commit | 7b9fefd6670c9975a3856a106088d015cb2f9755 | [log] [tgz] |
---|---|---|
author | Aaron Gable <agable@chromium.org> | Fri Feb 22 01:11:06 2019 |
committer | Commit Bot <commit-bot@chromium.org> | Fri Feb 22 01:11:06 2019 |
tree | 6434e2d74e40ade99a8b5b2437a35f310b4e09a0 | |
parent | 7c6f9067f6a597601d02579195dbfe7077378908 [diff] |
Make gatekeeper recipe hermetic for LUCI This CL makes a number of changes to the gatekeeper recipe and recipe module to make it deployable on LUCI: * It copies the JSON configuration files to be recipe resources so that they don't have to be tagged for bundling using .gitattributes. * It copies the helper libraries (build_scan, auth) into the recipe resources so that they can be self-contained. * It adds a vpython environment file so that the gatekeeper_ng script can be run in a hermetic environment. * It updates the python scripts to use LUCI's ambient auth credentials, so it doesn't rely (as much) on statically deployed credential files. * It modifies the recipe to call the new hermetic version of gatekeeper_ng, and read the new config files. This CL will be accompanied by an internal CL which makes corresponding changes to the gatekeeper_internal recipe. It will be followed by a CL which deletes the old versions of the gatekeeper scripts and configs. Bug: 853854 Recipe-Nontrivial-Roll: build_limited_scripts_slave Change-Id: I0b6cfdaa98800bc239ff38a7a9eec689e5f80bf4 Reviewed-on: https://chromium-review.googlesource.com/c/1480601 Commit-Queue: Aaron Gable <agable@chromium.org> Reviewed-by: Sean McCullough <seanmccullough@chromium.org> Reviewed-by: Robbie Iannucci <iannucci@chromium.org>
Hi build contributor! If you do any change in scripts/master/
or touching any master's html/
directories, you must restart master.chromium.fyi first and ensure that it still works before restarting other masters.
If you're here to make a change to ‘recipes’ (the code located in scripts/slave/recipes*
), please take a look at the README for more information pertaining to recipes.