# SPDX-License-Identifier: GPL-2.0-or-later # SPDX-FileCopyrightText: 2011-2024 Blender Authors # import os from buildbot.www.oauth2 import OAuth2Auth import buildbot.plugins from urllib.parse import urljoin # Buildbot admin with access to everything. admin_usernames = [ "admin", ] # Release engineers with access to store and deploy builders. deploy_dev_usernames = [ "admin", ] # Trusted developers with access to trigger daily, doc and patch builds. trusted_dev_usernames = [ "admin", ] gitea_endpoint = os.environ.get("GITEA_ENDPOINT", default="") gitea_client_id = os.environ.get("GITEA_CLIENT_ID", default="") gitea_client_secret = os.environ.get("GITEA_CLIENT_SECRET", default="") def get_authentication(environment: str): class GiteaAuth(OAuth2Auth): name = "Gitea" faIcon = "fa-gitea" AUTH_URL = "login/oauth/authorize" TOKEN_URL = "login/oauth/access_token" def __init__(self, endpoint, client_id, client_secret, **kwargs): super(GiteaAuth, self).__init__(client_id, client_secret, **kwargs) self.resourceEndpoint = endpoint self.authUri = urljoin(endpoint, self.AUTH_URL) self.tokenUri = urljoin(endpoint, self.TOKEN_URL) def getUserInfoFromOAuthClient(self, c): user_info = self.get(c, "/api/v1/user") orgs = self.get(c, "/api/v1/user/orgs") org_groups = [org["username"] for org in orgs] teams = self.get(c, "/api/v1/user/teams") team_groups = [ f"{team['organization']['username']}/{team['name']}" for team in teams ] # Format: org/team groups = org_groups + team_groups user_data = { "full_name": user_info.get("full_name", user_info.get("username")), "email": user_info.get("email"), "username": user_info.get("username"), "groups": groups, } return user_data class LocalEnvAuth(buildbot.plugins.util.CustomAuth): def check_credentials(self, user, password): return user.decode() == "admin" and password.decode() == "admin" if gitea_endpoint and gitea_client_id and gitea_client_secret: return GiteaAuth(gitea_endpoint, gitea_client_id, gitea_client_secret) else: return LocalEnvAuth()