chromium/src
0
Fork 0
Code Activity

Allow to trigger ci webrtc bots with led.

Browse Source 
This requires to switch to the "new" luci binding notation.

Bug: None
Change-Id: I1735827fb83f30443991ca91d28e19e7b446e63c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6573736
Reviewed-by: Ilya Nikolaevskiy <ilnik@chromium.org>
Reviewed-by: Mirko Bonadei <mbonadei@chromium.org>
Commit-Queue: Jeremy Leconte <jleconte@google.com>
Cr-Commit-Position: refs/heads/main@{#1463306}
This commit is contained in:
Jeremy Leconte
2025-05-21 03:29:46 -07:00
committed by Chromium LUCI CQ
parent 5eb0508c9b
commit 36fc3303b7
3 changed files with 47 additions and 19 deletions
infra/config
generated
luci
realms.cfg
subprojects
webrtc
webrtc.fyi.starwebrtc.star

9
infra/config/generated/luci/realms.cfg

@ -786,6 +786,10 @@ realms {
role: "role/buildbucket.builderServiceAccount"
principals: "user:chromium-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
}
bindings {
role: "role/buildbucket.creator"
principals: "group:project-webrtc-led-users"
}
bindings {
role: "role/buildbucket.owner"
principals: "group:project-chromium-admins"
@ -797,6 +801,7 @@ realms {
bindings {
role: "role/buildbucket.triggerer"
principals: "group:project-chromium-ci-schedulers"
principals: "group:project-webrtc-admins"
}
bindings {
role: "role/resultdb.invocationCreator"
@ -830,6 +835,10 @@ realms {
role: "role/buildbucket.builderServiceAccount"
principals: "user:chromium-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
}
bindings {
role: "role/buildbucket.creator"
principals: "group:project-webrtc-led-users"
}
bindings {
role: "role/buildbucket.owner"
principals: "group:project-chromium-admins"

26
infra/config/subprojects/webrtc/webrtc.fyi.star

@ -10,24 +10,32 @@ load("//lib/xcode.star", "xcode")
luci.bucket(
name = "webrtc.fyi",
acls = [
acl.entry(
roles = acl.BUILDBUCKET_READER,
bindings = [
luci.binding(
roles = "role/buildbucket.reader",
groups = "all",
),
acl.entry(
roles = acl.BUILDBUCKET_TRIGGERER,
luci.binding(
roles = "role/buildbucket.creator",
groups = "project-webrtc-led-users",
),
luci.binding(
roles = "role/buildbucket.triggerer",
groups = [
"project-chromium-ci-schedulers",
"project-webrtc-admins",
],
),
acl.entry(
roles = acl.BUILDBUCKET_OWNER,
luci.binding(
roles = "role/buildbucket.owner",
groups = "project-chromium-admins",
),
acl.entry(
roles = acl.SCHEDULER_OWNER,
luci.binding(
roles = "role/scheduler.owner",
groups = "project-webrtc-admins",
),
luci.binding(
roles = "role/swarming.taskTriggerer",
groups = "project-webrtc-admins",
),
],

31
infra/config/subprojects/webrtc/webrtc.star

@ -9,21 +9,32 @@ load("//lib/targets.star", "targets")
luci.bucket(
name = "webrtc",
acls = [
acl.entry(
roles = acl.BUILDBUCKET_READER,
bindings = [
luci.binding(
roles = "role/buildbucket.reader",
groups = "all",
),
acl.entry(
roles = acl.BUILDBUCKET_TRIGGERER,
groups = "project-chromium-ci-schedulers",
luci.binding(
roles = "role/buildbucket.creator",
groups = "project-webrtc-led-users",
),
acl.entry(
roles = acl.BUILDBUCKET_OWNER,
luci.binding(
roles = "role/buildbucket.triggerer",
groups = [
"project-chromium-ci-schedulers",
"project-webrtc-admins",
],
),
luci.binding(
roles = "role/buildbucket.owner",
groups = "project-chromium-admins",
),
acl.entry(
roles = acl.SCHEDULER_OWNER,
luci.binding(
roles = "role/scheduler.owner",
groups = "project-webrtc-admins",
),
luci.binding(
roles = "role/swarming.taskTriggerer",
groups = "project-webrtc-admins",
),
],