Maintaining the LArSoft for of CMSbot scripts and Jenkins Github Integration CI jobs at FNAL

The CMSbot scripts for LArSoft repos

The command below is used to encode the webhook secret for the GITHUB_WEBOOK_TOKEN entry in

curl -d TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The GitHub webhook processing cgi script website

The github_webhook script receives a JSON stream from GitHub, validates it, extracts the repo and pull request number, and triggers a Jenkins job with that info as parameters.
  • The url of the cgi scipt
  • The fork of cmssdt-web where the github_webhook
  • The NAS directory for the website
    The NAS directory for the symbolic links to the cgi script(s)
  • The NAS directory for the cmssdt-web clone
  • The NAS directory for the cmsbot clone the cgi-bin script(s) are linked from
  • The NAS directory for the private data is stored, eq CILogin certs for triggering Jenkins job.

* Scripts used to set up labels for pull requests/issues and the set up web hooks for GitHub repo(s).

The scripts require the environment variable GITHUBTOKEN be set. This is a personal access token that has permissions to change the repo.
The FNALbuild personal access token can be used. It is saved in /web/sites/s/

The Jenkins jobs that run the CI requests

The Jenkins job dispatch-github-webhook is triggered by the cgi-script. This triggers a chain of jobs that are started depending on the comments on the pull request.

To trigger the Jenkins job a CILogon cert is needed. At the moment a personal cert is used and is saved as


This was made by concatenating the public and private keys together with

'cat /web/sites/s/ /web/sites/s/ > /web/sites/s/'

The jobs are organized into a Jenkins project folder