A tool to review PRs in CMSSW DQM

CMSSW DQM pull request review tool that aggregates and displays information about pull requests from Github, TagCollector and other sources.

Before running

Before running there should be a private/ folder inside the root directory of the repository containing these files:

• private/cert.key - GRID certificate key file
• private/cert.pem - GRID certificate file
• private/github_oauth_data.txt - Github OAuth credentials. Second line should contain client_id and third line should contain client_secret. First line is just informational message that will be ignored.

How to run

Run this by executing run.sh.

-r option will reload the web app if it crashes each time any file is updated and saved. fswatch is used to observe file changes. -d will run the web app in debug mode. Both options should be used only in development.

Package instalation

Packages listed in requirements.txt have to be installed like this:

python3 -m pip install -r requirements.txt -t .python_packages

Where is this service hosted?

The service is hosted on an OpenStack machine called prinspector. To get to this machine you have to execute this from lxplus: ssh prinspector.

Source code for the service is located here: /srv/PRInspector/.

How to update

When the code in this repository changes and you want the changes to be reflected in a running service, execute the following instructions:

ssh prinspector
cd /srv/PRInspector/
./update.sh

If the update has some unwanted behaviour, you can rollback to the latest working version like so: ./rollback.sh

Deploying on OpenShift

Create a project on OpenShift

See this step.

This will create a new project on <paas.cern.ch>.

Build and push the image to CERN's image registry

docker login registry.cern.ch  # The "password" is a token you can get from the registry.cern.ch website
docker build -t registry.cern.ch/cms-dqmdc/prinspector .
docker push registry.cern.ch/cms-dqmdc/prinspector

Deploy on Openshift

Note

Requires the oc tool.

1. Login to Openshift through oc on your own computer. To do so go to <paas.cern.ch>, click your username on the top right and click Copy login command.

2. Add the SSO Proxy to the project.

   1. Open and select your project on PaaS.
   2. Navigate to Developer > Topology
   3. Right click in the empty space and Add to Project > Helm Charts.
   4. Select Cern Auth Proxy and Create.

   

   5. In the Create Helm Release form, select the latest Chart version.
   6. Then select YAML view and paste the contents of the deployment/prod/sso_proxy_helmchart.yaml
   7. Click on Create.

   [!NOTE] By default, the SSO proxy will use the oidc-client-secret which is automatically created upon PaaS project creation. If you need to use a manually created SSO Application Registration, you will need to modify this secret to use the Client ID and Secrets of the custom SSO Application Registration.

3. Import the image to your project:

   oc import-image prinspector --from=registry.cern.ch/cms-dqmdc/prinspector --confirm

4. Deploy the secrets:

   oc apply -f deployment/prod/secrets.yaml

   This will create two new secrets in your project: grid-cert-and-github-secret (three files which will be mounted on /app/private) and config-secrets, which contains environment variables. For example, the grid-cert-and-github-secret will be created here: https://paas.cern.ch/k8s/ns/prinspector/secrets/grid-cert-and-github-secret.

5. Update the grid-cert-and-github-secret secret. Go here and paste the contents of cert.key, cert.pem (the key and certificate parts of a Grid certificate, respectively, preferably generated by a service account) and github_oauth_data.txt.

6. Deploy the ConfigMaps:

   oc apply -f deployment/prod/configmaps

7. Deploy the Deployments:

   oc apply -f deployment/prod/deployments

8. Deploy the Routes:

   oc apply -f deployment/prod/routes.yaml

9. Restart the rollouts:

   oc rollout restart deployment/nginx
   oc rollout restart deployment/prinspector-app