diff options
Diffstat (limited to 'jjb')
| -rw-r--r-- | jjb/barometer/barometer-build.sh | 21 | ||||
| -rw-r--r-- | jjb/barometer/barometer-upload-artifact.sh | 40 | ||||
| -rw-r--r-- | jjb/barometer/barometer.yml | 20 | ||||
| -rwxr-xr-x | jjb/ci_gate_security/anteater-clone-all-repos.sh | 33 | ||||
| -rw-r--r-- | jjb/ci_gate_security/anteater-report-to-gerrit.sh | 2 | ||||
| -rw-r--r-- | jjb/ci_gate_security/anteater-security-audit-weekly.sh | 37 | ||||
| -rw-r--r-- | jjb/ci_gate_security/opnfv-ci-gate-security.yml | 30 | ||||
| -rw-r--r-- | jjb/compass4nfv/compass-ci-jobs.yml | 2 | ||||
| -rw-r--r-- | jjb/compass4nfv/compass-dovetail-jobs.yml | 2 | ||||
| -rw-r--r-- | jjb/compass4nfv/compass-verify-jobs.yml | 6 | ||||
| -rw-r--r-- | jjb/doctor/doctor.yml | 33 | ||||
| -rw-r--r-- | jjb/global/installer-params.yml | 4 | ||||
| -rw-r--r-- | jjb/global/releng-macros.yml | 9 | ||||
| -rw-r--r-- | jjb/netready/netready.yml | 2 | ||||
| -rw-r--r-- | jjb/releng/opnfv-docker.sh | 18 | ||||
| -rw-r--r-- | jjb/releng/opnfv-docker.yml | 4 | ||||
| -rw-r--r-- | jjb/yardstick/yardstick-daily-jobs.yml | 2 |
17 files changed, 240 insertions, 25 deletions
diff --git a/jjb/barometer/barometer-build.sh b/jjb/barometer/barometer-build.sh new file mode 100644 index 000000000..e40841bc2 --- /dev/null +++ b/jjb/barometer/barometer-build.sh @@ -0,0 +1,21 @@ +set -x + +OPNFV_ARTIFACT_VERSION=$(date -u +"%Y-%m-%d_%H-%M-%S") +OPNFV_ARTIFACT_URL="$GS_URL/$OPNFV_ARTIFACT_VERSION/" + +# log info to console +echo "Starting the build of Barometer RPMs" +echo "------------------------------------" +echo + +cd ci +./install_dependencies.sh +./build_rpm.sh +cd $WORKSPACE + +# save information regarding artifact into file +( + echo "OPNFV_ARTIFACT_VERSION=$OPNFV_ARTIFACT_VERSION" + echo "OPNFV_ARTIFACT_URL=$OPNFV_ARTIFACT_URL" +) > $WORKSPACE/opnfv.properties + diff --git a/jjb/barometer/barometer-upload-artifact.sh b/jjb/barometer/barometer-upload-artifact.sh new file mode 100644 index 000000000..996de4808 --- /dev/null +++ b/jjb/barometer/barometer-upload-artifact.sh @@ -0,0 +1,40 @@ +#!/bin/bash +set -o nounset +set -o pipefail + +RPM_WORKDIR=$WORKSPACE/rpmbuild +RPM_DIR=$RPM_WORKDIR/RPMS/x86_64/ +cd $WORKSPACE/ + +# source the opnfv.properties to get ARTIFACT_VERSION +source $WORKSPACE/opnfv.properties + +# upload property files +gsutil cp $WORKSPACE/opnfv.properties gs://$OPNFV_ARTIFACT_URL/opnfv.properties > gsutil.properties.log 2>&1 +gsutil cp $WORKSPACE/opnfv.properties gs://$GS_URL/latest.properties > gsutil.latest.log 2>&1 + +echo "Uploading the barometer RPMs to artifacts.opnfv.org" +echo "---------------------------------------------------" +echo + +gsutil -m cp -r $RPM_DIR/* $OPNFV_ARTIFACT_URL > $WORKSPACE/gsutil.log 2>&1 + +# Check if the RPMs were pushed +gsutil ls $OPNFV_ARTIFACT_URL > /dev/null 2>&1 +if [[ $? -ne 0 ]]; then + echo "Problem while uploading barometer RPMs to $OPNFV_ARTIFACT_URL!" + echo "Check log $WORKSPACE/gsutil.log on the appropriate build server" + exit 1 +fi + +gsutil -m setmeta \ + -h "Cache-Control:private, max-age=0, no-transform" \ + gs://$OPNFV_ARTIFACT_URL/*.rpm > /dev/null 2>&1 + +echo +echo "--------------------------------------------------------" +echo "Done!" +echo "Artifact is available at $OPNFV_ARTIFACT_URL" + +#cleanup the RPM repo from the build machine. +rm -rf $RPM_WORKDIR diff --git a/jjb/barometer/barometer.yml b/jjb/barometer/barometer.yml index 68b8a04c0..c8fb9e25b 100644 --- a/jjb/barometer/barometer.yml +++ b/jjb/barometer/barometer.yml @@ -144,8 +144,18 @@ - timed: '@midnight' builders: - - shell: | - pwd - cd ci - ./install_dependencies.sh - ./build_rpm.sh + - shell: + !include-raw-escape: ./barometer-build.sh + - shell: + !include-raw-escape: ./barometer-upload-artifact.sh + +######################## +# parameter macros +######################## +- parameter: + name: barometer-project-parameter + parameters: + - string: + name: GS_URL + default: '$GS_BASE{gs-pathname}' + description: "URL to Google Storage." diff --git a/jjb/ci_gate_security/anteater-clone-all-repos.sh b/jjb/ci_gate_security/anteater-clone-all-repos.sh new file mode 100755 index 000000000..8a9e73d85 --- /dev/null +++ b/jjb/ci_gate_security/anteater-clone-all-repos.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +set -o errexit +set -o pipefail +set -o nounset +export PATH=$PATH:/usr/local/bin/ + + +#WORKSPACE="$(pwd)" + +cd $WORKSPACE +if [ ! -d "$WORKSPACE/allrepos" ]; then + mkdir $WORKSPACE/allrepos +fi + +cd $WORKSPACE/allrepos + +declare -a PROJECT_LIST +EXCLUDE_PROJECTS="All-Projects|All-Users|securedlab" + +PROJECT_LIST=($(ssh gerrit.opnfv.org -p 29418 gerrit ls-projects | egrep -v $EXCLUDE_PROJECTS)) +echo "PROJECT_LIST=(${PROJECT_LIST[*]})" > $WORKSPACE/opnfv-projects.sh + +for PROJECT in ${PROJECT_LIST[@]}; do + echo "> Cloning $PROJECT" + if [ ! -d "$PROJECT" ]; then + git clone "https://gerrit.opnfv.org/gerrit/$PROJECT.git" + else + pushd "$PROJECT" > /dev/null + git pull -f + popd > /dev/null + fi +done diff --git a/jjb/ci_gate_security/anteater-report-to-gerrit.sh b/jjb/ci_gate_security/anteater-report-to-gerrit.sh index 71c5a0679..fc3018fb4 100644 --- a/jjb/ci_gate_security/anteater-report-to-gerrit.sh +++ b/jjb/ci_gate_security/anteater-report-to-gerrit.sh @@ -1,5 +1,5 @@ #!/bin/bash -set -o errexit +# SPDX-license-identifier: Apache-2.0 set -o pipefail export PATH=$PATH:/usr/local/bin/ EXITSTATUS=0 diff --git a/jjb/ci_gate_security/anteater-security-audit-weekly.sh b/jjb/ci_gate_security/anteater-security-audit-weekly.sh new file mode 100644 index 000000000..436a173bc --- /dev/null +++ b/jjb/ci_gate_security/anteater-security-audit-weekly.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 + +echo "--------------------------------------------------------" +vols="-v $WORKSPACE/allrepos/:/home/opnfv/anteater/allrepos/" +echo "Pulling releng-anteater docker image" +echo "--------------------------------------------------------" +docker pull opnfv/releng-anteater +echo "--------------------------------------------------------" +cmd="docker run -id $vols opnfv/releng-anteater /bin/bash" +echo "Running docker command $cmd" +container_id=$($cmd) +echo "Container ID is $container_id" +source $WORKSPACE/opnfv-projects.sh +for project in "${PROJECT_LIST[@]}" + +do + cmd="anteater --project testproj --path /home/opnfv/anteater/allrepos/$project" + echo "Executing command inside container" + echo "$cmd" + echo "--------------------------------------------------------" + docker exec $container_id $cmd > $WORKSPACE/"$project".securityaudit.log 2>&1 +done + +exit_code=$? +echo "--------------------------------------------------------" +echo "Stopping docker container with ID $container_id" +docker stop $container_id + + +#gsutil cp $WORKSPACE/securityaudit.log \ +# gs://$GS_URL/$PROJECT-securityaudit-weekly.log 2>&1 +# +#gsutil -m setmeta \ +# -h "Content-Type:text/html" \ +# -h "Cache-Control:private, max-age=0, no-transform" \ +# gs://$GS_URL/$PROJECT-securityaudit-weekly.log > /dev/null 2>&1 diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yml b/jjb/ci_gate_security/opnfv-ci-gate-security.yml index e2ad03eae..719035214 100644 --- a/jjb/ci_gate_security/opnfv-ci-gate-security.yml +++ b/jjb/ci_gate_security/opnfv-ci-gate-security.yml @@ -1,3 +1,4 @@ +# SPDX-license-identifier: Apache-2.0 ######################## # Job configuration for opnfv-anteater (security audit) ######################## @@ -9,6 +10,7 @@ jobs: - 'opnfv-security-audit-verify-{stream}' + - 'opnfv-security-audit-weekly-{stream}' stream: - master: @@ -20,6 +22,26 @@ # job templates ######################## - job-template: + name: 'opnfv-security-audit-weekly-{stream}' + + disabled: '{obj:disabled}' + + parameters: + - label: + name: SLAVE_LABEL + default: 'ericsson-build3' + description: 'Slave label on Jenkins' + - project-parameter: + project: releng + branch: '{branch}' + + triggers: + - timed: '@weekly' + + builders: + - anteater-security-audit-weekly + +- job-template: name: 'opnfv-security-audit-verify-{stream}' disabled: '{obj:disabled}' @@ -85,3 +107,11 @@ builders: - shell: !include-raw: ./anteater-report-to-gerrit.sh + +- builder: + name: anteater-security-audit-weekly + builders: + - shell: + !include-raw: + - ./anteater-clone-all-repos.sh + - ./anteater-security-audit-weekly.sh diff --git a/jjb/compass4nfv/compass-ci-jobs.yml b/jjb/compass4nfv/compass-ci-jobs.yml index 0c9f64d9a..f4f49b666 100644 --- a/jjb/compass4nfv/compass-ci-jobs.yml +++ b/jjb/compass4nfv/compass-ci-jobs.yml @@ -205,7 +205,7 @@ - build-name: name: '$BUILD_NUMBER - Scenario: $DEPLOY_SCENARIO' - timeout: - timeout: 150 + timeout: 240 abort: true - fix-workspace-permissions diff --git a/jjb/compass4nfv/compass-dovetail-jobs.yml b/jjb/compass4nfv/compass-dovetail-jobs.yml index b46c73221..67d1e4eee 100644 --- a/jjb/compass4nfv/compass-dovetail-jobs.yml +++ b/jjb/compass4nfv/compass-dovetail-jobs.yml @@ -136,7 +136,7 @@ - build-name: name: '$BUILD_NUMBER - Scenario: $DEPLOY_SCENARIO' - timeout: - timeout: 150 + timeout: 240 abort: true - fix-workspace-permissions diff --git a/jjb/compass4nfv/compass-verify-jobs.yml b/jjb/compass4nfv/compass-verify-jobs.yml index 258315844..e43f976b5 100644 --- a/jjb/compass4nfv/compass-verify-jobs.yml +++ b/jjb/compass4nfv/compass-verify-jobs.yml @@ -74,7 +74,7 @@ wrappers: - ssh-agent-wrapper - timeout: - timeout: 150 + timeout: 240 fail: true - fix-workspace-permissions @@ -197,7 +197,7 @@ wrappers: - ssh-agent-wrapper - timeout: - timeout: 150 + timeout: 240 fail: true - fix-workspace-permissions @@ -297,7 +297,7 @@ wrappers: - ssh-agent-wrapper - timeout: - timeout: 150 + timeout: 240 fail: true - fix-workspace-permissions diff --git a/jjb/doctor/doctor.yml b/jjb/doctor/doctor.yml index 807d436da..eb230b59d 100644 --- a/jjb/doctor/doctor.yml +++ b/jjb/doctor/doctor.yml @@ -38,8 +38,15 @@ profiler: 'poc' auto-trigger-name: 'experimental' + pod: + - arm-pod2: + slave-label: '{pod}' + - arm-pod3: + slave-label: '{pod}' + jobs: - 'doctor-verify-{stream}' + - 'doctor-{task}-{installer}-{inspector}-{pod}-{stream}' - 'doctor-{task}-{installer}-{inspector}-{stream}' - job-template: @@ -83,6 +90,32 @@ - shell: "[ -e tests/run.sh ] && bash -n ./tests/run.sh" - job-template: + name: 'doctor-{task}-{installer}-{inspector}-{pod}-{stream}' + + node: '{slave-label}' + + disabled: '{obj:disabled}' + + parameters: + - project-parameter: + project: '{project}' + branch: '{branch}' + - 'opnfv-build-ubuntu-defaults' + + scm: + - git-scm-gerrit + + + triggers: + - '{auto-trigger-name}': + project: '{project}' + branch: '{branch}' + + builders: + - shell: "[ -e tests/run.sh ] && bash -n ./tests/run.sh" + + +- job-template: name: 'doctor-{task}-{installer}-{inspector}-{stream}' node: '{slave-label}' diff --git a/jjb/global/installer-params.yml b/jjb/global/installer-params.yml index e9f48aea1..ee154af03 100644 --- a/jjb/global/installer-params.yml +++ b/jjb/global/installer-params.yml @@ -42,6 +42,10 @@ default: '192.168.10.100' description: 'IP of the salt master (for mcp deployments)' - string: + name: SSH_KEY + default: '/tmp/mcp.rsa' + description: 'Path to private SSH key to access environment nodes' + - string: name: INSTALLER_TYPE default: fuel description: 'Installer used for deploying OPNFV on this POD' diff --git a/jjb/global/releng-macros.yml b/jjb/global/releng-macros.yml index 5341db464..e4dfa8d80 100644 --- a/jjb/global/releng-macros.yml +++ b/jjb/global/releng-macros.yml @@ -259,8 +259,11 @@ find "$local_path" | grep -e 'index.html$' -e 'pdf$' | \ sed -e "s|^$local_path| http://$gs_path|" >> gerrit_comment.txt +# To take advantage of this macro, have your build write +# out the file 'gerrit_comment.txt' with information to post +# back to gerrit and include this macro in the list of builders. - builder: - name: report-docs-build-result-to-gerrit + name: report-build-result-to-gerrit builders: - shell: | #!/bin/bash @@ -407,14 +410,14 @@ builders: - build-html-and-pdf-docs-output - upload-under-review-docs-to-opnfv-artifacts - - report-docs-build-result-to-gerrit + - report-build-result-to-gerrit - builder: name: upload-merged-docs builders: - build-html-and-pdf-docs-output - upload-generated-docs-to-opnfv-artifacts - - report-docs-build-result-to-gerrit + - report-build-result-to-gerrit - remove-old-docs-from-opnfv-artifacts - builder: diff --git a/jjb/netready/netready.yml b/jjb/netready/netready.yml index 9a4d8858c..2702c45b3 100644 --- a/jjb/netready/netready.yml +++ b/jjb/netready/netready.yml @@ -58,7 +58,7 @@ - job-template: name: 'netready-build-gluon-packages-daily-{stream}' - disabled: false + disabled: true concurrent: true diff --git a/jjb/releng/opnfv-docker.sh b/jjb/releng/opnfv-docker.sh index 2aa52adc5..ebd0c9f3d 100644 --- a/jjb/releng/opnfv-docker.sh +++ b/jjb/releng/opnfv-docker.sh @@ -73,6 +73,8 @@ fi # Get tag version echo "Current branch: $BRANCH" +BUILD_BRANCH=$BRANCH + if [[ "$BRANCH" == "master" ]]; then DOCKER_TAG="latest" elif [[ -n "${RELEASE_VERSION-}" ]]; then @@ -82,19 +84,17 @@ else DOCKER_TAG="stable" fi +if [[ -n "${COMMIT_ID-}" && -n "${RELEASE_VERSION-}" ]]; then + DOCKER_TAG=$RELEASE_VERSION + BUILD_BRANCH=$COMMIT_ID +fi + # Start the build echo "Building docker image: $DOCKER_REPO_NAME:$DOCKER_TAG" echo "--------------------------------------------------------" echo -if [[ $DOCKER_REPO_NAME == *"dovetail"* ]]; then - if [[ -n "${RELEASE_VERSION-}" ]]; then - DOCKER_TAG=${RELEASE_VERSION} - fi - cmd="docker build --no-cache -t $DOCKER_REPO_NAME:$DOCKER_TAG -f $DOCKERFILE ." -else - cmd="docker build --no-cache -t $DOCKER_REPO_NAME:$DOCKER_TAG --build-arg BRANCH=$BRANCH - -f $DOCKERFILE ." -fi +cmd="docker build --no-cache -t $DOCKER_REPO_NAME:$DOCKER_TAG --build-arg BRANCH=$BUILD_BRANCH + -f $DOCKERFILE ." echo ${cmd} ${cmd} diff --git a/jjb/releng/opnfv-docker.yml b/jjb/releng/opnfv-docker.yml index 5fe0eb913..095ba4129 100644 --- a/jjb/releng/opnfv-docker.yml +++ b/jjb/releng/opnfv-docker.yml @@ -106,6 +106,10 @@ default: "opnfv/{project}" description: "Dockerhub repo to be pushed to." - string: + name: COMMIT_ID + default: "" + description: "commit id to make a snapshot docker image" + - string: name: RELEASE_VERSION default: "" description: "Release version, e.g. 1.0, 2.0, 3.0" diff --git a/jjb/yardstick/yardstick-daily-jobs.yml b/jjb/yardstick/yardstick-daily-jobs.yml index 5ff36f842..ff1d47eb4 100644 --- a/jjb/yardstick/yardstick-daily-jobs.yml +++ b/jjb/yardstick/yardstick-daily-jobs.yml @@ -282,7 +282,7 @@ publishers: - email: - recipients: jean.gaoliang@huawei.com limingjiang@huawei.com + recipients: jean.gaoliang@huawei.com limingjiang@huawei.com ross.b.brattain@intel.com ######################## # builder macros |