1. Do not leave the tree unattended; coordinate with your secondary sheriff to ensure this. If you need to step out for a few hours, make sure that your secondary is covering for you. Normal work hours (for you) only.

2. Watch Sheriff-o-Matic for ChromeOS

1. Keep this user interface open during your entire shift.

2. File or locate bugs. File new bugs, or update existing ones. You can file a bug from the UI: group alerts with a similar root cause, then click the "File a Bug" link at the top. Include links in the bug. Important: bugs should be routed to the right component for the breakage or flake! Raise priority as needed. See this video for a demo:

3. See the SoM help page for additional help.

3. Find owners for bugs that break our builds. It’s not the Sheriff’s job to fix things, only to find the right person.
4. File bugs for test flakes that fail builds. This is how we get build/infrastructure/test flake fixed, so it stops happening. Identify existing bugs where you can, or file new ones.
5. Identify confusing output. If something about the waterfall or build results don’t make sense, file a bug.
6. When a specific builder is in a very bad state that cannot be corrected immediately, mark the builder non-critical. This will allow CQ runs that have the same build or hardware test failure to pass.
1. This is done by moving builder name from the critical lists to the non-critical lists in Legacy CQ and Parallel CQ 
1. <checkout root>/infra/config/build_targets.star.
2. <checkout root>/chromite/config/chromeos_config.py
2. Do this for both CQ and postsubmit, usually.
3. Include a comment that links to an open bug.
4. Run ./regenerate_configs.sh in the root of the infra/config directory. (While not inside of the chroot.)
5. Run ./config/chromeos_config_unittest --update in the root of the <checkout root>/chromite directory.
6. Add the 3 changed files (1 manual, 2 regenerated) to the git commit for infra/config.
7. Add the changed files to the git commit for chromite/config.
8. To ensure these get picked up as being in sync, ensure that each CL has a CQ-DEPEND back to the other CL.  This will ensure they are picked up and tested at the same time.
9. Send the changes to someone in the OWNERS file.
10. There is a presubmit builder that will validate the config state before submitting (config_drift)
11. When the bug is resolved and the builder is stable, move it back to the critical list.

7. While the tree is green, work on sheriffing hotlist bugs -- not your normal work items.

1. Join the CrOS Oncall Hangouts Chat room and introduce yourself as an on-duty sheriff. 
2. Pull up the Sheriff-o-Matic for ChromeOS interface.
3. Triage any failures. You are responsible for identifying issues that need attention and finding someone to pay attention to them. Fixing issues yourself is secondary.
4. Attend the Monday weekly handoff meeting. You will have received an invite to this weekly meeting where sheriffs from the previous week provide a handoff on current issues.

What should I do as I prepare to end my shift?

How do postsubmit and CQ builders work?

What is history-aware scheduling in CQ and how does it relate to sheriffing?

What are some related builders that I might hear about?

• What is a Canary Build?

• An official build (with a unique version) is prepared and validated by canary builders three times a day.

• The Canary Master decides success/failure for a given run. You mostly shouldn’t look at slaves, except to see failure details. The Master should link to appropriate slaves.

• What is a PFQ builder?

• Please read the Pre Flight Queue FAQ. Contact the Chrome Gardener (listed on waterfall) if it stays red.

• What is ASAN bot?

• Please read Sheriff FAQ: Chromium OS ASAN.

• A toolchain builder is failing. What do I do?

• These builders test the next version of the toolchain and are being sheriff'd by the toolchain team. Not your problem.

How do I deal with build failures?

When Sheriffs encounter build failures on the public Chromium OS builder, they should follow the following process:

1. See if you could fix it by reverting a recent patch
• If the build or test failure has a likely culprit, contact the author.  If you can’t, revert!
• Infrastructure build failure (repo sync hang, archive build failure, build_packages etc)?  Contact a build deputy oncall!
• For any other infrastructure failures, contact a CI oncall!
2. Make sure the issue is fixed.
• If the build-breaker is taking more than a 5-10 minutes to land a fix, ask him/her to revert.
• If the build-breaker isn’t responding, perform the revert yourself.
3. Watch the next build to make sure it completes cleanly.
• Sheriffs are responsible for watching builds and making sure that people are working on making them green.
• If there's any red on the dashboard, the Sheriffs should be watching it closely to make sure that the issues are being fixed.  If there’s not, the Sheriffs should be working to improve the sheriffability of the tree

What bugs do I file, and how do I assign them?

• If a test fails, or a specific component fails to compile, file a bug against that component normally. Assign it to an owner for that component.

• If you believe there's an issue with the builder infrastructure, contact the oncall as above or file a bug at go/cros-ci-bug.

• If you believe there's an issue with the lab or hardware test infrastructure, you can file a bug following the instructions at go/chromeos-lab-bug

Ahh, the tree is green.  I can go back to my work, right?

Wrong!  When the tree is green, it’s a great time to start investigating and fixing all the niggling things that make it hard to sheriff the tree.

• Is there some red-herring of an error message?  Grep the source tree to find out where it’s coming from and make it go away.

• Some nice-to-have piece of info to surface in the UI?  Talk to Infrastructure Deputy and figure out how to make that happen.

• Some test that you wish was written and run in suite:smoke?  Go write it!

• Has the tree been red a lot today?  Get started on your postmortem!

• Still looking for stuff to do?  Try flipping through the Gardening Tasks.  Feel free to hack on and take any of them!

• Run across a build-related term or acronym and didn't know what it meant? Check the glossary and add it if it's missing.

What should I do if I see a commit-queue run that I know is doomed?

If there is a commit queue run that is known to be doomed due to a bad CL and you know which CL is bad, you can manually blame the bad CL to spare the innocent CLs from being rejected. Go to the Gerrit review page of the bad CL and set verify to -1. CQ will recognize the gesture and reject only the bad CL(s).

If the commit queue run has encountered infrastructure flake and is doomed, most of the time CQ will not reject any CLs (with chromite CLs being the exception).

In other cases where it is not necessary to wait for the full results of the run, you can save developer time and hassle by aborting the current CQ run.

How do I deal with a broken Chrome?

• The command will upload two CLs.  Commit them both to the tree.
• Once Chrome is fixed, you need to unpin Chrome.  Do that with this command:

How can I revert a commit?

If you've found a commit that broke the build, you can revert it using these steps:

1. Find the Gerrit link for the change in question
• Gerrit lists recently merged changes. View the change in question.
• In some cases (like the PFQ), you can see links to the CL that made it into the build straight from the waterfall.
2. Click the “Revert Change” button and fill in the dialog box.
• The dialog box includes some stock info, but you should add on to it. E.g. append a sentence such as: This broke the tree (xxx package on xxx bot).
3. You are not done.  This has created an Open change for _you_ go find and submit it.
• Add the author of the change as a reviewer of the revert, but push without an LGTM from the reviewer (just approve yourself and push).

How do I bypass OWNERS enforcement to submit a fix urgently?

Add the line "Exempt-From-Owner-Approval:" to your commit message along with a brief explanation of why you are bypassing OWNERS. Your CL will still require a Code-Review +2 vote from someone other than yourself: Ask for a reviewer in CrOS Oncall if you don't have someone handy.

Help with specific failure catagories

How do I investigate VMTest failures?

Auto-test test failed

Total PASS: 29/33 (87%)
Assuming the number is less than 100%, there was a failure in one of the autotests. Scroll backwards from 'Total PASS' to identify the specific test (or tests) that failed. You'll see something like this:

/tmp/cbuildbotXXXXXX/test_harness/all/SimpleTestUpdateAndVerify/<...>/login_CryptohomeMounted            [  FAILED  ]
/tmp/cbuildbotXXXXXX/test_harness/all/SimpleTestUpdateAndVerify/<...>/login_CryptohomeMounted              FAIL: Unhandled JSONInterfaceError: Automation call {'username': 'performancetestaccount@gmail.com', 'password': 'perfsmurf', 'command': 'Login'} received empty response.  Perhaps the browser crashed.

Crash detected

Crashes detected during testing:
----------------------------------------------------------
chrome sig 11
  login_CryptohomeMounted

ASAN error detected

ssh failed

Connection timed out during banner exchange
Connection timed out during banner exchange
Failed to connect to virtual machine, retrying ... 

How to find test results/crash reports?

From there, you should see a file named chrome.*.dmp.txt that contains the crash log. Example

If you see a stack trace here, search for issues with a similar call stack and add the google storage link, or file a new issue.

How do I extract stack traces manually?

A builder appears to be down (purple). What do I do?

Probably nothing. Most of the time, when a child builder is purple, that just indicates that it is already tracked by the CI oncaller. Try pinging the CI oncaller on go/crosoncall.

platform_ToolchainOptions autotest is failing. What do I do?

This test searches through all ELF binaries on the image and identifies binaries that have not been compiled with the correct hardened flags.

To find out what test is failing and how, look at the *.DEBUG log in your autotest directory. Do a grep -A10 FAILED *.DEBUG. You will find something like this:

This means that the test called "Executable Stack" reported 2 failures, there is one entry in the whitelist of this test, and after filtering the failures through the whitelist, there is still a file. The name of the file is /path/to/binary.

The "new passes" indicate files that are in the whitelist but passed this time.

To find the owner who wrote this test, do a git blame on this file:https://chromium.googlesource.com/chromiumos/third_party/autotest/+blame/master/client/site_tests/platform_ToolchainOptions/platform_ToolchainOptions.py and grep for the test name ("Executable Stack" in this case).

Find the change that added the new binary that fails the test, or changed compiler options for a package such that the test now fails, and revert it.  File an issue on the author with the failure log, and CC the owner of the test (found by git blame above).

Who should I contact regarding ARC++ issues?

Visit go/arc++docs and see the Contact Information section.

What do I do when I see a NotEnoughDutsError? 

When you see an error like:

NotEnoughDutsError: Not enough DUTs for board: <board>, pool: <pool>; required: 4, found: 3, suite: au, build: <build> 
Will return from run_suite with status: INFRA_FAILURE

Contact the on duty Deputy to balance the pools, Sheriffs are responsible to ensure that there aren't bad changes that continue to take out DUTs, however Deputies are responsible for DUT allocation.

• CrOS Sheriff Glossary - a glossary of CrOS build terminology. Don't know what a word means? Check here.
• Cros-Sheriffing YAQ - a Quora-like Q&A site monitored by a number of people with build clues.