProperty('buildername', '')))
             auth = HTTPBasicAuth(username, access_token) if username and access_token else None
             response = requests.request(
                 'POST', pr_label_url, timeout=60, auth=auth,
@@ -292,7 +307,7 @@
             return True
 
         try:
-            username, access_token = GitHub.credentials()
+            username, access_token = GitHub.credentials(user=GitHub.user_for_queue(self.getProperty('buildername', '')))
             auth = HTTPBasicAuth(username, access_token) if username and access_token else None
             response = requests.request(
                 'PUT', pr_label_url, timeout=60, auth=auth,
@@ -316,7 +331,7 @@
 
         comment_url = f'{api_url}/issues/{pr_number}/comments'
         try:
-            username, access_token = GitHub.credentials()
+            username, access_token = GitHub.credentials(user=GitHub.user_for_queue(self.getProperty('buildername', '')))
             auth = HTTPBasicAuth(username, access_token) if username and access_token else None
             response = requests.request(
                 'POST', comment_url, timeout=60, auth=auth,
@@ -347,7 +362,7 @@
 
         update_url = f'{api_url}/pulls/{pr_number}'
         try:
-            username, access_token = GitHub.credentials()
+            username, access_token = GitHub.credentials(user=GitHub.user_for_queue(self.getProperty('buildername', '')))
             auth = HTTPBasicAuth(username, access_token) if username and access_token else None
             response = requests.request(
                 'POST', update_url, timeout=60, auth=auth,
@@ -369,7 +384,7 @@
 
         update_url = f'{api_url}/pulls/{pr_number}'
         try:
-            username, access_token = GitHub.credentials()
+            username, access_token = GitHub.credentials(user=GitHub.user_for_queue(self.getProperty('buildername', '')))
             auth = HTTPBasicAuth(username, access_token) if username and access_token else None
             response = requests.request(
                 'POST', update_url, timeout=60, auth=auth,
@@ -943,7 +958,7 @@
         for command in commands:
             self.commands.append(util.ShellArg(command=command, logname='stdio', haltOnFailure=True))
 
-        username, access_token = GitHub.credentials()
+        username, access_token = GitHub.credentials(user=GitHub.user_for_queue(self.getProperty('buildername', '')))
         self.env = dict(
             GIT_COMMITTER_NAME='EWS',
             GIT_COMMITTER_EMAIL=FROM_EMAIL,
@@ -5084,7 +5099,7 @@
         head_ref = self.getProperty('github.head.ref')
         self.command = ['git', 'push', '-f', remote, f'HEAD:{head_ref}']
 
-        username, access_token = GitHub.credentials()
+        username, access_token = GitHub.credentials(user=GitHub.user_for_queue(self.getProperty('buildername', '')))
         self.workerEnvironment['GIT_USER'] = username
         self.workerEnvironment['GIT_PASSWORD'] = access_token

Modified: trunk/Tools/CISupport/ews-build/steps_unittest.py (295636 => 295637)


--- trunk/Tools/CISupport/ews-build/steps_unittest.py	2022-06-17 15:45:24 UTC (rev 295636)
+++ trunk/Tools/CISupport/ews-build/steps_unittest.py	2022-06-17 16:23:05 UTC (rev 295637)
@@ -6278,7 +6278,7 @@
         return self.runStep()
 
     def test_success(self):
-        GitHub.credentials = lambda: ('webkit-commit-queue', 'password')
+        GitHub.credentials = lambda user=None: ('webkit-commit-queue', 'password')
         self.setupStep(PushPullRequestBranch())
         self.setProperty('github.number', '1234')
         self.setProperty('github.head.repo.full_name', 'Contributor/WebKit')
@@ -6297,7 +6297,7 @@
             return self.runStep()
 
     def test_failure(self):
-        GitHub.credentials = lambda: ('webkit-commit-queue', 'password')
+        GitHub.credentials = lambda user=None: ('webkit-commit-queue', 'password')
         self.setupStep(PushPullRequestBranch())
         self.setProperty('github.number', '1234')
         self.setProperty('github.head.repo.full_name', 'Contributor/WebKit')

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to