Skip to content

cfengine/cf-bottom

Repository files navigation

Northern.tech Bot, Tom

I'm your friendly neighbourhood bot, Tom. I trigger pull requests when someone mentions me in a GitHub Pull Request.

Usage

Github Pull Requests

Mention Tom in a comment with @cf-bottom and then include some trigger keywords to start a jenkins/CI build.

In tom/bot.py:

        trigger_words = ["jenkins", "pipeline", "build", "test", "trigger"]

Other keywords available in comments are:

  • exotic - includes exotics platforms such as AIX, HP/UX, Solaris
  • no test - don't run tests. This is useful if you only need packages. Tests are resource intensive so use this option often if it makes sense.

Install dependencies and setup local venv

python3 -m venv venv . venv/bin/activate pip install -r requirements.txt

Command line

If you have valid config and secrets in the current working directory, you can run the PR checker feature with:

$ python3 -m tom --directory . --log-level info --interactive

(This assumes running in the repo folder, ., and interactive so you will be prompted before any actions are taken).

Example on our (private) Jenkins:

$ ssh ci.cfengine.com
olehermanse@jenkins:~$ sudo su tom
tom@jenkins:/home/olehermanse$ cd ~/
tom@jenkins:/home/tom$ python3 self/tom --log-level INFO
[INFO] Fetching pull requests for cfengine/documentation
[INFO] Fetching pull requests for cfengine/starter_pack
[INFO] Fetching pull requests for cfengine/masterfiles
[INFO] Fetching pull requests for cfengine/buildscripts
[INFO] Fetching pull requests for cfengine/core
[INFO] Fetching pull requests for cf-bottom/self
[...]

Update Dependencies

Initially and currently tom is designed to chat via slack to update dependencies but we didn't finish the integration so this must be run on the command line instead. Given that secrets are present as above, run this command:

python3 -m tom -i -t cf-bottom -l info

<@cf-bottom> deps: 3.21.x

Note: in order to submit the PR properly you must edit tom/bot.py and replace Lex-2008 with your github username. https://northerntech.atlassian.net/browse/ENT-12126

Note that this is referred to in the release process doc: https://github.com/NorthernTechHQ/infra/blob/master/files/buildcache/release-scripts/RELEASE_PROCESS.org

CFEngine policy

See the example policy for an automated way to update and run Tom.

To disable policy when testing, you can delete this flag file:

$ cd /home/tom
$ rm TOM_ENABLE

The TOM_ENABLE file is checked by the policy, not the python code. To re-enable:

$ cd /home/tom
$ touch TOM_ENABLE

Config

See our commited config file for an example of what the JSON config file looks like. Note that one config file has multiple "bots", with unique GitHub usernames. Each of those "bots" can be configured to use different Jenkins instances, and separate secrets.

Secrets

Secrets should be kept separate from the rest of the config. The filenames are specified in config.json. It is generally recommended to not commit secrets to git repos. Here is an example of what the secrets file can look like:

{
  "GITHUB_TOKEN": "46fb3751dd0d84cb02f8d8fc68d34ffed3247c4b",
  "JENKINS_USER": "a10062",
  "JENKINS_TOKEN": "de351e7ad2bcb3b2bdca23c5537e054c",
  "JENKINS_CRUMB": "814eeba4337de1f669643c1091aecb59"
}

(The secrets above are fake).

Explanation:

Technical details

Webhooks / polling

Most of the codebase works by polling open pull requests, rather than having a web server wait for Webhooks. There is one exception, the optional slack bot, which can be triggered from mentions in Slack.

development / testing

See run_tests.sh here for a development workflow working with pytest unit tests.

Open htmlcov/index.html to see python code coverage information after test runs.

pass a test name to run_tests.sh and it will only run that one test.