From e390566b0afbf51e5648b160c62484ca3dfdcc33 Mon Sep 17 00:00:00 2001 From: Michal Kovarik Date: Mar 17 2020 13:38:58 +0000 Subject: Add validation of Jenkinsfile --- diff --git a/roles/c3i/README.md b/roles/c3i/README.md index a529351..6cf2c06 100644 --- a/roles/c3i/README.md +++ b/roles/c3i/README.md @@ -93,10 +93,21 @@ Example Playbook repo: "{{ c3i_lib_url }}" dest: c3i-library version: "{{ c3i_lib_branch }}" + tags: + - validate - file: src: c3i-library/roles dest: roles state: link + tags: + - validate - include_role: name: c3i + tags: + - validate + ``` + +Validation +---------- +Generated Jenkins files can be validated by running playbook with `--tags validate`. diff --git a/roles/c3i/defaults/main.yml b/roles/c3i/defaults/main.yml index 5455855..68b2daa 100644 --- a/roles/c3i/defaults/main.yml +++ b/roles/c3i/defaults/main.yml @@ -87,3 +87,6 @@ c3i_ocp_token: "{{ lookup('file', '/run/secrets/kubernetes.io/serviceaccount/tok c3i_ocp_host: https://paas.psi.redhat.com c3i_ocp_verify_ssl: true c3i_ocp_namespace: "{{ lookup('file', '/run/secrets/kubernetes.io/serviceaccount/namespace', errors='ignore') | default(lookup('pipe', \"awk '/current-context/ {print $2}' ~/.kube/config | cut -f1 -d'/'\"), true) }}" + +# Jenkins for Jenkinsfile validation - has to have read access for anonymous +c3i_jenkins_master_validation: jenkins-c3i.cloud.paas.psi.redhat.com diff --git a/roles/c3i/tasks/build.yml b/roles/c3i/tasks/build.yml index 80e5a0d..ad0b927 100644 --- a/roles/c3i/tasks/build.yml +++ b/roles/c3i/tasks/build.yml @@ -36,6 +36,35 @@ name: edit when: not c3i_skip_service_accounts +- name: Generate Jenkins file {{ job_vars.name }} + template: + src: build.Jenkinsfile + dest: "{{ job_vars.name }}.Jenkinsfile" + vars: + task_var_build_and_test: "{{ lookup('template', c3i_build_and_test_snippet, errors='ignore') | default('') }}" + tags: + - validate + +- name: Validate Jenkins file {{ job_vars.name }} + uri: + url: "https://{{ c3i_jenkins_master_validation }}/pipeline-model-converter/validate" + method: POST + body: + jenkinsfile: "{{ lookup('file', '{{ job_vars.name }}.Jenkinsfile')}}" + return_content: yes + body_format: form-urlencoded + register: this + failed_when: "'Jenkinsfile successfully validated.' not in this.content" + tags: + - validate + +- name: Cleanup validation for {{ job_vars.name }} + file: + path: "{{ job_vars.name }}.Jenkinsfile" + state: absent + tags: + - validate + - name: Build config {{ job_vars.name }} k8s: api_key: "{{ c3i_ocp_token }}" diff --git a/roles/c3i/tasks/greenwave-promote.yml b/roles/c3i/tasks/greenwave-promote.yml index 0841f87..6ac2467 100644 --- a/roles/c3i/tasks/greenwave-promote.yml +++ b/roles/c3i/tasks/greenwave-promote.yml @@ -38,6 +38,33 @@ when: not c3i_skip_service_accounts loop: "{{ c3i_images_for_promotion }}" +- name: Generate Jenkins file {{ job_vars.name_post }} + template: + src: greenwave-promote.Jenkinsfile + dest: "{{ job_vars.name_post }}.Jenkinsfile" + tags: + - validate + +- name: Validate Jenkins file {{ job_vars.name_post }} + uri: + url: "https://{{ c3i_jenkins_master_validation }}/pipeline-model-converter/validate" + method: POST + body: + jenkinsfile: "{{ lookup('file', '{{ job_vars.name_post }}.Jenkinsfile')}}" + return_content: yes + body_format: form-urlencoded + register: this + failed_when: "'Jenkinsfile successfully validated.' not in this.content" + tags: + - validate + +- name: Cleanup validation for {{ job_vars.name_post }} + file: + path: "{{ job_vars.name_post }}.Jenkinsfile" + state: absent + tags: + - validate + - name: Build config greenwave-promote k8s: api_key: "{{ c3i_ocp_token }}" diff --git a/roles/c3i/tasks/main.yml b/roles/c3i/tasks/main.yml index 68e990a..35a4ecb 100644 --- a/roles/c3i/tasks/main.yml +++ b/roles/c3i/tasks/main.yml @@ -4,6 +4,8 @@ with_filetree: ../templates/jobs loop_control: loop_var: job_item + tags: + - validate - name: Load dockerfile for jenkins agent buildConfig stat: path: "{{ lookup('pipe', 'git rev-parse --show-toplevel') }}/{{ c3i_jenkins_agent_buildconfig_contextdir }}/{{ c3i_jenkins_agent_buildconfig_dockerfile }}" diff --git a/roles/c3i/tasks/proceed.yml b/roles/c3i/tasks/proceed.yml index a0a4439..dd1b596 100644 --- a/roles/c3i/tasks/proceed.yml +++ b/roles/c3i/tasks/proceed.yml @@ -3,4 +3,8 @@ include_vars: name: job_vars file: "{{ job_item.src }}" + tags: + - validate - include_tasks: "{{ job_vars.template }}" + tags: + - validate diff --git a/roles/c3i/tasks/trigger-on-tag.yml b/roles/c3i/tasks/trigger-on-tag.yml index 31f84b3..572f9b3 100644 --- a/roles/c3i/tasks/trigger-on-tag.yml +++ b/roles/c3i/tasks/trigger-on-tag.yml @@ -36,6 +36,35 @@ name: edit when: not c3i_skip_service_accounts +- name: Generate Jenkins file {{ job_vars.name }} + template: + src: trigger-on-tag.Jenkinsfile + dest: "{{ job_vars.name }}.Jenkinsfile" + vars: + task_var_integration_test: "{{ lookup('template', c3i_integration_test_snippet, errors='ignore') | default('') }}" + tags: + - validate + +- name: Validate Jenkins file {{ job_vars.name }} + uri: + url: "https://{{ c3i_jenkins_master_validation }}/pipeline-model-converter/validate" + method: POST + body: + jenkinsfile: "{{ lookup('file', '{{ job_vars.name }}.Jenkinsfile')}}" + return_content: yes + body_format: form-urlencoded + register: this + failed_when: "'Jenkinsfile successfully validated.' not in this.content" + tags: + - validate + +- name: Cleanup validation for {{ job_vars.name }} + file: + path: "{{ job_vars.name }}.Jenkinsfile" + state: absent + tags: + - validate + - name: Build config {{ job_vars.name }} k8s: api_key: "{{ c3i_ocp_token }}" diff --git a/roles/c3i/templates/trigger-on-tag.Jenkinsfile b/roles/c3i/templates/trigger-on-tag.Jenkinsfile index 637f10b..60836d0 100644 --- a/roles/c3i/templates/trigger-on-tag.Jenkinsfile +++ b/roles/c3i/templates/trigger-on-tag.Jenkinsfile @@ -38,7 +38,7 @@ pipeline { def messages = readJSON text: datagrepperdata messages.raw_messages.any { def msg = it.msg - if ( msg?.action in ('added', 'updated') && + if ( msg?.action in ['added', 'updated'] && msg?.tag == params.TRACKED_TAG && msg?.repo == params.TRACKED_CONTAINER_REPO ){