| #!/bin/bash -e |
| # |
| # Purpose: |
| # This script is responsible for determining the owner of a gerrit |
| # commit, verifying they are within an approved gerrit group, and |
| # then updating gerrit with that verification info. |
| # |
| # Note: It is assumed this script is run as a part of a jenkins job triggered |
| # by the gerrit plugin. Therefore it assumes certain env variables |
| # provided by that plugin are avialable (i.e. GERRIT_PROJECT, ...) |
| # |
| # Required Inputs: |
| # SSH_KEY: Path to private ssh key used to post messages to gerrit |
| |
| GERRIT_COMMAND="curl -s --anyauth -n https://gerrit.openbmc-project.xyz" |
| GERRIT_SSH_CMD=( \ |
| ssh -o 'StrictHostKeyChecking no' -i "$SSH_KEY" \ |
| -p 29418 jenkins-openbmc-ci@gerrit.openbmc-project.xyz gerrit \ |
| ) |
| |
| echo "Checking ${GERRIT_PROJECT}:${GERRIT_BRANCH}:${GERRIT_CHANGE_ID}:${GERRIT_PATCHSET_REVISION}" |
| |
| # shellcheck disable=2086 # GERRIT_COMMAND is purposefully wordsplit. |
| COMMITTER_EMAIL=$(${GERRIT_COMMAND}/a/changes/${GERRIT_PROJECT/\//%2F}~${GERRIT_BRANCH}~${GERRIT_CHANGE_ID}/revisions/${GERRIT_PATCHSET_REVISION}/commit | python2 -c "import sys, json; sys.stdin.read(4); print(json.load(sys.stdin)['committer']['email'])") |
| if [ "x${COMMITTER_EMAIL}" == "x" ]; then |
| echo "Unable to find committer." |
| "${GERRIT_SSH_CMD[@]}" review \ |
| "${GERRIT_CHANGE_NUMBER},${GERRIT_PATCHSET_NUMBER}" \ |
| --label=Ok-To-Test=0 "--message='Unable to determine committer'" |
| exit 1 |
| fi |
| |
| #echo "Commit by '${COMMITTER_EMAIL}'" |
| # shellcheck disable=2086 # GERRIT_COMMAND is purposefully wordsplit. |
| COMMITTER_USERNAME=$(${GERRIT_COMMAND}/a/accounts/${COMMITTER_EMAIL} | python2 -c "import sys, json; sys.stdin.read(4); print(json.load(sys.stdin)['username'])") |
| #COMMITTER_USERNAME=`${GERRIT_COMMAND}/a/accounts/${COMMITTER_EMAIL}` |
| echo "USERNAME: $COMMITTER_USERNAME" |
| if [ "x${COMMITTER_USERNAME}" == "x" ]; then |
| echo "Unable to determine github user for ${COMMITTER_EMAIL}." |
| "${GERRIT_SSH_CMD[@]}" review \ |
| "${GERRIT_CHANGE_NUMBER},${GERRIT_PATCHSET_NUMBER}" \ |
| --label=Ok-To-Test=0 "--message='Unable to determine github user'" |
| exit 1 |
| fi |
| |
| # Reset the vote to 0 so jenkins will detect a new +1 on retriggers |
| "${GERRIT_SSH_CMD[@]}" review \ |
| "${GERRIT_CHANGE_NUMBER},${GERRIT_PATCHSET_NUMBER}" \ |
| --label=Ok-To-Test=0 -t autogenerated:jenkins |
| |
| # Write full list of users to a file |
| GERRIT_CI_GROUPS=( \ |
| alibaba/ci-authorized \ |
| amd/ci-authorized \ |
| ami/ci-authorized \ |
| ampere/ci-authorized \ |
| aspeed/ci-authorized \ |
| bytedance/ci-authorized \ |
| facebook/ci-authorized \ |
| fii/ci-authorized \ |
| gager-in/ci-authorized \ |
| google/ci-authorized \ |
| hcl/ci-authorized \ |
| hpe/ci-authorized \ |
| ibm/ci-authorized \ |
| individual/ci-authorized \ |
| inspur/ci-authorized \ |
| intel/ci-authorized \ |
| inventec/ci-authorized \ |
| lenovo/ci-authorized \ |
| nineelements/ci-authorized \ |
| nuvoton/ci-authorized \ |
| nvidia/ci-authorized \ |
| openbmc/ci-authorized \ |
| pcpartner/ci-authorized \ |
| quanta/ci-authorized \ |
| rcs/ci-authorized \ |
| supermicro/ci-authorized \ |
| wistron/ci-authorized \ |
| wiwynn/ci-authorized \ |
| yadro/ci-authorized \ |
| ) |
| |
| rm -f "$WORKSPACE/users.txt" |
| for g in "${GERRIT_CI_GROUPS[@]}"; do |
| "${GERRIT_SSH_CMD[@]}" ls-members "$g" --recursive \ |
| >> "$WORKSPACE/users.txt" |
| done |
| |
| # grep for the specific username word in the file |
| if grep -q -w "${COMMITTER_USERNAME}" "$WORKSPACE/users.txt"; then |
| "${GERRIT_SSH_CMD[@]}" review \ |
| "${GERRIT_CHANGE_NUMBER},${GERRIT_PATCHSET_NUMBER}" \ |
| --label=Ok-To-Test=1 -t autogenerated:jenkins \ |
| "--message='User approved, CI ok to start'" |
| exit 0 |
| fi |
| |
| echo "${COMMITTER_USERNAME} is not on the approved list." |
| "${GERRIT_SSH_CMD[@]}" review \ |
| "${GERRIT_CHANGE_NUMBER},${GERRIT_PATCHSET_NUMBER}" \ |
| --label=Ok-To-Test=0 -t autogenerated:jenkins \ |
| "--message='User not approved, see admin, no CI'" |
| |
| exit 0 |