Add jobs for fabric-tna GitHub repo
Change-Id: Id4b18a73837d9670b6902317d210950f1ae0707c
diff --git a/jjb/defaults.yaml b/jjb/defaults.yaml
index afa49e8..d4256df 100644
--- a/jjb/defaults.yaml
+++ b/jjb/defaults.yaml
@@ -38,6 +38,13 @@
# User account with gerrit SSH credentials
gerrit-ssh-credential: 'onos-gerrit-ssh'
+ # SSH credentials for onf-bot GitHub account
+ github-onf-bot-ssh-credential: 'github-onf-bot-ssh-key'
+
+ # Auth IDs for Github Pull Request Builder plugin:
+ # - Auth ID for GitHub account "onf-bot" (via Personal Access Token)
+ github-pr-auth-id-onf-bot: '3a50653e-c14e-4a15-bfbc-206c6a4eccac'
+
# Java glob of artifacts to archive
archive-artifacts: ''
diff --git a/jjb/onf-macros.yaml b/jjb/onf-macros.yaml
index 794ce3d..6d2145a 100644
--- a/jjb/onf-macros.yaml
+++ b/jjb/onf-macros.yaml
@@ -24,6 +24,31 @@
name: sha1
default: "origin/{stream}"
+# basic string parameters when using onf-infra-github-pr-trigger-merge
+- parameter:
+ name: onf-infra-github-pr-merge-parameters
+ parameters:
+ - string:
+ name: repoName
+ default: '{repo-name}'
+ description: 'Name of the git repo. Populated by Generic Webhook Trigger'
+
+ - string:
+ name: repoUrl
+ default: '{repo-url}'
+ description: 'URL to the git repo. Populated by Generic Webhook Trigger'
+
+ - string:
+ name: branchName
+ default: '{branch}'
+ description: 'Branch of the project. Populated by Generic Webhook Trigger'
+
+ - string:
+ name: commitHash
+ default: '{sha1}'
+ description: 'SHA string of the merged commit. Populated by Generic Webhook Trigger'
+
+
# control how long builds and artifact are retained
# differs from lf-infra-properties as it retains artifacts
- property:
@@ -33,6 +58,37 @@
days-to-keep: '{build-days-to-keep}'
artifact-num-to-keep: '{artifact-num-to-keep}'
+# Sets permissions for job to be visible to ONFStaff only.
+# Useful when running tools under NDA for which we don't have permission to
+# publish logs or output.
+- property:
+ name: onf-infra-onfstaff-private
+ properties:
+ - raw:
+ xml: |
+ <hudson.security.AuthorizationMatrixProperty>
+ <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Discover:ONFStaff</permission>
+ <permission>hudson.model.Item.Read:ONFStaff</permission>
+ </hudson.security.AuthorizationMatrixProperty>
+
# trigger on gerrit patchsets and actions
# docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit
# Uses a regex based project match
@@ -83,6 +139,20 @@
choosing-strategy: '{choosing-strategy}'
basedir: '{basedir}'
+- scm:
+ name: onf-infra-github-ssh-scm
+ scm:
+ - lf-infra-github-scm:
+ url: "git@github.com:{github-organization}/{project}.git"
+ # To checkout PRs and branches
+ refspec: "+refs/heads/*:refs/remotes/origin/* +refs/pull/*:refs/remotes/origin/pr/*"
+ # Can be commit hash
+ branch: "{branch}"
+ submodule-recursive:
+ submodule-timeout:
+ submodule-disable:
+ choosing-strategy: default
+ jenkins-ssh-credential: "{ssh-credential}"
# trigger for gerrit patch submission
- trigger:
@@ -138,3 +208,51 @@
fail-build: true
clean-parent: false
disable-deferred-wipeout: false
+
+# Trigger on GitHub pull requests
+# docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.github-pull-request
+# Uses the standard 'ok to test', etc. commands per the plugin:
+# https://github.com/jenkinsci/ghprb-plugin
+- trigger:
+ name: onf-infra-github-pr-trigger
+ triggers:
+ - github-pull-request:
+ auth-id: '{github_pr_auth_id}'
+ github-hooks: true # Create github hooks automatically
+ cancel-builds-on-update: true
+ auto-close-on-fail: false
+ only-trigger-phrase: false
+ status-context: '{status_context}' # Name of testing system in PR
+ permit-all: false # don't trigger on every PR
+ org-list: '{obj:github_pr_org_list}'
+ allow-whitelist-orgs-as-admins: true
+
+# Trigger on GitHub PR merge
+# docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.generic-webhook-trigger
+- trigger:
+ name: onf-infra-github-pr-trigger-merge
+ triggers:
+ - generic-webhook-trigger:
+ post-content-params:
+ - type: JSONPath
+ key: action
+ value: $.action
+ - type: JSONPath
+ key: merged
+ value: $.pull_request.merged
+ - type: JSONPath
+ key: repoUrl
+ value: $.pull_request.base.repo.html_url
+ - type: JSONPath
+ key: repoName
+ value: $.pull_request.base.repo.name
+ - type: JSONPath
+ key: branchName
+ value: $.pull_request.base.ref
+ - type: JSONPath
+ key: commitHash
+ value: $.pull_request.merge_commit_sha
+ regex-filter-text: $action,$merged
+ regex-filter-expression: ^(closed,true)$
+ cause: Generic Cause
+ token: '{project}'
diff --git a/jjb/repos/fabric-tna.yaml b/jjb/repos/fabric-tna.yaml
new file mode 100644
index 0000000..a4acf71
--- /dev/null
+++ b/jjb/repos/fabric-tna.yaml
@@ -0,0 +1,22 @@
+---
+# jobs for 'fabric-tna' project
+
+- project:
+ name: fabric-tna
+ project: '{name}'
+
+ github-organization: 'stratum'
+
+ github_pr_auth_id: '{github-pr-auth-id-onf-bot}'
+ github_pr_org_list:
+ - 'stratum'
+
+ jobs:
+ - 'fabric-tna-jobs':
+ stream: 'master'
+
+- job-group:
+ name: 'fabric-tna-jobs'
+ jobs:
+ - 'fabric-tna-pr-verify'
+ - 'fabric-tna-postmerge'
diff --git a/jjb/shell/docker-login.sh b/jjb/shell/docker-login.sh
new file mode 100644
index 0000000..2949dcb
--- /dev/null
+++ b/jjb/shell/docker-login.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+#
+# Copyright 2020-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# exit on errors
+set -eu -o pipefail
+
+docker login --username "${DOCKERHUB_USERNAME}" --password "${DOCKERHUB_PASSWORD}"
diff --git a/jjb/templates/fabric-p4-verify.yaml b/jjb/templates/fabric-p4-verify.yaml
index 8d1f01c..b88d3bb 100644
--- a/jjb/templates/fabric-p4-verify.yaml
+++ b/jjb/templates/fabric-p4-verify.yaml
@@ -10,30 +10,9 @@
Runs fabric.p4 test pipeline
properties:
- - raw:
- xml: |
- <hudson.security.AuthorizationMatrixProperty>
- <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
- <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
- <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
- <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
- <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
- <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Discover:ONFStaff</permission>
- <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Read:ONFStaff</permission>
- <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
- <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
- <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
- <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
- </hudson.security.AuthorizationMatrixProperty>
+ # Visibility restricted to ONFStaff because logs contain output from
+ # Barefoot toolchain (under NDA).
+ - onf-infra-onfstaff-private:
- onf-infra-properties:
build-days-to-keep: '{build-days-to-keep}'
artifact-num-to-keep: '-1'
diff --git a/jjb/templates/fabric-tna-jobs.yaml b/jjb/templates/fabric-tna-jobs.yaml
new file mode 100644
index 0000000..5fe2498
--- /dev/null
+++ b/jjb/templates/fabric-tna-jobs.yaml
@@ -0,0 +1,122 @@
+---
+# Run pull request verify job for fabric-tna
+
+- job-template:
+ id: 'fabric-tna-pr-verify'
+ name: 'fabric-tna-pr-verify'
+
+ description: |
+ Created by {id} job-template from ci-management/jjb/templates/fabric-tna-jobs.yaml<br/>
+
+ properties:
+ # Visibility restricted to ONFStaff because logs contain output from
+ # Barefoot toolchain (under NDA).
+ - onf-infra-onfstaff-private:
+ - onf-infra-properties:
+ build-days-to-keep: '{build-days-to-keep}'
+ artifact-num-to-keep: '-1'
+ - github:
+ url: 'https://github.com/{github-organization}/{project}'
+
+ node: '{bigger-build-node}'
+ project-type: freestyle
+ concurrent: true
+
+ parameters:
+ - onf-infra-parameters:
+ project: '{project}'
+ stream: '{stream}'
+ gerrit_project: 'not-a-gerrit-project'
+
+ scm:
+ - onf-infra-github-ssh-scm:
+ github-organization: '{github-organization}'
+ project: '{project}'
+ branch: "$sha1"
+ ssh-credential: "{github-onf-bot-ssh-credential}"
+
+ triggers:
+ - onf-infra-github-pr-trigger:
+ github_pr_org_list: '{obj:github_pr_org_list}'
+ github_pr_auth_id: '{github_pr_auth_id}'
+ status_context: 'fabric-tna-pr-verify'
+
+ wrappers:
+ - lf-infra-wrappers:
+ build-timeout: '30'
+ jenkins-ssh-credential: '{github-onf-bot-ssh-credential}'
+ - credentials-binding:
+ - username-password-separated:
+ credential-id: docker-artifact-push-credentials
+ username: DOCKERHUB_USERNAME
+ password: DOCKERHUB_PASSWORD
+
+ builders:
+ - shell: !include-raw-escape: ../shell/docker-login.sh
+ # For now, let the actual job script evolve in the repo. We can make that
+ # a pipeline later.
+ - shell: |
+ bash .jenkins/pr_verify.sh
+
+ publishers:
+ - onf-infra-wscleanup-publisher
+
+- job-template:
+ id: 'fabric-tna-postmerge'
+ name: 'fabric-tna-postmerge'
+
+ description: |
+ Created by {id} job-template from ci-management/jjb/templates/fabric-tna-jobs.yaml<br/>
+
+ properties:
+ # Visibility restricted to ONFStaff because logs contain output from
+ # Barefoot toolchain (under NDA).
+ - onf-infra-onfstaff-private:
+ - onf-infra-properties:
+ build-days-to-keep: '{build-days-to-keep}'
+ artifact-num-to-keep: '-1'
+ - github:
+ url: 'https://github.com/{github-organization}/{project}'
+
+ node: '{bigger-build-node}'
+ project-type: freestyle
+ concurrent: true
+
+ parameters:
+ - onf-infra-github-pr-merge-parameters:
+ repo-name: '{project}'
+ repo-url: 'git@github.com:{github-organization}/{project}.git'
+ branch: '{stream}'
+ sha1: '{stream}'
+
+
+ scm:
+ - onf-infra-github-ssh-scm:
+ github-organization: '{github-organization}'
+ project: '{project}'
+ branch: "$commitHash"
+ ssh-credential: "{github-onf-bot-ssh-credential}"
+
+ triggers:
+ - onf-infra-github-pr-trigger-merge:
+ project: '{project}'
+
+ wrappers:
+ - lf-infra-wrappers:
+ build-timeout: '30'
+ jenkins-ssh-credential: '{github-onf-bot-ssh-credential}'
+ - credentials-binding:
+ - username-password-separated:
+ credential-id: docker-artifact-push-credentials
+ username: DOCKERHUB_USERNAME
+ password: DOCKERHUB_PASSWORD
+
+ builders:
+ - shell: !include-raw-escape: ../shell/docker-login.sh
+ # For now, let the actual job script evolve in the repo. We can make that
+ # a pipeline later.
+ - shell: |
+ bash .jenkins/postmerge.sh
+
+ publishers:
+ - onf-infra-wscleanup-publisher