From c70e7bb7cb3ce2e8fc5a159b7575964c873f6517 Mon Sep 17 00:00:00 2001 From: JEAN-FRANCOIS GUILLAUME Date: Wed, 30 Oct 2024 15:02:11 +0100 Subject: [PATCH] updating cuirass --- glicid/services/cuirass.scm | 95 +++++++++++++++++++++---------------- 1 file changed, 53 insertions(+), 42 deletions(-) diff --git a/glicid/services/cuirass.scm b/glicid/services/cuirass.scm index c8a7ff0..1705f35 100644 --- a/glicid/services/cuirass.scm +++ b/glicid/services/cuirass.scm @@ -25,7 +25,6 @@ cuirass-remote-worker-configuration? cuirass-remote-worker-service-type)) - (define %cuirass-default-database "dbname=cuirass") (define-record-type* cuirass-remote-server-configuration make-cuirass-remote-server-configuration cuirass-remote-server-configuration? @@ -34,10 +33,14 @@ (publish-port cuirass-remote-server-configuration-publish-port (default 5557)) (log-file cuirass-remote-server-log-file (default "/var/log/cuirass-remote-server.log")) (cache cuirass-remote-server-configuration-cache (default "/var/cache/cuirass/remote/")) + (log-expiry cuirass-remote-server-configuration-log-expiry (default (* 6 30 24 3600))) (publish? cuirass-remote-server-configuration-publish? (default #t)) (trigger-url cuirass-remote-server-trigger-url (default #f)) (public-key cuirass-remote-server-configuration-public-key (default #f)) - (private-key cuirass-remote-server-configuration-private-key (default #f))) + (private-key cuirass-remote-server-configuration-private-key (default #f)) + (git cuirass-remote-worker-configuration-git (default git)) + (http-proxy cuirass-configuration-http-proxy (default "")) + (https-proxy cuirass-configuration-https-proxy (default ""))) (define-record-type* cuirass-configuration make-cuirass-configuration cuirass-configuration? (cuirass cuirass-configuration-cuirass (default cuirass)) @@ -47,21 +50,23 @@ (user cuirass-configuration-user (default "cuirass")) (group cuirass-configuration-group (default "cuirass")) (interval cuirass-configuration-interval (default 60)) + (ttl cuirass-configuration-ttl (default 2592000)) + (threads cuirass-configuration-threads (default #f)) (parameters cuirass-configuration-parameters (default #f)) (remote-server cuirass-configuration-remote-server (default #f)) (database cuirass-configuration-database (default %cuirass-default-database)) (port cuirass-configuration-port (default 8081)) (host cuirass-configuration-host (default "localhost")) - (specifications cuirass-configuration-specifications) - (use-substitutes? cuirass-configuration-use-substitutes? (default #f)) + (specifications cuirass-configuration-specifications) (one-shot? cuirass-configuration-one-shot? (default #f)) (fallback? cuirass-configuration-fallback? (default #f)) (extra-options cuirass-configuration-extra-options (default '())) + (web-extra-options cuirass-configuration-web-extra-options (default '())) + (git cuirass-remote-worker-configuration-git (default git)) (http-proxy cuirass-configuration-http-proxy (default "")) (https-proxy cuirass-configuration-https-proxy (default ""))) -(define (cuirass-shepherd-service config) - "Return a for the Cuirass service with CONFIG." +(define (cuirass-shepherd-service config) "Return a for the Cuirass service with CONFIG." (let ((cuirass (cuirass-configuration-cuirass config)) (cache-directory (cuirass-configuration-cache-directory config)) (web-log-file (cuirass-configuration-web-log-file config)) @@ -69,79 +74,88 @@ (user (cuirass-configuration-user config)) (group (cuirass-configuration-group config)) (interval (cuirass-configuration-interval config)) + (ttl (cuirass-configuration-ttl config)) + (threads (cuirass-configuration-threads config)) (parameters (cuirass-configuration-parameters config)) (remote-server (cuirass-configuration-remote-server config)) (database (cuirass-configuration-database config)) (port (cuirass-configuration-port config)) (host (cuirass-configuration-host config)) - (specs (cuirass-configuration-specifications config)) - (use-substitutes? (cuirass-configuration-use-substitutes? config)) + (config-file (scheme-file "cuirass-specs.scm" (cuirass-configuration-specifications config))) (one-shot? (cuirass-configuration-one-shot? config)) (fallback? (cuirass-configuration-fallback? config)) (extra-options (cuirass-configuration-extra-options config)) - (http-proxy (cuirass-configuration-http-proxy config)) - (https-proxy (cuirass-configuration-https-proxy config)) - ) + (web-extra-options (cuirass-configuration-web-extra-options config)) + (git cuirass-remote-worker-configuration-git (default git)) + (http-proxy cuirass-configuration-http-proxy (default "")) + (https-proxy cuirass-configuration-https-proxy (default ""))) `(,(shepherd-service (documentation "Run Cuirass.") (provision '(cuirass)) - (requirement '(guix-daemon networking)) - ;(requirement '(guix-daemon postgres postgres-roles networking)) + (requirement '(user-processes + guix-daemon + postgres postgres-roles networking)) (start #~(make-forkexec-constructor (list (string-append #$cuirass "/bin/cuirass") "register" "--cache-directory" #$cache-directory - "--specifications" - #$(scheme-file "cuirass-specs.scm" specs) + "--specifications" #$config-file "--database" #$database "--interval" #$(number->string interval) + #$@(if ttl + (list (string-append "--ttl=" (number->string ttl) "s")) + '()) + #$@(if threads + (list (string-append "--threads=" (number->string threads))) + '()) #$@(if parameters (list (string-append "--parameters=" parameters)) '()) #$@(if remote-server '("--build-remote") '()) - #$@(if use-substitutes? '("--use-substitutes") '()) #$@(if one-shot? '("--one-shot") '()) #$@(if fallback? '("--fallback") '()) #$@extra-options) - #:environment-variables (list "GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt" - (string-append "GIT_EXEC_PATH=" #$git "/libexec/git-core") - (string-append "http_proxy=" #$http-proxy) - (string-append "https_proxy=" #$http-proxy)) + #:environment-variables + (list "GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt" + (string-append "GIT_EXEC_PATH=" #$git "/libexec/git-core") + (string-append "http_proxy=" #$http-proxy) + (string-append "https_proxy=" #$http-proxy)) #:user #$user #:group #$group #:log-file #$main-log-file)) - (stop #~(make-kill-destructor))) + (stop #~(make-kill-destructor)) + (actions (list (shepherd-configuration-action config-file)))) ,(shepherd-service (documentation "Run Cuirass web interface.") (provision '(cuirass-web)) - (requirement '(cuirass)) + (requirement '(user-processes cuirass)) (start #~(make-forkexec-constructor (list (string-append #$cuirass "/bin/cuirass") "web" "--database" #$database "--listen" #$host "--port" #$(number->string port) - #$@(if parameters - (list (string-append "--parameters=" parameters)) + #$@(if parameters (list (string-append "--parameters=" parameters)) '()) - #$@extra-options) + #$@web-extra-options) #:user #$user #:group #$group #:log-file #$web-log-file)) (stop #~(make-kill-destructor))) ,@(if remote-server - (match-record remote-server (backend-port publish-port log-file cache publish? trigger-url public-key private-key) + (match-record remote-server (backend-port publish-port log-file log-expiry cache publish? trigger-url public-key private-key git http-proxy https-proxy) (list (shepherd-service (documentation "Run Cuirass remote build server.") (provision '(cuirass-remote-server)) - (requirement '(avahi-daemon cuirass)) + (requirement '(user-processes avahi-daemon cuirass)) (start #~(make-forkexec-constructor (list (string-append #$cuirass "/bin/cuirass") "remote-server" (string-append "--database=" #$database) (string-append "--cache=" #$cache) (string-append "--user=" #$user) + (string-append "--log-expiry=" #$(number->string log-expiry) "s") #$@(if backend-port (list (string-append "--backend-port=" (number->string backend-port))) '()) @@ -171,8 +185,7 @@ (stop #~(make-kill-destructor))))) '())))) -(define (cuirass-account config) - "Return the user accounts and user groups for CONFIG." +(define (cuirass-account config) "Return the user accounts and user groups for CONFIG." (let ((cuirass-user (cuirass-configuration-user config)) (cuirass-group (cuirass-configuration-group config))) (list (user-group @@ -192,12 +205,12 @@ (name user) (create-database? #t))))) -(define (cuirass-activation config) - "Return the activation code for CONFIG." +(define (cuirass-activation config) "Return the activation code for CONFIG." (let* ((cache (cuirass-configuration-cache-directory config)) (remote-server (cuirass-configuration-remote-server config)) (remote-cache (and remote-server (cuirass-remote-server-configuration-cache remote-server))) (user (cuirass-configuration-user config)) + (runstatedir "/var/run/cuirass") (log "/var/log/cuirass") (profile (string-append "/var/guix/profiles/per-user/" user)) (roots (string-append profile "/cuirass")) @@ -208,6 +221,7 @@ (mkdir-p #$cache) (mkdir-p #$log) (mkdir-p #$roots) + (mkdir-p #$runstatedir) (when #$remote-cache (mkdir-p #$remote-cache)) (let ((uid (passwd:uid (getpw #$user))) @@ -216,11 +230,12 @@ (chown #$log uid gid) (chown #$roots uid gid) (chown #$profile uid gid) + (chown #$runstatedir uid gid) + (chmod #$runstatedir #o700) (when #$remote-cache (chown #$remote-cache uid gid))))))) -(define (cuirass-log-rotations config) - "Return the list of log rotations that corresponds to CONFIG." +(define (cuirass-log-rotations config) "Return the list of log rotations that corresponds to CONFIG." (list (log-rotation (files (append (list (cuirass-configuration-log-file config) (cuirass-configuration-web-log-file config)) @@ -241,14 +256,9 @@ (service-extension rottlog-service-type cuirass-log-rotations) (service-extension activation-service-type cuirass-activation) (service-extension shepherd-root-service-type cuirass-shepherd-service) - (service-extension account-service-type cuirass-account) - ; we don't need the following as we use a remote database - ;(service-extension postgresql-service-type (const #t)) - ;(service-extension postgresql-role-service-type cuirass-postgresql-role) - )) + (service-extension account-service-type cuirass-account))) (description "Run the Cuirass continuous integration service."))) - (define-record-type* cuirass-remote-worker-configuration make-cuirass-remote-worker-configuration cuirass-remote-worker-configuration? (cuirass cuirass-remote-worker-configuration-cuirass (default cuirass)) (workers cuirass-remote-worker-workers (default 1)) @@ -256,20 +266,21 @@ (systems cuirass-remote-worker-systems (default (list (%current-system)))) (log-file cuirass-remote-worker-log-file (default "/var/log/cuirass-remote-worker.log")) (publish-port cuirass-remote-worker-configuration-publish-port (default 5558)) - (substitute-urls cuirass-remote-worker-configuration-substitute-urls (default %default-substitute-urls)) + (substitute-urls cuirass-remote-worker-configuration-substitute-urls (default %default-substitute-urls)) (public-key cuirass-remote-worker-configuration-public-key (default #f)) (private-key cuirass-remote-worker-configuration-private-key (default #f)) + (git cuirass-remote-worker-configuration-git (default git)) (http-proxy cuirass-configuration-http-proxy (default "")) (https-proxy cuirass-configuration-https-proxy (default "")) ) (define (cuirass-remote-worker-shepherd-service config) "Return a for the Cuirass remote worker service with CONFIG." - (match-record config (cuirass workers server systems log-file publish-port substitute-urls public-key private-key http-proxy https-proxy) + (match-record config (cuirass workers server systems log-file publish-port substitute-urls public-key private-key git http-proxy https-proxy) (list (shepherd-service (documentation "Run Cuirass remote build worker.") (provision '(cuirass-remote-worker)) - (requirement '(avahi-daemon guix-daemon networking)) + (requirement '(user-processes avahi-daemon guix-daemon networking)) (start #~(make-forkexec-constructor (list (string-append #$cuirass "/bin/cuirass") "remote-worker"