https://github.com/cfengine/cf-bottom

__init__
https://github.com/cfengine/cf-bottom

Last synced: 15 days ago
JSON representation

__init__

• Host: GitHub
• URL: https://github.com/cfengine/cf-bottom
• Owner: cfengine
• License: mit
• Created: 2018-04-19T15:44:52.000Z (almost 8 years ago)
• Default Branch: master
• Last Pushed: 2025-06-13T14:59:22.000Z (9 months ago)
• Last Synced: 2025-06-13T15:51:34.928Z (9 months ago)
• Language: Python
• Size: 363 KB
• Stars: 3
• Watchers: 4
• Forks: 13
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Northern.tech Bot, Tom

I'm your friendly neighbourhood bot, Tom.

I trigger pull requests when someone mentions me in a GitHub Pull Request.

## Usage

### Github Pull Requests

Mention Tom in a comment with `@cf-bottom` and then include some trigger keywords to start a jenkins/CI build.

In `tom/bot.py`:

```python

        trigger_words = ["jenkins", "pipeline", "build", "test", "trigger"]

```

Other keywords available in comments are:

* `exotic` - includes exotics platforms such as AIX, HP/UX, Solaris

* `no test` - don't run tests. This is useful if you only need packages. Tests are resource intensive so use this option often if it makes sense.

### Install dependencies and setup local venv

python3 -m venv venv

. venv/bin/activate

pip install -r requirements.txt

### Command line

If you have valid config and secrets in the current working directory, you can run the PR checker feature with:

```

$ python3 -m tom --directory . --log-level info --interactive

```

(This assumes running in the repo folder, `.`, and interactive so you will be prompted before any actions are taken).

Example on our (private) Jenkins:

```

$ ssh ci.cfengine.com

olehermanse@jenkins:~$ sudo su tom

tom@jenkins:/home/olehermanse$ cd ~/

tom@jenkins:/home/tom$ python3 self/tom --log-level INFO

[INFO] Fetching pull requests for cfengine/documentation

[INFO] Fetching pull requests for cfengine/starter_pack

[INFO] Fetching pull requests for cfengine/masterfiles

[INFO] Fetching pull requests for cfengine/buildscripts

[INFO] Fetching pull requests for cfengine/core

[INFO] Fetching pull requests for cf-bottom/self

[...]

```

### Update Dependencies

Initially and currently tom is designed to chat via slack to update dependencies but we didn't finish the integration so this must be run on the command line instead.

Given that secrets are present as above, run this command:

```

python3 -m tom -i -t cf-bottom -l info

<@cf-bottom> deps: 3.21.x

```

Note: in order to submit the PR properly you must edit tom/bot.py and replace Lex-2008 with your github username. https://northerntech.atlassian.net/browse/ENT-12126

Note that this is referred to in the release process doc: https://github.com/NorthernTechHQ/infra/blob/master/files/buildcache/release-scripts/RELEASE_PROCESS.org

### CFEngine policy

See the [example policy](/tom.cf) for an automated way to update and run Tom.

To enable tom, add the class `default:tom_enabled` via CMDB or augments.

To disable running for testing/debugging, create this flag file:

```

$ cd /home/tom

$ touch TOM_DISABLED

```

The `TOM_DISABLED` file is checked by the policy, not the python code.

To re-enable:

```

$ cd /home/tom

$ rm -f TOM_DISABLED

```

## Config

See [our commited config file](/config.json) for an example of what the JSON config file looks like.

Note that one config file has multiple "bots", with unique GitHub usernames.

Each of those "bots" can be configured to use different Jenkins instances, and separate secrets.

### Secrets

Secrets should be kept separate from the rest of the config.

The filenames are specified in [`config.json`](/config.json).

It is generally recommended to not commit secrets to git repos.

Here is an example of what the secrets file can look like:

```

{

  "GITHUB_TOKEN": "46fb3751dd0d84cb02f8d8fc68d34ffed3247c4b",

  "JENKINS_USER": "a10062",

  "JENKINS_TOKEN": "de351e7ad2bcb3b2bdca23c5537e054c",

  "JENKINS_CRUMB": "814eeba4337de1f669643c1091aecb59"

}

```

(The secrets above are fake).

**Explanation:**

* `GITHUB_TOKEN` - API token generated by GitHub, for the bot username, specified in [`config.json`](/config.json).

* `JENKINS_USER` - Jenkins username (LDAP username in CFEngine Jenkins).

* `JENKINS_TOKEN` - API token, generated in Jenkins Settings UI.

* `JENKINS_CRUMB` - [GET `https:///crumbIssuer/api/xml`](https://stackoverflow.com/questions/16738441/how-to-request-for-the-crumb-issuer-for-jenkins) (for CFEngine: https://ci.cfengine.com/crumbIssuer/api/xml).

## Technical details

### Webhooks / polling

Most of the codebase works by polling open pull requests, rather than having a web server wait for Webhooks.

There is one exception, the optional slack bot, which can be triggered from mentions in Slack.

### development / testing

See run_tests.sh here for a development workflow working with pytest unit tests.

Open htmlcov/index.html to see python code coverage information after test runs.

pass a test name to run_tests.sh and it will only run that one test.