blob: 3861181df85184931884dac45bd0cfbc9d6e6515 [file] [log] [blame]
#!/usr/bin/env python3
#
# Copyright 2018 The Bazel Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# pylint: disable=line-too-long
# pylint: disable=missing-function-docstring
# pylint: disable=unspecified-encoding
# pylint: disable=invalid-name
"""The CI script for Bazel Central Registry Presubmit."""
import argparse
import json
import os
import pathlib
import re
import sys
import subprocess
import shutil
import time
import urllib.request
import zipfile
import requests
import yaml
import bazelci
BCR_REPO_DIR = pathlib.Path(os.getcwd())
BUILDKITE_ORG = os.environ["BUILDKITE_ORGANIZATION_SLUG"]
SCRIPT_URL = {
"bazel-testing": "https://raw.githubusercontent.com/bazelbuild/continuous-integration/testing/buildkite/bazel-central-registry/bcr_presubmit.py",
"bazel-trusted": "https://raw.githubusercontent.com/bazelbuild/continuous-integration/master/buildkite/bazel-central-registry/bcr_presubmit.py",
"bazel": "https://raw.githubusercontent.com/bazelbuild/continuous-integration/master/buildkite/bazel-central-registry/bcr_presubmit.py",
}[BUILDKITE_ORG] + "?{}".format(int(time.time()))
def fetch_bcr_presubmit_py_command():
return "curl -s {0} -o bcr_presubmit.py".format(SCRIPT_URL)
class BcrPipelineException(Exception):
"""Raised whenever something goes wrong and we should exit with an error."""
def error(msg):
bazelci.eprint("\x1b[31mERROR\x1b[0m: {}\n".format(msg))
raise BcrPipelineException("BCR Presubmit failed!")
def get_target_modules():
"""
If the `MODULE_NAME` and `MODULE_VERSION(S)` are specified, calculate the target modules from those env vars.
Otherwise, calculate target modules based on changed files from the main branch.
"""
modules = []
if "MODULE_NAME" in os.environ:
name = os.environ["MODULE_NAME"]
if "MODULE_VERSION" in os.environ:
modules.append((name, os.environ["MODULE_VERSION"]))
elif "MODULE_VERSIONS" in os.environ:
for version in os.environ["MODULE_VERSIONS"].split(","):
modules.append((name, version))
if modules:
return list(set(modules))
# Get the list of changed files compared to the main branch
output = subprocess.check_output(
["git", "diff", "main...HEAD", "--name-only", "--pretty=format:"]
)
# Matching modules/<name>/<version>/
for line in output.decode("utf-8").split():
s = re.match(r"modules\/([^\/]+)\/([^\/]+)\/", line)
if s:
modules.append(s.groups())
return list(set(modules))
def get_metadata_json(module_name):
return BCR_REPO_DIR.joinpath("modules/%s/metadata.json" % module_name)
def get_presubmit_yml(module_name, module_version):
return BCR_REPO_DIR.joinpath("modules/%s/%s/presubmit.yml" % (module_name, module_version))
def get_module_dot_bazel(module_name, module_version):
return BCR_REPO_DIR.joinpath("modules/%s/%s/MODULE.bazel" % (module_name, module_version))
def get_source_json(module_name, module_version):
return BCR_REPO_DIR.joinpath("modules/%s/%s/source.json" % (module_name, module_version))
def get_patch_file(module_name, module_version, patch):
return BCR_REPO_DIR.joinpath("modules/%s/%s/patches/%s" % (module_name, module_version, patch))
def get_task_config(module_name, module_version):
return bazelci.load_config(http_url=None,
file_config=get_presubmit_yml(module_name, module_version),
allow_imports=False)
def get_test_module_task_config(module_name, module_version):
orig_presubmit = yaml.safe_load(open(get_presubmit_yml(module_name, module_version), "r"))
if "bcr_test_module" in orig_presubmit:
config = orig_presubmit["bcr_test_module"]
bazelci.expand_task_config(config)
return config
return {}
def add_presubmit_jobs(module_name, module_version, task_configs, pipeline_steps, is_test_module=False):
for task_name, task_config in task_configs.items():
platform_name = bazelci.get_platform_for_task(task_name, task_config)
label = bazelci.PLATFORMS[platform_name]["emoji-name"] + " {0}@{1} {2}".format(
module_name, module_version, task_config["name"] if "name" in task_config else ""
)
# The bazel version should always be set in the task config due to https://github.com/bazelbuild/bazel-central-registry/pull/1387
# But fall back to empty string for more robustness.
bazel_version = task_config.get("bazel", "")
if bazel_version:
label = ":bazel:{} - ".format(bazel_version) + label
command = (
'%s bcr_presubmit.py %s --module_name="%s" --module_version="%s" --task=%s'
% (
bazelci.PLATFORMS[platform_name]["python"],
"test_module_runner" if is_test_module else "runner",
module_name,
module_version,
task_name,
)
)
commands = [bazelci.fetch_bazelcipy_command(), fetch_bcr_presubmit_py_command(), command]
pipeline_steps.append(bazelci.create_step(label, commands, platform_name))
def scratch_file(root, relative_path, lines=None, mode="w"):
"""Creates a file under the root directory"""
if not relative_path:
return None
abspath = pathlib.Path(root).joinpath(relative_path)
with open(abspath, mode) as f:
if lines:
for l in lines:
f.write(l)
f.write('\n')
return abspath
def create_simple_repo(module_name, module_version):
"""Create a simple Bazel module repo which depends on the target module."""
root = pathlib.Path(bazelci.get_repositories_root())
scratch_file(root, "WORKSPACE")
scratch_file(root, "BUILD")
# TODO(pcloudy): Should we test this module as the root module? Maybe we do if we support dev dependency.
# Because if the module is not root module, dev dependencies are ignored, which can break test targets.
# Another work around is that we can copy the dev dependencies to the generated MODULE.bazel.
scratch_file(root, "MODULE.bazel", ["bazel_dep(name = '%s', version = '%s')" % (module_name, module_version)])
scratch_file(root, ".bazelrc", [
"build --experimental_enable_bzlmod",
"build --registry=%s" % BCR_REPO_DIR.as_uri(),
])
return root
def download(url, file):
req = urllib.request.Request(url, headers={'User-Agent': 'Mozilla/5.0'})
with urllib.request.urlopen(req) as response:
with open(file, "wb") as f:
f.write(response.read())
def read(path):
with open(path, "r") as file:
return file.read()
def load_source_json(module_name, module_version):
source_json = get_source_json(module_name, module_version)
with open(source_json, "r") as json_file:
return json.load(json_file)
def apply_patch(work_dir, patch_strip, patch_file):
# Requires `patch` to be installed, this is true for all Bazel CI VMs, including Windows VMs.
subprocess.run(
["patch", "-f", "-p%d" % patch_strip, "-i", patch_file], shell=False, check=True, env=os.environ, cwd=work_dir
)
def extract_zip_with_permissions(zip_file_path, destination_dir):
with zipfile.ZipFile(zip_file_path, 'r') as zip_ref:
for entry in zip_ref.infolist():
zip_ref.extract(entry, destination_dir)
file_path = os.path.join(destination_dir, entry.filename)
# Set file permissions according to https://stackoverflow.com/questions/39296101
if entry.external_attr > 0xffff:
os.chmod(file_path, entry.external_attr >> 16)
def unpack_archive(archive_file, output_dir):
# Addressing https://github.com/bazelbuild/continuous-integration/issues/1536
if archive_file.endswith(".zip"):
extract_zip_with_permissions(archive_file, output_dir)
else:
shutil.unpack_archive(archive_file, output_dir)
def prepare_test_module_repo(module_name, module_version):
"""Prepare the test module repo and the presubmit yml file it should use"""
bazelci.print_collapsed_group(":information_source: Prepare test module repo")
root = pathlib.Path(bazelci.get_repositories_root())
source = load_source_json(module_name, module_version)
# Download and unpack the source archive to ./output
archive_url = source["url"]
archive_file = root.joinpath(archive_url.split("/")[-1])
output_dir = root.joinpath("output")
bazelci.eprint("* Download and unpack %s\n" % archive_url)
download(archive_url, archive_file)
unpack_archive(str(archive_file), output_dir)
bazelci.eprint("Source unpacked to %s\n" % output_dir)
# Apply patch files if there are any
source_root = output_dir.joinpath(source["strip_prefix"] if "strip_prefix" in source else "")
if "patches" in source:
bazelci.eprint("* Applying patch files")
for patch_name in source["patches"]:
bazelci.eprint("\nApplying %s:" % patch_name)
patch_file = get_patch_file(module_name, module_version, patch_name)
apply_patch(source_root, source["patch_strip"], patch_file)
# Make sure the checked-in MODULE.bazel file is used.
checked_in_module_dot_bazel = get_module_dot_bazel(module_name, module_version)
bazelci.eprint("\n* Copy checked-in MODULE.bazel file to source root:\n%s\n" % read(checked_in_module_dot_bazel))
module_dot_bazel = source_root.joinpath("MODULE.bazel")
# In case the existing MODULE.bazel has no write permission.
if module_dot_bazel.exists():
os.remove(module_dot_bazel)
shutil.copy(checked_in_module_dot_bazel, module_dot_bazel)
# Generate the presubmit.yml file for the test module, it should be the content under "bcr_test_module"
orig_presubmit = yaml.safe_load(open(get_presubmit_yml(module_name, module_version), "r"))
test_module_presubmit = root.joinpath("presubmit.yml")
with open(test_module_presubmit, "w") as f:
yaml.dump(orig_presubmit["bcr_test_module"], f)
bazelci.eprint("* Generate test module presubmit.yml:\n%s\n" % read(test_module_presubmit))
# Write necessary options to the .bazelrc file
test_module_root = source_root.joinpath(orig_presubmit["bcr_test_module"]["module_path"])
# Check if test_module_root is a directory
if not test_module_root.is_dir():
error("The test module directory does not exist in the source archive: %s" % test_module_root)
scratch_file(test_module_root, ".bazelrc", [
# .bazelrc may not end with a newline.
"",
"build --experimental_enable_bzlmod",
"build --registry=%s" % BCR_REPO_DIR.as_uri(),
], mode="a")
bazelci.eprint("* Append Bzlmod flags to .bazelrc file:\n%s\n" % read(test_module_root.joinpath(".bazelrc")))
bazelci.eprint("* Test module ready: %s\n" % test_module_root)
return test_module_root, test_module_presubmit
def run_test(repo_location, task_config_file, task):
try:
return bazelci.main(
[
"runner",
"--task=" + task,
"--file_config=%s" % task_config_file,
"--repo_location=%s" % repo_location,
]
)
except subprocess.CalledProcessError as e:
bazelci.eprint(str(e))
return 1
def validate_existing_modules_are_not_modified():
# Get all files that are Modified, Renamed, or Deleted.
bazelci.print_expanded_group("Checking if existing modules are not modified")
output = subprocess.check_output(
["git", "diff", "main...HEAD", "--diff-filter=MRD", "--name-only", "--pretty=format:"]
)
# Check if any of the source.json, MODULE.bazel, or patch files are changed for an existing module.
NO_CHANGE_FILE_PATTERNS = [
re.compile(r"modules\/([^\/]+)\/([^\/]+)\/source.json"),
re.compile(r"modules\/([^\/]+)\/([^\/]+)\/MODULE.bazel"),
re.compile(r"modules\/([^\/]+)\/([^\/]+)\/patches"),
]
changed_modules = []
for line in output.decode("utf-8").split():
for p in NO_CHANGE_FILE_PATTERNS:
s = p.match(line)
if s:
bazelci.eprint(line, "was changed")
changed_modules.append(s.groups())
if changed_modules:
error("Existing modules should not be changed:\n" + "\n".join([f"{name}@{version}" for name,version in changed_modules]))
else:
bazelci.eprint("No existing module was changed.")
def validate_files_outside_of_modules_dir_are_not_modified(modules):
# If no modules are changed at the same time, then we don't need to perform this check.
if not modules:
return
bazelci.print_expanded_group("Checking if any file changes outside of modules/")
output = subprocess.check_output(
["git", "diff", "main...HEAD", "--name-only", "--pretty=format:", ":!modules"]
).decode("utf-8").strip()
if output:
error("The following files should not be changed when adding a new module version:\n" + output)
else:
bazelci.eprint("Nothing changed outside of modules/")
def get_labels_from_pr():
"""Get the labels from the PR and return them as a list of strings."""
# https://buildkite.com/docs/pipelines/environment-variables#BUILDKITE_PULL_REQUEST
pr_number = os.environ.get("BUILDKITE_PULL_REQUEST")
if not pr_number or pr_number == "false":
return []
response = requests.get(f"https://api.github.com/repos/bazelbuild/bazel-central-registry/pulls/{pr_number}")
if response.status_code == 200:
pr = response.json()
return [label["name"] for label in pr["labels"]]
else:
error(f"Error: {response.status_code}. Could not fetch labels for PR https://github.com/bazelbuild/bazel-central-registry/pull/{pr_number}")
def should_bcr_validation_block_presubmit(modules, pr_labels):
bazelci.print_collapsed_group("Running BCR validations:")
skip_validation_flags = []
if "skip-source-repo-check" in pr_labels:
skip_validation_flags.append("--skip_validation=source_repo")
if "skip-url-stability-check" in pr_labels:
skip_validation_flags.append("--skip_validation=url_stability")
if "presubmit-auto-run" in pr_labels:
skip_validation_flags.append("--skip_validation=presubmit_yml")
returncode = subprocess.run(
["python3", "./tools/bcr_validation.py", "--check_all_metadata"] + [f"--check={name}@{version}" for name, version in modules] + skip_validation_flags,
).returncode
# When a BCR maintainer view is required, the script should return 42.
if returncode == 42:
return True
if returncode != 0:
raise BcrPipelineException("BCR validation failed!")
return False
def file_exists_in_main_branch(file_path):
# Run the git ls-tree command to check for the file in the main branch
result = subprocess.run(
["git", "ls-tree", "-r", "main", "--name-only", file_path],
capture_output=True, text=True, check=True
)
return result.stdout.strip() != ""
def should_metadata_change_block_presubmit(modules, pr_labels):
# Skip the metadata.json check if the PR is labeled with "presubmit-auto-run".
if "presubmit-auto-run" in pr_labels:
return False
bazelci.print_expanded_group("Checking metadata.json file changes:")
# Collect changed modules from module, version pairs.
changed_modules = set([module[0] for module in modules])
# If information like, maintainers, homepage, repository is changed, the presubmit should wait for a BCR maintainer review.
# For each changed module, check if anything other than the "versions" field is changed in the metadata.json file.
needs_bcr_maintainer_review = False
for name in changed_modules:
metadata_json = get_metadata_json(name)
if not file_exists_in_main_branch(metadata_json):
bazelci.eprint("\x1b[33mWARNING\x1b[0m: The metadata.json file for '%s' is newly created!\n" % name)
needs_bcr_maintainer_review = True
continue
# Read the new metadata.json file.
metadata_new = json.load(open(metadata_json, "r"))
# Check out and read the original metadata.json file from the main branch.
subprocess.run(["git", "checkout", "main", "--", metadata_json], check=True)
metadata_old = json.load(open(metadata_json, "r"))
# Revert the metadata.json file to the HEAD of current branch.
subprocess.run(["git", "checkout", "HEAD", "--", metadata_json], check=True)
# Clear the "versions" field and compare the rest of the metadata.json file.
metadata_old["versions"] = []
metadata_new["versions"] = []
if metadata_old != metadata_new:
bazelci.eprint("\x1b[33mWARNING\x1b[0m: The change in metadata.json file for '%s' needs BCR maintainer review!\n" % name)
needs_bcr_maintainer_review = True
else:
bazelci.eprint("The change in metadata.json file for '%s' looks good!\n" % name)
return needs_bcr_maintainer_review
def should_wait_bcr_maintainer_review(modules):
"""Validate the changes and decide whether the presubmit should wait for a BCR maintainer review.
Returns False if all changes look good and the presubmit can proceed.
Returns True if the changes should block follow up presubmit jobs until a BCR maintainer triggers them.
Throws an error if the changes violate BCR policies or the BCR validations fail.
"""
# If existing modules are changed, fail the presubmit.
pr_labels = get_labels_from_pr()
if "USE-WITH-CAUTION-skip-modification-check" not in pr_labels:
validate_existing_modules_are_not_modified()
# If files outside of the modules/ directory are changed, fail the presubmit.
validate_files_outside_of_modules_dir_are_not_modified(modules)
# Check if any changes in the metadata.json file need a manual review.
needs_bcr_maintainer_review = should_metadata_change_block_presubmit(modules, pr_labels)
# Run BCR validations on target modules and decide if the presubmit jobs should be blocked.
if should_bcr_validation_block_presubmit(modules, pr_labels):
needs_bcr_maintainer_review = True
return needs_bcr_maintainer_review
def upload_jobs_to_pipeline(pipeline_steps):
"""Directly calling the buildkite-agent to upload steps."""
subprocess.run(
["buildkite-agent", "pipeline", "upload"],
input=yaml.dump({"steps": pipeline_steps}).encode(),
check=True,
)
def main(argv=None):
if argv is None:
argv = sys.argv[1:]
parser = argparse.ArgumentParser(description="Bazel Central Registry Presubmit Test Generator")
subparsers = parser.add_subparsers(dest="subparsers_name")
subparsers.add_parser("bcr_presubmit")
runner = subparsers.add_parser("runner")
runner.add_argument("--module_name", type=str)
runner.add_argument("--module_version", type=str)
runner.add_argument("--task", type=str)
test_module_runner = subparsers.add_parser("test_module_runner")
test_module_runner.add_argument("--module_name", type=str)
test_module_runner.add_argument("--module_version", type=str)
test_module_runner.add_argument("--task", type=str)
args = parser.parse_args(argv)
if args.subparsers_name == "bcr_presubmit":
modules = get_target_modules()
if not modules:
bazelci.eprint("No target module versions detected in this branch!")
pipeline_steps = []
for module_name, module_version in modules:
configs = get_task_config(module_name, module_version)
add_presubmit_jobs(module_name, module_version, configs.get("tasks", {}), pipeline_steps)
configs = get_test_module_task_config(module_name, module_version)
add_presubmit_jobs(module_name, module_version, configs.get("tasks", {}), pipeline_steps, is_test_module=True)
if should_wait_bcr_maintainer_review(modules) and pipeline_steps:
pipeline_steps = [{"block": "Wait on BCR maintainer review", "blocked_state": "running"}] + pipeline_steps
upload_jobs_to_pipeline(pipeline_steps)
elif args.subparsers_name == "runner":
repo_location = create_simple_repo(args.module_name, args.module_version)
config_file = get_presubmit_yml(args.module_name, args.module_version)
return run_test(repo_location, config_file, args.task)
elif args.subparsers_name == "test_module_runner":
repo_location, config_file = prepare_test_module_repo(args.module_name, args.module_version)
return run_test(repo_location, config_file, args.task)
else:
parser.print_help()
return 2
return 0
if __name__ == "__main__":
sys.exit(main())