I'm your friendly neighbourhood bot, Tom. I trigger pull requests when someone mentions me in a GitHub Pull Request.
Mention Tom in a comment with @cf-bottom and then include some trigger keywords to start a jenkins/CI build.
In tom/bot.py:
trigger_words = ["jenkins", "pipeline", "build", "test", "trigger"]Other keywords available in comments are:
exotic- includes exotics platforms such as AIX, HP/UX, Solarisno test- don't run tests. This is useful if you only need packages. Tests are resource intensive so use this option often if it makes sense.
python3 -m venv venv . venv/bin/activate pip install -r requirements.txt
If you have valid config and secrets in the current working directory, you can run the PR checker feature with:
$ python3 -m tom --directory . --log-level info --interactive
(This assumes running in the repo folder, ., and interactive so you will be prompted before any actions are taken).
Example on our (private) Jenkins:
$ ssh ci.cfengine.com
olehermanse@jenkins:~$ sudo su tom
tom@jenkins:/home/olehermanse$ cd ~/
tom@jenkins:/home/tom$ python3 self/tom --log-level INFO
[INFO] Fetching pull requests for cfengine/documentation
[INFO] Fetching pull requests for cfengine/starter_pack
[INFO] Fetching pull requests for cfengine/masterfiles
[INFO] Fetching pull requests for cfengine/buildscripts
[INFO] Fetching pull requests for cfengine/core
[INFO] Fetching pull requests for cf-bottom/self
[...]
Initially and currently tom is designed to chat via slack to update dependencies but we didn't finish the integration so this must be run on the command line instead. Given that secrets are present as above, run this command:
python3 -m tom -i -t cf-bottom -l info
<@cf-bottom> deps: 3.21.x
Note: in order to submit the PR properly you must edit tom/bot.py and replace Lex-2008 with your github username. https://northerntech.atlassian.net/browse/ENT-12126
Note that this is referred to in the release process doc: https://github.com/NorthernTechHQ/infra/blob/master/files/buildcache/release-scripts/RELEASE_PROCESS.org
See the example policy for an automated way to update and run Tom.
To disable policy when testing, you can delete this flag file:
$ cd /home/tom
$ rm TOM_ENABLE
The TOM_ENABLE file is checked by the policy, not the python code.
To re-enable:
$ cd /home/tom
$ touch TOM_ENABLE
See our commited config file for an example of what the JSON config file looks like. Note that one config file has multiple "bots", with unique GitHub usernames. Each of those "bots" can be configured to use different Jenkins instances, and separate secrets.
Secrets should be kept separate from the rest of the config.
The filenames are specified in config.json.
It is generally recommended to not commit secrets to git repos.
Here is an example of what the secrets file can look like:
{
"GITHUB_TOKEN": "46fb3751dd0d84cb02f8d8fc68d34ffed3247c4b",
"JENKINS_USER": "a10062",
"JENKINS_TOKEN": "de351e7ad2bcb3b2bdca23c5537e054c",
"JENKINS_CRUMB": "814eeba4337de1f669643c1091aecb59"
}
(The secrets above are fake).
Explanation:
GITHUB_TOKEN- API token generated by GitHub, for the bot username, specified inconfig.json.JENKINS_USER- Jenkins username (LDAP username in CFEngine Jenkins).JENKINS_TOKEN- API token, generated in Jenkins Settings UI.JENKINS_CRUMB- GEThttps://<jenkins>/crumbIssuer/api/xml(for CFEngine: https://ci.cfengine.com/crumbIssuer/api/xml).
Most of the codebase works by polling open pull requests, rather than having a web server wait for Webhooks. There is one exception, the optional slack bot, which can be triggered from mentions in Slack.
See run_tests.sh here for a development workflow working with pytest unit tests.
Open htmlcov/index.html to see python code coverage information after test runs.
pass a test name to run_tests.sh and it will only run that one test.