Use token based authorization instead of calling osc

Saves the need of keeping a password to the full account and it is considerably more limited in scope (just triggering services)
2021-01-04 22:54:01 +01:00 · 2021-01-04 22:54:01 +01:00 · 1c5776548f
commit 1c5776548f
parent b61159a352
1 changed files with 34 additions and 9 deletions
--- a/obs/update_unstable.py
+++ b/obs/update_unstable.py
@ -13,6 +13,7 @@ import requests
 import sarge

 API_URL = "https://invent.kde.org/api/v4/projects/"
+OBS_URL = "https://api.opensuse.org/trigger/runservice"


 class GitHashCache:
@ -76,6 +77,23 @@ def get_remote_hash(url, branch="master"):
    return lsremote(url)[refs]


+def trigger_update(repository, package_name, token):
+
+    header = {"Authorization": f"Token {token}"}
+    parameters = {"project": repository, "package": package_name}
+
+    logging.info("Updating package %s", package_name)
+    result = requests.post(OBS_URL, params=parameters, headers=header)
+
+    if not result:
+        logging.error("Error during service run, package %s, error code %s",
+                      package_name, result.status_code)
+        return False
+
+    logging.debug("Package %s complete", package_name)
+    return result
+
+
 def run_osc(repository, package_name):

    cmd = "osc service remoterun {0} {1}"
@ -96,7 +114,7 @@ def run_osc(repository, package_name):

 def update_package(hash_data, package_name,
                   remote_name, obs_repository,
-                   branch):
+                   branch, token):

    repo_name = "https://invent.kde.org/{}".format(remote_name)

@ -118,12 +136,12 @@ def update_package(hash_data, package_name,

    if remote_hash != current_hash:
        logging.debug("Hash doesn't match, updating")
-        if run_osc(obs_repository, package_name):
+        if trigger_update(obs_repository, package_name, token):
            hash_data[obs_repository][remote_name] = remote_hash
            hash_data.save()


-def update_packages(cache_file, repo_mapping_file):
+def update_packages(cache_file, repo_mapping_file, token):

    hash_data = GitHashCache(cache_file)
    hash_data.load()
@ -145,15 +163,15 @@ def update_packages(cache_file, repo_mapping_file):
                              package_name, obs_name)
                logging.debug("Using branch %s", branch)
                update_package(hash_data, obs_name, kde_name, obs_repository,
-                               branch)
+                               branch, token)

    logging.debug("Saving data")
    hash_data.save()


-def commit_changes(cache_file):
+def commit_changes(cache_file, repo_home):

-    repo = git.Repo("./")
+    repo = git.Repo(repo_home)
    repo.index.add([cache_file])
    repo.index.commit("Update caches")
    origin = repo.remotes["origin"]
@ -167,7 +185,10 @@ def main():
    parser.add_argument(
        "--cache-file", help="Location of the cache file",
        default=Path.home() / ".local/share/obs_repo_cache.json")
+    parser.add_argument(
+        "--repo-root", help="Location of the git repository root")
    parser.add_argument("mapping_file", help="KDE:OBS repository mapping file")
+    parser.add_argument("token", help="Authorization token file")
    parser.add_argument("--debug", help="Show debugging output",
                        action="store_true")
    options = parser.parse_args()
@ -179,10 +200,14 @@ def main():

    cache_file = options.cache_file

-    update_packages(cache_file, options.mapping_file)
+    with open(options.token) as handle:
+        token = handle.read().strip()

-    logging.info("Committing changes")
-    commit_changes(cache_file)
+    update_packages(cache_file, options.mapping_file, token)
+
+    if options.repo_root is not None:
+        logging.info("Committing changes")
+        commit_changes(cache_file, options.repo_root)

    logging.info("Complete")