3party/crashpad
0
0
Fork 0
mirror of https://github.com/chromium/crashpad.git synced 2025-03-09 14:06:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

[luci][realms] switch crashpad to LUCI security realms.

Browse Source 
R=jperaza@chromium.org

Bug: chromium:1242890
Change-Id: I6b7a05806c27827fce213804348c84273ba21e7a
No-Try: True
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3197578
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This commit is contained in:
Andrii Shyshkalov 2021-10-01 20:28:53 +02:00 committed by Joshua Peraza
parent 3b71fc85b1
commit 4318922c9a
3 changed files with 178 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
infra/config/generated/cr-buildbucket.cfg
View File

@ -38,6 +38,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_fuchsia_arm64_rel"
@ -59,6 +63,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_fuchsia_x64_dbg"
@ -79,6 +87,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_fuchsia_x64_rel"
@ -99,6 +111,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_ios_arm64_dbg"
@ -123,6 +139,10 @@ buckets {
}
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_ios_arm64_rel"
@ -147,6 +167,10 @@ buckets {
}
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_ios_x64_dbg"
@ -170,6 +194,10 @@ buckets {
}
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_ios_x64_rel"
@ -193,6 +221,10 @@ buckets {
}
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_linux_x64_dbg"
@ -213,6 +245,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_linux_x64_rel"
@ -233,6 +269,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_mac_x64_dbg"
@ -256,6 +296,10 @@ buckets {
}
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_mac_x64_rel"
@ -279,6 +323,10 @@ buckets {
}
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_win_x64_dbg"
@ -299,6 +347,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_win_x64_rel"
@ -319,6 +371,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
}
}
@ -363,6 +419,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_fuchsia_arm64_rel"
@ -383,6 +443,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_fuchsia_x64_dbg"
@ -402,6 +466,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_fuchsia_x64_rel"
@ -421,6 +489,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_ios_arm64_dbg"
@ -444,6 +516,10 @@ buckets {
}
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_ios_arm64_rel"
@ -467,6 +543,10 @@ buckets {
}
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_ios_x64_dbg"
@ -489,6 +569,10 @@ buckets {
}
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_ios_x64_rel"
@ -511,6 +595,10 @@ buckets {
}
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_linux_x64_dbg"
@ -530,6 +618,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_linux_x64_rel"
@ -549,6 +641,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_mac_x64_dbg"
@ -571,6 +667,10 @@ buckets {
}
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_mac_x64_rel"
@ -593,6 +693,10 @@ buckets {
}
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_win_x64_dbg"
@ -612,6 +716,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
builders {
name: "crashpad_win_x64_rel"
@ -631,6 +739,10 @@ buckets {
execution_timeout_secs: 10800
build_numbers: YES
service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
experiments {
key: "luci.use_realms"
value: 100
}
}
}
}

57
infra/config/generated/realms.cfg Normal file
View File

@ -0,0 +1,57 @@
# Auto-generated by lucicfg.
# Do not modify manually.
#
# For the schema of this file, see RealmsCfg message:
# https://luci-config.appspot.com/schemas/projects:realms.cfg
realms {
name: "@root"
bindings {
role: "role/buildbucket.reader"
principals: "group:all"
}
bindings {
role: "role/configs.reader"
principals: "group:all"
}
bindings {
role: "role/logdog.reader"
principals: "group:all"
}
bindings {
role: "role/scheduler.reader"
principals: "group:all"
}
}
realms {
name: "ci"
bindings {
role: "role/buildbucket.builderServiceAccount"
principals: "user:crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
}
bindings {
role: "role/buildbucket.owner"
principals: "group:project-crashpad-admins"
}
bindings {
role: "role/buildbucket.triggerer"
principals: "user:luci-scheduler@appspot.gserviceaccount.com"
}
}
realms {
name: "try"
bindings {
role: "role/buildbucket.builderServiceAccount"
principals: "user:crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com"
}
bindings {
role: "role/buildbucket.owner"
principals: "group:project-crashpad-admins"
principals: "group:service-account-crashpad-cq"
}
bindings {
role: "role/buildbucket.triggerer"
principals: "group:project-crashpad-tryjob-access"
principals: "group:service-account-cq"
}
}

9
infra/config/main.star Normal file → Executable file
View File

@ -13,6 +13,15 @@
# See the License for the specific language governing permissions and
# limitations under the License.
lucicfg.check_version("1.28.0", "Please update depot_tools")
# Enable LUCI Realms support.
lucicfg.enable_experiment("crbug.com/1085650")
# Launch 100% of Swarming tasks for builds in "realms-aware mode".
luci.builder.defaults.experiments.set({"luci.use_realms": 100})
luci.project(
name = "crashpad",
buildbucket = "cr-buildbucket.appspot.com",