From b6a1f92d61c3adb5ae94b6916b573d8d972de078 Mon Sep 17 00:00:00 2001 From: Pavlina Bortlova Date: May 20 2020 11:43:02 +0000 Subject: Integrate Gerrit --- diff --git a/docs/c3i-ansible-role.md b/docs/c3i-ansible-role.md index 5b09e32..49d4be2 100644 --- a/docs/c3i-ansible-role.md +++ b/docs/c3i-ansible-role.md @@ -50,6 +50,20 @@ Jenkins master is listening on Fedmsg. * Hub Address: tcp://hub.fedoraproject.org:9940 * Publish Address: tcp://hub.fedoraproject.org:9940 +### Integration with Gerrit: +* Server name defined by `c3i_gerrit_server` + +#### Setup Gerrit trigger in Jenkins +* Click on 'Manage Jenkins' +* Go to 'Gerrit trigger' + * Add new server + * Add name the same you use in `c3i_gerrit_server` + * Choose -> __Gerrit Server with Default Configurations__ + * Specify -> Hostname, Frontend URL, Username, SSH Keyfile and SSH Keyfile Password -> press __Test connection__ + * Note: If you have an issue with ssh key try to create the ssh key on centos. +#### Set up Gerrit access right for the account +* use [Gerrit trigger plugin - Set up - Gerrit access right](https://plugins.jenkins.io/gerrit-trigger/) documentation + ### Integration with Ansible tower Postmerge and Promotion workflows can trigger Tower job when new container image is created, tested and uploaded. To enable this feature your Openshift namespace has to contain secret `tower-promotion-secret` with username and password of Tower user who has permission to run requested Tower job templates. Secret creation: diff --git a/roles/c3i/defaults/main.yml b/roles/c3i/defaults/main.yml index e8ea494..c99aa35 100644 --- a/roles/c3i/defaults/main.yml +++ b/roles/c3i/defaults/main.yml @@ -9,6 +9,8 @@ c3i_images_for_promotion: - "{{ c3i_component }}" # Git repo for build +# pagure https://pagure.io/{{ c3i_component }}.git +# gerrit https://code.engineering.redhat.com/gerrit/{{ c3i_component }}.git c3i_git_repo: https://pagure.io/{{ c3i_component }}.git # Main branch used for triggering post merge workflow. c3i_git_main_branch: master @@ -43,12 +45,14 @@ c3i_definition_dir: openshift/pipelines c3i_definition_update_script: ansible-playbook deploy.yml -e c3i_skip_service_accounts=true # Api key for pagure - has to have permissions for: Flag a commit, Comment on a pull-request, Flag a pull-request -c3i_pagure_api_key_secret: pagure-api-key +c3i_pagure_api_key_secret: "{{ 'pagure-api-key' if 'pagure' in c3i_git_repo else '' }}" # Temporarily disable doc push to workaround https://pagure.io/pagure/issue/3919. Remove this line when it is fixed. c3i_pagure_doc_repo_name: c3i_pagure_doc_secret: pagure-doc-secret +# Name of the server created in Jenkin Gerrit trigger plugin +c3i_gerrit_server: gerrit c3i_default_agent_snippet: default-agent.groovy c3i_build_agent_snippet: "{{ c3i_default_agent_snippet }}" diff --git a/roles/c3i/templates/build.Jenkinsfile b/roles/c3i/templates/build.Jenkinsfile index d11a26b..33303ec 100644 --- a/roles/c3i/templates/build.Jenkinsfile +++ b/roles/c3i/templates/build.Jenkinsfile @@ -24,43 +24,58 @@ pipeline { PAGURE_REPO_IS_FORK = "${env.GIT_REPO.contains('/forks/') ? 'true': 'false'}" } {% if "postmerge" not in job_vars.name %} - triggers { - ciBuildTrigger( - noSquash: true, - providerList: [ - {% if "premerge" in job_vars.name %} - {% for topic in job_vars.messaging_fedmsg_topics %} - fedmsgSubscriber( - name: params.MESSAGING_FEDMSG_PROVIDER, - overrides: [topic: "{{ topic }}"], - checks: [ - [field: '$.pullrequest.project.url_path', expectedValue: params.GIT_REPO.split('/')[3..-1].join('/').replace('forks/', 'fork/').replaceAll(/.git$/, '')], - [field: '$.pullrequest.branch', expectedValue: params.GIT_MAIN_BRANCH], - ] - ), - {% endfor %} - {% elif "job-updater" in job_vars.name %} - {% for topic in job_vars.messaging_fedmsg_topics %} - fedmsgSubscriber( - name: params.MESSAGING_FEDMSG_PROVIDER, - overrides: [topic: "{{ topic }}"], - checks: [ - [field: '$.repo.url_path', expectedValue: "^${params.GIT_REPO.split('/')[3..-1].join('/').replace('forks/', 'fork/').replaceAll(/.git$/, '')}\$"], - [field: '$.branch', expectedValue: params.GIT_MAIN_BRANCH], - ] - ) - {% endfor %} - {% endif %} - ] - ) - } + // pagure + {% if "pagure" in c3i_git_repo %} + triggers { + ciBuildTrigger( + noSquash: true, + providerList: [ + {% if "premerge" in job_vars.name %} + {% for topic in job_vars.messaging_fedmsg_topics %} + fedmsgSubscriber( + name: params.MESSAGING_FEDMSG_PROVIDER, + overrides: [topic: "{{ topic }}"], + checks: [ + [field: '$.pullrequest.project.url_path', expectedValue: params.GIT_REPO.split('/')[3..-1].join('/').replace('forks/', 'fork/').replaceAll(/.git$/, '')], + [field: '$.pullrequest.branch', expectedValue: params.GIT_MAIN_BRANCH], + ] + ), + {% endfor %} + {% elif "job-updater" in job_vars.name %} + {% for topic in job_vars.messaging_fedmsg_topics %} + fedmsgSubscriber( + name: params.MESSAGING_FEDMSG_PROVIDER, + overrides: [topic: "{{ topic }}"], + checks: [ + [field: '$.repo.url_path', expectedValue: "^${params.GIT_REPO.split('/')[3..-1].join('/').replace('forks/', 'fork/').replaceAll(/.git$/, '')}\$"], + [field: '$.branch', expectedValue: params.GIT_MAIN_BRANCH], + ] + ) + {% endfor %} + {% endif %} + ] + ) + } + // gerrit trigger + {% elif "gerrit" in c3i_git_repo %} + triggers { + gerrit customUrl: '', + gerritProjects: + [[branches: [[compareType: 'PLAIN', pattern: params.GIT_MAIN_BRANCH ]], + compareType: 'ANT', + disableStrictForbiddenFileVerification: false, + pattern: env.GIT_REPO.split('/')[-1].replaceAll(/.git$/, '')]], + serverName: env.GERRIT_SERVER_NAME, + // there are variables in job-updater.yml and premerge.yml which change the value of trigger + triggerOnEvents: [{{ job_vars.gerrit_trigger }}] + } + {% endif %} {% endif %} {% if c3i_trigger_update_only %} {% include "trigger-update-stages.groovy" %} {% else %} - stages { - stage('Proceeding CI_MESSAGE') { + stage('Proceeding CI_MESSAGE from UMB') { when { expression { env.CI_MESSAGE } } @@ -73,7 +88,21 @@ pipeline { } } } - stage('Update Build Info') { + stage('Proceeding Gerrit trigger') { + when { + expression { env.GERRIT_REFSPEC } + } + steps { + script { + // figure out how look the message when it is merged + if (env.GERRIT_EVENT_TYPE == "patchset-created") { + env.GIT_REPO_REF = env.GERRIT_REFSPEC + env.PR_NO = env.GERRIT_CHANGE_NUMBER + } + } + } + } + stage('Clone git repo') { steps { script { if (!env.GIT_REPO_REF) { @@ -81,11 +110,17 @@ pipeline { } // FIXME: Due to a bug described in https://issues.jenkins-ci.org/browse/JENKINS-45489 - c3i.clone(repo: params.GIT_REPO, - branch: env.GIT_REPO_REF) + c3i.clone(repo: params.GIT_REPO, branch: env.GIT_REPO_REF) env.GIT_COMMIT = sh(returnStdout: true, script: 'git rev-parse HEAD').trim() echo "Build ${env.GIT_REPO_REF}, commit=${env.GIT_COMMIT}" - + } + } + } + // this is not needed for Gerrit + {% if "pagure" in c3i_git_repo %} + stage('Update Build Info') { + steps { + script { // Set friendly display name and description def pagure_repo_home = env.GIT_REPO.replace('/forks/', '/fork/').replaceAll(/.git$/,'') {% if "premerge" in job_vars.name %} @@ -125,6 +160,10 @@ pipeline { } } } + {% endif %} + // Update jenkins files through oc command + // run all jobs from templates/jobs directory + // job updater is on the same lever as postmerge/premerge {% if "job-updater" in job_vars.name %} stage('Update pipeline jobs') { steps { @@ -135,7 +174,7 @@ pipeline { } } } - stage('Trigger postmerge') { + stage('Trigger postmerge - build, test and upload container') { steps { script { openshift.withCluster() { @@ -181,8 +220,10 @@ pipeline { } } } - + // run component snippet to run and test the component {{ task_var_build_and_test }} + + stage('Push container') { when { expression { @@ -225,6 +266,7 @@ pipeline { } stage('Triggering Tower deployment') { when { + // env.GIT_REPO_REF == params.GIT_MAIN_BRANCH it means that this is a postmerge expression { env.GIT_REPO_REF == params.GIT_MAIN_BRANCH && params.TOWER_TEMPLATE_ID && params.TOWER_SECRET } } {% include "triggering-tower-steps.groovy" %} diff --git a/roles/c3i/templates/build.yml b/roles/c3i/templates/build.yml index 65adb26..f636153 100644 --- a/roles/c3i/templates/build.yml +++ b/roles/c3i/templates/build.yml @@ -13,10 +13,18 @@ spec: env: - name: GIT_REPO value: {{ c3i_git_repo }} - - name: GIT_REPO_REF - value: {{ job_vars.git_repo_ref }} - name: GIT_MAIN_BRANCH value: {{ c3i_git_main_branch }} + - name: GIT_REPO_REF + value: {{ job_vars.git_repo_ref }} + - name: PAGURE_DOC_REPO_NAME + value: {{ c3i_pagure_doc_repo_name }} + - name: PAGURE_DOC_SECRET + value: {{ c3i_pagure_doc_secret }} + - name: PAGURE_API_KEY_SECRET_NAME + value: {{ c3i_pagure_api_key_secret }} + - name: GERRIT_SERVER_NAME + value: {{ c3i_gerrit_server }} - name: OPENSHIFT_CLOUD_NAME value: {{ c3i_cloud_name }} - name: JENKINS_AGENT_IMAGE @@ -29,18 +37,12 @@ spec: value: {{ c3i_container_registry_credentials }} - name: IMAGE_TAG value: {{ c3i_dev_image_tag }} - - name: PAGURE_DOC_REPO_NAME - value: {{ c3i_pagure_doc_repo_name }} - - name: PAGURE_DOC_SECRET - value: {{ c3i_pagure_doc_secret }} - name: MESSAGING_PROVIDER value: {{ c3i_messaging_provider }} - name: POSTMERGE_JOB value: {{ c3i_component }}-postmerge - name: MESSAGING_FEDMSG_PROVIDER value: {{ c3i_fedmsg_provider }} - - name: PAGURE_API_KEY_SECRET_NAME - value: {{ c3i_pagure_api_key_secret }} - name: MAIL_ADDRESS value: {{ c3i_mail_address }} - name: C3IAAS_NAMESPACE diff --git a/roles/c3i/templates/jobs/job-updater.yml b/roles/c3i/templates/jobs/job-updater.yml index 8cc8f93..eab0393 100644 --- a/roles/c3i/templates/jobs/job-updater.yml +++ b/roles/c3i/templates/jobs/job-updater.yml @@ -4,3 +4,4 @@ template: build.yml messaging_fedmsg_topics: - io.pagure.prod.pagure.git.receive git_repo_ref: master +gerrit_trigger: changeMerged() diff --git a/roles/c3i/templates/jobs/premerge.yml b/roles/c3i/templates/jobs/premerge.yml index c44f766..1fe1978 100644 --- a/roles/c3i/templates/jobs/premerge.yml +++ b/roles/c3i/templates/jobs/premerge.yml @@ -7,3 +7,4 @@ messaging_fedmsg_topics: - io.pagure.prod.pagure.pull-request.reopened - io.pagure.prod.pagure.pull-request.rebased git_repo_ref: +gerrit_trigger: patchsetCreated() diff --git a/setup/jenkins-plugins.txt b/setup/jenkins-plugins.txt index 0959599..1bfe11c 100644 --- a/setup/jenkins-plugins.txt +++ b/setup/jenkins-plugins.txt @@ -6,3 +6,4 @@ update-sites-manager:latest jms-messaging:latest configuration-as-code:latest rebuild:latest +gerrit-trigger:latest diff --git a/verification/test-project/c3i-role-vars.yml b/verification/test-project/c3i-role-vars.yml index e8ffedb..8a142b1 100644 --- a/verification/test-project/c3i-role-vars.yml +++ b/verification/test-project/c3i-role-vars.yml @@ -10,7 +10,7 @@ c3i_mail_address: c3i_lib_url: c3i_lib_branch: -c3i_git_repo: +c3i_git_repo: "" c3i_git_main_branch: c3i_jenkins_agent_image: "{{ c3i_workflow_jenkins_image }}"