launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~cjwatson/launchpad:merge-db-stable into launchpad:master

To: mp+381437@xxxxxxxxxxxxxxxxxx
From: Colin Watson <cjwatson@xxxxxxxxxxxxx>
Date: Tue, 31 Mar 2020 11:02:31 -0000
Reply-to: mp+381437@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Colin Watson has proposed merging ~cjwatson/launchpad:merge-db-stable into launchpad:master.

Commit message:
Merge db-stable 2c03044a98 (Add OCIRegistryCredentials, OCIPushRule, and OCIRecipeBuildJob tables)

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #1847444 in Launchpad itself: "Support OCI image building"
  https://bugs.launchpad.net/launchpad/+bug/1847444

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/381437
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:merge-db-stable into launchpad:master.

diff --git a/database/schema/patch-2210-08-6.sql b/database/schema/patch-2210-08-6.sql
new file mode 100644
index 0000000..62c5d55
--- /dev/null
+++ b/database/schema/patch-2210-08-6.sql
@@ -0,0 +1,38 @@
+-- Copyright 2019 Canonical Ltd.  This software is licensed under the
+-- GNU Affero General Public License version 3 (see the file LICENSE).
+
+SET client_min_messages=ERROR;
+
+CREATE TABLE OCIRegistryCredentials (
+    id serial PRIMARY KEY,
+    owner integer NOT NULL REFERENCES Person,
+    url text NOT NULL,
+    credentials jsonb NOT NULL
+);
+
+CREATE INDEX ociregistrycredentials__owner__idx
+    ON OCIRegistryCredentials (owner);
+
+COMMENT ON TABLE OCIRegistryCredentials IS 'Credentials for pushing to an OCI registry.';
+COMMENT ON COLUMN OCIRegistryCredentials.owner IS 'The owner of these credentials.  Only the owner is entitled to create push rules using them.';
+COMMENT ON COLUMN OCIRegistryCredentials.url IS 'The registry URL.';
+COMMENT ON COLUMN OCIRegistryCredentials.credentials IS 'Encrypted credentials for pushing to the registry.';
+
+CREATE TABLE OCIPushRule (
+    id serial PRIMARY KEY,
+    recipe integer NOT NULL REFERENCES OCIRecipe,
+    registry_credentials integer NOT NULL REFERENCES OCIRegistryCredentials,
+    image_name text NOT NULL
+);
+
+CREATE UNIQUE INDEX ocipushrule__recipe__registry_credentials__image_name__key
+    ON OCIPushRule (recipe, registry_credentials, image_name);
+CREATE INDEX ocipushrule__registry_credentials__idx
+    ON OCIPushRule (registry_credentials);
+
+COMMENT ON TABLE OCIPushRule IS 'A rule for pushing builds of an OCI recipe to a registry.';
+COMMENT ON COLUMN OCIPushRule.recipe IS 'The recipe for which the rule is defined.';
+COMMENT ON COLUMN OCIPushRule.registry_credentials IS 'The registry credentials to use.';
+COMMENT ON COLUMN OCIPushRule.image_name IS 'The intended name of the image on the registry.';
+
+INSERT INTO LaunchpadDatabaseRevision VALUES (2210, 08, 6);
diff --git a/database/schema/patch-2210-08-7.sql b/database/schema/patch-2210-08-7.sql
new file mode 100644
index 0000000..47ea635
--- /dev/null
+++ b/database/schema/patch-2210-08-7.sql
@@ -0,0 +1,22 @@
+-- Copyright 2020 Canonical Ltd.  This software is licensed under the
+-- GNU Affero General Public License version 3 (see the file LICENSE).
+
+CREATE TABLE OCIRecipeBuildJob (
+    job integer PRIMARY KEY REFERENCES Job ON DELETE CASCADE NOT NULL,
+    build integer REFERENCES ocirecipebuild NOT NULL,
+    job_type integer NOT NULL,
+    json_data jsonb NOT NULL
+);
+
+COMMENT ON TABLE OCIRecipeBuildJob IS 'Contains references to jobs that are executed for a build of an OCI recipe.';
+COMMENT ON COLUMN OCIRecipeBuildJob.job IS 'A reference to a Job row that has all the common job details.';
+COMMENT ON COLUMN OCIRecipeBuildJob.build IS 'The OCI recipe build that this job is for.';
+COMMENT ON COLUMN OCIRecipeBuildJob.job_type IS 'The type of a job, such as a registry push.';
+COMMENT ON COLUMN OCIRecipeBuildJob.json_data IS 'Data that is specific to a particular job type.';
+
+CREATE INDEX ocirecipebuildjob__build__job_type__job__idx
+    ON OCIRecipeBuildJob (build, job_type, job);
+CREATE INDEX ocirecipebuildjob__job__job_type__idx
+    ON OCIRecipeBuildJob (job, job_type);
+
+INSERT INTO LaunchpadDatabaseRevision VALUES (2210, 08, 7);
diff --git a/database/schema/security.cfg b/database/schema/security.cfg
index 4c1b396..f5cca8d 100644
--- a/database/schema/security.cfg
+++ b/database/schema/security.cfg
@@ -245,9 +245,12 @@ public.ocifile                          = SELECT, INSERT, UPDATE, DELETE
 public.ociproject                       = SELECT, INSERT, UPDATE, DELETE
 public.ociprojectname                   = SELECT, INSERT, UPDATE
 public.ociprojectseries                 = SELECT, INSERT, UPDATE, DELETE
+public.ocipushrule                      = SELECT, INSERT, UPDATE, DELETE
 public.ocirecipe                        = SELECT, INSERT, UPDATE, DELETE
 public.ocirecipearch                    = SELECT, INSERT, DELETE
 public.ocirecipebuild                   = SELECT, INSERT, UPDATE, DELETE
+public.ocirecipebuildjob                = SELECT, INSERT, UPDATE, DELETE
+public.ociregistrycredentials           = SELECT, INSERT, UPDATE, DELETE
 public.officialbugtag                   = SELECT, INSERT, UPDATE, DELETE
 public.openidconsumerassociation        = SELECT, INSERT, UPDATE, DELETE
 public.openidconsumernonce              = SELECT, INSERT, UPDATE
@@ -998,6 +1001,7 @@ public.ociproject                             = SELECT
 public.ociprojectname                         = SELECT
 public.ocirecipe                              = SELECT
 public.ocirecipebuild                         = SELECT, UPDATE
+public.ocirecipebuildjob                      = SELECT, INSERT
 public.openididentifier                       = SELECT
 public.packageset                             = SELECT
 public.packagesetgroup                        = SELECT
@@ -1431,6 +1435,9 @@ public.milestonetag                     = SELECT
 public.ociproject                       = SELECT
 public.ociprojectname                   = SELECT
 public.ociprojectseries                 = SELECT
+public.ocirecipe                        = SELECT, UPDATE
+public.ocirecipebuild                   = SELECT, UPDATE
+public.ocirecipebuildjob                = SELECT, INSERT, UPDATE
 public.openididentifier                 = SELECT
 public.packagecopyjob                   = SELECT, INSERT
 public.packagediff                      = SELECT, INSERT, UPDATE, DELETE
@@ -2302,6 +2309,7 @@ public.ociproject                       = SELECT, UPDATE
 public.ociprojectseries                 = SELECT, UPDATE
 public.ocirecipe                        = SELECT, UPDATE
 public.ocirecipebuild                   = SELECT, UPDATE
+public.ociregistrycredentials           = SELECT, UPDATE
 public.officialbugtag                   = SELECT
 public.openididentifier                 = SELECT, UPDATE
 public.packagecopyrequest               = SELECT, UPDATE
@@ -2424,6 +2432,7 @@ public.ociproject                       = SELECT
 public.ociprojectseries                 = SELECT
 public.ocirecipe                        = SELECT
 public.ocirecipebuild                   = SELECT
+public.ociregistrycredentials           = SELECT
 public.openidconsumerassociation        = SELECT, DELETE
 public.openidconsumernonce              = SELECT, DELETE
 public.packageuploadlog                 = SELECT