From: Aric Gardner Date: Mon, 26 Nov 2018 20:48:48 +0000 (-0500) Subject: lftools gerrit create for new projects X-Git-Tag: v0.20.0~9^2 X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=21129cf9fb5a209670544e22fe001453c69f003b;p=releng%2Flftools.git lftools gerrit create for new projects Creates a project and sets up permissions calls gerrit create project: -creates the repo (Parent is configurable) -clones the repo -modifies groups file in /refs/meta/config to add GitHub Replication -adds a .gitreview and pushes it to HEAD:refs/heads/master If --enable is passed, it will -allow Github read (groups file is already in place) -replication start --wait Issue: RELENG-1578 Change-Id: Id5bb3c52918c5fcad9e10b32ee14a90eb0b0d3ff Signed-off-by: Aric Gardner --- diff --git a/docs/commands/gerrit.rst b/docs/commands/gerrit.rst new file mode 100644 index 00000000..0a157cbb --- /dev/null +++ b/docs/commands/gerrit.rst @@ -0,0 +1,13 @@ +****** +Deploy +****** + +.. program-output:: lftools gerrit --help + +Commands +======== + +create +-------- + +.. program-output:: lftools gerrit create --help diff --git a/docs/commands/index.rst b/docs/commands/index.rst index 1a10b280..81f7ba22 100644 --- a/docs/commands/index.rst +++ b/docs/commands/index.rst @@ -13,6 +13,7 @@ It supports the following commands: config deploy dco + gerrit license nexus openstack diff --git a/lftools/cli/__init__.py b/lftools/cli/__init__.py index b2b0720d..9f12d652 100644 --- a/lftools/cli/__init__.py +++ b/lftools/cli/__init__.py @@ -22,6 +22,7 @@ from lftools import config as conf from lftools.cli.config import config_sys from lftools.cli.dco import dco from lftools.cli.deploy import deploy +from lftools.cli.gerrit import gerrit_cli from lftools.cli.infofile import infofile from lftools.cli.jenkins import jenkins_cli from lftools.cli.license import license @@ -74,9 +75,10 @@ def cli(ctx, debug, interactive, password, username): cli.add_command(config_sys) -cli.add_command(infofile) cli.add_command(deploy) cli.add_command(dco) +cli.add_command(gerrit_cli, name='gerrit') +cli.add_command(infofile) cli.add_command(jenkins_cli, name='jenkins') cli.add_command(license) cli.add_command(nexus) diff --git a/lftools/cli/gerrit.py b/lftools/cli/gerrit.py new file mode 100644 index 00000000..9db2d089 --- /dev/null +++ b/lftools/cli/gerrit.py @@ -0,0 +1,62 @@ +# SPDX-License-Identifier: EPL-1.0 +############################################################################## +# Copyright (c) 2018 The Linux Foundation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +############################################################################## +"""Create a gerrit project.""" + +from __future__ import print_function + +import subprocess +import sys + +import click + + +@click.group() +@click.pass_context +def gerrit_cli(ctx): + """GERRIT TOOLS.""" + pass + + +@click.command(name='create') +@click.argument('gerrit_url') +@click.argument('ldap_group') +@click.argument('repo') +@click.argument('user') +@click.option('--enable', is_flag=True, + help='Enable replication to Github.') +@click.option('--parent', type=str, required=False, + help='Specify parent other than "All-Projects".') +@click.pass_context +def create( + ctx, gerrit_url, ldap_group, repo, user, enable, parent): + """Create and configure permissions for a new gerrit repo. + + GERRIT_URL: server fqdn ex: gerrit.localhost + + LDAP_GROUP: owner ex: project-gerrit-group-committers + + REPO: repo name ex: testrepo + + USER: user that has permissions in gerrit + """ + params = ['gerrit_create'] + params.extend(["-s", gerrit_url]) + params.extend(["-o", ldap_group]) + params.extend(["-r", repo]) + params.extend(["-u", user]) + if parent: + params.extend(["-p", parent]) + if enable: + params.extend(["-e"]) + status = subprocess.call(params) + sys.exit(status) + + +gerrit_cli.add_command(create) diff --git a/releasenotes/notes/gerrit-create-e3bea58593d0a1dd.yaml b/releasenotes/notes/gerrit-create-e3bea58593d0a1dd.yaml new file mode 100644 index 00000000..d31b0a7b --- /dev/null +++ b/releasenotes/notes/gerrit-create-e3bea58593d0a1dd.yaml @@ -0,0 +1,19 @@ +--- +features: + - | + Gerrit project create and github enable replication commands. + + Usage: lftools gerrit [OPTIONS] COMMAND [ARGS]... + + .. code-block:: none + + Commands: + create Create and configure permissions for a new gerrit repo. + + .. code-block:: none + + Options: + --enable Enable replication to Github. + This skips creating the repo. + --parent Specify parent other than "All-Projects" + --help Show this message and exit. diff --git a/setup.cfg b/setup.cfg index 0503a8b3..8d020021 100644 --- a/setup.cfg +++ b/setup.cfg @@ -36,6 +36,7 @@ packages = lftools scripts = shell/dco shell/deploy + shell/gerrit_create shell/inactivecommitters shell/sign shell/version diff --git a/shell/gerrit_create b/shell/gerrit_create new file mode 100755 index 00000000..6cc4e41c --- /dev/null +++ b/shell/gerrit_create @@ -0,0 +1,246 @@ +#!/bin/bash -l +# SPDX-License-Identifier: EPL-1.0 +############################################################################## +# Copyright (c) 2018 The Linux Foundation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +############################################################################## +set -euo pipefail +TMP_WORKSPACE="${OPTARG:-/tmp/}" +parent="${OPTARG:-All-Projects}" +ENABLE_REPLICATION=false + +sanity_checks () { + echo gerrit url="$project" + echo new repo name="$repository" + echo parent="$parent" + + if [[ $(ssh -p 29418 "$user"@"$project" gerrit version) ]]; + then + echo "connected to Gerrit" + else + echo "cannot connect to Gerrit" + exit 1 + fi + + # shellcheck disable=SC2029 + if ! $ENABLE_REPLICATION; then + ssh -p 29418 "$user"@"$project" gerrit set-project "$repository" &> /dev/null && \ + echo "$repository Already exists, cannot create exiting" && exit 1 + fi + + #Exit if ldap group does not exist + #To run from your workstation you must be on the vpn + echo "Checking that ldapgroup=$ldapgroup exists" + check_ldap="$(lftools ldap csv "$ldapgroup")" + if [[ -z "$check_ldap" ]]; then + echo "ldap group is empty or does not exist." + exit 1 + fi + + repodashed="$(echo "$repository" | sed -e 's/\//-/g')" + gerrit_name="$(echo "$project" | awk -F"." '{print $2}')" + + + if $ENABLE_REPLICATION; then + if git ls-remote git@github.com:"$gerrit_name"/"$repodashed".git HEAD &> /dev/null; then + echo "PASS $gerrit_name $repository exists in Github" + else + echo "FAIL $gerrit_name $repository does not exist in Github" + exit 1 + fi + fi + +} + +movetoworkspace () { + if ! [[ -d "$TMP_WORKSPACE" ]]; then + echo "$TMP_WORKSPACE" + mkdir -p "$TMP_WORKSPACE" + else + echo "$TMP_WORKSPACE already exists" + fi + cd "$TMP_WORKSPACE" +} + +create_repo () { + echo "Creating repository $repository" + # shellcheck disable=SC2029 + if [[ $parent == "All-Projects" ]]; then + ssh -p 29418 "$user"@"$project" "gerrit create-project $repository --empty-commit --parent $parent --owner ldap/$ldapgroup" + else + ssh -p 29418 "$user"@"$project" "gerrit create-project $repository --empty-commit --parent $parent" + fi + +} + +clone_repo() { + movetoworkspace + if ! [[ -d "$repository" ]]; + then + git clone ssh://"$user"@"$project":29418/"$repository" "$repository" &> /dev/null + cd "$repository" + fi + +} + +create_groups_file () { + cd "$TMP_WORKSPACE"/"$repository" + git fetch origin refs/meta/config &> /dev/null && git checkout FETCH_HEAD &> /dev/null + + #get uuid for for GitHub users into groups file + ssh -p 29418 "$user"@"$project" gerrit ls-groups --verbose \ + | grep "GitHub\ Replication"\ + | awk '{print $3"\t"$1,$2}' > groups.tmp + + if [[ $parent == "All-Projects" ]]; then + printf "global:Registered-Users\tRegistered Users\n\ +ldap:cn=%s,ou=Groups,dc=freestandards,dc=org\tldap/%s\n" "$ldapgroup" "$ldapgroup"\ +>> groups.tmp + else + printf "global:Registered-Users\tRegistered Users\n" >> groups.tmp + fi + + echo "groups file:" + echo "" + cat groups.tmp + touch groups + + if diff groups groups.tmp; then + echo groups file already configured not pushing + rm groups.tmp + else + mv groups.tmp groups + git add groups + git commit -sv -m "Creating groups file" &> /dev/null + + if git push origin HEAD:refs/meta/config &> /dev/null; then + echo "git push for groups file succeeded" + else + echo "git push for groups file failed" + exit 1 + fi + fi + +} + + +add_gitreview () { + cd "$TMP_WORKSPACE"/"$repository" + if ! git reset --hard origin/master &> /dev/null; then + echo "git reset failed" + exit 1 + fi + + has_gitreview="$(git ls-files .gitreview)" + if [[ -z $has_gitreview ]]; then + + printf "[gerrit]\n\ +host=%s\n\ +port=29418\n\ +project=%s.git\n\ +defaultbranch=master\n" "$project" "$repository" > .gitreview + + git add .gitreview + git commit -sv -m "Forcing .gitreview into repo" + + if git push ssh://"$user"@"$project":29418/"$repository" HEAD:refs/heads/master &> /dev/null; then + echo "git push of .gitreview succeeded" + else + echo "git push of .gitreview failed" + exit 1 + fi + else + echo "Repo Already has a .gitreview" + fi + +} + +enable_github_replication () { + + cd "$TMP_WORKSPACE"/"$repository" + + git fetch origin refs/meta/config &> /dev/null && git checkout FETCH_HEAD &> /dev/null + + git config --replace -f project.config 'access.refs/*.read' "group GitHub Replication" + + echo "project.config:" + echo "" + cat project.config + + git add project.config + git commit -sv -m "Pushing $repository project.config to refs/meta/config" + + if git push origin HEAD:refs/meta/config &> /dev/null; then + echo "git push for $repository refs meta config succeeded" + else + echo "git push for $repository refs meta config failed" + exit 1 + fi + + echo "Starting replication" + ssh -p 29418 "$user"@"$project" "replication start --wait $repository" + +} + +usage() { +cat << EOF +"$0": Creates a repository and sets up the permissions. + + usage: $0 [OPTIONS] + -h Show this message + -s server fqdn eg: gerrit.localhost + -o owner eg: ldap group + -r repository name + -u ssh user name + -p parent Default: All-Projects + -w workspace to do clones etc. (must not be in a git repo) + Default is /tmp/ + -e enable replication to github (must = True) + + example: $(basename "$0") -s gerrit.localhost -o project-gerrit-group-committers -r reponame -u lfid + +EOF + +exit 1 + +} + +# shellcheck disable=SC2199 +[[ -z "$@" ]] && usage + +while getopts "s:o:r:u:p:w:eh" OPTION +do + case $OPTION in + s ) project="$OPTARG" ;; + o ) ldapgroup="$OPTARG" ;; + r ) repository="$OPTARG" ;; + u ) user="$OPTARG" ;; + p ) parent="$OPTARG" ;; + w ) TMP_WORKSPACE="$OPTARG" ;; + e ) ENABLE_REPLICATION=true ;; + h ) usage; exit;; + \? ) echo "Unknown option: -$OPTARG" >&2; exit 1;; + esac +done + + +if $ENABLE_REPLICATION; then + sanity_checks + clone_repo + enable_github_replication +else + sanity_checks + create_repo + clone_repo + create_groups_file + add_gitreview +fi + +echo "Repo Created and Configured" +echo gerrit="$project" +echo ldapgroup="$ldapgroup" +echo repository="$repository"