From cd942402d6bc82fa3ea87e5c43509e1ec6cfafe2 Mon Sep 17 00:00:00 2001
From: Taras Madan <tarasmadan@google.com>
Date: Fri, 4 Oct 2024 11:18:10 +0200
Subject: syz-ci: introduce gitArchive parameters

Some commits don't live long remotely.
It sometimes happens we need them later to:
1. Merge coverage.
2. Mention during communication.
---
 pkg/vcs/fuchsia.go             |  4 ++++
 pkg/vcs/git.go                 |  9 +++++++++
 pkg/vcs/vcs.go                 |  3 +++
 syz-ci/manager.go              | 14 +++++++++++++-
 syz-ci/syz-ci.go               |  7 +++++++
 tools/docker/syzbot/Dockerfile |  7 +++++++
 6 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/pkg/vcs/fuchsia.go b/pkg/vcs/fuchsia.go
index 2ad0e1878..704c0a9e6 100644
--- a/pkg/vcs/fuchsia.go
+++ b/pkg/vcs/fuchsia.go
@@ -107,3 +107,7 @@ func (ctx *fuchsia) MergeBases(firstCommit, secondCommit string) ([]*Commit, err
 func (ctx *fuchsia) CommitExists(string) (bool, error) {
 	return false, fmt.Errorf("not implemented for fuchsia")
 }
+
+func (ctx *fuchsia) PushCommit(repo, commit string) error {
+	return ctx.repo.PushCommit(repo, commit)
+}
diff --git a/pkg/vcs/git.go b/pkg/vcs/git.go
index d1a91404c..f8362dfb2 100644
--- a/pkg/vcs/git.go
+++ b/pkg/vcs/git.go
@@ -635,3 +635,12 @@ func (git *git) CommitExists(commit string) (bool, error) {
 	}
 	return true, nil
 }
+
+func (git *git) PushCommit(repo, commit string) error {
+	tagName := "tag-" + commit // assign tag to guarantee remote persistence
+	git.git("tag", tagName)    // ignore errors on re-tagging
+	if _, err := git.git("push", repo, "tag", tagName); err != nil {
+		return fmt.Errorf("git push %s tag %s: %w", repo, tagName, err)
+	}
+	return nil
+}
diff --git a/pkg/vcs/vcs.go b/pkg/vcs/vcs.go
index 0730ba721..23a302cbd 100644
--- a/pkg/vcs/vcs.go
+++ b/pkg/vcs/vcs.go
@@ -72,6 +72,9 @@ type Repo interface {
 
 	// CommitExists check for the commit presence in local checkout.
 	CommitExists(commit string) (bool, error)
+
+	// PushCommit is used to store commit in remote repo.
+	PushCommit(repo, commit string) error
 }
 
 // Bisecter may be optionally implemented by Repo.
diff --git a/syz-ci/manager.go b/syz-ci/manager.go
index 21941cfde..fd19a8780 100644
--- a/syz-ci/manager.go
+++ b/syz-ci/manager.go
@@ -256,6 +256,16 @@ loop:
 	log.Logf(0, "%v: stopped", mgr.name)
 }
 
+func (mgr *Manager) archiveCommit(commit string) {
+	if mgr.cfg.GitArchive == "" || mgr.mgrcfg.DisableGitArchive {
+		return
+	}
+	if err := mgr.repo.PushCommit(mgr.cfg.GitArchive, commit); err != nil {
+		mgr.Errorf("%v: failed to archive commit %s from repo %s: %s",
+			mgr.name, commit, mgr.mgrcfg.Repo, err.Error())
+	}
+}
+
 func (mgr *Manager) pollAndBuild(lastCommit string, latestInfo *BuildInfo) (
 	string, *BuildInfo, time.Duration) {
 	rebuildAfter := buildRetryPeriod
@@ -277,7 +287,9 @@ func (mgr *Manager) pollAndBuild(lastCommit string, latestInfo *BuildInfo) (
 				if err := mgr.build(commit); err != nil {
 					log.Logf(0, "%v: %v", mgr.name, err)
 				} else {
-					log.Logf(0, "%v: build successful, [re]starting manager", mgr.name)
+					log.Logf(0, "%v: build successful", mgr.name)
+					mgr.archiveCommit(lastCommit)
+					log.Logf(0, "%v: [re]starting manager", mgr.name)
 					mgr.buildFailed = false
 					rebuildAfter = kernelRebuildPeriod
 					latestInfo = mgr.checkLatest()
diff --git a/syz-ci/syz-ci.go b/syz-ci/syz-ci.go
index 28cbbbcf0..a4acc8876 100644
--- a/syz-ci/syz-ci.go
+++ b/syz-ci/syz-ci.go
@@ -144,6 +144,10 @@ type Config struct {
 	// Per-vm type JSON diffs that will be applied to every instace of the
 	// corresponding VM type.
 	PatchVMConfigs map[string]json.RawMessage `json:"patch_vm_configs"`
+	// Some commits don't live long.
+	// Push all commits used in kernel builds to this git repo URL.
+	// The archive is later used by coverage merger.
+	GitArchive string `json:"git_archive"`
 }
 
 type ManagerConfig struct {
@@ -210,6 +214,9 @@ type ManagerConfig struct {
 	BisectBackports []vcs.BackportCommit `json:"bisect_backports"`
 	// Base syz-manager config for the instance.
 	ManagerConfig json.RawMessage `json:"manager_config"`
+	// By default we want to archive git commits.
+	// This opt-out is needed for *BSD systems.
+	DisableGitArchive bool `json:"disable_git_archive"`
 	// If the kernel's commit is older than MaxKernelLagDays days,
 	// fuzzing won't be started on this instance.
 	// By default it's 30 days.
diff --git a/tools/docker/syzbot/Dockerfile b/tools/docker/syzbot/Dockerfile
index fdca5777b..ebe856ffa 100644
--- a/tools/docker/syzbot/Dockerfile
+++ b/tools/docker/syzbot/Dockerfile
@@ -66,6 +66,13 @@ RUN test "$(uname -m)" != x86_64 && exit 0 || \
     qemu-utils qemu-system-misc qemu-system-x86 qemu-system-arm qemu-system-aarch64  \
     qemu-system-s390x qemu-system-mips qemu-system-ppc
 
+# Install gcloud https://cloud.google.com/sdk/docs/install#deb.
+RUN apt-get install -y -q ca-certificates \
+    && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg \
+    && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
+RUN apt-get update && apt-get install -y google-cloud-cli
+RUN git config --global credential.'https://*.*.sourcemanager.dev'.helper gcloud.sh
+
 # pkg/osutil uses syzkaller user for sandboxing.
 RUN useradd --create-home syzkaller
 RUN echo "export PS1='\n\W🤖 '" >> /root/.bashrc
-- 
cgit mrf-deployment