diff --git a/.travis.yml b/.travis.yml index 4c880c80e28..3dbf1d4c8f1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -54,11 +54,6 @@ jobs: before_install: - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi cache: directories: - ${AWS_CLI_ROOT} @@ -115,11 +110,6 @@ jobs: before_install: - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi cache: directories: - ${AWS_CLI_ROOT} @@ -266,11 +256,6 @@ jobs: - sudo sysctl fs.inotify.max_user_watches=524288 - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: @@ -321,11 +306,6 @@ jobs: - sudo sysctl fs.inotify.max_user_watches=524288 - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: @@ -450,11 +430,6 @@ jobs: - wget -qO- "https://github.com/crazy-max/travis-wait-enhanced/releases/download/v0.2.1/travis-wait-enhanced_0.2.1_linux_x86_64.tar.gz" | tar -zxvf - travis-wait-enhanced - mv travis-wait-enhanced /home/travis/bin/ - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: @@ -507,11 +482,6 @@ jobs: - wget -qO- "https://github.com/crazy-max/travis-wait-enhanced/releases/download/v0.2.1/travis-wait-enhanced_0.2.1_linux_x86_64.tar.gz" | tar -zxvf - travis-wait-enhanced - mv travis-wait-enhanced /home/travis/bin/ - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: @@ -632,11 +602,6 @@ jobs: - sudo sysctl fs.inotify.max_user_watches=524288 - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: @@ -889,11 +854,6 @@ jobs: - sudo sysctl fs.inotify.max_user_watches=524288 - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: @@ -952,11 +912,6 @@ jobs: - sudo sysctl fs.inotify.max_user_watches=524288 - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: diff --git a/build-support/bin/ci.py b/build-support/bin/ci.py index bd3878f003a..27795462e16 100755 --- a/build-support/bin/ci.py +++ b/build-support/bin/ci.py @@ -79,8 +79,8 @@ def create_parser() -> argparse.ArgumentParser: "--remote-cache-enabled", action="store_true", help=( - "Enable remote caching via Toolchain. This requires setting the options " - "`remote_oauth_bearer_token_path` and `remote_ca_certs_path` in your environment." + "Enable remote caching via Toolchain. This requires enabling " + "`remote_auth_plugin` and `remote_ca_certs_path` in your environment." ), ) @@ -158,9 +158,6 @@ def set_run_from_pex() -> None: os.environ["RUN_PANTS_FROM_PEX"] = "1" -IS_PR_BUILD = "CI" in os.environ and os.environ.get("TRAVIS_PULL_REQUEST", "false") != "false" - - # ------------------------------------------------------------------------- # Bootstrap pants.pex # ------------------------------------------------------------------------- @@ -270,7 +267,7 @@ def run_check(command: List[str]) -> None: def run_lint(*, remote_cache_enabled: bool) -> None: targets = ["build-support::", "src::", "tests::"] command = ["./pants.pex", "--tag=-nolint", "lint", "typecheck", *targets] - if remote_cache_enabled and IS_PR_BUILD is False: + if remote_cache_enabled: command.append("--pants-config-files=pants.remote-cache.toml") _run_command( command, @@ -326,7 +323,7 @@ def run_python_tests( *, include_unit: bool, include_integration: bool, remote_cache_enabled: bool ) -> None: extra_args = [] - if remote_cache_enabled and IS_PR_BUILD is False: + if remote_cache_enabled: extra_args.append("--pants-config-files=pants.remote-cache.toml") if not include_unit and not include_integration: raise ValueError( diff --git a/build-support/bin/generate_travis_yml.py b/build-support/bin/generate_travis_yml.py index 92ef36bd09b..e6ae613732b 100644 --- a/build-support/bin/generate_travis_yml.py +++ b/build-support/bin/generate_travis_yml.py @@ -327,13 +327,6 @@ def linux_shard( *_linux_before_install( include_test_config=load_test_config, install_travis_wait=install_travis_wait ), - ( - "if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K " - "$encrypted_f6717c01a353_key -iv $encrypted_f6717c01a353_iv -in " - "build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted -out " - "build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export " - "PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; fi" - ), ], "after_failure": ["./build-support/bin/ci-failure.sh"], "stage": python_version.default_stage().value, diff --git a/build-support/secrets/README.md b/build-support/secrets/README.md deleted file mode 100644 index 8c7177ae98a..00000000000 --- a/build-support/secrets/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Encrypted Secrets - - This directory contains secrets encrypted via `travis encrypt-file`. - -(Travis has a limit on the size - of encrypted environment varibales. Thus, any secrets larger than that limit must be in files - encrypted in the repo.) \ No newline at end of file diff --git a/build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted b/build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted deleted file mode 100644 index 3dc0148173f..00000000000 Binary files a/build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted and /dev/null differ diff --git a/pants.remote-cache.toml b/pants.remote-cache.toml index b7c2b19b7ed..313f017dc0a 100644 --- a/pants.remote-cache.toml +++ b/pants.remote-cache.toml @@ -19,3 +19,4 @@ remote_store_maximum_timeout = 5000 # NB: this is used for Toolchain's remote caching and may need to change for other implementations. remote_store_server = "build.toolchain.com:443" remote_instance_name = "main" +remote_auth_plugin = "toolchain.pants.auth.plugin:toolchain_auth_plugin"