commit 65d85a207f579c95da675700a663cd04498dbbf4
author pierventre <pier@opennetworking.org> Tue Jul 21 20:30:20 2020 +0200
committer pierventre <pier@opennetworking.org> Wed Jul 22 20:41:21 2020 +0200
tree d7d6bb63e20b00c1ff982b0c4b4a4790b2d5ddaa
parent 2bdb4a9560dd999f83747d387410db6c2d535c43

[AETHER-444] Improves tost CI/CD jobs

- the jobs are now private (new templates are added)
- docker login is done conditionally if username and password are defined
- docker credentials are added to the private-make-test template
- omecproject credentials are added to the private-make-test template
- withDockerRegistry and withCredentials are added to the build steps

Change-Id: I5233d12138d486075895e5e50baafd06a68ea04c

jjb/templates/docker-publish.yaml

diff --git a/jjb/templates/docker-publish.yaml b/jjb/templates/docker-publish.yaml
index 489d6bd..1f67833 100644
--- a/jjb/templates/docker-publish.yaml
+++ b/jjb/templates/docker-publish.yaml
@@ -73,11 +73,6 @@
           description: "The person that should be notified if this job fails"
 
       - string:
-          name: credentialsId
-          default: '{jenkins-ssh-credential}'
-          description: "The ssh credentials id file to be used during the checkout"
-
-      - string:
           name: extraEnvironmentVars
           default: '{extraEnvironmentVars}'
           description: "Provide extra environment variables to the build"

jjb/templates/private-docker-publish.yaml

diff --git a/jjb/templates/private-docker-publish.yaml b/jjb/templates/private-docker-publish.yaml
new file mode 100644
index 0000000..edbba0d
--- /dev/null
+++ b/jjb/templates/private-docker-publish.yaml
@@ -0,0 +1,109 @@
+---
+# generic docker image building + dockerhub publishing tasks
+
+- job-template:
+    id: private-docker-publish
+    name: 'private-docker-publish_{project}'
+    description: |
+      Created by {id} job-template from ci-management/jjb/private-docker-publish.yaml, script pipeline/docker-publish.groovy
+
+    triggers:
+      - onf-infra-gerrit-trigger-merge:
+          gerrit-server-name: '{gerrit-server-name}'
+          project-regexp: '{project}'
+          branch-regexp: '{branch-regexp}'
+          file-include-regexp: '{all-files-regexp}'
+          dependency-jobs: '{dependency-jobs}'
+
+    properties:
+      - raw:
+          xml: |
+              <hudson.security.AuthorizationMatrixProperty>
+                <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Discover:ONFStaff</permission>
+                <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Read:ONFStaff</permission>
+                <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
+                <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
+                <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
+                <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
+              </hudson.security.AuthorizationMatrixProperty>
+      - onf-infra-properties:
+          build-days-to-keep: '{build-days-to-keep}'
+          artifact-num-to-keep: '{artifact-num-to-keep}'
+
+    wrappers:
+      - lf-infra-wrappers:
+          build-timeout: '{build-timeout}'
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    parameters:
+      - string:
+          name: buildNode
+          default: '{bigger-build-node}'
+          description: 'Name of the Jenkins build executor to run the job on'
+
+      - string:
+          name: gitUrl
+          default: '$GIT_URL/$GERRIT_PROJECT'
+          description: 'URL to the git repo'
+
+      - string:
+          name: gitRef
+          default: '$GERRIT_PATCHSET_REVISION'
+          description: 'git ref to build (commit hash or tag)'
+
+      - string:
+          name: projectName
+          default: '$GERRIT_PROJECT'
+          description: 'Name of the project in Gerrit'
+
+      - string:
+          name: branchName
+          default: '$GERRIT_BRANCH'
+          description: 'Branch of the project in Gerrit'
+
+      - string:
+          name: dockerRepo
+          default: '{docker-repo}'
+          description: "Docker repository to push to ('onosproject', etc.)"
+
+      - string:
+          name: dockerRegistry
+          default: '{docker-registry}'
+          description: "Docker registry to push to (blank for DockerHub)"
+
+      # AWS CPU arch names: `x86_64` `arm64` (which don't align to vendor names... *sigh*)
+      - string:
+          name: dockerArchList
+          default: 'x86_64'
+          description: "List of architectures to build containers on, pipe separated (nonfunctional currently)"
+
+      - string:
+          name: maintainers
+          default: '{maintainers}'
+          description: "The person that should be notified if this job fails"
+
+      - string:
+          name: extraEnvironmentVars
+          default: '{extraEnvironmentVars}'
+          description: "Provide extra environment variables to the build"
+
+    project-type: pipeline
+    concurrent: true
+    extraEnvironmentVars: ""
+    sandbox: true
+
+    dsl: !include-raw-escape: ../pipeline/docker-publish.groovy

jjb/templates/private-make-test.yaml

diff --git a/jjb/templates/private-make-test.yaml b/jjb/templates/private-make-test.yaml
new file mode 100644
index 0000000..bf62c01
--- /dev/null
+++ b/jjb/templates/private-make-test.yaml
@@ -0,0 +1,100 @@
+---
+# Run Makefile targets and optionally collect unit test data
+
+- job-template:
+    id: 'private-make-test'
+    name: 'private-make-test{name-extension}_{project}'
+
+    description: |
+      Created by {id} job-template from ci-management/jjb/templates/private-make-test.yaml<br/>
+      Runs make with the following test targets - '{make-test-targets}' and with the<br/>
+      following env. variables - '{make-test-vars}'
+
+    triggers:
+      - onf-infra-gerrit-trigger-patchset:
+          gerrit-server-name: '{gerrit-server-name}'
+          project-regexp: '^{project}$'
+          branch-regexp: '{branch-regexp}'
+          dependency-jobs: '{dependency-jobs}'
+          file-include-regexp: '{all-files-regexp}'
+
+    properties:
+      - raw:
+          xml: |
+              <hudson.security.AuthorizationMatrixProperty>
+                <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Discover:ONFStaff</permission>
+                <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Read:ONFStaff</permission>
+                <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
+                <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
+                <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
+                <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
+              </hudson.security.AuthorizationMatrixProperty>
+      - onf-infra-properties:
+          build-days-to-keep: '{build-days-to-keep}'
+          artifact-num-to-keep: '{artifact-num-to-keep}'
+
+    wrappers:
+      - lf-infra-wrappers:
+          build-timeout: '{build-timeout}'
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+      - credentials-binding:
+          - username-password-separated:
+              credential-id: docker-artifact-push-credentials
+              username: DOCKERHUB_USERNAME
+              password: DOCKERHUB_PASSWORD
+          - text:
+              credential-id: 64fe2b1a-b33a-4f13-8442-ad8360434003
+              variable: OMECPROJECT_API
+
+    scm:
+      - onf-infra-gerrit-scm:
+          git-url: '$GIT_URL/$GERRIT_PROJECT'
+          refspec: '$GERRIT_REFSPEC'
+          branch: '$GERRIT_BRANCH'
+          submodule-recursive: '{submodule-recursive}'
+          choosing-strategy: gerrit
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+          basedir: '{project}'
+
+    node: '{build-node}'
+    project-type: freestyle
+    concurrent: true
+
+    builders:
+      - inject:
+          properties-content: |
+            {make-test-vars}
+            DEST_GOPATH={dest-gopath}
+            MAKE_TEST_TARGETS={make-test-targets}
+            MAKE_TEST_KEEP_GOING={make-test-keep-going}
+      - shell: !include-raw-escape: ../shell/make-test.sh
+
+    publishers:
+      - junit:
+          results: "**/*results.xml,**/*report.xml"
+          allow-empty-results: '{junit-allow-empty-results}'
+      - cobertura:
+          report-file: "**/*coverage.xml"
+          targets:
+            - files:
+                healthy: 80
+                unhealthy: 0
+                failing: 0
+            - method:
+                healthy: 50
+                unhealthy: 0
+                failing: 0