This repository contains the source code of Immuni's iOS and Android continuous integration job scheduling system. Its purpose is to verify the integrity of the continuous integration files within submitted PRs, and to run the Danger PR checks in such PRs. More detailed information about Immuni can be found in the following documents:
This repository is not meant to be used as a standalone. On the contrary, it assumes the following:
- It is used as a Git submodule of Immuni's iOS and Android application repositories
- The folder of the repository to check containing the submodule is named scheduler
- The repository to be checked contains a valid dangerfile.ts Danger configuration
- The scheduler is run on CircleCI from the master branch of the repository that must be checked, in a workflow called scheduler
- The scheduler workflow of the repository to check takes care of installing all the necessary dependencies to run Danger on that repository
However, the scheduler component may be installed and run on your system against your own GitHub repositories with CI services provided by CircleCI. Should you wish to do this, the recommended method requires that Python 3.7, pip, and pipenv are installed on your system.
git clone [email protected]:immuni-app/immuni-ci-scheduler.git
cd immuni-ci-scheduler
# This command will install the environment needed to run the project using pipenv.
# Note: this step should be done just once
pipenv install
pipenv run python scheduler.py
To leverage the scheduler logic in Immuni's iOS and Android applications, the following is added to their CircleCI configuration file:
jobs:
scheduler:
docker:
# The scheduler needs Python, Node.js, and the Danger dependencies
# These may be present in the boostrap image or installed manually
# The actual configuration varies for each repository
- image: cimg/python:3.7.7-node
resource_class: small
steps:
- checkout
- run:
name: "[scheduler] Initialize scheduler submodule"
command: git submodule update --init
- run:
name: "[scheduler] Setup project path"
command: echo "export PROJECT_PATH=$(pwd)" >> $BASH_ENV
# Custom command to install Danger and the tools it runs
# It must be specified by each repository
- setup_pr_tools
- restore_cache:
name: "[scheduler] Restore Python Cache"
keys:
- pip-packages-v1-{{ .Branch }}-{{ checksum "scheduler/Pipfile.lock" }}
- pip-packages-v1-{{ .Branch }}-
- pip-packages-v1-
- run:
name: "[scheduler] Install dependencies"
working_directory: scheduler
environment:
PIPENV_NOSPIN: 1
PIPENV_VENV_IN_PROJECT: 1
command: |
pip install pipenv
pipenv install
- save_cache:
name: "[scheduler] Save Python Cache"
paths:
- ~/.cache/pip
- scheduler/.venv
key: pip-packages-v1-{{ .Branch }}-{{ checksum "scheduler/Pipfile.lock" }}
- run:
name: "[scheduler] Configure scheduler"
command: |
mv scheduler_config.json scheduler/config.json
- run:
name: "[scheduler] Run scheduler"
working_directory: scheduler
command: |
export REPOSITORY="${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}"
pipenv run python scheduler.py
workflows:
scheduler:
triggers:
- schedule:
cron: "0,15,30,45 * * * *"
filters:
branches:
only:
- master
jobs:
- scheduler:
context: scheduler
In addition, the following runtime environment variables are needed:
- CIRCLECI_API_TOKEN. This is a personal CircleCI API token allowed to perform API calls to the CircleCI REST API for the repository that must be checked by the scheduler. In Immuni's repos, this is provided by the *scheduler *CircleCI context.
- CIRCLE_WORKFLOW_ID. This is the unique identifier of the current execution of the scheduler workflow, and is injected automatically by CircleCI when the scheduler is run. It is used to determine the upper bound of the pipelines to verify. This variable can be left unassigned when running on a local machine, in which case no upper bound is enforced and any pipeline submitted after the execution of a previous scheduler workflow will be verified.
- GITHUB_TOKEN. This is a GitHub API token with read permissions on the repository that must be checked by the scheduler. In Immuni's repos, this is provided by the scheduler CircleCI context.
- GITHUB_USERNAME. This is the name of the GitHub user associated to the aforementioned GitHub API token. In Immuni's repos, this is provided by the scheduler CircleCI context.
- PROJECT_PATH. This is the main folder of the repository that the scheduler is executed on. It is necessary for the scheduler to know where to find the necessary Node.js modules to run Danger. If unspecified, the scheduler defaults to the current working directory. In Immuni's repos, this is provided by the Run scheduler step of the scheduler job.
- REPOSITORY. This is the repository that must be checked by the scheduler, including the name of the organisation within which said repository is located. In Immuni's repos, this is provided by the Run scheduler step of the scheduler job.
Contributions are most welcome. Before proceeding, please read the Code of Conduct for guidance on how to approach the community and create a positive environment. Additionally, please read our CONTRIBUTING file, which contains guidance on ensuring a smooth contribution process.
The Immuni project is composed of different repositories—one for each component or service. Please use this repository for contributions strictly relevant to the Immuni iOS client. To propose a feature request, please open an issue in the Documentation repository. This lets everyone involved see it, consider it, and participate in the discussion. Opening an issue or pull request in this repository may slow down the overall process.
Here is a list of Immuni's contributors. Thank you to everyone involved for improving Immuni, day by day.
Copyright 2020 (c) Commissario straordinario per l'emergenza Covid-19 - Presidenza del Consiglio dei Ministri. Please check the AUTHORS file for extended reference.
Name | License |
---|---|
black | MIT |
Danger | MIT |
mypy | MIT |
pip | MIT |
pipenv | MIT |
Name | License |
---|---|
gitpython | MIT |
importlib-metadata | Apache 2.0 |
markdown-strings | MIT |
pygithub | GNU General Public Licence version 3 |
python-decouple | MIT |
requests | Apache 2.0 |
The licence for this repository is a GNU Affero General Public Licence version 3 (SPDX: AGPL-3.0). Please see the LICENCE file for full reference.