summaryrefslogtreecommitdiff
path: root/.gitlab
diff options
context:
space:
mode:
authorBen Gamari <ben@smart-cactus.org>2021-10-03 11:27:18 -0400
committerBen Gamari <ben@smart-cactus.org>2021-10-03 14:23:36 -0400
commitf4554f1d2a5684042484c38ed831a2b93536b9c6 (patch)
treee1c974eff2206eb3d6cd6632ca51c77bf13d6330 /.gitlab
parent8b3d98ff376355317c64763cf619b1c41281b0d9 (diff)
downloadhaskell-f4554f1d2a5684042484c38ed831a2b93536b9c6.tar.gz
ci: Use https:// transport and access token to push perf notes
Previously we would push perf notes using a standard user and SSH key-based authentication. However, configuring SSH is unnecessarily fiddling. We now rather use HTTPS and a project access token.
Diffstat (limited to '.gitlab')
-rwxr-xr-x.gitlab/ci.sh8
-rwxr-xr-x.gitlab/test-metrics.sh38
2 files changed, 10 insertions, 36 deletions
diff --git a/.gitlab/ci.sh b/.gitlab/ci.sh
index fd39622726..ae386375ee 100755
--- a/.gitlab/ci.sh
+++ b/.gitlab/ci.sh
@@ -423,13 +423,7 @@ function push_perf_notes() {
fi
info "Pushing perf notes..."
-
- # N.B. $HOME may be unset (e.g. is HERMETIC is set) yet test-metrics.sh
- # relies on it for SSH configuration. Provide a temporary $HOME instead.
- TMP_HOME="$(pwd)/.home"
- mkdir -p "$TMP_HOME"
- HOME="$TMP_HOME" "$TOP/.gitlab/test-metrics.sh" push
- rm -Rf "$TMP_HOME"
+ "$TOP/.gitlab/test-metrics.sh" push
}
# Figure out which commit should be used by the testsuite driver as a
diff --git a/.gitlab/test-metrics.sh b/.gitlab/test-metrics.sh
index 8ed53a77b5..fe16573672 100755
--- a/.gitlab/test-metrics.sh
+++ b/.gitlab/test-metrics.sh
@@ -3,7 +3,6 @@
set -euo pipefail
NOTES_ORIGIN="https://gitlab.haskell.org/ghc/ghc-performance-notes.git"
-NOTES_ORIGIN_PUSH="git@gitlab.haskell.org:ghc/ghc-performance-notes.git"
REF="perf"
run() {
@@ -22,36 +21,23 @@ function pull() {
echo "perf notes ref $ref is $(git rev-parse $ref)"
}
-function setup_ssh() {
- # Add gitlab as a known host.
- # This can be generated with `ssh-keyscan -H gitlab.haskell.org`
- mkdir -p "$HOME/.ssh"
- echo "|1|cta91z3DoAGdpX2Epe9WF+sr+Rk=|1qlsbqiTTa8YsDyQBjVnzANFQ3Y= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSzzl8mwY6ohtW6MftKaQfta8yTL8cTxtA7lcueo2mkPpwBBQ7FA6z3nFATx25QwdV7fa7DuNRDX57f/a/W7+wMhXZ6yyQr+gwr0h4vdZ8Nt4XNfNdkdGw4fZKRApWxyvfSkxjs/E9+G0o3eQLspxjVohBkmkcsowpFUI5Aazv/K6QIf1gKt+4iPvYcB/dBJ1yF1qmpayz4htrKyUC5l3GCBEwvMdAjIQ2bX8pyjTtqcJDLosAVzQ5wprkdgkL29MgJXEbM+B1d1log0hnX4AsbOlL7tWhTO1Je2hSuEeiVaDDPFUyCoGQRFDrisQU5lb8NrzuN3jpNc+PxOHbXHfaTppAoED/++UepvgtLF1zUM13cRk56YmpmABOa48W72VJuzLLm8DF+KBWBs6TDuVk3y9z/SS6zDS0VGkHotldopW2kpsjErJIdWVKIL3RP/Flay7mzl3l/izIMTHXXKMxV3/+XaBjG/gDOCld3JjORQXah2hvJfvXeNaePE1RKAMS63cj3XTE77fsYH7VmEdE34RTBDtsZR5WhEjdf29hjEcQDPf0vDphxRHr6IqUSwVcd7ps6nVoccTfaepJm62IIXDgOsc2piWl2xXNZJVtph6U+MzsPDSSbu1MTwalwgqpApcYK7ZzUjGHA7+NBhjjSuUZO6eHzwxjAn0FXZyrpQ==" >> "$HOME/.ssh/known_hosts"
- echo "|1|uZkjsBS2bmdh7L/8zBquxJd/F20=|by/tpuDAPT6BpEXrDOiOv1/Zx/A= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7ltOZyaULDgxE3Vw6RgQVp+OPKQi79ssUenbhdWy36" >> "$HOME/.ssh/known_hosts"
-
- # Setup ssh keys.
- eval `ssh-agent`
- echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJPR1vrZgeGTXmgJw2PsJfMjf22LcDnVVwt3l0rwTZ+8Q2J0bHaYxMRKBco1sON6LGcZepw0Hy76RQ87v057pTz18SXvnfE7U/B6v9qBk0ILJz+4BOX9sEhxu2XmScp/wMxkG9IoyruMlsxXzd1sz09o+rzzx24U2Rp27PRm08vG0oipve6BWLbYEqYrE4/nCufqOJmGd56fju7OTU0lTpEkGDEDWGMxutaX2CbTbDju7qy07Ld8BjSc9aHfvuQaslUbj3ex3EF8EXahURzGpHQn/UFFzVGMokFumiJCAagHQb7cj6jOkKseZLaysbA/mTBQsOzjWiRmkN23bQf1wF ben+ghc-ci@smart-cactus.org" > "$HOME/.ssh/perf_rsa.pub"
- touch "$HOME/.ssh/perf_rsa"
- chmod 0600 "$HOME/.ssh/perf_rsa"
- echo "$PERF_NOTE_KEY" > "$HOME/.ssh/perf_rsa"
- ssh-add "$HOME/.ssh/perf_rsa"
-}
-
# Reset the git notes and append the metrics file to the notes, then push and return the result.
# This is favoured over a git notes merge as it avoids potential data loss/duplication from the merge strategy.
function reset_append_note_push {
pull || true
run git notes --ref=$REF append -F $METRICS_FILE HEAD
- run git push $NOTES_ORIGIN_PUSH refs/notes/$REF
+ run git push $PERF_NOTES_PUSH_REPO refs/notes/$REF
}
function push() {
- # Check that private key is available (Set on all GitLab protected branches).
- if [ -z ${PERF_NOTE_KEY+"$PERF_NOTE_KEY"} ]
- then
- echo "Not pushing performance git notes: PERF_NOTE_KEY is not set."
- exit 0
+ # PERF_NOTES_PUSH_CREDENTIALS is a CI variable set on all GitLab protected branches.
+ if [ -z "${PERF_NOTES_PUSH_REPO:-}" ]; then
+ if [ -n "${PERF_NOTES_PUSH_CREDENTIALS:-}" ]; then
+ PERF_NOTES_PUSH_REPO="https://$PERF_NOTES_PUSH_CREDENTIALS@gitlab.haskell.org/ghc/ghc-performance-notes.git"
+ else
+ echo "Not pushing performance git notes: PERF_NOTES_PUSH_REPO or PERF_NOTES_PUSH_CREDENTIALS not set."
+ exit 0
+ fi
fi
# TEST_ENV must be set.
@@ -70,8 +56,6 @@ function push() {
fail "Metrics file not found: $METRICS_FILE"
fi
- setup_ssh
-
# Push the metrics file as a git note. This may fail if another task pushes a note first. In that case
# the latest note is fetched and appended.
MAX_RETRY=20
@@ -81,10 +65,6 @@ function push() {
echo ""
echo "Failed to push git notes. Fetching, appending, and retrying... $MAX_RETRY retries left."
done
-
- # Be sure to kill agent before we terminate since otherwise the Windows CI
- # job won't finish.
- ssh-agent -k
}
case $1 in