Add back further changes from blender-devops

2024-11-19 21:41:39 +01:00 · 2024-11-19 21:41:39 +01:00 · 0a1454d250
commit 0a1454d250
parent 18e653fd2e
61 changed files with 7917 additions and 1 deletions
--- a/config/conf/init.py
+++ b/config/conf/init.py
--- a/config/conf/auth.py
+++ b/config/conf/auth.py
@ -0,0 +1,106 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# SPDX-FileCopyrightText: 2011-2024 Blender Authors
+# <pep8 compliant>
+
+import importlib
+
+import buildbot.plugins
+
+
+def _get_auth_config(devops_env_id: str):
+    if devops_env_id == "LOCAL":
+        import conf.local.auth
+
+        importlib.reload(conf.local.auth)
+        return conf.local.auth
+    else:
+        import conf.production.auth
+
+        importlib.reload(conf.production.auth)
+        return conf.production.auth
+
+
+def fetch_authentication(devops_env_id: str):
+    auth_config = _get_auth_config(devops_env_id)
+    return auth_config.get_authentication(devops_env_id)
+
+
+def fetch_authorization(devops_env_id: str):
+    auth_config = _get_auth_config(devops_env_id)
+
+    admin_usernames = auth_config.admin_usernames
+    deploy_dev_usernames = auth_config.deploy_dev_usernames
+    trusted_dev_usernames = auth_config.trusted_dev_usernames
+
+    dev_usernames = list(set(deploy_dev_usernames + trusted_dev_usernames + admin_usernames))
+    deploy_usernames = list(set(deploy_dev_usernames + admin_usernames))
+
+    file_based_group_username_role_matchers = [
+        buildbot.plugins.util.RolesFromUsername(roles=["admin"], usernames=admin_usernames),
+        buildbot.plugins.util.RolesFromUsername(roles=["deploy"], usernames=deploy_usernames),
+        buildbot.plugins.util.RolesFromUsername(roles=["dev"], usernames=dev_usernames),
+    ]
+
+    my_authz = buildbot.plugins.util.Authz(
+        stringsMatcher=buildbot.plugins.util.fnmatchStrMatcher,
+        allowRules=[
+            # Admins can do anything,
+            #
+            # defaultDeny=False: if user does not have the admin role, we continue
+            # parsing rules
+            # buildbot.plugins.util.AnyEndpointMatcher(role='admin', defaultDeny=False),
+            # buildbot.plugins.util.AnyEndpointMatcher(role='dev', defaultDeny=False),
+            # buildbot.plugins.util.AnyEndpointMatcher(role='coordinator', defaultDeny=False),
+            # buildbot.plugins.util.AnyEndpointMatcher(role='anonymous', defaultDeny=False),
+            buildbot.plugins.util.StopBuildEndpointMatcher(role="dev", defaultDeny=True),
+            buildbot.plugins.util.RebuildBuildEndpointMatcher(role="dev", defaultDeny=True),
+            buildbot.plugins.util.EnableSchedulerEndpointMatcher(role="admin", defaultDeny=True),
+            # buildbot.plugins.util.AnyEndpointMatcher(role='any', defaultDeny=False),
+            # Force roles
+            buildbot.plugins.util.ForceBuildEndpointMatcher(
+                builder="*-code-experimental-*", role="dev", defaultDeny=True
+            ),
+            buildbot.plugins.util.ForceBuildEndpointMatcher(
+                builder="*-code-patch-*", role="dev", defaultDeny=True
+            ),
+            buildbot.plugins.util.ForceBuildEndpointMatcher(
+                builder="*-code-daily-*", role="dev", defaultDeny=True
+            ),
+            buildbot.plugins.util.ForceBuildEndpointMatcher(
+                builder="*-store-*", role="deploy", defaultDeny=True
+            ),
+            buildbot.plugins.util.ForceBuildEndpointMatcher(
+                builder="*-deploy-*", role="deploy", defaultDeny=True
+            ),
+            buildbot.plugins.util.ForceBuildEndpointMatcher(
+                builder="*-doc-*", role="dev", defaultDeny=True
+            ),
+            # Rebuild roles
+            buildbot.plugins.util.RebuildBuildEndpointMatcher(
+                builder="*-code-experimental-*", role="dev", defaultDeny=True
+            ),
+            buildbot.plugins.util.RebuildBuildEndpointMatcher(
+                builder="*-code-patch-*", role="dev", defaultDeny=True
+            ),
+            buildbot.plugins.util.RebuildBuildEndpointMatcher(
+                builder="*-code-daily-*", role="dev", defaultDeny=True
+            ),
+            buildbot.plugins.util.RebuildBuildEndpointMatcher(
+                builder="*-store-*", role="deploy", defaultDeny=True
+            ),
+            buildbot.plugins.util.RebuildBuildEndpointMatcher(
+                builder="*-deploy-*", role="deploy", defaultDeny=True
+            ),
+            buildbot.plugins.util.RebuildBuildEndpointMatcher(
+                builder="*-doc-*", role="dev", defaultDeny=True
+            ),
+            # This also affects starting jobs via force scheduler
+            buildbot.plugins.util.AnyControlEndpointMatcher(role="admin", defaultDeny=True),
+            # A default deny for any endpoint if not admin
+            # If this is missing at the end, any UNMATCHED group will get 'allow'...
+            buildbot.plugins.util.AnyControlEndpointMatcher(role="admin", defaultDeny=True),
+        ],
+        roleMatchers=file_based_group_username_role_matchers,
+    )
+
+    return my_authz
--- a/config/conf/branches.py
+++ b/config/conf/branches.py
@ -0,0 +1,106 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# SPDX-FileCopyrightText: 2011-2024 Blender Authors
+# <pep8 compliant>
+
+import copy
+
+from collections import OrderedDict
+
+# Blender repository branches used for daily builds and API doc generation.
+code_tracked_branch_ids = {
+    "vdev": "main",
+    "vexp": "",
+    "v360": "blender-v3.6-release",
+    "v420": "blender-v4.2-release",
+    "v430": "blender-v4.3-release",
+}
+
+# Processor architectures to build for each track.
+code_official_platform_architectures = {
+    "vdev": ["darwin-x86_64", "darwin-arm64", "linux-x86_64", "windows-amd64"],
+    "vexp": ["darwin-x86_64", "darwin-arm64", "linux-x86_64", "windows-amd64"],
+    "v360": ["darwin-x86_64", "darwin-arm64", "linux-x86_64", "windows-amd64"],
+    "v420": ["darwin-x86_64", "darwin-arm64", "linux-x86_64", "windows-amd64"],
+    "v430": ["darwin-x86_64", "darwin-arm64", "linux-x86_64", "windows-amd64"],
+}
+
+# Windows ARM64 not used by default yet.
+code_all_platform_architectures = copy.deepcopy(code_official_platform_architectures)
+code_all_platform_architectures["vdev"].append("windows-arm64")
+code_all_platform_architectures["vexp"].append("windows-arm64")
+code_all_platform_architectures["v430"].append("windows-arm64")
+
+track_major_minor_versions = {
+    "vdev": "4.4",
+    "vexp": "4.4",
+    "v360": "3.6",
+    "v330": "3.3",
+    "v420": "4.2",
+    "v430": "4.3",
+}
+
+# Blender code and manual git branches.
+track_code_branches = {
+    "vdev": "main",
+    "vexp": "main",
+    "v360": "blender-v3.6-release",
+    "v420": "blender-v4.2-release",
+    "v430": "blender-v4.3-release",
+}
+
+# Tracks that correspond to an LTS version released on the Windows Store.
+# Only add entries here AFTER the regular release is out, since it will
+# otherwise generate the wrong package for the regular release.
+windows_store_lts_tracks = ["v360", "v420"]
+
+# Tracks that correspond to active and upcoming LTS releases. Used for
+# the Snap track name, and for Steam to determine if there is a daily LTS
+# track to upload to.
+all_lts_tracks = ["v360", "v420"]
+
+# Tracks for automated delivery of daily builds to stores.
+code_store_track_ids = [
+    "vdev",
+    "v360",
+    "v420",
+    "v430",
+]
+
+# Tracks to deploy releases (regular and LTS) to download.blender.org.
+code_deploy_track_ids = {
+    "v360": None,
+    "v420": None,
+    "v430": None,
+}
+
+# Stable track for manual and API docs.
+# Update on release.
+doc_stable_major_minor_version = "4.3"
+
+# Versions and labels for the user manual version switching menu.
+# Update when creating new release branch, and on release.
+doc_manual_version_labels = OrderedDict(
+    [
+        ("2.79", "2.79"),
+        ("2.80", "2.80"),
+        ("2.81", "2.81"),
+        ("2.82", "2.82"),
+        ("2.83", "2.83 (LTS)"),
+        ("2.90", "2.90"),
+        ("2.91", "2.91"),
+        ("2.92", "2.92"),
+        ("2.93", "2.93 (LTS)"),
+        ("3.0", "3.0"),
+        ("3.1", "3.1"),
+        ("3.2", "3.2"),
+        ("3.3", "3.3 (LTS)"),
+        ("3.4", "3.4"),
+        ("3.5", "3.5"),
+        ("3.6", "3.6 (LTS)"),
+        ("4.0", "4.0"),
+        ("4.1", "4.1"),
+        ("4.2", "4.2 (LTS)"),
+        ("4.3", "4.3"),
+        ("4.4", "4.4 (develop)"),
+    ]
+)
--- a/config/conf/local/init.py
+++ b/config/conf/local/init.py
--- a/config/conf/local/auth.py
+++ b/config/conf/local/auth.py
@ -0,0 +1,28 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# SPDX-FileCopyrightText: 2011-2024 Blender Authors
+# <pep8 compliant>
+
+import buildbot.plugins
+
+# Buildbot admin with access to everything.
+admin_usernames = [
+    "admin",
+]
+
+# Release engineers with access to store and deploy builders.
+deploy_dev_usernames = [
+    "admin",
+]
+
+# Trusted developers with access to trigger daily, doc and patch builds.
+trusted_dev_usernames = [
+    "admin",
+]
+
+
+def get_authentication(devops_env_id: str):
+    class LocalEnvAuth(buildbot.plugins.util.CustomAuth):
+        def check_credentials(self, user, password):
+            return user.decode() == "admin" and password.decode() == "admin"
+
+    return LocalEnvAuth()
--- a/config/conf/local/machines.py
+++ b/config/conf/local/machines.py
@ -0,0 +1,31 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# SPDX-FileCopyrightText: 2011-2024 Blender Authors
+# <pep8 compliant>
+
+_worker_names = {
+    "code-lint": ["localhost"],
+    "linux-x86_64-code": ["localhost"],
+    "linux-x86_64-code-gpu": ["localhost"],
+    "linux-x86_64-doc-api": ["localhost"],
+    "linux-x86_64-doc-studio-tools": ["localhost"],
+    "linux-x86_64-general": ["localhost"],
+    "linux-x86_64-store-snap": ["localhost"],
+    "linux-x86_64-store-steam": ["localhost"],
+    "darwin-arm64-code": ["localhost"],
+    "darwin-arm64-code-gpu": ["localhost"],
+    "darwin-x86_64-code": ["localhost"],
+    "darwin-x86_64-code-gpu": ["localhost"],
+    "windows-amd64-code": ["localhost"],
+    "windows-amd64-code-gpu": [],
+    "windows-amd64-store-windows": ["localhost"],
+    "windows-arm64-code": ["localhost"],
+    "windows-arm64-code-gpu": [],
+}
+
+
+def get_worker_password(worker_name: str) -> str:
+    return "localhost"
+
+
+def get_worker_names(devops_env_id: str):
+    return _worker_names
--- a/config/conf/local/worker.py
+++ b/config/conf/local/worker.py
@ -0,0 +1,87 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# SPDX-FileCopyrightText: 2011-2024 Blender Authors
+# <pep8 compliant>
+
+import os
+import pathlib
+
+from typing import Optional, Tuple
+
+# Where tracks data is stored.
+tracks_root_path = pathlib.Path.home() / "git"
+
+# Software cache
+software_cache_path = tracks_root_path / "downloads" / "software" / "workers"
+
+# Docs delivery.
+docs_user = os.getlogin()
+docs_machine = "127.0.0.1"
+docs_folder = tracks_root_path / "delivery" / "docs"
+docs_port = 22
+
+# Studio docs delivery.
+studio_user = os.getlogin()
+studio_machine = "127.0.0.1"
+studio_folder = tracks_root_path / "delivery" / "studio" / "blender-studio-tools"
+studio_port = 22
+
+# Download delivery.
+download_user = os.getlogin()
+download_machine = "127.0.0.1"
+download_source_folder = tracks_root_path / "delivery" / "download" / "source"
+download_release_folder = tracks_root_path / "delivery" / "download" / "release"
+download_port = 22
+
+# Buildbot download delivery
+buildbot_download_folder = tracks_root_path / "delivery" / "buildbot"
+
+# Code signing
+sign_code_windows_certificate = None  # "Blender Self Code Sign SPC"
+sign_code_windows_time_servers = ["http://ts.ssl.com"]
+sign_code_windows_server_url = "http://fake-windows-sign-server"
+
+sign_code_darwin_certificate = None
+sign_code_darwin_team_id = None
+sign_code_darwin_apple_id = None
+sign_code_darwin_keychain_profile = None
+
+
+def darwin_keychain_password(service_env_id: str) -> str:
+    return "fake_keychain_password"
+
+
+# Steam
+steam_app_id = None
+steam_platform_depot_ids = {
+    "windows": None,
+    "linux": None,
+    "darwin": None,
+}
+
+
+def steam_credentials(service_env_id: str) -> Tuple[str, str]:
+    return "fake_steam_username", "fake_steam_password"
+
+
+# Snap
+def snap_credentials(service_env_id: str) -> str:
+    return "fake_snap_credentials"
+
+
+# Windows Store
+windows_store_self_sign = False
+
+
+def windows_store_certificate(service_env_id: str) -> str:
+    # return sign_code_windows_certificate
+    return "fake_windows_store_publisher"
+
+
+# PyPI
+def pypi_token(service_env_id: str) -> str:
+    return "fake_pypi_token"
+
+
+# Gitea
+def gitea_api_token(service_env_id: str) -> Optional[str]:
+    return None
--- a/config/conf/machines.py
+++ b/config/conf/machines.py
@ -0,0 +1,39 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# SPDX-FileCopyrightText: 2011-2024 Blender Authors
+# <pep8 compliant>
+
+import importlib
+
+
+def _get_config(devops_env_id: str):
+    if devops_env_id == "LOCAL":
+        import conf.local.machines
+
+        importlib.reload(conf.local.machines)
+        return conf.local.machines
+    else:
+        import conf.production.machines
+
+        importlib.reload(conf.production.machines)
+        return conf.production.machines
+
+
+def fetch_platform_worker_names(devops_env_id: str):
+    machines_config = _get_config(devops_env_id)
+    return machines_config.get_worker_names(devops_env_id)
+
+
+def get_worker_password(devops_env_id: str, worker_name: str) -> str:
+    machines_config = _get_config(devops_env_id)
+    return machines_config.get_worker_password(worker_name)
+
+
+def fetch_local_worker_names():
+    worker_names = []
+    worker_numbers = range(1, 5, 1)
+    for worker_number in worker_numbers:
+        worker_id = str(worker_number).zfill(2)
+        worker_name = f"local-coordinator-{worker_id}"
+        worker_names += [worker_name]
+
+    return worker_names
--- a/config/conf/worker.py
+++ b/config/conf/worker.py
@ -0,0 +1,37 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# SPDX-FileCopyrightText: 2011-2024 Blender Authors
+# <pep8 compliant>
+
+import importlib
+
+from typing import Any
+
+
+def get_config(devops_env_id: str) -> Any:
+    if devops_env_id == "LOCAL":
+        import conf.local.worker
+
+        importlib.reload(conf.local.worker)
+        return conf.local.worker
+    else:
+        import conf.production.worker
+
+        importlib.reload(conf.production.worker)
+        return conf.production.worker
+
+
+# Maybe useful in the future.
+#
+# import pathlib
+# import importlib.util
+#
+# def _load_module_config(path: pathlib.Path) -> Any:
+#     filepath = pathlib.Path(__file__).parent / path
+#     spec = importlib.util.spec_from_file_location("config_module", filepath)
+#     if not spec:
+#         raise BaseException("Failed to load config module spec")
+#     config_module = importlib.util.module_from_spec(spec)
+#     if not spec.loader:
+#         raise BaseException("Failed to load config module spec loader")
+#     spec.loader.exec_module(config_module)
+#     return config_module