Commit graph

34 commits

Author SHA1 Message Date
Luke Granger-Brown
6d7713572f chore(3p/gerrit): downgrade mina SSHd again
This breaks it with "ssh_dispatch_run_fatal: Connection to
2a01:4f8:242:5b21:0:feed:edef:beef port 29418: incorrect signature"

Change-Id: I9bafc5fb6d4743ce4f097158ec14fecc791366ca
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11965
Tested-by: BuildkiteCI
Autosubmit: lukegb <lukegb@tvl.fyi>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2024-07-08 09:41:21 +00:00
Luke Granger-Brown
c05bf02a85 chore(3p/gerrit): create buildBazelPackageNG and migrate gerrit to it
This bumps Gerrit to 3.10.0, and also introduces a new mechanism for
building it that should hopefully have some more stable hashes than the
previous bodgery.

In this world, we only cache what we explicitly want to. There are some
hooks implemented for `rules_java` and `rules_nodejs` (before version
6) that force use of local binaries; this means we can drop the use of
the FHSUserEnv and use the java and nodejs binaries provided by nixpkgs
instead.

detzip is deleted; it hasn't been used in yonks.

We also add https://gerrit-review.googlesource.com/c/gerrit/+/431977,
which bumps the SSHd version so that we can have U2F-based SSH keys.

Change-Id: Ie12a9a33bbb1e4bd96aa252580aca3b8bc4a1205
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11963
Reviewed-by: lukegb <lukegb@tvl.fyi>
Autosubmit: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2024-07-08 00:17:56 +00:00
Luke Granger-Brown
28173ca4b9 chore(3p/gerrit): 3.8.2 -> 3.9.1
Change-Id: I8fa10b52c44bd3d5efb0fff740ad6d5da6e96831
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10802
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2024-02-12 15:59:15 +00:00
Luke Granger-Brown
70b4eadb5f chore(3p/gerrit): 3.7.0-rc4 -> 3.8.2
Bump gerrit plugins dep hashes, and for code-owners rebase it against
master.

Change-Id: If7da0ca391b4a5c0102560ca8d52b6f5a2dfd223
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9734
Autosubmit: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2023-10-16 00:35:44 +00:00
sterni
6ce45cbaea chore(3p/sources): Bump channels & overlays
* //3p/sources: Note that emacs-overlay is not updated for now, as
  changes in emacs HEAD break //users/sterni/emacs.

* //3p/gerrit_plugins/code-owners: deps hash changed once again
  or was no longer in the Nix store.

  Unfortunately, building the deps derivations from scratch for gerrit
  and the gerrit plugins no longer works due to a nixpkgs regression:
  Due to a (operator precedence) mistake in the way the deps
  derivation's installPhase is computed, it would append extra code to
  the installPhase provided by us, causing a bash syntax error.

  I have proposed a fix for this
  upstream (<https://github.com/NixOS/nixpkgs/pull/228305>). Adding a
  workaround in the repo would be possible, but a bit annoying. Since
  the derivations are fixed output anyways, I've opted to build the
  missing deps derivation (for code-owners) locally using the fixed
  nixpkgs, updated the sha256 and copied the result into whitby's Nix
  store. Hopefully by the next time we'll be rebuilding the deps
  derivations again the fix will have propagated into the NixOS unstable
  channel.

* //users/grfn/system/system:roswellSystem: Use mysql80 from stable.
  See also https://github.com/NixOS/nixpkgs/issues/226673.

Change-Id: I9b9d57f589be4cdc3fd4f39729c170a25a655b74
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8483
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2023-04-26 15:40:11 +00:00
sterni
b4670bfbd1 chore(3p/sources): Bump channels & overlays
* //3p/gerrit{,_plugins}: adjust for API change to buildBazelPackage

  440b4de588

* //3p/gerrit_plugins: update hash of deps jar

Change-Id: I131d5846acbce718126fb47671893a568d1020dd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8445
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-04-09 13:41:21 +00:00
Luke Granger-Brown
d92ca10990 chore(gerrit): bump to 3.7.0-rc4
Change-Id: Ib6f4fd5817fb5415cff5ea1d8c75c8c9a08d56b4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7185
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2022-11-06 16:46:28 +00:00
Luke Granger-Brown
8669bd0ee6 fix(code-owners): put a user in the context for group resolution.
We need a user in the context when we ask the groups backend to look up
groups by name, so for now if we don't have a _real_ user in the context
(such as during change indexing), then populate the context with the
anonymous user just for the duration of the groups backend calls.

Change-Id: If961d84fe57443cb95deb59628802658585ed1cb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7172
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2022-11-06 16:46:28 +00:00
Luke Granger-Brown
ae98240df2 feat(gerrit): add code-owners plugin
This is the New Thing that is intended to replace the find-owners
and owners plugins.

In particular:

* It inserts a submit requirement rather than providing a Prolog
  predicate.
* The default OWNERS file formats are suspiciously Googley.
* It provides a neat UI for finding OWNERS and tracking approval
  state on a per-file basis.

When we fully migrate to using the code-owners plugin, a few
things will need to land, which I will likely do "offline"
directly to the Gerrit backing Git repos:

* Add the corresponding Gerrit config
* Replace OWNERS files depot-wide
* Add OWNERS files to the refs/meta/config branch
* Introduce the Owners-Override label, settable by depot-interventions

The enclosed patch adds two extra pieces of functionality that
we need in tvldepot but aren't upstream:

1. The ability to just specify usernames rather than email addresses
2. The ability to specify `group:GROUPNAME`, _as long as_ that group is
   visible to everyone. This is a restriction intended to avoid having
   the plugin just leak group membership.

Change-Id: I27d92b6cb7449af83030b9015f09a1571aa8452f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6664
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
2022-09-19 11:04:48 +00:00
Luke Granger-Brown
19c0723045 chore(3p): gerrit: 3.4.0 -> 3.6.1
This change cannot be deployed OOTB: you must upgrade
by 3.5.2+ first, and run copy-approvals.

Change-Id: Ia2e49da4d801a21a3db59e2d5b054eeb46d7dc79
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6505
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2022-09-11 16:56:15 +00:00
sterni
3badee71bb chore(3p/sources): Bump channels & overlays
* //3p/gerrit_plugins:owners: update output sha256

Change-Id: I1dded4b0abbf1bfab546040f9e84295663a0b2cc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5400
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
2022-03-30 09:35:39 +00:00
Vincent Ambo
aa122cbae7 style: format entire depot with nixpkgs-fmt
This CL can be used to compare the style of nixpkgs-fmt against other
formatters (nixpkgs, alejandra).

Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: cynthia <cynthia@tvl.fyi>
Reviewed-by: edef <edef@edef.eu>
Reviewed-by: eta <tvl@eta.st>
Reviewed-by: grfn <grfn@gws.fyi>
2022-01-31 16:11:53 +00:00
sterni
6b285f008d chore(3p): bump NixOS channels to 2021-12-15
* Switch from (unused) NixOS 21.05 to newly released NixOS 21.11
  channel.

* grfn/machines/yeren: Linux 5.14.x -> 5.15.x

* 3p/gerrit, 3p/gerrit_plugin/oauth: update dependency bundle output
  hashes to what whitby comes up with now.

Change-Id: Id3bfe3d07b9223f77ec628954783a6b0a48f4086
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4310
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2021-12-15 17:43:52 +00:00
Vincent Ambo
4f1249e46f refactor(readTree): Move 'drvTargets' into readTree
This function is also generally useful for readTree consumers that
have the concept of subtargets.

Change-Id: Ic7fc03380dec6953fb288763a28e50ab3624d233
2021-11-23 14:42:08 +00:00
Vincent Ambo
fe225d48a1 feat(3p/gerrit): Upgrade Gerrit and plugins to v3.4.0
Brings us back to a stable version of Gerrit instead of a random
commit. Note that Gerrit 3.4.1 is out, but due to a bug it can not be
built publicly because it accidentally points at a private
submodule (this is being fixed upstream).

Change-Id: I0376c63a649498cef999dfa99bfccba511f2c8da
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3444
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-08-28 15:32:53 +00:00
Vincent Ambo
65be8f20e0 chore(nixpkgs): Bump channels to 2021-05-25
* users/grfn/system/home/yeren: remove obsolete awscli2 overrides

* ops: make new isSystemUser || isNormalUser assertion happy

* users/grfn/system/system/mugwump: make buildkite agents system users

* users/tazjin/nixos/camden: set isSystemUser = true for git

* users/tazjin/emacs: Remove missing & broken packages

* third_party/openldap: remove, as the argon2 module is now enabled upstream

* third_party/gerrit_plugins: Pinned new unstable hashes

* third_party/nix, third_party/grpc: Disabled CI as these are broken

* third_party/overlays/emacs: Bumped version to stay in sync with channel

* third_party/buzz: Update LIBCLANG_PATH to reference libclang.lib,
  since libclang's default output no longer contains libclang.so

* users/grfn/system/home: Install julia-stable instead of julia (which
  aliases to julia-lts), as the latter depends on an insecure version of
  libgit

Change-Id: Iff33b0ecb0ef07a82d1de35e23c40d2f4bf0f8ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3001
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
2021-05-25 17:09:28 +00:00
Luke Granger-Brown
ba30cd6bb2 fix(3p/gerrit_plugins/oauth): adapt to CAS "flat" attributes
CAS nested attributes produce a key called "attributes", which is
disliked by Grafana, because it expects any key called attributes to be
a map<string, list<string>>, whereas CAS just produces a map<string,
string>.

As part of setting up Grafana SSO we need therefore to fix Gerrit so it
can adapt to the new syntax that we're adopting.

Change-Id: Ia79dae78c0eae6e21135a06cd5850606f82bcdb8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2981
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-04-12 23:37:46 +00:00
Luke Granger-Brown
0dba3ce133 chore(3p/gerrit): update gerrit and plugins
This reverts commit 9551b628d0 (i.e. this is a rollfoward for https://cl.tvl.fyi/c/depot/+/2817)

Change-Id: Iaffcf1cdbe119d26ecb09cc88f9a56436b374c08
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2870
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2021-04-06 18:43:04 +00:00
lukegb
9551b628d0 revert(3p/gerrit): chore(3p/gerrit): update gerrit and plugins
This reverts commit f59c6214c4.

Reason for revert: new gerrit's JS appears to not have compiled correctly; rolling back until I can figure out why

Change-Id: If16fe341aad25bef30ed7be8c6ac49cadf2a732c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2821
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
2021-04-04 10:30:19 +00:00
Luke Granger-Brown
f59c6214c4 chore(3p/gerrit): update gerrit and plugins
Yeet.

Change-Id: I4de6453419f520a44af19d561a36d242195a64e9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2817
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-04-04 10:11:25 +00:00
Luke Granger-Brown
81a7bd4765 chore(3p/gerrit_plugins): init oauth
Add the OAuth gerrit plugin to our mini collection of Gerrit plugins.

This includes a patch to make the plugin work correctly with CAS 6.x,
which has changed the attributes into a JSON object with the attributes
nested inside, instead of a JSON list.

Change-Id: I4741f137cca9c8eb45b9ea660fb4cbf6962be9a4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2782
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-04-03 19:11:18 +00:00
Luke Granger-Brown
268cb4cb11 chore(3p/gerrit_plugins): attempt to stabilise hashes a bit
I'm dropping the leaveDotGit and deepClone bits; they were set like that
purely to try to make the build stamping work. In practice, not only
does the build stamping not work, but it also means we hit some
inconveniently-different hashes from time to time when gitiles does...
something??? on its backend.

I'm also putting some gcroots for these on whitby, which should also
help a bit, although it's a bit of a hack.

Change-Id: Ie6082248393e62795c18b1971fc2d16f4e8cc81d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2781
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-04-03 18:39:17 +00:00
Vincent Ambo
2b42afa800 chore(3p/gerrit_plugins): Build plugins separately in CI
Change-Id: I76aeaa879e43b1fd08440f60a4f320bb7b48c6ab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2630
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2021-03-21 13:01:51 +00:00
Vincent Ambo
39c400fa09 chore(3p/gerrit): Update pinned dependency hash
Change-Id: I1807ac1771d23b00e3a78cc36fb2f82a12900993
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2629
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2021-03-21 13:01:51 +00:00
sterni
c6b243a7a5 chore(3p/gerrit_plugins): fix fixed-output sha256 of check
Once again the sha256 of the fetchgit fixed output derivation for check
changed which was brought to light by the recent GC on whitby.

Change-Id: Ib3c3b5b489717ac6d73631282f27e4363d4ac5c1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2481
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2021-02-01 23:14:49 +00:00
Vincent Ambo
88bf43878f chore(3p): Bump NixOS channels to 2020-12-28
Changes:

* ops/nixos/tvl-slapd: The NixOS module for OpenLDAP has removed the
  ability to configure OpenLDAP directly and now forces users to use
  some kind of weird Nix->OLC mapping that is mostly undocumented.

  This moves the config we need to the new format in a way that may or
  may not work and does the other arbitrary dance steps that someone
  decided to impose on us. Note that this now throws lots of warnings,
  but I can't be bothered to fix them.

* 3p: Random package removals accomodated

* users/glittershark: Pin grfn's kernel to 5.9, because the CK patch
  is not yet updated for 5.10

* users/glittershark: Update vendor hash for pg-dump-upsert, I suspect
  this changed because of something in the Go build machinery in
  nixpkgs. The deleteVendor flag also has no effect anymore and has been
  removed.

* users/glittershark: agda build is broken, commenting out development
  home-manager environment until it can be fixed

* third_party/haskell_overlay: updating random needs upper boundarles
  of a few dependencies relaxed (curse them)

* third_party/gerrit_plugins: for some cursed reason the fixed-output
  hash of the gerrit owners plugin fetchgit changed, updated.
  Same for the checks plugin.

Change-Id: Ica37995fe8039d3ba80eab643867f98795c56734
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2295
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2021-01-09 13:21:00 +00:00
Luke Granger-Brown
bbfcc7bbf0 chore(3p/gerrit): bump to latest version deployed on gerrit-review
Change-Id: I0aee39b21346f378964bab69bd903e8f43b7e7e8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2265
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
2020-12-20 16:10:40 +00:00
Luke Granger-Brown
77be22549a chore(3p/gerrit): update to latest upstream HEAD
Change-Id: Ia7b17ca83ace164881a4dd8b0288741489bc467c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2164
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
2020-11-29 02:26:46 +00:00
Luke Granger-Brown
173f2c8f76 chore(gerrit): Update to latest HEAD.
Change-Id: I650777bbbd24a1922f26967fbbd7da06d14b6786
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1516
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-08-02 01:01:08 +00:00
Luke Granger-Brown
a8bc8357d8 feat(3p/gerrit_plugins): init Gerrit checks plugin
The Gerrit Checks plugin adds a new tab to the Gerrit UI, which is
intended for display of status of automated checks which are being run.
We can use this for e.g. reporting the run status of our CI builds/other
stuff.

Change-Id: Ib0d9a8ae68061a76191a56d467d915100b766e1b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1462
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-27 00:00:48 +00:00
Luke Granger-Brown
e780435d09 chore(3p/gerrit_plugins): add machinery for compiling Gerrit plugins from source
This looks particularly obnoxious for the owners plugin, because it's
actually two plugins with a common library in the same repo. Other
plugins are much cleaner to deal with (hence the default for
overlayPluginCmd).

Change-Id: Ibb9588c8a29b63e8509436fcbb70054e89349712
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1461
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-27 00:00:48 +00:00
Vincent Ambo
a577fd83d6 chore(monorepo-gerrit): Remove 'owners-autoassign' plugin
This plugin just blindly assigns everyone and, as q3k has already
pointed out, just isn't particularly useful.

We might want to roll our own, for example:

19: 40:41 <+Remosi> I want the virtual owner thing, we could call it
 Gerrit Workgroup Synthesizer Queuing, or gwsq for short.
Change-Id: Ib12a921ae4047ac6a734035dd0900c8964fb12d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/350
Reviewed-by: riking <rikingcoding@gmail.com>
2020-06-15 00:38:48 +00:00
Vincent Ambo
34e30bf7a6 chore(3p/gerrit_plugins): Update plugins for Gerrit 3.2
Change-Id: I0b1a2871768a8369dac7a3e2b06a38c07741e945
Reviewed-on: https://cl.tvl.fyi/c/depot/+/281
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-14 17:31:24 +00:00
Vincent Ambo
f36d1d1b2e feat(3p/gerrit_plugins): Add derivations for Gerrit owners plugin
Change-Id: I319f812746aea6069c45727f5afae8b9b79effdd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/221
Reviewed-by: q3k <q3k@q3k.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-13 18:59:12 +00:00