The warning message for missing autoroll exception link was not
correctly interpolating `self._name` because it was missing the `f`
prefix.
Bug:b/442963176
Change-Id: I0dfaf8aa3d1238ebbbd9bb097be53e18daa1916c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6915079
Auto-Submit: Jordan Brown <rop@google.com>
Reviewed-by: Andrew Mitchell <mitchella@google.com>
Commit-Queue: Andrew Mitchell <mitchella@google.com>
This improves our alignment of vuln scan sufficiency with the scanners
we are using, based on the data extracted from README.chromium files.
Other package managers are being covered based on their manifest files.
This change splits "sufficient:URL and Version" into:
* "sufficient:Git URL and Version"; and
* "sufficient:Package Manager URL and Version"
Bug: 438384047
Change-Id: Ia3262b93092cad40e60243158e437f65a04e1916
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6905113
Reviewed-by: Anne Redulla <aredulla@google.com>
Commit-Queue: Jordan Brown <rop@google.com>
if build/config/siso/.sisorc exists, it will add global flags
or subcmd flags.
global flags is line starting with "-"
e.g.
--credential_helper=gcloud
subcmd flags are line starting with subcmd name.
e.g.
ninja --verbose_failures=false -k=0
Bug: b/269554009
Change-Id: I4691b9e17571721dd5b70f6ffb063e2d2f0ac4e3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6910278
Reviewed-by: Scott Lee <ddoman@chromium.org>
Reviewed-by: Philipp Wollermann <philwo@google.com>
Commit-Queue: Fumitoshi Ukai <ukai@google.com>
Reviewed-by: Takuto Ikuta <tikuta@chromium.org>
This moves the handling to the same level as
`raise GitLoginRequiredError()` so we can check for other exit codes
and raise other errors.
Bug: 442666611
Change-Id: Idbb34d6549b47b715bf59d6720362293d5c28039
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6912689
Commit-Queue: Allen Li <ayatane@chromium.org>
Reviewed-by: Gavin Mak <gavinmak@google.com>
depot_tools doesn't know how to use git-credential-luci properly for
ReAuth. For now, explicitly disable it so it doesn't break. Future
changes will modify depot_tools so it can use ReAuth properly for the
Gerrit RPCs that need it.
Bug: 442666611
Change-Id: I77847527d1bb42a2bab8d287bc853a7a5be0b867
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6908321
Commit-Queue: Allen Li <ayatane@chromium.org>
Reviewed-by: Gavin Mak <gavinmak@google.com>
Reviewed-by: Jiewei Qian <qjw@chromium.org>
gclient_paths.GetPrimarySolutionPath() finds primary
solution path from current directory, so it would fail
if it is invoked from outside of workspace.
Pass directory to gclient_paths.GetPrimarySolutionPath
so it could find workspace correctly if it is invoked
ninja outside of workspace.
Bug: 441240584
Change-Id: I873f7883873e143ec8a64ee0e636042ac2336a2a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6898614
Auto-Submit: Fumitoshi Ukai <ukai@google.com>
Reviewed-by: Scott Lee <ddoman@chromium.org>
Commit-Queue: Scott Lee <ddoman@chromium.org>
Reviewed-by: Takuto Ikuta <tikuta@chromium.org>
* Centralised CPE/Version checking to reuse logic.
* Basic check that a url contains git, googlesource, or 'bitbucket etc to indicate it's a clonable url which is required to count as sufficient.
This brings the category closely in alignment with AutoVM, removing 100
dependencies, all of which did not have vulnerability cover.
Bug:b/438384047
Change-Id: I7483f20a177670ad1d6571ffcc2545c0faddd892
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6904943
Commit-Queue: Jordan Brown <rop@google.com>
Auto-Submit: Jordan Brown <rop@google.com>
Reviewed-by: Anne Redulla <aredulla@google.com>
This change introduces a new validation rule: if a `CPEPrefix` is
provided but does not contain a version component, the `Version` field
must be present in the metadata. A helper function
`has_version_component` is added to `cpe_prefix.py` to check for a
version within a CPE string. Tests are added to cover the new validation
logic and the `has_version_component` function.
Bug: 438383649
Change-Id: I69938959316051d31f7fec32c5293d2c4c1a8e2a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6898421
Reviewed-by: Jiewei Qian <qjw@chromium.org>
Commit-Queue: Jordan Brown <rop@google.com>
This CL rolls git-credential-luci (GCL) to default enable ReAuth after
addressing a few CLI UX issues.
Warnings and errors now include troubleshoot instructions, and a "I want
to unblock myself" escape hatch.
If things break and can't be bypassed by setting `LUCI_BYPASS_REAUTH`
environment var, please revert this CL.
Bug: 438584121
Change-Id: I3731cecb3b09cc0392b2890a764e351a41cabdc7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6896061
Reviewed-by: Chenlin Fan <fancl@chromium.org>
Commit-Queue: Jiewei Qian <qjw@chromium.org>
This check is making any script which runs `git cl presubmit` locally fail.
In particular, `jj upload` runs `git cl presubmit`, and then uploads
only if it succeeds (we cannot run `git cl upload`, because that can
specifically only upload the currently checked out commit).
According to the bug I linked, "I think that historically it was possible
for developers to try to commit directly from their Chromium repo,
without uploading, and this aims to stop that. It also warns users that
their change has not been uploaded. Whether it still needs to be an
error is not clear, but I'm not sure it's causing any problems so I'm
inclined to leave it."
To sum things up:
* Since presubmits can be bypassed, this is not a security measure
* These days I don't believe you can commit directly from your chromium
repo
* It's now starting to cause problems.
Bug: 40253731
Change-Id: I0d83fa68d0e65dcdd8932c7d3053750dcc16d3fb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6875404
Reviewed-by: Scott Lee <ddoman@chromium.org>
Commit-Queue: Matt Stark <msta@google.com>
This fixes the copy-paste error with the _from_id and _from_build_number
versions of get_build. It also adds support for getting try results
from a URL, not just the current checked out version.
Bug: None
Change-Id: I1e076c5c461c346f5864eda068a6552237f5691f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6890424
Reviewed-by: Brian Sheedy <bsheedy@chromium.org>
Commit-Queue: Struan Shrimpton <sshrimp@google.com>
Auto-Submit: Struan Shrimpton <sshrimp@google.com>
https://crrev.com/c/6796221 added a gsutil_urls output property that
provides the URLs of uploads to Google storage that were performed by
the build. It attempts to accumulate the URLs by updating a dictionary
on the result object's properties, but the properties on a step's
results object is empty when created, so it was just overriding the
property each time with a single element dict. This change keeps the
dict on the API object and updates it when an upload is performed so
that the final value includes all of the URLs produced by the build.
Change-Id: I6681ca7c137969cbef58e09ce24d0605155d2c3e
Recipe-Nontrivial-Roll: build
Recipe-Nontrivial-Roll: build_internal
Recipe-Nontrivial-Roll: chrome_release
Recipe-Nontrivial-Roll: chromiumos
Recipe-Nontrivial-Roll: infra
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6880970
Commit-Queue: Robbie Iannucci <iannucci@google.com>
Reviewed-by: Ben Pastene <bpastene@chromium.org>
Reviewed-by: Robbie Iannucci <iannucci@google.com>
Auto-Submit: Garrett Beaty <gbeaty@google.com>
Python3 is used by default in recipes now and this annotation is not
necessary anymore.
Bug: 440235171
Change-Id: Ifdf357129c9e42fee3752ac1c07aa6e94171d81f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6875483
Commit-Queue: Scott Lee <ddoman@chromium.org>
Auto-Submit: Takuto Ikuta <tikuta@chromium.org>
Reviewed-by: Scott Lee <ddoman@chromium.org>
This reverts commit 778a576e20.
Reason for revert: This broke `git cl upload` for at least two people.
Bug: b/438584121
Original change's description:
> Roll git-credential-luci: enable ReAuth by default
>
> This CL is potentially disruptive. If things break, please revert
> this CL and reach out to CL authors.
>
> Bug: b/438584121
> Change-Id: Ib5c493e1b89cdcfe065fcf096d9344da915d5da8
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6865736
> Reviewed-by: Chenlin Fan <fancl@chromium.org>
> Commit-Queue: Jiewei Qian <qjw@chromium.org>
Bug: b/438584121
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: Idf2a4f31df88ab0b4fcbd5babf1894a8f9fa4cce
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6871713
Reviewed-by: Allen Li <ayatane@chromium.org>
Commit-Queue: Chenlin Fan <fancl@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Rice <ricea@chromium.org>
Reviewed-by: Chenlin Fan <fancl@chromium.org>
Reviewed-by: Jiewei Qian <qjw@chromium.org>
This change moves the IsEnvCog() check directly into the
IsDownloadNeeded() method. This makes IsDownloadNeeded() the single
source of truth for determining if a GCS download should proceed,
thereby simplifying the logic and removing the redundant check at the
call site. Also fixed the presubmit issue in cog.
Bug: 363232952
Change-Id: Id2d57bc7290999551410c1545012bf7425f1fd2b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6868730
Reviewed-by: Gavin Mak <gavinmak@google.com>
Commit-Queue: Jie Sheng <jiesheng@google.com>
This CL is potentially disruptive. If things break, please revert
this CL and reach out to CL authors.
Bug: b/438584121
Change-Id: Ib5c493e1b89cdcfe065fcf096d9344da915d5da8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6865736
Reviewed-by: Chenlin Fan <fancl@chromium.org>
Commit-Queue: Jiewei Qian <qjw@chromium.org>
Per the Git credential helper protocol, the credential helpers should
read stdin for attributes. Previously, we didn't implement the
attributes for git-credential-luci, so this wasn't an issue, but
we're (going to) use the attributes now, and if we don't explicitly
send or close stdin, the helper will hang
Bug: 411487838
Change-Id: I80d47c31e597187c05d5fc23438ae8a52147cb9f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6868130
Commit-Queue: Gavin Mak <gavinmak@google.com>
Auto-Submit: Allen Li <ayatane@chromium.org>
Reviewed-by: Gavin Mak <gavinmak@google.com>
Add entrypoints to luci-auth-ssh-* executables to fetch cipd packages
then run the binary.
Bug:b/435528916
Change-Id: Ic39b104d0ade8a65950fbbb755fa21c0b6514bb7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6864760
Auto-Submit: Jiewei Qian <qjw@chromium.org>
Reviewed-by: Chenlin Fan <fancl@chromium.org>
Commit-Queue: Chenlin Fan <fancl@chromium.org>
In https://crrev.com/c/6697693, presubmit's canned formatting checks
started looking at *.star files. This included enforcing a max line
length of 80 chars in such files.
Most (all?) *.star files found in gclient-managed repos are lucicfg
client repos, which generally have their own formatter and use 4-space
indents. This can lead to some friction with presubmit's 80 char limit.
So this uncaps that limit for all *.star files.
Bug: None
Change-Id: Ice68676c5d097d7951e83cf81ca9ac8adc8151ed
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6862147
Reviewed-by: Scott Lee <ddoman@chromium.org>
Commit-Queue: Ben Pastene <bpastene@chromium.org>
This CL adds a --list-devices for luci-auth-fido2-plugin to print
information about detected FIDO2 devices, then exit itself.
This is useful for debugging udev / permission issues on Linux.
Bug:b/433851494
Change-Id: I4db7e6a56b99e077d4128c74f49d02829b667d8a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6850350
Reviewed-by: Allen Li <ayatane@chromium.org>
Commit-Queue: Jiewei Qian <qjw@chromium.org>
Reviewed-by: Chenlin Fan <fancl@chromium.org>
This reverts commit eb60ab38de.
Reason for revert: re-landing with an additional patch
-------------
* Problem
Browser infra runs ci.*-presubmit builders, such as linux-presubmit,
with --all to ensure that the entire chromium/src passes
presubmit checks.
crrev.com/c/6842238 changed the finding type for License Check
from warning to error, but the CI presubmit builders failed because
there are many files without valid CopyRight.
Not only the existing files, all the new files that are added with
`Bypass-Check-License: <reason> footer could also cause the presubmit
builder to fail.
* This CL
In addition to the original patch from crrev.com/c/6842238,
this CL makes additional patches to turn the CopyRight errors into
warnings, if --file or --all is given.
The same approach is used in
https://source.chromium.org/chromium/chromium/tools/depot_tools/+/main:presubmit_canned_checks.py;l=982-987;drc=eb60ab38deeda6975c9b0fef883978f2a9f69120
Bug: 435696543,40237859
Original change's description:
> Revert "presubmit: emit errors instead of warnings for bad copyright headers"
>
> This reverts commit fa62515ecb.
>
> Reason for revert: it seems that the existing files without valid copyright headers are causing linux-presubmit builds to fail. b/438791294
>
> Bug: 435696543,40237859
> Original change's description:
> > presubmit: emit errors instead of warnings for bad copyright headers
> >
> > This is an effective revert of https://crrev.com/c/4895337 with
> > additional patches to support a footer.
> >
> > https://crrev.com/c/3887721 updated CheckLicense() to emit errors
> > for bad copyright headers. However, https://crrev.com/c/4895337
> > was changed the finding type from error to warning, claiming that
> > the check is N/A for moved third files, but it's not so easy
> > to programatiically distinguish moved third-party files.
> >
> > After discussions, it was decided to change the finding type back
> > to error to prevent accidental submissions for new files without
> > correct CopyRight headers.
> >
> > To mitigate moved, third-party files, this CL adds support for
> > "Bypass-Check-License: <reason>" footer.
> >
> > If the check should be ignored in a given CL, CL authors should
> > use the footer instead.
> >
> > Bug: 435696543,40237859
> > Change-Id: I177915c65932a3d76ea60ee6a0e396f726bc400d
> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6842238
> > Reviewed-by: Gavin Mak <gavinmak@google.com>
> > Commit-Queue: Scott Lee <ddoman@chromium.org>
>
> Bug: 435696543,40237859
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Change-Id: Ibedf8d13e3742249947e29e625a14cceaf89879c
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6852377
> Commit-Queue: Scott Lee <ddoman@chromium.org>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Reviewed-by: Gavin Mak <gavinmak@google.com>
Bug: 435696543,40237859
Change-Id: Iafdb29b928c016eb3949e29fd43a2ba5f53e0ba0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6852108
Reviewed-by: Gavin Mak <gavinmak@google.com>
Commit-Queue: Scott Lee <ddoman@chromium.org>
Scott Lee
Allen Li
Jordan Brown
Fumitoshi Ukai
Jiewei Qian
recipe-roller
Matt Stark
Struan Shrimpton
Garrett Beaty
Riley
Takuto Ikuta
Kameron Lutes
Adam Rice
Android Open Source Project
Jie Sheng
Junji Watanabe
Ben Pastene