buildkite/bazel-central-registry/bcr_presubmit.py - continuous-integration - Git at Google

 #!/usr/bin/env python3
 #
 # Copyright 2018 The Bazel Authors. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # pylint: disable=line-too-long
 # pylint: disable=missing-function-docstring
 # pylint: disable=unspecified-encoding
 # pylint: disable=invalid-name
 """The CI script for Bazel Central Registry Presubmit."""


 import argparse
 import json
 import os
 import pathlib
 import re
 import sys
 import subprocess
 import shutil
 import time
 import urllib.request
 import zipfile
 import requests
 import yaml

 import bazelci

 BCR_REPO_DIR = pathlib.Path(os.getcwd())

 BUILDKITE_ORG = os.environ["BUILDKITE_ORGANIZATION_SLUG"]

 SCRIPT_URL = {
     "bazel-testing": "https://raw.githubusercontent.com/bazelbuild/continuous-integration/testing/buildkite/bazel-central-registry/bcr_presubmit.py",
     "bazel-trusted": "https://raw.githubusercontent.com/bazelbuild/continuous-integration/master/buildkite/bazel-central-registry/bcr_presubmit.py",
     "bazel": "https://raw.githubusercontent.com/bazelbuild/continuous-integration/master/buildkite/bazel-central-registry/bcr_presubmit.py",
 }[BUILDKITE_ORG] + "?{}".format(int(time.time()))


 def fetch_bcr_presubmit_py_command():
     return "curl -s {0} -o bcr_presubmit.py".format(SCRIPT_URL)


 class BcrPipelineException(Exception):
     """Raised whenever something goes wrong and we should exit with an error."""


 def error(msg):
     bazelci.eprint("\x1b[31mERROR\x1b[0m: {}\n".format(msg))
     raise BcrPipelineException("BCR Presubmit failed!")


 def get_target_modules():
     """
     If the `MODULE_NAME` and `MODULE_VERSION(S)` are specified, calculate the target modules from those env vars.
     Otherwise, calculate target modules based on changed files from the main branch.
     """
     modules = []
     if "MODULE_NAME" in os.environ:
         name = os.environ["MODULE_NAME"]
         if "MODULE_VERSION" in os.environ:
             modules.append((name, os.environ["MODULE_VERSION"]))
         elif "MODULE_VERSIONS" in os.environ:
             for version in os.environ["MODULE_VERSIONS"].split(","):
                 modules.append((name, version))

     if modules:
         return list(set(modules))

     # Get the list of changed files compared to the main branch
     output = subprocess.check_output(
         ["git", "diff", "main...HEAD", "--name-only", "--pretty=format:"]
     )
     # Matching modules/<name>/<version>/
     for line in output.decode("utf-8").split():
         s = re.match(r"modules\/([^\/]+)\/([^\/]+)\/", line)
         if s:
             modules.append(s.groups())

     return list(set(modules))


 def get_metadata_json(module_name):
     return BCR_REPO_DIR.joinpath("modules/%s/metadata.json" % module_name)


 def get_presubmit_yml(module_name, module_version):
     return BCR_REPO_DIR.joinpath("modules/%s/%s/presubmit.yml" % (module_name, module_version))


 def get_module_dot_bazel(module_name, module_version):
     return BCR_REPO_DIR.joinpath("modules/%s/%s/MODULE.bazel" % (module_name, module_version))


 def get_source_json(module_name, module_version):
     return BCR_REPO_DIR.joinpath("modules/%s/%s/source.json" % (module_name, module_version))


 def get_patch_file(module_name, module_version, patch):
     return BCR_REPO_DIR.joinpath("modules/%s/%s/patches/%s" % (module_name, module_version, patch))


 def get_task_config(module_name, module_version):
     return bazelci.load_config(http_url=None,
                                file_config=get_presubmit_yml(module_name, module_version),
                                allow_imports=False)


 def get_test_module_task_config(module_name, module_version):
     orig_presubmit = yaml.safe_load(open(get_presubmit_yml(module_name, module_version), "r"))
     if "bcr_test_module" in orig_presubmit:
         config = orig_presubmit["bcr_test_module"]
         bazelci.expand_task_config(config)
         return config
     return {}


 def add_presubmit_jobs(module_name, module_version, task_configs, pipeline_steps, is_test_module=False):
     for task_name, task_config in task_configs.items():
         platform_name = bazelci.get_platform_for_task(task_name, task_config)
         label = bazelci.PLATFORMS[platform_name]["emoji-name"] + " {0}@{1} {2}".format(
             module_name, module_version, task_config["name"] if "name" in task_config else ""
         )
         # The bazel version should always be set in the task config due to https://github.com/bazelbuild/bazel-central-registry/pull/1387
         # But fall back to empty string for more robustness.
         bazel_version = task_config.get("bazel", "")
         if bazel_version:
             label = ":bazel:{} - ".format(bazel_version) + label
         command = (
             '%s bcr_presubmit.py %s --module_name="%s" --module_version="%s" --task=%s'
             % (
                 bazelci.PLATFORMS[platform_name]["python"],
                 "test_module_runner" if is_test_module else "runner",
                 module_name,
                 module_version,
                 task_name,
             )
         )
         commands = [bazelci.fetch_bazelcipy_command(), fetch_bcr_presubmit_py_command(), command]
         pipeline_steps.append(bazelci.create_step(label, commands, platform_name))


 def scratch_file(root, relative_path, lines=None, mode="w"):
     """Creates a file under the root directory"""
     if not relative_path:
         return None
     abspath = pathlib.Path(root).joinpath(relative_path)
     with open(abspath, mode) as f:
         if lines:
             for l in lines:
                 f.write(l)
                 f.write('\n')
     return abspath


 def create_simple_repo(module_name, module_version):
     """Create a simple Bazel module repo which depends on the target module."""
     root = pathlib.Path(bazelci.get_repositories_root())
     scratch_file(root, "WORKSPACE")
     scratch_file(root, "BUILD")
     # TODO(pcloudy): Should we test this module as the root module? Maybe we do if we support dev dependency.
     # Because if the module is not root module, dev dependencies are ignored, which can break test targets.
     # Another work around is that we can copy the dev dependencies to the generated MODULE.bazel.
     scratch_file(root, "MODULE.bazel", ["bazel_dep(name = '%s', version = '%s')" % (module_name, module_version)])
     scratch_file(root, ".bazelrc", [
         "build --experimental_enable_bzlmod",
         "build --registry=%s" % BCR_REPO_DIR.as_uri(),
     ])
     return root


 def download(url, file):
     req = urllib.request.Request(url, headers={'User-Agent': 'Mozilla/5.0'})
     with urllib.request.urlopen(req) as response:
         with open(file, "wb") as f:
             f.write(response.read())


 def read(path):
     with open(path, "r") as file:
         return file.read()


 def load_source_json(module_name, module_version):
     source_json = get_source_json(module_name, module_version)
     with open(source_json, "r") as json_file:
         return json.load(json_file)


 def apply_patch(work_dir, patch_strip, patch_file):
     # Requires `patch` to be installed, this is true for all Bazel CI VMs, including Windows VMs.
     subprocess.run(
         ["patch", "-f", "-p%d" % patch_strip, "-i", patch_file], shell=False, check=True, env=os.environ, cwd=work_dir
     )

 def extract_zip_with_permissions(zip_file_path, destination_dir):
     with zipfile.ZipFile(zip_file_path, 'r') as zip_ref:
         for entry in zip_ref.infolist():
             zip_ref.extract(entry, destination_dir)
             file_path = os.path.join(destination_dir, entry.filename)

             # Set file permissions according to https://stackoverflow.com/questions/39296101
             if entry.external_attr >  0xffff:
                 os.chmod(file_path, entry.external_attr >> 16)

 def unpack_archive(archive_file, output_dir):
     # Addressing https://github.com/bazelbuild/continuous-integration/issues/1536
     if archive_file.endswith(".zip"):
         extract_zip_with_permissions(archive_file, output_dir)
     else:
         shutil.unpack_archive(archive_file, output_dir)

 def prepare_test_module_repo(module_name, module_version):
     """Prepare the test module repo and the presubmit yml file it should use"""
     bazelci.print_collapsed_group(":information_source: Prepare test module repo")
     root = pathlib.Path(bazelci.get_repositories_root())
     source = load_source_json(module_name, module_version)

     # Download and unpack the source archive to ./output
     archive_url = source["url"]
     archive_file = root.joinpath(archive_url.split("/")[-1])
     output_dir = root.joinpath("output")
     bazelci.eprint("* Download and unpack %s\n" % archive_url)
     download(archive_url, archive_file)
     unpack_archive(str(archive_file), output_dir)
     bazelci.eprint("Source unpacked to %s\n" % output_dir)

     # Apply patch files if there are any
     source_root = output_dir.joinpath(source["strip_prefix"] if "strip_prefix" in source else "")
     if "patches" in source:
         bazelci.eprint("* Applying patch files")
         for patch_name in source["patches"]:
             bazelci.eprint("\nApplying %s:" % patch_name)
             patch_file = get_patch_file(module_name, module_version, patch_name)
             apply_patch(source_root, source["patch_strip"], patch_file)

     # Make sure the checked-in MODULE.bazel file is used.
     checked_in_module_dot_bazel = get_module_dot_bazel(module_name, module_version)
     bazelci.eprint("\n* Copy checked-in MODULE.bazel file to source root:\n%s\n" % read(checked_in_module_dot_bazel))
     module_dot_bazel = source_root.joinpath("MODULE.bazel")
     # In case the existing MODULE.bazel has no write permission.
     if module_dot_bazel.exists():
         os.remove(module_dot_bazel)
     shutil.copy(checked_in_module_dot_bazel, module_dot_bazel)

     # Generate the presubmit.yml file for the test module, it should be the content under "bcr_test_module"
     orig_presubmit = yaml.safe_load(open(get_presubmit_yml(module_name, module_version), "r"))
     test_module_presubmit = root.joinpath("presubmit.yml")
     with open(test_module_presubmit, "w") as f:
         yaml.dump(orig_presubmit["bcr_test_module"], f)
     bazelci.eprint("* Generate test module presubmit.yml:\n%s\n" % read(test_module_presubmit))

     # Write necessary options to the .bazelrc file
     test_module_root = source_root.joinpath(orig_presubmit["bcr_test_module"]["module_path"])

     # Check if test_module_root is a directory
     if not test_module_root.is_dir():
         error("The test module directory does not exist in the source archive: %s" % test_module_root)

     scratch_file(test_module_root, ".bazelrc", [
         # .bazelrc may not end with a newline.
         "",
         "build --experimental_enable_bzlmod",
         "build --registry=%s" % BCR_REPO_DIR.as_uri(),
     ], mode="a")
     bazelci.eprint("* Append Bzlmod flags to .bazelrc file:\n%s\n" % read(test_module_root.joinpath(".bazelrc")))

     bazelci.eprint("* Test module ready: %s\n" % test_module_root)
     return test_module_root, test_module_presubmit


 def run_test(repo_location, task_config_file, task):
     try:
         return bazelci.main(
             [
                 "runner",
                 "--task=" + task,
                 "--file_config=%s" % task_config_file,
                 "--repo_location=%s" % repo_location,
             ]
         )
     except subprocess.CalledProcessError as e:
         bazelci.eprint(str(e))
         return 1


 def validate_existing_modules_are_not_modified():
     # Get all files that are Modified, Renamed, or Deleted.
     bazelci.print_expanded_group("Checking if existing modules are not modified")
     output = subprocess.check_output(
         ["git", "diff", "main...HEAD", "--diff-filter=MRD", "--name-only", "--pretty=format:"]
     )

     # Check if any of the source.json, MODULE.bazel, or patch files are changed for an existing module.
     NO_CHANGE_FILE_PATTERNS = [
         re.compile(r"modules\/([^\/]+)\/([^\/]+)\/source.json"),
         re.compile(r"modules\/([^\/]+)\/([^\/]+)\/MODULE.bazel"),
         re.compile(r"modules\/([^\/]+)\/([^\/]+)\/patches"),
     ]
     changed_modules = []
     for line in output.decode("utf-8").split():
         for p in NO_CHANGE_FILE_PATTERNS:
             s = p.match(line)
             if s:
                 bazelci.eprint(line, "was changed")
                 changed_modules.append(s.groups())
     if changed_modules:
         error("Existing modules should not be changed:\n" + "\n".join([f"{name}@{version}" for name,version in changed_modules]))
     else:
         bazelci.eprint("No existing module was changed.")


 def validate_files_outside_of_modules_dir_are_not_modified(modules):
     # If no modules are changed at the same time, then we don't need to perform this check.
     if not modules:
         return
     bazelci.print_expanded_group("Checking if any file changes outside of modules/")
     output = subprocess.check_output(
         ["git", "diff", "main...HEAD", "--name-only", "--pretty=format:", ":!modules"]
     ).decode("utf-8").strip()
     if output:
         error("The following files should not be changed when adding a new module version:\n" + output)
     else:
         bazelci.eprint("Nothing changed outside of modules/")


 def get_labels_from_pr():
     """Get the labels from the PR and return them as a list of strings."""

     # https://buildkite.com/docs/pipelines/environment-variables#BUILDKITE_PULL_REQUEST
     pr_number = os.environ.get("BUILDKITE_PULL_REQUEST")
     if not pr_number or pr_number == "false":
         return []

     response = requests.get(f"https://api.github.com/repos/bazelbuild/bazel-central-registry/pulls/{pr_number}")
     if response.status_code == 200:
         pr = response.json()
         return [label["name"] for label in pr["labels"]]
     else:
         error(f"Error: {response.status_code}. Could not fetch labels for PR https://github.com/bazelbuild/bazel-central-registry/pull/{pr_number}")


 def should_bcr_validation_block_presubmit(modules, pr_labels):
     bazelci.print_collapsed_group("Running BCR validations:")
     skip_validation_flags = []
     if "skip-source-repo-check" in pr_labels:
         skip_validation_flags.append("--skip_validation=source_repo")
     if "skip-url-stability-check" in pr_labels:
         skip_validation_flags.append("--skip_validation=url_stability")
     if "presubmit-auto-run" in pr_labels:
         skip_validation_flags.append("--skip_validation=presubmit_yml")
     returncode = subprocess.run(
         ["python3", "./tools/bcr_validation.py", "--check_all_metadata"] + [f"--check={name}@{version}" for name, version in modules] + skip_validation_flags,
     ).returncode
     # When a BCR maintainer view is required, the script should return 42.
     if returncode == 42:
         return True
     if returncode != 0:
         raise BcrPipelineException("BCR validation failed!")
     return False


 def file_exists_in_main_branch(file_path):
     # Run the git ls-tree command to check for the file in the main branch
     result = subprocess.run(
         ["git", "ls-tree", "-r", "main", "--name-only", file_path],
         capture_output=True, text=True, check=True
     )
     return result.stdout.strip() != ""


 def should_metadata_change_block_presubmit(modules, pr_labels):
     # Skip the metadata.json check if the PR is labeled with "presubmit-auto-run".
     if "presubmit-auto-run" in pr_labels:
         return False

     bazelci.print_expanded_group("Checking metadata.json file changes:")

     # Collect changed modules from module, version pairs.
     changed_modules = set([module[0] for module in modules])

     # If information like, maintainers, homepage, repository is changed, the presubmit should wait for a BCR maintainer review.
     # For each changed module, check if anything other than the "versions" field is changed in the metadata.json file.
     needs_bcr_maintainer_review = False
     for name in changed_modules:
         metadata_json = get_metadata_json(name)

         if not file_exists_in_main_branch(metadata_json):
             bazelci.eprint("\x1b[33mWARNING\x1b[0m: The metadata.json file for '%s' is newly created!\n" % name)
             needs_bcr_maintainer_review = True
             continue

         # Read the new metadata.json file.
         metadata_new = json.load(open(metadata_json, "r"))

         # Check out and read the original metadata.json file from the main branch.
         subprocess.run(["git", "checkout", "main", "--", metadata_json], check=True)
         metadata_old = json.load(open(metadata_json, "r"))

         # Revert the metadata.json file to the HEAD of current branch.
         subprocess.run(["git", "checkout", "HEAD", "--", metadata_json], check=True)

         # Clear the "versions" field and compare the rest of the metadata.json file.
         metadata_old["versions"] = []
         metadata_new["versions"] = []
         if metadata_old != metadata_new:
             bazelci.eprint("\x1b[33mWARNING\x1b[0m: The change in metadata.json file for '%s' needs BCR maintainer review!\n" % name)
             needs_bcr_maintainer_review = True
         else:
             bazelci.eprint("The change in metadata.json file for '%s' looks good!\n" % name)

     return needs_bcr_maintainer_review


 def should_wait_bcr_maintainer_review(modules):
     """Validate the changes and decide whether the presubmit should wait for a BCR maintainer review.
     Returns False if all changes look good and the presubmit can proceed.
     Returns True if the changes should block follow up presubmit jobs until a BCR maintainer triggers them.
     Throws an error if the changes violate BCR policies or the BCR validations fail.
     """
     # If existing modules are changed, fail the presubmit.
     pr_labels = get_labels_from_pr()
     if "USE-WITH-CAUTION-skip-modification-check" not in pr_labels:
         validate_existing_modules_are_not_modified()

     # If files outside of the modules/ directory are changed, fail the presubmit.
     validate_files_outside_of_modules_dir_are_not_modified(modules)

     # Check if any changes in the metadata.json file need a manual review.
     needs_bcr_maintainer_review = should_metadata_change_block_presubmit(modules, pr_labels)

     # Run BCR validations on target modules and decide if the presubmit jobs should be blocked.
     if should_bcr_validation_block_presubmit(modules, pr_labels):
         needs_bcr_maintainer_review = True

     return needs_bcr_maintainer_review


 def upload_jobs_to_pipeline(pipeline_steps):
     """Directly calling the buildkite-agent to upload steps."""
     subprocess.run(
         ["buildkite-agent", "pipeline", "upload"],
         input=yaml.dump({"steps": pipeline_steps}).encode(),
         check=True,
     )


 def main(argv=None):
     if argv is None:
         argv = sys.argv[1:]

     parser = argparse.ArgumentParser(description="Bazel Central Registry Presubmit Test Generator")

     subparsers = parser.add_subparsers(dest="subparsers_name")

     subparsers.add_parser("bcr_presubmit")

     runner = subparsers.add_parser("runner")
     runner.add_argument("--module_name", type=str)
     runner.add_argument("--module_version", type=str)
     runner.add_argument("--task", type=str)

     test_module_runner = subparsers.add_parser("test_module_runner")
     test_module_runner.add_argument("--module_name", type=str)
     test_module_runner.add_argument("--module_version", type=str)
     test_module_runner.add_argument("--task", type=str)

     args = parser.parse_args(argv)
     if args.subparsers_name == "bcr_presubmit":
         modules = get_target_modules()
         if not modules:
             bazelci.eprint("No target module versions detected in this branch!")
         pipeline_steps = []
         for module_name, module_version in modules:
             configs = get_task_config(module_name, module_version)
             add_presubmit_jobs(module_name, module_version, configs.get("tasks", {}), pipeline_steps)
             configs = get_test_module_task_config(module_name, module_version)
             add_presubmit_jobs(module_name, module_version, configs.get("tasks", {}), pipeline_steps, is_test_module=True)
         if should_wait_bcr_maintainer_review(modules) and pipeline_steps:
             pipeline_steps = [{"block": "Wait on BCR maintainer review", "blocked_state": "running"}] + pipeline_steps
         upload_jobs_to_pipeline(pipeline_steps)
     elif args.subparsers_name == "runner":
         repo_location = create_simple_repo(args.module_name, args.module_version)
         config_file = get_presubmit_yml(args.module_name, args.module_version)
         return run_test(repo_location, config_file, args.task)
     elif args.subparsers_name == "test_module_runner":
         repo_location, config_file = prepare_test_module_repo(args.module_name, args.module_version)
         return run_test(repo_location, config_file, args.task)
     else:
         parser.print_help()
         return 2
     return 0


 if __name__ == "__main__":
     sys.exit(main())
	#!/usr/bin/env python3
	#
	# Copyright 2018 The Bazel Authors. All rights reserved.
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	# pylint: disable=line-too-long
	# pylint: disable=missing-function-docstring
	# pylint: disable=unspecified-encoding
	# pylint: disable=invalid-name
	"""The CI script for Bazel Central Registry Presubmit."""


	import argparse
	import json
	import os
	import pathlib
	import re
	import sys
	import subprocess
	import shutil
	import time
	import urllib.request
	import zipfile
	import requests
	import yaml

	import bazelci

	BCR_REPO_DIR = pathlib.Path(os.getcwd())

	BUILDKITE_ORG = os.environ["BUILDKITE_ORGANIZATION_SLUG"]

	SCRIPT_URL = {
	"bazel-testing": "https://raw.githubusercontent.com/bazelbuild/continuous-integration/testing/buildkite/bazel-central-registry/bcr_presubmit.py",
	"bazel-trusted": "https://raw.githubusercontent.com/bazelbuild/continuous-integration/master/buildkite/bazel-central-registry/bcr_presubmit.py",
	"bazel": "https://raw.githubusercontent.com/bazelbuild/continuous-integration/master/buildkite/bazel-central-registry/bcr_presubmit.py",
	}[BUILDKITE_ORG] + "?{}".format(int(time.time()))


	def fetch_bcr_presubmit_py_command():
	return "curl -s {0} -o bcr_presubmit.py".format(SCRIPT_URL)


	class BcrPipelineException(Exception):
	"""Raised whenever something goes wrong and we should exit with an error."""


	def error(msg):
	bazelci.eprint("\x1b[31mERROR\x1b[0m: {}\n".format(msg))
	raise BcrPipelineException("BCR Presubmit failed!")


	def get_target_modules():
	"""
	If the `MODULE_NAME` and `MODULE_VERSION(S)` are specified, calculate the target modules from those env vars.
	Otherwise, calculate target modules based on changed files from the main branch.
	"""
	modules = []
	if "MODULE_NAME" in os.environ:
	name = os.environ["MODULE_NAME"]
	if "MODULE_VERSION" in os.environ:
	modules.append((name, os.environ["MODULE_VERSION"]))
	elif "MODULE_VERSIONS" in os.environ:
	for version in os.environ["MODULE_VERSIONS"].split(","):
	modules.append((name, version))

	if modules:
	return list(set(modules))

	# Get the list of changed files compared to the main branch
	output = subprocess.check_output(
	["git", "diff", "main...HEAD", "--name-only", "--pretty=format:"]
	)
	# Matching modules/<name>/<version>/
	for line in output.decode("utf-8").split():
	s = re.match(r"modules\/([^\/]+)\/([^\/]+)\/", line)
	if s:
	modules.append(s.groups())

	return list(set(modules))


	def get_metadata_json(module_name):
	return BCR_REPO_DIR.joinpath("modules/%s/metadata.json" % module_name)


	def get_presubmit_yml(module_name, module_version):
	return BCR_REPO_DIR.joinpath("modules/%s/%s/presubmit.yml" % (module_name, module_version))


	def get_module_dot_bazel(module_name, module_version):
	return BCR_REPO_DIR.joinpath("modules/%s/%s/MODULE.bazel" % (module_name, module_version))


	def get_source_json(module_name, module_version):
	return BCR_REPO_DIR.joinpath("modules/%s/%s/source.json" % (module_name, module_version))


	def get_patch_file(module_name, module_version, patch):
	return BCR_REPO_DIR.joinpath("modules/%s/%s/patches/%s" % (module_name, module_version, patch))


	def get_task_config(module_name, module_version):
	return bazelci.load_config(http_url=None,
	file_config=get_presubmit_yml(module_name, module_version),
	allow_imports=False)


	def get_test_module_task_config(module_name, module_version):
	orig_presubmit = yaml.safe_load(open(get_presubmit_yml(module_name, module_version), "r"))
	if "bcr_test_module" in orig_presubmit:
	config = orig_presubmit["bcr_test_module"]
	bazelci.expand_task_config(config)
	return config
	return {}


	def add_presubmit_jobs(module_name, module_version, task_configs, pipeline_steps, is_test_module=False):
	for task_name, task_config in task_configs.items():
	platform_name = bazelci.get_platform_for_task(task_name, task_config)
	label = bazelci.PLATFORMS[platform_name]["emoji-name"] + " {0}@{1} {2}".format(
	module_name, module_version, task_config["name"] if "name" in task_config else ""
	)
	# The bazel version should always be set in the task config due to https://github.com/bazelbuild/bazel-central-registry/pull/1387
	# But fall back to empty string for more robustness.
	bazel_version = task_config.get("bazel", "")
	if bazel_version:
	label = ":bazel:{} - ".format(bazel_version) + label
	command = (
	'%s bcr_presubmit.py %s --module_name="%s" --module_version="%s" --task=%s'
	% (
	bazelci.PLATFORMS[platform_name]["python"],
	"test_module_runner" if is_test_module else "runner",
	module_name,
	module_version,
	task_name,
	)
	)
	commands = [bazelci.fetch_bazelcipy_command(), fetch_bcr_presubmit_py_command(), command]
	pipeline_steps.append(bazelci.create_step(label, commands, platform_name))


	def scratch_file(root, relative_path, lines=None, mode="w"):
	"""Creates a file under the root directory"""
	if not relative_path:
	return None
	abspath = pathlib.Path(root).joinpath(relative_path)
	with open(abspath, mode) as f:
	if lines:
	for l in lines:
	f.write(l)
	f.write('\n')
	return abspath


	def create_simple_repo(module_name, module_version):
	"""Create a simple Bazel module repo which depends on the target module."""
	root = pathlib.Path(bazelci.get_repositories_root())
	scratch_file(root, "WORKSPACE")
	scratch_file(root, "BUILD")
	# TODO(pcloudy): Should we test this module as the root module? Maybe we do if we support dev dependency.
	# Because if the module is not root module, dev dependencies are ignored, which can break test targets.
	# Another work around is that we can copy the dev dependencies to the generated MODULE.bazel.
	scratch_file(root, "MODULE.bazel", ["bazel_dep(name = '%s', version = '%s')" % (module_name, module_version)])
	scratch_file(root, ".bazelrc", [
	"build --experimental_enable_bzlmod",
	"build --registry=%s" % BCR_REPO_DIR.as_uri(),
	])
	return root


	def download(url, file):
	req = urllib.request.Request(url, headers={'User-Agent': 'Mozilla/5.0'})
	with urllib.request.urlopen(req) as response:
	with open(file, "wb") as f:
	f.write(response.read())


	def read(path):
	with open(path, "r") as file:
	return file.read()


	def load_source_json(module_name, module_version):
	source_json = get_source_json(module_name, module_version)
	with open(source_json, "r") as json_file:
	return json.load(json_file)


	def apply_patch(work_dir, patch_strip, patch_file):
	# Requires `patch` to be installed, this is true for all Bazel CI VMs, including Windows VMs.
	subprocess.run(
	["patch", "-f", "-p%d" % patch_strip, "-i", patch_file], shell=False, check=True, env=os.environ, cwd=work_dir
	)

	def extract_zip_with_permissions(zip_file_path, destination_dir):
	with zipfile.ZipFile(zip_file_path, 'r') as zip_ref:
	for entry in zip_ref.infolist():
	zip_ref.extract(entry, destination_dir)
	file_path = os.path.join(destination_dir, entry.filename)

	# Set file permissions according to https://stackoverflow.com/questions/39296101
	if entry.external_attr > 0xffff:
	os.chmod(file_path, entry.external_attr >> 16)

	def unpack_archive(archive_file, output_dir):
	# Addressing https://github.com/bazelbuild/continuous-integration/issues/1536
	if archive_file.endswith(".zip"):
	extract_zip_with_permissions(archive_file, output_dir)
	else:
	shutil.unpack_archive(archive_file, output_dir)

	def prepare_test_module_repo(module_name, module_version):
	"""Prepare the test module repo and the presubmit yml file it should use"""
	bazelci.print_collapsed_group(":information_source: Prepare test module repo")
	root = pathlib.Path(bazelci.get_repositories_root())
	source = load_source_json(module_name, module_version)

	# Download and unpack the source archive to ./output
	archive_url = source["url"]
	archive_file = root.joinpath(archive_url.split("/")[-1])
	output_dir = root.joinpath("output")
	bazelci.eprint("* Download and unpack %s\n" % archive_url)
	download(archive_url, archive_file)
	unpack_archive(str(archive_file), output_dir)
	bazelci.eprint("Source unpacked to %s\n" % output_dir)

	# Apply patch files if there are any
	source_root = output_dir.joinpath(source["strip_prefix"] if "strip_prefix" in source else "")
	if "patches" in source:
	bazelci.eprint("* Applying patch files")
	for patch_name in source["patches"]:
	bazelci.eprint("\nApplying %s:" % patch_name)
	patch_file = get_patch_file(module_name, module_version, patch_name)
	apply_patch(source_root, source["patch_strip"], patch_file)

	# Make sure the checked-in MODULE.bazel file is used.
	checked_in_module_dot_bazel = get_module_dot_bazel(module_name, module_version)
	bazelci.eprint("\n* Copy checked-in MODULE.bazel file to source root:\n%s\n" % read(checked_in_module_dot_bazel))
	module_dot_bazel = source_root.joinpath("MODULE.bazel")
	# In case the existing MODULE.bazel has no write permission.
	if module_dot_bazel.exists():
	os.remove(module_dot_bazel)
	shutil.copy(checked_in_module_dot_bazel, module_dot_bazel)

	# Generate the presubmit.yml file for the test module, it should be the content under "bcr_test_module"
	orig_presubmit = yaml.safe_load(open(get_presubmit_yml(module_name, module_version), "r"))
	test_module_presubmit = root.joinpath("presubmit.yml")
	with open(test_module_presubmit, "w") as f:
	yaml.dump(orig_presubmit["bcr_test_module"], f)
	bazelci.eprint("* Generate test module presubmit.yml:\n%s\n" % read(test_module_presubmit))

	# Write necessary options to the .bazelrc file
	test_module_root = source_root.joinpath(orig_presubmit["bcr_test_module"]["module_path"])

	# Check if test_module_root is a directory
	if not test_module_root.is_dir():
	error("The test module directory does not exist in the source archive: %s" % test_module_root)

	scratch_file(test_module_root, ".bazelrc", [
	# .bazelrc may not end with a newline.
	"",
	"build --experimental_enable_bzlmod",
	"build --registry=%s" % BCR_REPO_DIR.as_uri(),
	], mode="a")
	bazelci.eprint("* Append Bzlmod flags to .bazelrc file:\n%s\n" % read(test_module_root.joinpath(".bazelrc")))

	bazelci.eprint("* Test module ready: %s\n" % test_module_root)
	return test_module_root, test_module_presubmit


	def run_test(repo_location, task_config_file, task):
	try:
	return bazelci.main(
	[
	"runner",
	"--task=" + task,
	"--file_config=%s" % task_config_file,
	"--repo_location=%s" % repo_location,
	]
	)
	except subprocess.CalledProcessError as e:
	bazelci.eprint(str(e))
	return 1


	def validate_existing_modules_are_not_modified():
	# Get all files that are Modified, Renamed, or Deleted.
	bazelci.print_expanded_group("Checking if existing modules are not modified")
	output = subprocess.check_output(
	["git", "diff", "main...HEAD", "--diff-filter=MRD", "--name-only", "--pretty=format:"]
	)

	# Check if any of the source.json, MODULE.bazel, or patch files are changed for an existing module.
	NO_CHANGE_FILE_PATTERNS = [
	re.compile(r"modules\/([^\/]+)\/([^\/]+)\/source.json"),
	re.compile(r"modules\/([^\/]+)\/([^\/]+)\/MODULE.bazel"),
	re.compile(r"modules\/([^\/]+)\/([^\/]+)\/patches"),
	]
	changed_modules = []
	for line in output.decode("utf-8").split():
	for p in NO_CHANGE_FILE_PATTERNS:
	s = p.match(line)
	if s:
	bazelci.eprint(line, "was changed")
	changed_modules.append(s.groups())
	if changed_modules:
	error("Existing modules should not be changed:\n" + "\n".join([f"{name}@{version}" for name,version in changed_modules]))
	else:
	bazelci.eprint("No existing module was changed.")


	def validate_files_outside_of_modules_dir_are_not_modified(modules):
	# If no modules are changed at the same time, then we don't need to perform this check.
	if not modules:
	return
	bazelci.print_expanded_group("Checking if any file changes outside of modules/")
	output = subprocess.check_output(
	["git", "diff", "main...HEAD", "--name-only", "--pretty=format:", ":!modules"]
	).decode("utf-8").strip()
	if output:
	error("The following files should not be changed when adding a new module version:\n" + output)
	else:
	bazelci.eprint("Nothing changed outside of modules/")


	def get_labels_from_pr():
	"""Get the labels from the PR and return them as a list of strings."""

	# https://buildkite.com/docs/pipelines/environment-variables#BUILDKITE_PULL_REQUEST
	pr_number = os.environ.get("BUILDKITE_PULL_REQUEST")
	if not pr_number or pr_number == "false":
	return []

	response = requests.get(f"https://api.github.com/repos/bazelbuild/bazel-central-registry/pulls/{pr_number}")
	if response.status_code == 200:
	pr = response.json()
	return [label["name"] for label in pr["labels"]]
	else:
	error(f"Error: {response.status_code}. Could not fetch labels for PR https://github.com/bazelbuild/bazel-central-registry/pull/{pr_number}")


	def should_bcr_validation_block_presubmit(modules, pr_labels):
	bazelci.print_collapsed_group("Running BCR validations:")
	skip_validation_flags = []
	if "skip-source-repo-check" in pr_labels:
	skip_validation_flags.append("--skip_validation=source_repo")
	if "skip-url-stability-check" in pr_labels:
	skip_validation_flags.append("--skip_validation=url_stability")
	if "presubmit-auto-run" in pr_labels:
	skip_validation_flags.append("--skip_validation=presubmit_yml")
	returncode = subprocess.run(
	["python3", "./tools/bcr_validation.py", "--check_all_metadata"] + [f"--check={name}@{version}" for name, version in modules] + skip_validation_flags,
	).returncode
	# When a BCR maintainer view is required, the script should return 42.
	if returncode == 42:
	return True
	if returncode != 0:
	raise BcrPipelineException("BCR validation failed!")
	return False


	def file_exists_in_main_branch(file_path):
	# Run the git ls-tree command to check for the file in the main branch
	result = subprocess.run(
	["git", "ls-tree", "-r", "main", "--name-only", file_path],
	capture_output=True, text=True, check=True
	)
	return result.stdout.strip() != ""


	def should_metadata_change_block_presubmit(modules, pr_labels):
	# Skip the metadata.json check if the PR is labeled with "presubmit-auto-run".
	if "presubmit-auto-run" in pr_labels:
	return False

	bazelci.print_expanded_group("Checking metadata.json file changes:")

	# Collect changed modules from module, version pairs.
	changed_modules = set([module[0] for module in modules])

	# If information like, maintainers, homepage, repository is changed, the presubmit should wait for a BCR maintainer review.
	# For each changed module, check if anything other than the "versions" field is changed in the metadata.json file.
	needs_bcr_maintainer_review = False
	for name in changed_modules:
	metadata_json = get_metadata_json(name)

	if not file_exists_in_main_branch(metadata_json):
	bazelci.eprint("\x1b[33mWARNING\x1b[0m: The metadata.json file for '%s' is newly created!\n" % name)
	needs_bcr_maintainer_review = True
	continue

	# Read the new metadata.json file.
	metadata_new = json.load(open(metadata_json, "r"))

	# Check out and read the original metadata.json file from the main branch.
	subprocess.run(["git", "checkout", "main", "--", metadata_json], check=True)
	metadata_old = json.load(open(metadata_json, "r"))

	# Revert the metadata.json file to the HEAD of current branch.
	subprocess.run(["git", "checkout", "HEAD", "--", metadata_json], check=True)

	# Clear the "versions" field and compare the rest of the metadata.json file.
	metadata_old["versions"] = []
	metadata_new["versions"] = []
	if metadata_old != metadata_new:
	bazelci.eprint("\x1b[33mWARNING\x1b[0m: The change in metadata.json file for '%s' needs BCR maintainer review!\n" % name)
	needs_bcr_maintainer_review = True
	else:
	bazelci.eprint("The change in metadata.json file for '%s' looks good!\n" % name)

	return needs_bcr_maintainer_review


	def should_wait_bcr_maintainer_review(modules):
	"""Validate the changes and decide whether the presubmit should wait for a BCR maintainer review.
	Returns False if all changes look good and the presubmit can proceed.
	Returns True if the changes should block follow up presubmit jobs until a BCR maintainer triggers them.
	Throws an error if the changes violate BCR policies or the BCR validations fail.
	"""
	# If existing modules are changed, fail the presubmit.
	pr_labels = get_labels_from_pr()
	if "USE-WITH-CAUTION-skip-modification-check" not in pr_labels:
	validate_existing_modules_are_not_modified()

	# If files outside of the modules/ directory are changed, fail the presubmit.
	validate_files_outside_of_modules_dir_are_not_modified(modules)

	# Check if any changes in the metadata.json file need a manual review.
	needs_bcr_maintainer_review = should_metadata_change_block_presubmit(modules, pr_labels)

	# Run BCR validations on target modules and decide if the presubmit jobs should be blocked.
	if should_bcr_validation_block_presubmit(modules, pr_labels):
	needs_bcr_maintainer_review = True

	return needs_bcr_maintainer_review


	def upload_jobs_to_pipeline(pipeline_steps):
	"""Directly calling the buildkite-agent to upload steps."""
	subprocess.run(
	["buildkite-agent", "pipeline", "upload"],
	input=yaml.dump({"steps": pipeline_steps}).encode(),
	check=True,
	)


	def main(argv=None):
	if argv is None:
	argv = sys.argv[1:]

	parser = argparse.ArgumentParser(description="Bazel Central Registry Presubmit Test Generator")

	subparsers = parser.add_subparsers(dest="subparsers_name")

	subparsers.add_parser("bcr_presubmit")

	runner = subparsers.add_parser("runner")
	runner.add_argument("--module_name", type=str)
	runner.add_argument("--module_version", type=str)
	runner.add_argument("--task", type=str)

	test_module_runner = subparsers.add_parser("test_module_runner")
	test_module_runner.add_argument("--module_name", type=str)
	test_module_runner.add_argument("--module_version", type=str)
	test_module_runner.add_argument("--task", type=str)

	args = parser.parse_args(argv)
	if args.subparsers_name == "bcr_presubmit":
	modules = get_target_modules()
	if not modules:
	bazelci.eprint("No target module versions detected in this branch!")
	pipeline_steps = []
	for module_name, module_version in modules:
	configs = get_task_config(module_name, module_version)
	add_presubmit_jobs(module_name, module_version, configs.get("tasks", {}), pipeline_steps)
	configs = get_test_module_task_config(module_name, module_version)
	add_presubmit_jobs(module_name, module_version, configs.get("tasks", {}), pipeline_steps, is_test_module=True)
	if should_wait_bcr_maintainer_review(modules) and pipeline_steps:
	pipeline_steps = [{"block": "Wait on BCR maintainer review", "blocked_state": "running"}] + pipeline_steps
	upload_jobs_to_pipeline(pipeline_steps)
	elif args.subparsers_name == "runner":
	repo_location = create_simple_repo(args.module_name, args.module_version)
	config_file = get_presubmit_yml(args.module_name, args.module_version)
	return run_test(repo_location, config_file, args.task)
	elif args.subparsers_name == "test_module_runner":
	repo_location, config_file = prepare_test_module_repo(args.module_name, args.module_version)
	return run_test(repo_location, config_file, args.task)
	else:
	parser.print_help()
	return 2
	return 0


	if __name__ == "__main__":
	sys.exit(main())