diff --git a/infra/config/generated/cr-buildbucket.cfg b/infra/config/generated/cr-buildbucket.cfg index 9042dd93..6a0c463a 100644 --- a/infra/config/generated/cr-buildbucket.cfg +++ b/infra/config/generated/cr-buildbucket.cfg @@ -38,6 +38,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_fuchsia_arm64_rel" @@ -59,6 +63,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_fuchsia_x64_dbg" @@ -79,6 +87,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_fuchsia_x64_rel" @@ -99,6 +111,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_ios_arm64_dbg" @@ -123,6 +139,10 @@ buckets { } build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_ios_arm64_rel" @@ -147,6 +167,10 @@ buckets { } build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_ios_x64_dbg" @@ -170,6 +194,10 @@ buckets { } build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_ios_x64_rel" @@ -193,6 +221,10 @@ buckets { } build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_linux_x64_dbg" @@ -213,6 +245,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_linux_x64_rel" @@ -233,6 +269,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_mac_x64_dbg" @@ -256,6 +296,10 @@ buckets { } build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_mac_x64_rel" @@ -279,6 +323,10 @@ buckets { } build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_win_x64_dbg" @@ -299,6 +347,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_win_x64_rel" @@ -319,6 +371,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } } } @@ -363,6 +419,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_fuchsia_arm64_rel" @@ -383,6 +443,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_fuchsia_x64_dbg" @@ -402,6 +466,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_fuchsia_x64_rel" @@ -421,6 +489,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_ios_arm64_dbg" @@ -444,6 +516,10 @@ buckets { } build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_ios_arm64_rel" @@ -467,6 +543,10 @@ buckets { } build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_ios_x64_dbg" @@ -489,6 +569,10 @@ buckets { } build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_ios_x64_rel" @@ -511,6 +595,10 @@ buckets { } build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_linux_x64_dbg" @@ -530,6 +618,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_linux_x64_rel" @@ -549,6 +641,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_mac_x64_dbg" @@ -571,6 +667,10 @@ buckets { } build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_mac_x64_rel" @@ -593,6 +693,10 @@ buckets { } build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_win_x64_dbg" @@ -612,6 +716,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } builders { name: "crashpad_win_x64_rel" @@ -631,6 +739,10 @@ buckets { execution_timeout_secs: 10800 build_numbers: YES service_account: "crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + experiments { + key: "luci.use_realms" + value: 100 + } } } } diff --git a/infra/config/generated/realms.cfg b/infra/config/generated/realms.cfg new file mode 100644 index 00000000..41377301 --- /dev/null +++ b/infra/config/generated/realms.cfg @@ -0,0 +1,57 @@ +# Auto-generated by lucicfg. +# Do not modify manually. +# +# For the schema of this file, see RealmsCfg message: +# https://luci-config.appspot.com/schemas/projects:realms.cfg + +realms { + name: "@root" + bindings { + role: "role/buildbucket.reader" + principals: "group:all" + } + bindings { + role: "role/configs.reader" + principals: "group:all" + } + bindings { + role: "role/logdog.reader" + principals: "group:all" + } + bindings { + role: "role/scheduler.reader" + principals: "group:all" + } +} +realms { + name: "ci" + bindings { + role: "role/buildbucket.builderServiceAccount" + principals: "user:crashpad-ci-builder@chops-service-accounts.iam.gserviceaccount.com" + } + bindings { + role: "role/buildbucket.owner" + principals: "group:project-crashpad-admins" + } + bindings { + role: "role/buildbucket.triggerer" + principals: "user:luci-scheduler@appspot.gserviceaccount.com" + } +} +realms { + name: "try" + bindings { + role: "role/buildbucket.builderServiceAccount" + principals: "user:crashpad-try-builder@chops-service-accounts.iam.gserviceaccount.com" + } + bindings { + role: "role/buildbucket.owner" + principals: "group:project-crashpad-admins" + principals: "group:service-account-crashpad-cq" + } + bindings { + role: "role/buildbucket.triggerer" + principals: "group:project-crashpad-tryjob-access" + principals: "group:service-account-cq" + } +} diff --git a/infra/config/main.star b/infra/config/main.star old mode 100644 new mode 100755 index 280de797..fb8af223 --- a/infra/config/main.star +++ b/infra/config/main.star @@ -13,6 +13,15 @@ # See the License for the specific language governing permissions and # limitations under the License. +lucicfg.check_version("1.28.0", "Please update depot_tools") + +# Enable LUCI Realms support. +lucicfg.enable_experiment("crbug.com/1085650") + +# Launch 100% of Swarming tasks for builds in "realms-aware mode". +luci.builder.defaults.experiments.set({"luci.use_realms": 100}) + + luci.project( name = "crashpad", buildbucket = "cr-buildbucket.appspot.com",