oss-fuzz/infra/build/functions/update_build_status.py

# Copyright 2020 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
"""Cloud function to request builds."""
import base64
import concurrent.futures
import json
import sys

import google.auth
from googleapiclient.discovery import build
from google.cloud import ndb
from google.cloud import storage

import build_and_run_coverage
import build_project
from datastore_entities import BuildsHistory
from datastore_entities import LastSuccessfulBuild
from datastore_entities import Project

BADGE_DIR = 'badge_images'
BADGE_IMAGE_TYPES = {'svg': 'image/svg+xml', 'png': 'image/png'}
DESTINATION_BADGE_DIR = 'badges'
MAX_BUILD_LOGS = 7

STATUS_BUCKET = 'oss-fuzz-build-logs'

FUZZING_STATUS_FILENAME = 'status.json'
COVERAGE_STATUS_FILENAME = 'status-coverage.json'

# pylint: disable=invalid-name
_client = None


class MissingBuildLogError(Exception):
  """Missing build log file in cloud storage."""


# pylint: disable=global-statement
def get_storage_client():
  """Return storage client."""
  global _client
  if not _client:
    _client = storage.Client()

  return _client


def is_build_successful(build_obj):
  """Check build success."""
  return build_obj['status'] == 'SUCCESS'


def upload_status(data, status_filename):
  """Upload json file to cloud storage."""
  bucket = get_storage_client().get_bucket(STATUS_BUCKET)
  blob = bucket.blob(status_filename)
  blob.cache_control = 'no-cache'
  blob.upload_from_string(json.dumps(data), content_type='application/json')


def sort_projects(projects):
  """Sort projects in order Failures, Successes, Not yet built."""

  def key_func(project):
    if not project['history']:
      return 2  # Order projects without history last.

    if project['history'][0]['success']:
      # Successful builds come second.
      return 1

    # Build failures come first.
    return 0

  projects.sort(key=key_func)


def get_build(cloudbuild, image_project, build_id):
  """Get build object from cloudbuild."""
  return cloudbuild.projects().builds().get(projectId=image_project,
                                            id=build_id).execute()


def update_last_successful_build(project, build_tag):
  """Update last successful build."""
  last_successful_build = ndb.Key(LastSuccessfulBuild,
                                  project['name'] + '-' + build_tag).get()
  if not last_successful_build and 'last_successful_build' not in project:
    return

  if 'last_successful_build' not in project:
    project['last_successful_build'] = {
        'build_id': last_successful_build.build_id,
        'finish_time': last_successful_build.finish_time
    }
  else:
    if last_successful_build:
      last_successful_build.build_id = project['last_successful_build'][
          'build_id']
      last_successful_build.finish_time = project['last_successful_build'][
          'finish_time']
    else:
      last_successful_build = LastSuccessfulBuild(
          id=project['name'] + '-' + build_tag,
          project=project['name'],
          build_id=project['last_successful_build']['build_id'],
          finish_time=project['last_successful_build']['finish_time'])
    last_successful_build.put()


# pylint: disable=no-member
def get_build_history(build_ids):
  """Returns build object for the last finished build of project."""
  credentials, image_project = google.auth.default()
  cloudbuild = build('cloudbuild',
                     'v1',
                     credentials=credentials,
                     cache_discovery=False)

  history = []
  last_successful_build = None

  for build_id in reversed(build_ids):
    project_build = get_build(cloudbuild, image_project, build_id)
    if project_build['status'] not in ('SUCCESS', 'FAILURE', 'TIMEOUT'):
      continue

    if (not last_successful_build and is_build_successful(project_build)):
      last_successful_build = {
          'build_id': build_id,
          'finish_time': project_build['finishTime'],
      }

    if not upload_log(build_id):
      log_name = 'log-{0}'.format(build_id)
      raise MissingBuildLogError('Missing build log file {0}'.format(log_name))

    history.append({
        'build_id': build_id,
        'finish_time': project_build['finishTime'],
        'success': is_build_successful(project_build)
    })

    if len(history) == MAX_BUILD_LOGS:
      break

  project = {'history': history}
  if last_successful_build:
    project['last_successful_build'] = last_successful_build
  return project


# pylint: disable=too-many-locals
def update_build_status(build_tag, status_filename):
  """Update build statuses."""
  projects = []

  def process_project(project_build):
    """Process a project."""
    project = get_build_history(project_build.build_ids)
    project['name'] = project_build.project
    print('Processing project', project['name'])
    return project

  with concurrent.futures.ThreadPoolExecutor(max_workers=8) as executor:
    futures = []
    for project_build in BuildsHistory.query(
        BuildsHistory.build_tag == build_tag).order('project'):
      futures.append(executor.submit(process_project, project_build))

    for future in concurrent.futures.as_completed(futures):
      project = future.result()
      update_last_successful_build(project, build_tag)
      projects.append(project)

  sort_projects(projects)
  data = {'projects': projects}
  upload_status(data, status_filename)


def update_build_badges(project, last_build_successful,
                        last_coverage_build_successful):
  """Upload badges of given project."""
  badge = 'building'
  if not last_coverage_build_successful:
    badge = 'coverage_failing'
  if not last_build_successful:
    badge = 'failing'

  print("[badge] {}: {}".format(project, badge))

  for extension in BADGE_IMAGE_TYPES:
    badge_name = '{badge}.{extension}'.format(badge=badge, extension=extension)

    # Copy blob from badge_images/badge_name to badges/project/
    blob_name = '{badge_dir}/{badge_name}'.format(badge_dir=BADGE_DIR,
                                                  badge_name=badge_name)

    destination_blob_name = '{badge_dir}/{project_name}.{extension}'.format(
        badge_dir=DESTINATION_BADGE_DIR,
        project_name=project,
        extension=extension)

    status_bucket = get_storage_client().get_bucket(STATUS_BUCKET)
    badge_blob = status_bucket.blob(blob_name)
    status_bucket.copy_blob(badge_blob,
                            status_bucket,
                            new_name=destination_blob_name)


def upload_log(build_id):
  """Upload log file to GCS."""
  status_bucket = get_storage_client().get_bucket(STATUS_BUCKET)
  gcb_bucket = get_storage_client().get_bucket(build_project.GCB_LOGS_BUCKET)
  log_name = 'log-{0}.txt'.format(build_id)
  log = gcb_bucket.blob(log_name)
  dest_log = status_bucket.blob(log_name)

  if not log.exists():
    print('Failed to find build log {0}'.format(log_name), file=sys.stderr)
    return False

  if dest_log.exists():
    return True

  gcb_bucket.copy_blob(log, status_bucket)
  return True


# pylint: disable=no-member
def update_status(event, context):
  """Entry point for cloud function to update build statuses and badges."""
  del context

  if 'data' in event:
    status_type = base64.b64decode(event['data']).decode()
  else:
    raise RuntimeError('No data')

  if status_type == 'badges':
    update_badges()
    return

  if status_type == 'fuzzing':
    tag = build_project.FUZZING_BUILD_TAG
    status_filename = FUZZING_STATUS_FILENAME
  elif status_type == 'coverage':
    tag = build_and_run_coverage.COVERAGE_BUILD_TAG
    status_filename = COVERAGE_STATUS_FILENAME
  else:
    raise RuntimeError('Invalid build status type ' + status_type)

  with ndb.Client().context():
    update_build_status(tag, status_filename)


def load_status_from_gcs(filename):
  """Load statuses from bucket."""
  status_bucket = get_storage_client().get_bucket(STATUS_BUCKET)
  status = json.loads(status_bucket.blob(filename).download_as_string())
  result = {}

  for project in status['projects']:
    if project['history']:
      result[project['name']] = project['history'][0]['success']

  return result


def update_badges():
  """Update badges."""
  project_build_statuses = load_status_from_gcs(FUZZING_STATUS_FILENAME)
  coverage_build_statuses = load_status_from_gcs(COVERAGE_STATUS_FILENAME)

  with concurrent.futures.ThreadPoolExecutor(max_workers=32) as executor:
    futures = []
    with ndb.Client().context():
      for project in Project.query():
        if (project.name not in project_build_statuses or
            project.name not in coverage_build_statuses):
          continue

        futures.append(
            executor.submit(update_build_badges, project.name,
                            project_build_statuses[project.name],
                            coverage_build_statuses[project.name]))
    concurrent.futures.wait(futures)