Project

General

Profile

Maintaining the LArSoft for of CMSbot scripts and Jenkins Github Integration CI jobs at FNAL

The CMSbot scripts for LArSoft repos

The command below is used to encode the webhook secret for the GITHUB_WEBOOK_TOKEN entry in repo_config.py.

curl -d TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx https://scd-ci.fnal.gov/cgi-bin/encrypt_github_token

The GitHub webhook processing cgi script website

The github_webhook script receives a JSON stream from GitHub, validates it, extracts the repo and pull request number, and triggers a Jenkins job with that info as parameters.
  • The url of the cgi scipt
    http://scd.ci.fnal.gov/cgi-bin/github_webhook
  • The fork of cmssdt-web where the github_webhook
    https://github.com/gartung/cmssdt-web.git
  • The NAS directory for the website
    /web/sites/s/scd-ci.fnal.gov
    The NAS directory for the symbolic links to the cgi script(s)
    /web/sites/s/scd-ci.fnal.gov/cgi-bin
  • The NAS directory for the cmssdt-web clone
    /web/sites/s/scd-ci.fnal.gov/data/cmssdt-web
  • The NAS directory for the cmsbot clone the cgi-bin script(s) are linked from
    /web/sites/s/scd-ci.fnal.gov/data/cms-bot
  • The NAS directory for the private data is stored, eq CILogin certs for triggering Jenkins job.
    /web/sites/s/scd-ci.fnal.gov/data/

* Scripts used to set up labels for pull requests/issues and the set up web hooks for GitHub repo(s).

The scripts require the environment variable GITHUBTOKEN be set. This is a personal access token that has permissions to change the repo.
The FNALbuild personal access token can be used. It is saved in /web/sites/s/scd-ci.fnal.gov/data/FNALbuild-Github-personal-access-token

The Jenkins jobs that run the CI requests

The Jenkins job dispatch-github-webhook is triggered by the cgi-script. This triggers a chain of jobs that are started depending on the comments on the pull request.

To trigger the Jenkins job a CILogon cert is needed. At the moment a personal cert is used and is saved as

/web/sites/s/scd-ci.fnal.gov/data/ci_cert.pem

This was made by concatenating the public and private keys together with

'cat /web/sites/s/scd-ci.fnal.gov/data/usercert.pem /web/sites/s/scd-ci.fnal.gov/data/userkey.pem > /web/sites/s/scd-ci.fnal.gov/data/ci_cert.pem'

The jobs are organized into a Jenkins project folder https://buildmaster.fnal.gov/buildmaster/view/GitHub%20Integration/job/GithubIntegration/