Code Review / ci-management.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Add signing to Akraino deploy templates
[ci-management.git] / jjb / akraino-templates / akraino-ta-common-macros.yaml
1 ---
2 ##############
3 # PARAMETERS #
4 ##############
5 - parameter:
6     name: ta-parameters-manifest
7     parameters:
8      - string:
9         default: refs/heads/master
10         description: ''
11         name: SCM_REFSPEC_MANIFEST
12         trim: 'false'
13
14 - parameter:
15     name: ta-parameters-build-tools
16     parameters:
17      - string:
18         default: refs/heads/master
19         description: ''
20         name: SCM_REFSPEC_BUILD_TOOLS
21         trim: 'false'
22
23 - parameter:
24     name: ta-parameters-rpmbuilder
25     parameters:
26      - string:
27         default: refs/heads/master
28         description: ''
29         name: SCM_REFSPEC_RPMBUILDER
30         trim: 'false'
31
32 - parameter:
33     name: ta-parameters-ci
34     parameters:
35      - ta-parameters-manifest
36      - ta-parameters-build-tools
37      - ta-parameters-rpmbuilder
38
39 - parameter:
40     name: ta-parameters-ci-ta/rpmbuilder
41     parameters:
42      - ta-parameters-manifest
43      - ta-parameters-build-tools
44      - string:
45         default: ta/yarf
46         description: ''
47         name: SCM_PROJECT_TO_BUILD
48         trim: 'false'
49      - string:
50         default: refs/heads/master
51         description: ''
52         name: SCM_PROJECT_TO_BUILD_REFSPEC
53         trim: 'false'
54
55 #######
56 # SCM #
57 #######
58 - scm:
59     # Enhanced version of the global-jjb
60     name: ta-lf-infra-gerrit-scm
61     scm:
62       - git:
63           credentials-id: '{jenkins-ssh-credential}'
64           url: '{git-url}'
65           refspec: '{refspec}'
66           branches:
67             - 'refs/heads/{branch}'
68           skip-tag: true
69           wipe-workspace: true
70           submodule:
71             recursive: '{submodule-recursive}'
72             timeout: '{submodule-timeout}'
73           choosing-strategy: '{choosing-strategy}'
74           basedir: '{basedir}'
75
76 - scm:
77     name: ta-lf-infra-gerrit-scm-merge
78     scm:
79       - ta-lf-infra-gerrit-scm:
80           jenkins-ssh-credential: '{jenkins-ssh-credential}'
81           git-url: '{git-url}'
82           refspec: '{refspec}'
83           branch: '{branch}'
84           submodule-recursive: '{submodule-recursive}'
85           submodule-timeout: '{submodule-timeout}'
86           basedir: '{basedir}'
87           choosing-strategy: default
88
89 - scm:
90     name: ta-lf-infra-gerrit-scm-verify
91     scm:
92       - ta-lf-infra-gerrit-scm:
93           jenkins-ssh-credential: '{jenkins-ssh-credential}'
94           git-url: '{git-url}'
95           refspec: '{refspec}'
96           branch: '{branch}'
97           submodule-recursive: '{submodule-recursive}'
98           submodule-timeout: '{submodule-timeout}'
99           basedir: '{basedir}'
100           choosing-strategy: gerrit
101
102 ###########
103 # BUILDER #
104 ###########
105 - builder:
106     name: lf-display-node-uuid
107     builders:
108         - shell: |2-
109             echo "---> Node UUID:"
110             curl -s http://169.254.169.254/openstack/latest/meta_data.json | python -c 'import sys, json; data = json.load(sys.stdin); print(data["uuid"])' || true
111
112 - builder:
113     name: ta-builder-tox
114     builders:
115         - shell: |2-
116             #!/bin/bash -ex
117             source ~/lf-env.sh
118
119             lf-activate-venv tox
120             tox --version
121             for f in $(find $GERRIT_PROJECT -name tox.ini); do
122                 pushd $(dirname $f)
123                 tox
124                 popd
125             done
126
127 - builder:
128     name: ta-builder-rpm
129     builders:
130         - shell: |2-
131             #!/bin/bash -ex
132             #  Skip RPM build in case no *.spec file is found within the {project-to-build}
133             if [ -n "$(find {project-to-build} -name '*.spec')" ]
134             then
135                 if apt --version 2>1 >/dev/null; then
136                     # We need a specific version of mock (1.4.14) and devtools
137                     # not available in Ubuntu/Debian repos, so fetch them from RHEL mirrors
138                     if [ "$(mock --version 2>/dev/null)" != '1.4.14' ]; then
139                         sudo groupadd mock || true
140                         sudo usermod -aG mock $USER
141                         sudo apt update
142                         # Explicitly install mock dependencies
143                         sudo apt install -y createrepo alien systemd-container python-pip \
144                                             python-decoratortools yum-utils usermode pigz
145                         wget http://vault.centos.org/centos/7.6.1810/os/x86_64/Packages/rpmdevtools-8.3-5.el7.noarch.rpm \
146                              https://kojipkgs.fedoraproject.org/packages/mock/1.4.14/2.el7/noarch/mock-1.4.14-2.el7.noarch.rpm
147                         sudo alien -d *.rpm
148                         sudo dpkg -i *.deb
149                         rm -rf *.rpm *.deb
150                         # RHEL tools hardcode the full path for certain distro tools
151                         sudo ln -sf /bin/tar /usr/bin/gtar
152                         sudo ln -sf /bin/machinectl /bin/df /usr/bin/
153                         # Some mock dependencies are only available via pip
154                         sudo pip install distro pyroute2
155                     fi
156                 else
157                     sudo yum install -y createrepo
158                 fi
159                 ta/build-tools/build_rpms.sh \
160                  -m ta/manifest \
161                  -r ta/rpmbuilder \
162                  -w work \
163                  {project-to-build}
164                 find work/
165             fi
166
167 - builder:
168     name: ta-builder-scm
169     builders:
170         - shell: |2-
171             #!/bin/bash -ex
172             rm -rf {project}
173             git clone {git-url}/{project} {project}
174             pushd {project}
175             if echo {ref} | grep -q "refs/"; then
176                 git fetch origin {ref}
177                 git checkout FETCH_HEAD
178             else
179                 git checkout {ref}
180             fi
181             popd
182
183 - builder:
184     name: ta-lf-infra-ship-rpms
185     builders:
186       # Ensure no pre-existing .netrc files are overriding logs config
187       - lf-provide-maven-settings-cleanup
188       - config-file-provider:
189           files:
190             - file-id: 'ta-settings'
191               variable: 'SETTINGS_FILE'
192             - file-id: lftoolsini
193               target: "$HOME/.config/lftools/lftools.ini"
194             - file-id: sigul-config
195               variable: SIGUL_CONFIG
196             - file-id: sigul-password
197               variable: SIGUL_PASSWORD
198             - file-id: sigul-pki
199               variable: SIGUL_PKI
200             - file-id: signing-pubkey
201               variable: SIGNING_PUBKEY
202       - inject:
203           properties-content: 'ALT_NEXUS_URL=https://nexus3.akraino.org'
204       - lf-infra-create-netrc:
205           server-id: rpm.snapshots
206       - inject:
207           properties-content: |
208             ALT_NEXUS_URL=
209             SERVER_ID=
210       - shell: !include-raw:
211           # Ensure python-tools are installed in case job template does not
212           # call the lf-infra-pre-build macro.
213           - ../../global-jjb/shell/python-tools-install.sh
214       - shell: !include-raw: ../global-jjb/shell/sigul-configuration.sh
215       - shell: !include-raw: ../global-jjb/shell/sigul-install.sh
216       - shell: !include-raw:
217           - ../shell/ta-rpm-deploy.sh
218       - shell: !include-raw:
219           - ../../global-jjb/shell/logs-clear-credentials.sh
220
221 - builder:
222     name: ta-lf-infra-ship-isos
223     builders:
224       # Ensure no pre-existing .netrc files are overriding logs config
225       - lf-provide-maven-settings-cleanup
226       - config-file-provider:
227           files:
228             - file-id: 'ta-settings'
229               variable: 'SETTINGS_FILE'
230             - file-id: lftoolsini
231               target: "$HOME/.config/lftools/lftools.ini"
232             - file-id: sigul-config
233               variable: SIGUL_CONFIG
234             - file-id: sigul-password
235               variable: SIGUL_PASSWORD
236             - file-id: sigul-pki
237               variable: SIGUL_PKI
238             - file-id: signing-pubkey
239               variable: SIGNING_PUBKEY
240       - lf-infra-create-netrc:
241           server-id: images-snapshots
242       - shell: !include-raw:
243           # Ensure python-tools are installed in case job template does not
244           # call the lf-infra-pre-build macro.
245           - ../../global-jjb/shell/python-tools-install.sh
246       - shell: !include-raw: ../global-jjb/shell/sigul-configuration.sh
247       - shell: !include-raw: ../global-jjb/shell/sigul-install.sh
248       - shell: !include-raw:
249           - ../shell/ta-iso-deploy.sh
250       - shell: !include-raw:
251           - ../../global-jjb/shell/logs-clear-credentials.sh
252
253 - builder:
254     name: ta-builder-job-verify
255     builders:
256         - ta-builder-scm:
257               git-url: '{git-url}'
258               project: 'ta/manifest'
259               ref: '$SCM_REFSPEC_MANIFEST'
260         - ta-builder-scm:
261               git-url: '{git-url}'
262               project: 'ta/build-tools'
263               ref: '$SCM_REFSPEC_BUILD_TOOLS'
264         - ta-builder-scm:
265               git-url: '{git-url}'
266               project: 'ta/rpmbuilder'
267               ref: '$SCM_REFSPEC_RPMBUILDER'
268         - ta-builder-tox
269         - ta-builder-rpm:
270               project-to-build: '$GERRIT_PROJECT'
271
272 - builder:
273     name: ta-builder-job-verify-ta/rpmbuilder
274     builders:
275         - ta-builder-scm:
276               git-url: '{git-url}'
277               project: 'ta/manifest'
278               ref: '$SCM_REFSPEC_MANIFEST'
279         - ta-builder-scm:
280               git-url: '{git-url}'
281               project: 'ta/build-tools'
282               ref: '$SCM_REFSPEC_BUILD_TOOLS'
283         - ta-builder-scm:
284               git-url: '{git-url}'
285               project: '$SCM_PROJECT_TO_BUILD'
286               ref: '$SCM_PROJECT_TO_BUILD_REFSPEC'
287         - ta-builder-tox
288         - ta-builder-rpm:
289               # Just package some random project to verify "rpmbuilder" changes
290               project-to-build: '$SCM_PROJECT_TO_BUILD'
291
292 - builder:
293     name: ta-builder-job-merge
294     builders:
295         - ta-builder-scm:
296               git-url: '{git-url}'
297               project: 'ta/manifest'
298               ref: '$SCM_REFSPEC_MANIFEST'
299         - ta-builder-scm:
300               git-url: '{git-url}'
301               project: 'ta/build-tools'
302               ref: '$SCM_REFSPEC_BUILD_TOOLS'
303         - ta-builder-scm:
304               git-url: '{git-url}'
305               project: 'ta/rpmbuilder'
306               ref: '$SCM_REFSPEC_RPMBUILDER'
307         - ta-builder-rpm:
308               project-to-build: '$GERRIT_PROJECT'
309         - ta-lf-infra-ship-rpms
310
311 - builder:
312     name: ta-builder-install-docker
313     builders:
314       - shell: |2-
315           #!/bin/bash -ex
316           if apt --version 2>1 >/dev/null; then
317               sudo chmod +r /boot/vmlinuz*
318               if ! docker --version 2>1 >/dev/null; then
319                   sudo apt update
320                   sudo apt install -y apt-transport-https ca-certificates curl software-properties-common rename
321                   curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
322                   sudo add-apt-repository -y "deb http://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
323                   sudo apt update
324                   sudo apt install -y docker-ce
325               fi
326           else
327               sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
328               sudo yum -y install docker-ce docker-ce-cli containerd.io
329           fi
330           sudo mkdir -p /etc/docker/
331           echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json
332           sudo systemctl start docker
333           # Ugly hack to make docker usable for non-root
334           # (adding to the group would require re-login)
335           sudo chmod 777 /var/run/docker.sock
336
337 - builder:
338     name: ta-builder-install-build-tools
339     builders:
340       - shell: |2-
341           #!/bin/bash -ex
342           if apt --version 2>1 >/dev/null; then
343               if ! createrepo --version 2>1 >/dev/null; then
344                   sudo apt update
345                   sudo apt install -y createrepo libguestfs-tools jq
346               fi
347           else
348               sudo yum -y install createrepo libguestfs-tools-c jq
349           fi
350           sudo systemctl start libvirtd
351           systemctl status libvirtd
352
353 ###########
354 # TRIGGER #
355 ###########
356
357 - trigger:
358     name: ta-trigger-job-verify
359     triggers:
360       - gerrit:
361           server-name: '{gerrit-server-name}'
362           trigger-on:
363             - patchset-created-event:
364                 exclude-drafts: 'false'
365                 exclude-trivial-rebase: 'false'
366                 exclude-no-code-change: 'false'
367             - draft-published-event
368             - comment-added-contains-event:
369                 comment-contains-value: 'recheck'
370             - comment-added-contains-event:
371                 comment-contains-value: 'reverify'
372           projects:
373             - project-compare-type: 'ANT'
374               project-pattern: '{project}'
375               branches:
376                 - branch-compare-type: 'ANT'
377                   branch-pattern: '**/{branch}'
378           readable-message: true
379           skip-vote:
380             successful: '{gerrit-skip-vote}'
381             failed: '{gerrit-skip-vote}'
382             unstable: '{gerrit-skip-vote}'
383             notbuilt: '{gerrit-skip-vote}'
384
385 - trigger:
386     name: ta-trigger-job-merge
387     triggers:
388       - gerrit:
389           server-name: '{gerrit-server-name}'
390           trigger-on:
391             # Not sure if it would be better to use "change-merged" here and just clone the master
392             # branch. With the current approach the SCM can be identical in verify and merge jobs.
393             - ref-updated-event
394             - comment-added-contains-event:
395                 comment-contains-value: 'remerge'
396           projects:
397             - project-compare-type: 'ANT'
398               project-pattern: '{project}'
399               branches:
400                 - branch-compare-type: 'ANT'
401                   branch-pattern: '**/{branch}'
402           readable-message: true
403
404 #############
405 # PUBLISHER #
406 #############
407
408 - publisher:
409     name: ta-publisher-job-verify
410     publishers:
411       - lf-infra-publish
412
413 - publisher:
414     name: ta-publisher-job-merge
415     publishers:
416       - ta-publisher-ci-build:
417           arch: '{arch}'
418       - trigger-parameterized-builds:
419           - project: 'ta-ci-build-{arch}'
420             condition: UNSTABLE_OR_BETTER
421             trigger-with-no-params: true
422
423 - publisher:
424     name: ta-publisher-ci-build
425     publishers:
426       - lf-infra-publish
427       - email:
428           recipients: !j2: |
429             {%- if 'arm64' in arch -%}
430             armband@enea.com
431             {%- endif -%}
CI infrastructure management and control repo