Subpackage, service, timer for build-fail-reminder

This adds a build-fail-reminder subpackage, shipping the script along with a service user and unit files for daily execution via systemd, making for easier management and deployment in the openSUSE infrastructure. Signed-off-by: Georg Pfuetzenreuter <[email protected]>
openSUSE · Aug 28, 2024 · 62b4e21 · 62b4e21
1 parent d299924
commit 62b4e21
Show file tree

Hide file tree

Showing 5 changed files with 98 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -11,7 +11,7 @@ VERSION = "build-$(shell date +%F)"
 all:
 
 install:
-	install -d -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(pkgdatadir) $(DESTDIR)$(unitdir) $(DESTDIR)$(oscplugindir) $(DESTDIR)$(sysconfdir)/$(package_name) $(DESTDIR)$(grafana_provisioning_dir)/dashboards $(DESTDIR)$(grafana_provisioning_dir)/datasources $(DESTDIR)$(logdir)/$(package_name) $(DESTDIR)$(varlibdir)/osrt-slsa/pkglistgen $(DESTDIR)$(varlibdir)/osrt-slsa/relpkggen
+	install -d -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(pkgdatadir) $(DESTDIR)$(unitdir) $(DESTDIR)$(oscplugindir) $(DESTDIR)$(sysconfdir)/$(package_name) $(DESTDIR)$(grafana_provisioning_dir)/dashboards $(DESTDIR)$(grafana_provisioning_dir)/datasources $(DESTDIR)$(logdir)/$(package_name) $(DESTDIR)$(sysconfdir)/$(package_name)/build-fail-reminder $(DESTDIR)$(varlibdir)/osrt-build-fail-reminder $(DESTDIR)$(varlibdir)/osrt-slsa/pkglistgen $(DESTDIR)$(varlibdir)/osrt-slsa/relpkggen
 	for i in $(pkgdata_SCRIPTS); do install -m 755 $$i $(DESTDIR)$(pkgdatadir); done
 	chmod 644 $(DESTDIR)$(pkgdatadir)/osc-*.py
 	for i in $(pkgdata_DATA); do cp -a $$i $(DESTDIR)$(pkgdatadir); done

diff --git a/build-fail-reminder/osrt-build-fail-reminder-user.conf b/build-fail-reminder/osrt-build-fail-reminder-user.conf
@@ -0,0 +1 @@
+u osrt-build-fail-reminder - 'User for the openSUSE build fail reminder service' /var/lib/osrt-build-fail-reminder
diff --git a/dist/package/openSUSE-release-tools.spec b/dist/package/openSUSE-release-tools.spec
@@ -95,6 +95,16 @@ BuildArch:      noarch
 %description announcer
 OBS product release announcer for generating email diffs summaries.
 
+%package build-fail-reminder
+Summary:        OBS build fail reminder service
+Group:          Development/Tools/Other
+BuildArch:      noarch
+Requires:       osclib = %{version}
+Requires:       python3-lxml
+
+%description build-fail-reminder
+Daily email reminders for failed builds in OBS.
+
 %package check-source
 Summary:        Check source review bot
 Group:          Development/Tools/Other
@@ -319,6 +329,7 @@ OSC plugin for the staging workflow, see `osc staging --help`.
 %build
 %make_build
 %sysusers_generate_pre slsa/osrt-slsa-user.conf %{name} %{name}.conf
+%sysusers_generate_pre build-fail-reminder/osrt-build-fail-reminder-user.conf build-fail-reminder osrt-build-fail-reminder.conf
 
 %install
 %make_install \
@@ -327,6 +338,7 @@ OSC plugin for the staging workflow, see `osc staging --help`.
   VERSION="%{version}"
 
 install -Dpm0644 slsa/osrt-slsa-user.conf %{buildroot}%{_sysusersdir}/%{name}.conf
+install -pm0644 build-fail-reminder/osrt-build-fail-reminder-user.conf %{buildroot}%{_sysusersdir}/osrt-build-fail-reminder.conf
 
 %pre -f %{name}.pre
 %service_add_pre %{name}.service
@@ -341,6 +353,18 @@ getent passwd osrt-check-source > /dev/null || \
   useradd -r -m -s /sbin/nologin -c "user for openSUSE-release-tools-check-source" osrt-check-source
 exit 0
 
+%pre -f build-fail-reminder.pre build-fail-reminder
+%service_add_pre osrt-build-fail-reminder.timer
+
+%post build-fail-reminder
+%service_add_post osrt-build-fail-reminder.timer
+
+%preun build-fail-reminder
+%service_del_preun osrt-build-fail-reminder.timer
+
+%postun build-fail-reminder
+%service_del_postun_with_restart osrt-build-fail-reminder.timer
+
 %pre docker-publisher
 getent passwd osrt-docker-publisher > /dev/null || \
   useradd -r -m -s /sbin/nologin -c "user for openSUSE-release-tools-docker-publisher" osrt-docker-publisher
@@ -394,7 +418,6 @@ exit 0
 %doc README.md
 %{_bindir}/osrt-biarchtool
 %{_bindir}/osrt-bugowner
-%{_bindir}/osrt-build-fail-reminder
 %{_bindir}/osrt-checknewer
 %{_bindir}/osrt-check_bugowner
 %{_bindir}/osrt-check_tags_in_requests
@@ -411,6 +434,7 @@ exit 0
 %{_datadir}/%{source_dir}
 %exclude %{_datadir}/%{source_dir}/abichecker
 %exclude %{_datadir}/%{source_dir}/%{announcer_filename}
+%exclude %{_datadir}/%{source_dir}/build-fail-reminder.py
 %exclude %{_datadir}/%{source_dir}/check_maintenance_incidents.py
 %exclude %{_datadir}/%{source_dir}/check_source.py
 %exclude %{_datadir}/%{source_dir}/devel-project.py
@@ -453,6 +477,15 @@ exit 0
 %config(noreplace) %{_sysconfdir}/openSUSE-release-tools/announcer
 %config(noreplace) %{_sysconfdir}/rsyslog.d/%{announcer_filename}.conf
 
+%files build-fail-reminder
+%{_bindir}/osrt-build-fail-reminder
+%{_datadir}/%{source_dir}/build-fail-reminder.py
+%{_sysusersdir}/osrt-build-fail-reminder.conf
+%{_unitdir}/osrt-build-fail-reminder.service
+%{_unitdir}/osrt-build-fail-reminder.timer
+%dir %attr(0700,osrt-build-fail-reminder,osrt-build-fail-reminder) %{_sysconfdir}/%{name}/build-fail-reminder
+%dir %attr(0750,osrt-build-fail-reminder,osrt-build-fail-reminder) %{_sharedstatedir}/osrt-build-fail-reminder
+
 %files check-source
 %{_bindir}/osrt-check_source
 %{_datadir}/%{source_dir}/check_source.py

diff --git a/systemd/osrt-build-fail-reminder.service b/systemd/osrt-build-fail-reminder.service
@@ -0,0 +1,54 @@
+[Unit]
+Description=openSUSE Release Tools: OBS Build Fail Reminder
+
+ConditionFileIsExecutable=/usr/bin/osrt-build-fail-reminder
+ConditionFileNotEmpty=/etc/openSUSE-release-tools/build-fail-reminder/oscrc
+
+[Service]
+User=%N
+Group=%N
+
+ConfigurationDirectory=openSUSE-release-tools/build-fail-reminder
+ConfigurationDirectoryMode=0700
+StateDirectory=osrt-build-fail-reminder
+StateDirectoryMode=0750
+
+Environment=BFR_SENDER='DimStar / Dominique Leuenberger <[email protected]>'
+Environment=BFR_PROJECT=openSUSE:Factory
+Environment=BFR_RELAY=ipv6-localhost
+
+Environment=OSC_CONFIG=/etc/openSUSE-release-tools/build-fail-reminder/oscrc
+
+ExecStart=/usr/bin/osrt-build-fail-reminder --sender=${BFR_SENDER} --project=${BFR_PROJECT} --relay=${BFR_RELAY} --json=${STATE_DIRECTORY}/reminded.json "$BFR_EXTRA"
+
+SyslogIdentifier=build-fail-reminder
+
+AmbientCapabilities=
+CapabilityBoundingSet=
+KeyringMode=private
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+MountFlags=private
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+
+UMask=0027
+
+# access to database, - to allow creation if one does not already exist
+ReadWritePaths=-/var/lib/osrt-build-fail-reminder/reminded.json
diff --git a/systemd/osrt-build-fail-reminder.timer b/systemd/osrt-build-fail-reminder.timer
@@ -0,0 +1,8 @@
+[Unit]
+Description=openSUSE Release Tools: OBS Build Fail Reminder Scheduler
+
+[Timer]
+OnCalendar=daily
+
+[Install]
+WantedBy=timers.target