From 1dbf35a4d3da04084bc140af0ab5e96b469900e2 Mon Sep 17 00:00:00 2001 From: Asher Foa <1268088+asherf@users.noreply.github.com> Date: Tue, 9 Feb 2021 15:13:41 -0800 Subject: [PATCH] Use the toolchain plugin to auth to the remote caching API --- .travis.yml | 45 ------------------ build-support/bin/ci.py | 11 ++--- build-support/bin/generate_travis_yml.py | 7 --- build-support/secrets/README.md | 7 --- .../remote-cache-toolchain-jwt.txt.encrypted | Bin 256 -> 0 bytes pants.remote-cache.toml | 1 + 6 files changed, 5 insertions(+), 66 deletions(-) delete mode 100644 build-support/secrets/README.md delete mode 100644 build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted diff --git a/.travis.yml b/.travis.yml index 4c880c80e28..3dbf1d4c8f1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -54,11 +54,6 @@ jobs: before_install: - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi cache: directories: - ${AWS_CLI_ROOT} @@ -115,11 +110,6 @@ jobs: before_install: - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi cache: directories: - ${AWS_CLI_ROOT} @@ -266,11 +256,6 @@ jobs: - sudo sysctl fs.inotify.max_user_watches=524288 - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: @@ -321,11 +306,6 @@ jobs: - sudo sysctl fs.inotify.max_user_watches=524288 - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: @@ -450,11 +430,6 @@ jobs: - wget -qO- "https://github.com/crazy-max/travis-wait-enhanced/releases/download/v0.2.1/travis-wait-enhanced_0.2.1_linux_x86_64.tar.gz" | tar -zxvf - travis-wait-enhanced - mv travis-wait-enhanced /home/travis/bin/ - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: @@ -507,11 +482,6 @@ jobs: - wget -qO- "https://github.com/crazy-max/travis-wait-enhanced/releases/download/v0.2.1/travis-wait-enhanced_0.2.1_linux_x86_64.tar.gz" | tar -zxvf - travis-wait-enhanced - mv travis-wait-enhanced /home/travis/bin/ - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: @@ -632,11 +602,6 @@ jobs: - sudo sysctl fs.inotify.max_user_watches=524288 - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: @@ -889,11 +854,6 @@ jobs: - sudo sysctl fs.inotify.max_user_watches=524288 - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: @@ -952,11 +912,6 @@ jobs: - sudo sysctl fs.inotify.max_user_watches=524288 - ./build-support/bin/install_aws_cli_for_ci.sh - pyenv global 2.7.17 3.6.10 3.7.6 3.8.1 - - if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K $encrypted_f6717c01a353_key - -iv $encrypted_f6717c01a353_iv -in build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted - -out build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export - PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; - fi before_script: - ./build-support/bin/get_ci_bootstrapped_pants_pex.sh ${AWS_BUCKET} ${BOOTSTRAPPED_PEX_KEY_PREFIX}.${BOOTSTRAPPED_PEX_KEY_SUFFIX} cache: diff --git a/build-support/bin/ci.py b/build-support/bin/ci.py index bd3878f003a..27795462e16 100755 --- a/build-support/bin/ci.py +++ b/build-support/bin/ci.py @@ -79,8 +79,8 @@ def create_parser() -> argparse.ArgumentParser: "--remote-cache-enabled", action="store_true", help=( - "Enable remote caching via Toolchain. This requires setting the options " - "`remote_oauth_bearer_token_path` and `remote_ca_certs_path` in your environment." + "Enable remote caching via Toolchain. This requires enabling " + "`remote_auth_plugin` and `remote_ca_certs_path` in your environment." ), ) @@ -158,9 +158,6 @@ def set_run_from_pex() -> None: os.environ["RUN_PANTS_FROM_PEX"] = "1" -IS_PR_BUILD = "CI" in os.environ and os.environ.get("TRAVIS_PULL_REQUEST", "false") != "false" - - # ------------------------------------------------------------------------- # Bootstrap pants.pex # ------------------------------------------------------------------------- @@ -270,7 +267,7 @@ def run_check(command: List[str]) -> None: def run_lint(*, remote_cache_enabled: bool) -> None: targets = ["build-support::", "src::", "tests::"] command = ["./pants.pex", "--tag=-nolint", "lint", "typecheck", *targets] - if remote_cache_enabled and IS_PR_BUILD is False: + if remote_cache_enabled: command.append("--pants-config-files=pants.remote-cache.toml") _run_command( command, @@ -326,7 +323,7 @@ def run_python_tests( *, include_unit: bool, include_integration: bool, remote_cache_enabled: bool ) -> None: extra_args = [] - if remote_cache_enabled and IS_PR_BUILD is False: + if remote_cache_enabled: extra_args.append("--pants-config-files=pants.remote-cache.toml") if not include_unit and not include_integration: raise ValueError( diff --git a/build-support/bin/generate_travis_yml.py b/build-support/bin/generate_travis_yml.py index 92ef36bd09b..e6ae613732b 100644 --- a/build-support/bin/generate_travis_yml.py +++ b/build-support/bin/generate_travis_yml.py @@ -327,13 +327,6 @@ def linux_shard( *_linux_before_install( include_test_config=load_test_config, install_travis_wait=install_travis_wait ), - ( - "if [[ ${TRAVIS_PULL_REQUEST} == false ]]; then openssl aes-256-cbc -K " - "$encrypted_f6717c01a353_key -iv $encrypted_f6717c01a353_iv -in " - "build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted -out " - "build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted -d && export " - "PANTS_REMOTE_OAUTH_BEARER_TOKEN_PATH=./build-support/secrets/remote-cache-toolchain-jwt.txt.decrypted; fi" - ), ], "after_failure": ["./build-support/bin/ci-failure.sh"], "stage": python_version.default_stage().value, diff --git a/build-support/secrets/README.md b/build-support/secrets/README.md deleted file mode 100644 index 8c7177ae98a..00000000000 --- a/build-support/secrets/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Encrypted Secrets - - This directory contains secrets encrypted via `travis encrypt-file`. - -(Travis has a limit on the size - of encrypted environment varibales. Thus, any secrets larger than that limit must be in files - encrypted in the repo.) \ No newline at end of file diff --git a/build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted b/build-support/secrets/remote-cache-toolchain-jwt.txt.encrypted deleted file mode 100644 index 3dc0148173facd28e741bd38c5a4e835d5412da4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 256 zcmV+b0ssDYq!CVKylaEGSV-<8FOlA_2Va#47SK#~m>`3?RW7{U>o;d7DD^S7jMLQs zY>ztU zrUnDh`DQZx%DGzWplnWja z9@5JjwjXv5HZcah{08bJNYieOi_kSoH!%~K2?mI8S)x2PFLj5v)-}3RbpJ!^kFvl8 zHKg%4DmTX9_)`w6OdWR4oW0GMTcc%!anb$W*Zs+XBS_;Yz+FB9P`g67*(kD~B(NH9 G