encounter
/
dawn-cmake
mirror of https://github.com/encounter/dawn-cmake.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[realms][dawn] configure but not use realms. 

Also:
 * remove redundant luci-scheduler permission.
 * make ./main.star executable on mac/linux.

R=rharrison

Bug: chromium:1216166
Change-Id: Icd5e1612f7d201b640eeafa7217342b97e0fe5aa
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/57464
Auto-Submit: Andrii Shyshkalov <tandrii@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
This commit is contained in:
Andrii Shyshkalov 2021-07-12 14:54:34 +00:00 committed by Dawn LUCI CQ
parent 49cbb5e296
commit cbef5a54a4
4 changed files with 179 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
infra/config/global/generated/cr-buildbucket.cfg
View File

@ -9,10 +9,6 @@ buckets {
acls {
group: "all"
}
acls {
role: SCHEDULER
identity: "user:luci-scheduler@appspot.gserviceaccount.com"
}
swarming {
builders {
name: "cron-linux-clang-rel-x64"
@ -31,6 +27,10 @@ buckets {
properties_j: "target_cpu:\"x64\""
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "linux-clang-dbg-x64"
@ -48,6 +48,10 @@ buckets {
properties_j: "target_cpu:\"x64\""
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "linux-clang-dbg-x86"
@ -65,6 +69,10 @@ buckets {
properties_j: "target_cpu:\"x86\""
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "linux-clang-rel-x64"
@ -82,6 +90,10 @@ buckets {
properties_j: "target_cpu:\"x64\""
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "linux-clang-rel-x86"
@ -99,6 +111,10 @@ buckets {
properties_j: "target_cpu:\"x86\""
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "mac-dbg"
@ -120,6 +136,10 @@ buckets {
path: "osx_sdk"
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "mac-rel"
@ -141,6 +161,10 @@ buckets {
path: "osx_sdk"
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "win-clang-dbg-x64"
@ -162,6 +186,10 @@ buckets {
path: "win_toolchain"
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "win-clang-dbg-x86"
@ -183,6 +211,10 @@ buckets {
path: "win_toolchain"
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "win-clang-rel-x64"
@ -204,6 +236,10 @@ buckets {
path: "win_toolchain"
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "win-clang-rel-x86"
@ -225,6 +261,10 @@ buckets {
path: "win_toolchain"
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "win-msvc-dbg-x64"
@ -241,6 +281,10 @@ buckets {
properties_j: "target_cpu:\"x64\""
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "win-msvc-rel-x64"
@ -257,6 +301,10 @@ buckets {
properties_j: "target_cpu:\"x64\""
}
service_account: "dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
}
}
@ -291,6 +339,10 @@ buckets {
properties_j: "target_cpu:\"x64\""
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "linux-clang-dbg-x86"
@ -309,6 +361,10 @@ buckets {
properties_j: "target_cpu:\"x86\""
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "linux-clang-rel-x64"
@ -327,6 +383,10 @@ buckets {
properties_j: "target_cpu:\"x64\""
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "linux-clang-rel-x86"
@ -345,6 +405,10 @@ buckets {
properties_j: "target_cpu:\"x86\""
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "mac-dbg"
@ -367,6 +431,10 @@ buckets {
path: "osx_sdk"
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "mac-rel"
@ -389,6 +457,10 @@ buckets {
path: "osx_sdk"
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "presubmit"
@ -405,6 +477,10 @@ buckets {
properties_j: "runhooks:true"
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "win-clang-dbg-x64"
@ -427,6 +503,10 @@ buckets {
path: "win_toolchain"
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "win-clang-dbg-x86"
@ -449,6 +529,10 @@ buckets {
path: "win_toolchain"
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "win-clang-rel-x64"
@ -471,6 +555,10 @@ buckets {
path: "win_toolchain"
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "win-clang-rel-x86"
@ -493,6 +581,10 @@ buckets {
path: "win_toolchain"
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "win-msvc-dbg-x64"
@ -510,6 +602,10 @@ buckets {
properties_j: "target_cpu:\"x64\""
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
builders {
name: "win-msvc-rel-x64"
@ -527,6 +623,10 @@ buckets {
properties_j: "target_cpu:\"x64\""
}
service_account: "dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 0
}
}
}
}

14
infra/config/global/generated/luci-scheduler.cfg
View File

@ -6,6 +6,7 @@
job {
id: "cron-linux-clang-rel-x64"
realm: "ci"
schedule: "0 0 0 * * * *"
acl_sets: "ci"
buildbucket {
@ -16,6 +17,7 @@ job {
}
job {
id: "linux-clang-dbg-x64"
realm: "ci"
acl_sets: "ci"
buildbucket {
server: "cr-buildbucket.appspot.com"
@ -25,6 +27,7 @@ job {
}
job {
id: "linux-clang-dbg-x86"
realm: "ci"
acl_sets: "ci"
buildbucket {
server: "cr-buildbucket.appspot.com"
@ -34,6 +37,7 @@ job {
}
job {
id: "linux-clang-rel-x64"
realm: "ci"
acl_sets: "ci"
buildbucket {
server: "cr-buildbucket.appspot.com"
@ -43,6 +47,7 @@ job {
}
job {
id: "linux-clang-rel-x86"
realm: "ci"
acl_sets: "ci"
buildbucket {
server: "cr-buildbucket.appspot.com"
@ -52,6 +57,7 @@ job {
}
job {
id: "mac-dbg"
realm: "ci"
acl_sets: "ci"
buildbucket {
server: "cr-buildbucket.appspot.com"
@ -61,6 +67,7 @@ job {
}
job {
id: "mac-rel"
realm: "ci"
acl_sets: "ci"
buildbucket {
server: "cr-buildbucket.appspot.com"
@ -70,6 +77,7 @@ job {
}
job {
id: "win-clang-dbg-x64"
realm: "ci"
acl_sets: "ci"
buildbucket {
server: "cr-buildbucket.appspot.com"
@ -79,6 +87,7 @@ job {
}
job {
id: "win-clang-dbg-x86"
realm: "ci"
acl_sets: "ci"
buildbucket {
server: "cr-buildbucket.appspot.com"
@ -88,6 +97,7 @@ job {
}
job {
id: "win-clang-rel-x64"
realm: "ci"
acl_sets: "ci"
buildbucket {
server: "cr-buildbucket.appspot.com"
@ -97,6 +107,7 @@ job {
}
job {
id: "win-clang-rel-x86"
realm: "ci"
acl_sets: "ci"
buildbucket {
server: "cr-buildbucket.appspot.com"
@ -106,6 +117,7 @@ job {
}
job {
id: "win-msvc-dbg-x64"
realm: "ci"
acl_sets: "ci"
buildbucket {
server: "cr-buildbucket.appspot.com"
@ -115,6 +127,7 @@ job {
}
job {
id: "win-msvc-rel-x64"
realm: "ci"
acl_sets: "ci"
buildbucket {
server: "cr-buildbucket.appspot.com"
@ -124,6 +137,7 @@ job {
}
trigger {
id: "primary-poller"
realm: "ci"
acl_sets: "ci"
triggers: "linux-clang-dbg-x64"
triggers: "linux-clang-dbg-x86"

56
infra/config/global/generated/realms.cfg Normal file
View File

@ -0,0 +1,56 @@
# Auto-generated by lucicfg.
# Do not modify manually.
#
# For the schema of this file, see RealmsCfg message:
# https://luci-config.appspot.com/schemas/projects:realms.cfg
realms {
name: "@root"
bindings {
role: "role/buildbucket.reader"
principals: "group:all"
}
bindings {
role: "role/configs.reader"
principals: "group:all"
}
bindings {
role: "role/logdog.reader"
principals: "group:all"
}
bindings {
role: "role/logdog.writer"
principals: "group:luci-logdog-chromium-writers"
}
bindings {
role: "role/scheduler.owner"
principals: "group:project-dawn-admins"
}
bindings {
role: "role/scheduler.reader"
principals: "group:all"
}
}
realms {
name: "ci"
bindings {
role: "role/buildbucket.builderServiceAccount"
principals: "user:dawn-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
}
bindings {
role: "role/buildbucket.reader"
principals: "group:all"
}
}
realms {
name: "try"
bindings {
role: "role/buildbucket.builderServiceAccount"
principals: "user:dawn-try-builder@chops-service-accounts.iam.gserviceaccount.com"
}
bindings {
role: "role/buildbucket.triggerer"
principals: "group:project-dawn-tryjob-access"
principals: "group:service-account-cq"
}
}

8
infra/config/global/main.star Normal file → Executable file
View File

@ -8,6 +8,11 @@
main.star: lucicfg configuration for Dawn's standalone builers.
"""
# Enable realms experiment.
lucicfg.enable_experiment("crbug.com/1085650")
# TODO(https://crbug.com/1216166): ramp up to 100%.
luci.builder.defaults.experiments.set({"luci.use_realms": 0})
lucicfg.config(fail_on_warnings = True)
luci.project(
@ -56,9 +61,6 @@ luci.bucket(
),
acl.entry(
acl.BUILDBUCKET_TRIGGERER,
users = [
"luci-scheduler@appspot.gserviceaccount.com",
],
),
],
)