diff --git a/environments.yml b/environments.yml index 80f4f03a..f7a95cd8 100644 --- a/environments.yml +++ b/environments.yml @@ -118,6 +118,7 @@ firefoxci: - westus - westus2 - westeurope + sbom_url_tmpl: https://github.com/mozilla-platform-ops/worker-images/blob/main/sboms/{name}-{version}.md google_config: wst_server_url: https://firefoxci-websocktunnel.services.mozilla.com/ zones: @@ -255,6 +256,7 @@ staging: - southcentralus - westus - westus2 + sbom_url_tmpl: https://github.com/mozilla-platform-ops/worker-images/blob/main/sboms/{name}-{version}.md google_config: wst_server_url: https://websocktunnel-stage.taskcluster.nonprod.cloudops.mozgcp.net/ zones: diff --git a/src/ciadmin/generate/ciconfig/worker_images.py b/src/ciadmin/generate/ciconfig/worker_images.py index e2fac221..19837faf 100644 --- a/src/ciadmin/generate/ciconfig/worker_images.py +++ b/src/ciadmin/generate/ciconfig/worker_images.py @@ -34,7 +34,9 @@ def mk(image_name, info): [mk(image_name, info) for image_name, info in worker_images.items()] ) - def get(self, cloud: str, key: str | None=None, default: Any|None=None) -> Any: + def get( + self, cloud: str, key: str | None = None, default: Any | None = None + ) -> Any: """ Look up a key under the given cloud config for this worker image. diff --git a/src/ciadmin/generate/worker_pools.py b/src/ciadmin/generate/worker_pools.py index 1c9479eb..fc265b4c 100644 --- a/src/ciadmin/generate/worker_pools.py +++ b/src/ciadmin/generate/worker_pools.py @@ -195,10 +195,27 @@ def get_azure_provider_config( {"implementation": implementation}, ) worker_config = merge(worker_config, config.get("worker-config", {})) + gw_config = worker_config["genericWorker"]["config"] if azure_config.get("wst_server_url"): - worker_config["genericWorker"]["config"].setdefault( - "wstServerURL", azure_config["wst_server_url"] - ) + gw_config.setdefault("wstServerURL", azure_config["wst_server_url"]) + + # Populate some generic-worker metadata. + metadata = {} + has_sbom = image.get(provider_id, "sbom") in (None, True) # defaults None to True + if has_sbom and "sbom_url_tmpl" in azure_config: + context = image.clouds[provider_id].copy() + + # The SBOM urls use dashes in the name, whereas the names defined in + # worker-images.yml can use underscores. This can be removed if these + # two places ever use the same format. + if "name" in context: + context["name"] = context["name"].replace("_", "-") + + metadata["sbom"] = azure_config["sbom_url_tmpl"].format(**context) + + if metadata: + gw_config.setdefault("workerTypeMetaData", {}).update(metadata) + tags = config.get("tags", {}) launch_configs = [] diff --git a/src/ciadmin/util/templates.py b/src/ciadmin/util/templates.py index c2f5abfc..2a28d628 100644 --- a/src/ciadmin/util/templates.py +++ b/src/ciadmin/util/templates.py @@ -51,7 +51,7 @@ def merge(*objects): return merge_to(objects[-1], merge(*objects[:-1])) -def deep_get(dict_: dict[str, Any], field: str, default: Any|None=None) -> Any: +def deep_get(dict_: dict[str, Any], field: str, default: Any | None = None) -> Any: """ Return a key from nested dictionaries using dot path notation (e.g "key.subkey"). diff --git a/tests/ciadmin/test_generate_worker_pools.py b/tests/ciadmin/test_generate_worker_pools.py index 1cfcd762..8b19aab9 100644 --- a/tests/ciadmin/test_generate_worker_pools.py +++ b/tests/ciadmin/test_generate_worker_pools.py @@ -73,6 +73,7 @@ def inner(provider, extra_config=None): "locations": ["us-east1"], "image_resource_group": "rg", "vmSizes": [{"vmSize": "Standard_F8s_v2"}], + "worker-config": {"genericWorker": {"config": {}}}, "worker-purpose": "test", } ) @@ -186,7 +187,7 @@ def assert_azure_basic(pool): }, "subnetId": "/subscriptions/subscription_id/resourceGroups/rg-us-east1-test/providers/Microsoft.Network/virtualNetworks/vn-us-east1-test/subnets/sn-us-east1-test", # noqa: E501 "tags": {"deploymentId": "d_id"}, - "workerConfig": {}, + "workerConfig": {"genericWorker": {"config": {}}}, } @@ -208,7 +209,7 @@ def assert_azure_version(pool): }, "subnetId": "/subscriptions/subscription_id/resourceGroups/rg-us-east1-test/providers/Microsoft.Network/virtualNetworks/vn-us-east1-test/subnets/sn-us-east1-test", # noqa: E501 "tags": {"deploymentId": "d_id"}, - "workerConfig": {}, + "workerConfig": {"genericWorker": {"config": {}}}, } diff --git a/worker-images.yml b/worker-images.yml index cd8bc691..b01d44eb 100644 --- a/worker-images.yml +++ b/worker-images.yml @@ -103,6 +103,7 @@ ubuntu-2404-headless: ronin-b1-windows2012-vs-py2-alpha: azure2: version: NA + sbom: false resource_group: rg-packer-through-cib deployment_id: alpha central-us: win2012r2-64-vs-py2-l1-centralus-2012-R2-Datacenter @@ -110,6 +111,7 @@ ronin-b1-windows2012-vs-py2-alpha: ronin-b1-windows2012-vs-py2-prod: azure2: version: NA + sbom: false resource_group: rg-packer-through-cib deployment_id: 7aa76c6 central-us: win2012r2-64-vs-py2-l1-centralus-2012-R2-Datacenter @@ -122,6 +124,7 @@ ronin-b1-windows2012-vs-py2-prod: ronin-b3-windows2012-vs-py2-prod: azure_trusted: version: NA + sbom: false resource_group: rg-packer-through-cib deployment_id: 7aa76c6 central-us: trusted-win2012r2-64-vs-py2-l3-centralus-2012-R2-Datacenter @@ -134,6 +137,7 @@ ronin-b3-windows2012-vs-py2-prod: ronin-b1-windows2012-prod: azure2: version: NA + sbom: false resource_group: rg-packer-through-cib deployment_id: 75bd9ed central-us: win2012r2-64-l1-centralus-2012-R2-Datacenter @@ -146,6 +150,7 @@ ronin-b1-windows2012-prod: ronin-b3-windows2012-prod: azure_trusted: version: NA + sbom: false resource_group: rg-packer-through-cib deployment_id: 7cde253 central-us: trusted-win2012r2-64-l3-centralus-2012-R2-Datacenter @@ -162,19 +167,18 @@ ronin_b1_windows2022_64_2009_alpha: version: 1.0.0 resource_group: rg-packer-worker-images deployment_id: alpha - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win2022-64-2009-alpha.md name: win2022_64_2009_alpha ronin_b1_windows2022_64_2009: azure2: version: 1.0.0 resource_group: rg-packer-worker-images deployment_id: "8346140" - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win2022-64-2009.md name: win2022_64_2009 ronin-b3-windows2022-prod: azure_trusted: deployment_id: "8346140" version: NA + sbom: false resource_group: rg-packer-through-cib central-us: trusted-win2022-64-2009-centralus-2022-datacenter-azure-edition east-us: trusted-win2022-64-2009-eastus-2022-datacenter-azure-edition @@ -190,14 +194,12 @@ ronin_t_windows10_64_2009_prod: version: 1.0.0 resource_group: rg-packer-worker-images deployment_id: "8346140" - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win10-64-2009.md name: win10_64_2009 ronin_t_windows10_64_2009_alpha: azure2: version: 1.0.0 resource_group: rg-packer-worker-images deployment_id: alpha - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win10-64-2009-alpha.md name: win10_64_2009_alpha # Windows 11 ronin_b1_windows11_a64_24h2_builder_alpha: @@ -205,61 +207,55 @@ ronin_b1_windows11_a64_24h2_builder_alpha: version: 0.0.1 resource_group: rg-packer-worker-images deployment_id: alpha - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win11-a64-24h2-builder-alpha.md name: win11_a64_24h2_builder_alpha ronin_b1_windows11_a64_24h2_builder: azure2: version: 1.0.0 resource_group: rg-packer-worker-images deployment_id: a03478d - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win11-a64-24h2-builder.md name: win11_a64_24h2_builder + sbom: false ronin_b3_windows11_a64_24h2_builder: azure_trusted: version: 1.0.0 resource_group: rg-packer-worker-images deployment_id: a03478d - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win11-a64-24h2-builder.md name: win11_a64_24h2_builder + sbom: false ronin_t_windows11_a64_24h2_tester_alpha: azure2: version: 1.0.0 resource_group: rg-packer-worker-images deployment_id: alpha - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win11-a64-24h2-tester-alpha.md name: win11_a64_24h2_tester_alpha ronin_t_windows11_a64_24h2_tester: azure2: version: 1.0.0 resource_group: rg-packer-worker-images deployment_id: a03478d - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win11-a64-24h2-tester.md name: win11_a64_24h2_tester + sbom: false ronin_t_windows11_64_24h2: azure2: version: 1.0.0 resource_group: rg-packer-worker-images deployment_id: "8346140" - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win11-64-24h2.md name: win11_64_24h2 ronin_t_windows11_64_24h2_alpha: azure2: version: 1.0.0 resource_group: rg-packer-worker-images deployment_id: alpha - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win11-64-24h2-alpha.md name: win11_64_24h2_alpha ronin_t_windows11_64_2009_alpha: azure2: version: 1.0.0 resource_group: rg-packer-worker-images deployment_id: alpha - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win11-64-2009-alpha.md name: win11_64_2009_alpha ronin_t_windows11_64_2009: azure2: version: 1.0.0 resource_group: rg-packer-worker-images deployment_id: "8346140" - SBOM: https://github.com/mozilla-platform-ops/worker-images/blob/main/config/win11-64-2009.md name: win11_64_2009