From 1c5776548fa43159472f54395c5386825da0516e Mon Sep 17 00:00:00 2001 From: Luca Beltrame Date: Mon, 4 Jan 2021 22:54:01 +0100 Subject: [PATCH] Use token based authorization instead of calling osc Saves the need of keeping a password to the full account and it is considerably more limited in scope (just triggering services) --- obs/update_unstable.py | 43 +++++++++++++++++++++++++++++++++--------- 1 file changed, 34 insertions(+), 9 deletions(-) diff --git a/obs/update_unstable.py b/obs/update_unstable.py index 1cb3d7f..54c8ae0 100755 --- a/obs/update_unstable.py +++ b/obs/update_unstable.py @@ -13,6 +13,7 @@ import requests import sarge API_URL = "https://invent.kde.org/api/v4/projects/" +OBS_URL = "https://api.opensuse.org/trigger/runservice" class GitHashCache: @@ -76,6 +77,23 @@ def get_remote_hash(url, branch="master"): return lsremote(url)[refs] +def trigger_update(repository, package_name, token): + + header = {"Authorization": f"Token {token}"} + parameters = {"project": repository, "package": package_name} + + logging.info("Updating package %s", package_name) + result = requests.post(OBS_URL, params=parameters, headers=header) + + if not result: + logging.error("Error during service run, package %s, error code %s", + package_name, result.status_code) + return False + + logging.debug("Package %s complete", package_name) + return result + + def run_osc(repository, package_name): cmd = "osc service remoterun {0} {1}" @@ -96,7 +114,7 @@ def run_osc(repository, package_name): def update_package(hash_data, package_name, remote_name, obs_repository, - branch): + branch, token): repo_name = "https://invent.kde.org/{}".format(remote_name) @@ -118,12 +136,12 @@ def update_package(hash_data, package_name, if remote_hash != current_hash: logging.debug("Hash doesn't match, updating") - if run_osc(obs_repository, package_name): + if trigger_update(obs_repository, package_name, token): hash_data[obs_repository][remote_name] = remote_hash hash_data.save() -def update_packages(cache_file, repo_mapping_file): +def update_packages(cache_file, repo_mapping_file, token): hash_data = GitHashCache(cache_file) hash_data.load() @@ -145,15 +163,15 @@ def update_packages(cache_file, repo_mapping_file): package_name, obs_name) logging.debug("Using branch %s", branch) update_package(hash_data, obs_name, kde_name, obs_repository, - branch) + branch, token) logging.debug("Saving data") hash_data.save() -def commit_changes(cache_file): +def commit_changes(cache_file, repo_home): - repo = git.Repo("./") + repo = git.Repo(repo_home) repo.index.add([cache_file]) repo.index.commit("Update caches") origin = repo.remotes["origin"] @@ -167,7 +185,10 @@ def main(): parser.add_argument( "--cache-file", help="Location of the cache file", default=Path.home() / ".local/share/obs_repo_cache.json") + parser.add_argument( + "--repo-root", help="Location of the git repository root") parser.add_argument("mapping_file", help="KDE:OBS repository mapping file") + parser.add_argument("token", help="Authorization token file") parser.add_argument("--debug", help="Show debugging output", action="store_true") options = parser.parse_args() @@ -179,10 +200,14 @@ def main(): cache_file = options.cache_file - update_packages(cache_file, options.mapping_file) + with open(options.token) as handle: + token = handle.read().strip() - logging.info("Committing changes") - commit_changes(cache_file) + update_packages(cache_file, options.mapping_file, token) + + if options.repo_root is not None: + logging.info("Committing changes") + commit_changes(cache_file, options.repo_root) logging.info("Complete")