On 04/17/2018 03:06 AM, Tomáš Kopeček wrote:
Dne 16.4.2018 v 17:17 Mátyás Selmeci napsal(a):
> Hi,
>
> We'd like to prevent people from accidentally building into a target
> from the wrong SVN branch (e.g. building into the osg-3.4 target from
> the osg-3.3 branch). We have a wrapper script around "koji build" that
> does this check, but it would be nicer if we could do it server side.
> Is that something we can do?
Partially yes. In PR 353 we've introduced pre/postSCMCheckout callbacks.
These got some information (scminfo, build tag, scratch flag, sourcedir)
which can be used to determine branch and traverse scm checkout for
needed info. What is limiting for your usecase is that we send there
only build tag, not target.
Why this can't be solved via policy? Build can be triggered from
specific commit, so information about branch will not be available until
builder will not check out scm and look into its content.
Simple plugin for this callback would be placed in
/usr/lib/koji-builder-plugins would look +- (not tested) like:
from koji import PreBuildError
from koji.plugin import callback
@callback('postSCMCheckout')
def build_tag_is_same_as_branch(clb_type, *args, **kwargs):
scratch = kwargs['scratch']
taskinfo = kwargs['taskinfo']
session = kwargs['session']
build_tag = kwargs['build_tag']
srcdir = kwargs['srcdir']
# ignore scratch
if scratch:
return
# ignore other tasks than SRPM build
taskinfo = session.getTaskInfo(taskinfo) if not
isinstance(taskinfo, dict) or taskinfo['method'] != 'buildSRPMFromSCM':
return
if build_tag['name'] not in get_branches(srcdir):
raise PreBuildError("Build tag name is different from SCM branch
name")
def get_branches(srcdir):
"""Determine which remote branches contain the current
checkout"""
cmd = 'git branch -r --contains HEAD | grep -v "origin/HEAD"'
proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, cwd=srcdir,
shell=True)
(out, err) = proc.communicate()
status = proc.wait()
if status != 0:
raise Exception('Error getting branches for git checkout')
branches = out.split()
return branches
That sounds pretty good, actually. For us, restricting by build tag is
just as good as restricting by target, and I can hack around the "which
branch is this commit from" problem by creating a sentinel file in each
branch containing the branch name.
Thanks for the code! We're a little behind on our version of Koji but
I'll give it a shot once we update.
-Mat