Gitiles
Code Review Sign In
gerrit.onosproject.org / ci-management / e8cc8d32d67f3ba06ae8be79c711ffbb1f1fee57 / . / jjb / onf-macros.yaml
blob: 89ffce80643428167d33ac79c63e9f604f2dc45e [file] [log] [blame]
Zack Williams3403ff42019-08-13 18:30:42 -0700[diff] [blame]1# JJB Macros for ONF jobs
2
pierventrefb03d642020-07-02 23:10:12 +0200[diff] [blame]3# basic string parameters for onf projects
4# differs from lf-infra-parameters as it allows to speficy a different gerrit project
5- parameter:
6 name: onf-infra-parameters
7 parameters:
8 - string:
9 name: PROJECT
10 default: '{project}'
11 - string:
12 name: STREAM
13 default: '{stream}'
14 - string:
15 name: GERRIT_PROJECT
16 default: '{gerrit_project}'
17 - string:
18 name: GERRIT_BRANCH
19 default: '{stream}'
20 - string:
21 name: GERRIT_REFSPEC
22 default: "refs/heads/{stream}"
23 - string:
24 name: sha1
25 default: "origin/{stream}"
26
Carmelo Cascone81631ed2020-08-18 19:33:25 -0700[diff] [blame]27# basic string parameters when using onf-infra-github-pr-trigger-merge
28- parameter:
29 name: onf-infra-github-pr-merge-parameters
30 parameters:
31 - string:
32 name: repoName
33 default: '{repo-name}'
34 description: 'Name of the git repo. Populated by Generic Webhook Trigger'
35
36 - string:
37 name: repoUrl
38 default: '{repo-url}'
39 description: 'URL to the git repo. Populated by Generic Webhook Trigger'
40
41 - string:
42 name: branchName
43 default: '{branch}'
44 description: 'Branch of the project. Populated by Generic Webhook Trigger'
45
46 - string:
47 name: commitHash
48 default: '{sha1}'
49 description: 'SHA string of the merged commit. Populated by Generic Webhook Trigger'
50
51
Zack Williams3403ff42019-08-13 18:30:42 -0700[diff] [blame]52# control how long builds and artifact are retained
53# differs from lf-infra-properties as it retains artifacts
54- property:
55 name: onf-infra-properties
56 properties:
57 - build-discarder:
58 days-to-keep: '{build-days-to-keep}'
59 artifact-num-to-keep: '{artifact-num-to-keep}'
60
Carmelo Cascone81631ed2020-08-18 19:33:25 -0700[diff] [blame]61# Sets permissions for job to be visible to ONFStaff only.
62# Useful when running tools under NDA for which we don't have permission to
63# publish logs or output.
64- property:
65 name: onf-infra-onfstaff-private
66 properties:
67 - raw:
68 xml: |
69 <hudson.security.AuthorizationMatrixProperty>
70 <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
71 <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
72 <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
73 <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
74 <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
75 <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
76 <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
77 <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
78 <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
79 <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
80 <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
81 <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
82 <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
83 <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
84 <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
85 <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
86 <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
87 <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
88 <permission>hudson.model.Item.Discover:ONFStaff</permission>
Carmelo Cascone9a4cbfa2020-08-19 23:11:50 -0700[diff] [blame]89 <permission>hudson.model.Item.Discover:anonymous</permission>
Carmelo Cascone81631ed2020-08-18 19:33:25 -0700[diff] [blame]90 <permission>hudson.model.Item.Read:ONFStaff</permission>
Carmelo Cascone9a4cbfa2020-08-19 23:11:50 -0700[diff] [blame]91 <permission>hudson.model.Item.ViewStatus:anonymous</permission>
Carmelo Cascone81631ed2020-08-18 19:33:25 -0700[diff] [blame]92 </hudson.security.AuthorizationMatrixProperty>
93
Carmelo Cascone010ab112021-01-13 00:37:06 -0800[diff] [blame]94# Sets permissions for job to be visible to ProntoAccess and ONFStaff only.
95- property:
96 name: onf-infra-pronto-private
97 properties:
98 - raw:
99 xml: |
100 <hudson.security.AuthorizationMatrixProperty>
101 <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
102 <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
103 <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
104 <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
105 <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
106 <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
107 <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
108 <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
109 <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
110 <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
111 <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
112 <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
113 <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
114 <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
115 <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
116 <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
117 <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
118 <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
119 <permission>hudson.model.Item.Discover:ONFStaff</permission>
120 <permission>hudson.model.Item.Discover:ProntoAccess</permission>
121 <permission>hudson.model.Item.Discover:anonymous</permission>
122 <permission>hudson.model.Item.Read:ONFStaff</permission>
123 <permission>hudson.model.Item.Read:ProntoAccess</permission>
124 <permission>hudson.model.Item.ViewStatus:anonymous</permission>
125 </hudson.security.AuthorizationMatrixProperty>
126
Zack Williams3403ff42019-08-13 18:30:42 -0700[diff] [blame]127# trigger on gerrit patchsets and actions
128# docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit
129# Uses a regex based project match
130- trigger:
131 name: onf-infra-gerrit-trigger-patchset
132 triggers:
133 - gerrit:
134 server-name: '{gerrit-server-name}'
135 dependency-jobs: '{dependency-jobs}'
136 silent-start: true
137 trigger-on:
138 - patchset-created-event:
139 exclude-drafts: true
140 exclude-trivial-rebase: false
141 exclude-no-code-change: false
142 - draft-published-event
143 - comment-added-contains-event:
144 comment-contains-value: '(?i)^.*recheck$'
145 projects:
146 - project-compare-type: REG_EXP
147 project-pattern: '{project-regexp}'
148 branches:
149 - branch-compare-type: REG_EXP
150 branch-pattern: '{branch-regexp}'
151 file-paths:
152 - compare-type: REG_EXP
153 pattern: '{file-include-regexp}'
154
155
156# same as lf-infra-gerrit-scm, but allows checkouts to a subdir of $WORKSPACE
157# with the `basedir` option
158#
159# `basedir` serves the same function as `destination-dir` in the repo scm
160# macros, seems strange that they're named differently.
161- scm:
162 name: onf-infra-gerrit-scm
163 scm:
164 - git:
165 credentials-id: '{jenkins-ssh-credential}'
166 url: '{git-url}'
167 refspec: '{refspec}'
168 branches:
169 - 'refs/heads/{branch}'
Zack Williams3403ff42019-08-13 18:30:42 -0700[diff] [blame]170 wipe-workspace: true
171 submodule:
172 recursive: '{submodule-recursive}'
173 choosing-strategy: '{choosing-strategy}'
174 basedir: '{basedir}'
175
Carmelo Cascone81631ed2020-08-18 19:33:25 -0700[diff] [blame]176- scm:
177 name: onf-infra-github-ssh-scm
178 scm:
179 - lf-infra-github-scm:
180 url: "git@github.com:{github-organization}/{project}.git"
181 # To checkout PRs and branches
182 refspec: "+refs/heads/*:refs/remotes/origin/* +refs/pull/*:refs/remotes/origin/pr/*"
183 # Can be commit hash
184 branch: "{branch}"
185 submodule-recursive:
186 submodule-timeout:
187 submodule-disable:
188 choosing-strategy: default
189 jenkins-ssh-credential: "{ssh-credential}"
Zack Williams3403ff42019-08-13 18:30:42 -0700[diff] [blame]190
191# trigger for gerrit patch submission
192- trigger:
193 name: onf-infra-gerrit-trigger-merge
194 triggers:
195 - gerrit:
196 server-name: '{gerrit-server-name}'
197 dependency-jobs: '{dependency-jobs}'
198 silent-start: true
199 trigger-on:
200 - change-merged-event
201 projects:
202 - project-compare-type: REG_EXP
203 project-pattern: '{project-regexp}'
204 branches:
205 - branch-compare-type: REG_EXP
206 branch-pattern: '{branch-regexp}'
207 file-paths:
208 - compare-type: REG_EXP
209 pattern: '{file-include-regexp}'
210
211# wrapper to provide SSH key and fill in ~/.ssh/known_hosts file for use with rsync
212- wrapper:
213 name: onf-infra-rsync-wrappers
214 wrappers:
215 - mask-passwords
216 - timeout:
217 type: absolute
218 timeout: '{build-timeout}'
219 timeout-var: 'BUILD_TIMEOUT'
220 fail: true
221 - timestamps
222 - ssh-agent-credentials:
223 users:
224 - '{jenkins-ssh-credential}'
225 - config-file-provider:
226 files:
227 - file-id: known_hosts
228 target: '$HOME/.ssh/known_hosts'
229
pierventrefb03d642020-07-02 23:10:12 +0200[diff] [blame]230# publisher to clean up the workspace after the build whatever the result
231- publisher:
232 name: onf-infra-wscleanup-publisher
233 publishers:
234 - workspace-cleanup:
235 clean-if:
236 - success: true
237 - unstable: true
238 - failure: true
239 - aborted: true
240 - not-built: true
241 dirmatch: false
242 fail-build: true
243 clean-parent: false
244 disable-deferred-wipeout: false
Carmelo Cascone81631ed2020-08-18 19:33:25 -0700[diff] [blame]245
246# Trigger on GitHub pull requests
247# docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.github-pull-request
248# Uses the standard 'ok to test', etc. commands per the plugin:
249# https://github.com/jenkinsci/ghprb-plugin
250- trigger:
251 name: onf-infra-github-pr-trigger
252 triggers:
253 - github-pull-request:
254 auth-id: '{github_pr_auth_id}'
255 github-hooks: true # Create github hooks automatically
256 cancel-builds-on-update: true
257 auto-close-on-fail: false
258 only-trigger-phrase: false
259 status-context: '{status_context}' # Name of testing system in PR
260 permit-all: false # don't trigger on every PR
261 org-list: '{obj:github_pr_org_list}'
262 allow-whitelist-orgs-as-admins: true
263
264# Trigger on GitHub PR merge
265# docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.generic-webhook-trigger
266- trigger:
267 name: onf-infra-github-pr-trigger-merge
268 triggers:
269 - generic-webhook-trigger:
270 post-content-params:
271 - type: JSONPath
272 key: action
273 value: $.action
274 - type: JSONPath
275 key: merged
276 value: $.pull_request.merged
277 - type: JSONPath
278 key: repoUrl
279 value: $.pull_request.base.repo.html_url
280 - type: JSONPath
281 key: repoName
282 value: $.pull_request.base.repo.name
283 - type: JSONPath
284 key: branchName
285 value: $.pull_request.base.ref
286 - type: JSONPath
287 key: commitHash
288 value: $.pull_request.merge_commit_sha
289 regex-filter-text: $action,$merged
290 regex-filter-expression: ^(closed,true)$
291 cause: Generic Cause
292 token: '{project}'