[AETHER-444] Improves tost CI/CD jobs
- the jobs are now private (new templates are added)
- docker login is done conditionally if username and password are defined
- docker credentials are added to the private-make-test template
- omecproject credentials are added to the private-make-test template
- withDockerRegistry and withCredentials are added to the build steps
Change-Id: I5233d12138d486075895e5e50baafd06a68ea04c
diff --git a/jjb/defaults.yaml b/jjb/defaults.yaml
index 7b5200c..afa49e8 100644
--- a/jjb/defaults.yaml
+++ b/jjb/defaults.yaml
@@ -101,6 +101,9 @@
# ONF docker credentials for onfbuilder user
docker-credentials-id: 'docker-artifact-push-credentials'
+ # OMECProject api token
+ omec-project-api: '64fe2b1a-b33a-4f13-8442-ad8360434003'
+
# maintainers
# Used to notify users in supported tests
maintainers: 'zdw@opennetworking.org'
diff --git a/jjb/pipeline/docker-publish.groovy b/jjb/pipeline/docker-publish.groovy
index fb00990..9738c62 100644
--- a/jjb/pipeline/docker-publish.groovy
+++ b/jjb/pipeline/docker-publish.groovy
@@ -25,7 +25,7 @@
steps {
checkout([
$class: 'GitSCM',
- userRemoteConfigs: [[ url: "${params.gitUrl}", credentialsId: "${params.credentialsId}"]],
+ userRemoteConfigs: [[ url: "${params.gitUrl}", credentialsId: 'onos-jenkins-ssh']],
branches: [[ name: "${params.gitRef}", ]],
extensions: [
[$class: 'WipeWorkspace'],
@@ -42,36 +42,42 @@
stage('build'){
steps {
- sh( script: """
- #!/usr/bin/env bash
- set -eu -o pipefail
+ script {
+ withCredentials([string(credentialsId: '64fe2b1a-b33a-4f13-8442-ad8360434003', variable: 'OMECPROJECT_API')]) {
+ withDockerRegistry([credentialsId: 'docker-artifact-push-credentials']) {
+ sh( script: """
+ #!/usr/bin/env bash
+ set -eu -o pipefail
- # checked out in a subdir so the log can be in WORKSPACE
- cd "$projectName"
+ # checked out in a subdir so the log can be in WORKSPACE
+ cd "$projectName"
- # set registry/repository variables
- export DOCKER_REGISTRY="$dockerRegistry"
- export DOCKER_REPOSITORY="$dockerRepo/"
+ # set registry/repository variables
+ export DOCKER_REGISTRY="$dockerRegistry"
+ export DOCKER_REPOSITORY="$dockerRepo/"
- # Build w/branch
- echo "Building image with branch"
- $extraEnvironmentVars DOCKER_TAG="$branchName" make docker-build 2>&1 | tee "$WORKSPACE/docker-build.log"
+ # Build w/branch
+ echo "Building image with branch"
+ $extraEnvironmentVars DOCKER_TAG="$branchName" make docker-build 2>&1 | tee "$WORKSPACE/docker-build.log"
- # Build w/tags if they exist
- if [ -n "$git_tags" ]
- echo "Tags found in git, building:"
- echo "$git_tags"
+ # Build w/tags if they exist
+ if [ -n "$git_tags" ]
+ echo "Tags found in git, building:"
+ echo "$git_tags"
- then
- for tag in $git_tags
- do
- # remove leading 'v' on funky golang tags
- clean_tag=\$(echo \$tag | sed 's/^v//g')
- echo "Building image with tag: \$clean_tag (should reuse cached layers)"
- $extraEnvironmentVars DOCKER_TAG="\$clean_tag" make docker-build
- done
- fi
- """)
+ then
+ for tag in $git_tags
+ do
+ # remove leading 'v' on funky golang tags
+ clean_tag=\$(echo \$tag | sed 's/^v//g')
+ echo "Building image with tag: \$clean_tag (should reuse cached layers)"
+ $extraEnvironmentVars DOCKER_TAG="\$clean_tag" make docker-build
+ done
+ fi
+ """)
+ }
+ }
+ }
}
}
diff --git a/jjb/repos/tost-onos.yaml b/jjb/repos/tost-onos.yaml
index 2097a9c..453d1ee 100644
--- a/jjb/repos/tost-onos.yaml
+++ b/jjb/repos/tost-onos.yaml
@@ -19,7 +19,7 @@
- 'verify-licensed'
- 'tag-check':
dependency-jobs: 'license-check_tost-onos'
- - 'make-test':
+ - 'private-make-test':
make-test-vars: |
ONOS_BRANCH=onos-2.2
make-test-targets: 'docker-build'
@@ -29,7 +29,7 @@
- job-group:
name: 'publish-tost-onos-jobs'
jobs:
- - 'docker-publish':
+ - 'private-docker-publish':
docker-repo: 'onosproject'
maintainers: 'charles@opennetworking.org, pier@opennetworking.org'
build-timeout: 30
diff --git a/jjb/shell/make-test.sh b/jjb/shell/make-test.sh
index b92de49..83ff901 100644
--- a/jjb/shell/make-test.sh
+++ b/jjb/shell/make-test.sh
@@ -17,6 +17,14 @@
# make-test.sh - run one or more make targets
set -eu -o pipefail
+# performs docker login if the job defines $DOCKERHUB_USERNAME and
+# $DOCKERHUB_PASSWORD variables
+DOCKERHUB_USERNAME=${DOCKERHUB_USERNAME:-}
+DOCKERHUB_PASSWORD=${DOCKERHUB_PASSWORD:-}
+if [[ ! -z "$DOCKERHUB_USERNAME" && ! -z "$DOCKERHUB_PASSWORD" ]]; then
+ echo $DOCKERHUB_PASSWORD | docker login --username ${DOCKERHUB_USERNAME} --password-stdin
+fi
+
# when not running under Jenkins, use current dir as workspace, a blank project
# name
WORKSPACE=${WORKSPACE:-.}
diff --git a/jjb/templates/docker-publish.yaml b/jjb/templates/docker-publish.yaml
index 489d6bd..1f67833 100644
--- a/jjb/templates/docker-publish.yaml
+++ b/jjb/templates/docker-publish.yaml
@@ -73,11 +73,6 @@
description: "The person that should be notified if this job fails"
- string:
- name: credentialsId
- default: '{jenkins-ssh-credential}'
- description: "The ssh credentials id file to be used during the checkout"
-
- - string:
name: extraEnvironmentVars
default: '{extraEnvironmentVars}'
description: "Provide extra environment variables to the build"
diff --git a/jjb/templates/private-docker-publish.yaml b/jjb/templates/private-docker-publish.yaml
new file mode 100644
index 0000000..edbba0d
--- /dev/null
+++ b/jjb/templates/private-docker-publish.yaml
@@ -0,0 +1,109 @@
+---
+# generic docker image building + dockerhub publishing tasks
+
+- job-template:
+ id: private-docker-publish
+ name: 'private-docker-publish_{project}'
+ description: |
+ Created by {id} job-template from ci-management/jjb/private-docker-publish.yaml, script pipeline/docker-publish.groovy
+
+ triggers:
+ - onf-infra-gerrit-trigger-merge:
+ gerrit-server-name: '{gerrit-server-name}'
+ project-regexp: '{project}'
+ branch-regexp: '{branch-regexp}'
+ file-include-regexp: '{all-files-regexp}'
+ dependency-jobs: '{dependency-jobs}'
+
+ properties:
+ - raw:
+ xml: |
+ <hudson.security.AuthorizationMatrixProperty>
+ <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Discover:ONFStaff</permission>
+ <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Read:ONFStaff</permission>
+ <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
+ </hudson.security.AuthorizationMatrixProperty>
+ - onf-infra-properties:
+ build-days-to-keep: '{build-days-to-keep}'
+ artifact-num-to-keep: '{artifact-num-to-keep}'
+
+ wrappers:
+ - lf-infra-wrappers:
+ build-timeout: '{build-timeout}'
+ jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+ parameters:
+ - string:
+ name: buildNode
+ default: '{bigger-build-node}'
+ description: 'Name of the Jenkins build executor to run the job on'
+
+ - string:
+ name: gitUrl
+ default: '$GIT_URL/$GERRIT_PROJECT'
+ description: 'URL to the git repo'
+
+ - string:
+ name: gitRef
+ default: '$GERRIT_PATCHSET_REVISION'
+ description: 'git ref to build (commit hash or tag)'
+
+ - string:
+ name: projectName
+ default: '$GERRIT_PROJECT'
+ description: 'Name of the project in Gerrit'
+
+ - string:
+ name: branchName
+ default: '$GERRIT_BRANCH'
+ description: 'Branch of the project in Gerrit'
+
+ - string:
+ name: dockerRepo
+ default: '{docker-repo}'
+ description: "Docker repository to push to ('onosproject', etc.)"
+
+ - string:
+ name: dockerRegistry
+ default: '{docker-registry}'
+ description: "Docker registry to push to (blank for DockerHub)"
+
+ # AWS CPU arch names: `x86_64` `arm64` (which don't align to vendor names... *sigh*)
+ - string:
+ name: dockerArchList
+ default: 'x86_64'
+ description: "List of architectures to build containers on, pipe separated (nonfunctional currently)"
+
+ - string:
+ name: maintainers
+ default: '{maintainers}'
+ description: "The person that should be notified if this job fails"
+
+ - string:
+ name: extraEnvironmentVars
+ default: '{extraEnvironmentVars}'
+ description: "Provide extra environment variables to the build"
+
+ project-type: pipeline
+ concurrent: true
+ extraEnvironmentVars: ""
+ sandbox: true
+
+ dsl: !include-raw-escape: ../pipeline/docker-publish.groovy
diff --git a/jjb/templates/private-make-test.yaml b/jjb/templates/private-make-test.yaml
new file mode 100644
index 0000000..bf62c01
--- /dev/null
+++ b/jjb/templates/private-make-test.yaml
@@ -0,0 +1,100 @@
+---
+# Run Makefile targets and optionally collect unit test data
+
+- job-template:
+ id: 'private-make-test'
+ name: 'private-make-test{name-extension}_{project}'
+
+ description: |
+ Created by {id} job-template from ci-management/jjb/templates/private-make-test.yaml<br/>
+ Runs make with the following test targets - '{make-test-targets}' and with the<br/>
+ following env. variables - '{make-test-vars}'
+
+ triggers:
+ - onf-infra-gerrit-trigger-patchset:
+ gerrit-server-name: '{gerrit-server-name}'
+ project-regexp: '^{project}$'
+ branch-regexp: '{branch-regexp}'
+ dependency-jobs: '{dependency-jobs}'
+ file-include-regexp: '{all-files-regexp}'
+
+ properties:
+ - raw:
+ xml: |
+ <hudson.security.AuthorizationMatrixProperty>
+ <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Discover:ONFStaff</permission>
+ <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Read:ONFStaff</permission>
+ <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
+ </hudson.security.AuthorizationMatrixProperty>
+ - onf-infra-properties:
+ build-days-to-keep: '{build-days-to-keep}'
+ artifact-num-to-keep: '{artifact-num-to-keep}'
+
+ wrappers:
+ - lf-infra-wrappers:
+ build-timeout: '{build-timeout}'
+ jenkins-ssh-credential: '{jenkins-ssh-credential}'
+ - credentials-binding:
+ - username-password-separated:
+ credential-id: docker-artifact-push-credentials
+ username: DOCKERHUB_USERNAME
+ password: DOCKERHUB_PASSWORD
+ - text:
+ credential-id: 64fe2b1a-b33a-4f13-8442-ad8360434003
+ variable: OMECPROJECT_API
+
+ scm:
+ - onf-infra-gerrit-scm:
+ git-url: '$GIT_URL/$GERRIT_PROJECT'
+ refspec: '$GERRIT_REFSPEC'
+ branch: '$GERRIT_BRANCH'
+ submodule-recursive: '{submodule-recursive}'
+ choosing-strategy: gerrit
+ jenkins-ssh-credential: '{jenkins-ssh-credential}'
+ basedir: '{project}'
+
+ node: '{build-node}'
+ project-type: freestyle
+ concurrent: true
+
+ builders:
+ - inject:
+ properties-content: |
+ {make-test-vars}
+ DEST_GOPATH={dest-gopath}
+ MAKE_TEST_TARGETS={make-test-targets}
+ MAKE_TEST_KEEP_GOING={make-test-keep-going}
+ - shell: !include-raw-escape: ../shell/make-test.sh
+
+ publishers:
+ - junit:
+ results: "**/*results.xml,**/*report.xml"
+ allow-empty-results: '{junit-allow-empty-results}'
+ - cobertura:
+ report-file: "**/*coverage.xml"
+ targets:
+ - files:
+ healthy: 80
+ unhealthy: 0
+ failing: 0
+ - method:
+ healthy: 50
+ unhealthy: 0
+ failing: 0