#380 Use C3I role
Merged 9 months ago by lholecek. Opened 9 months ago by mkovarik.
mkovarik/waiverdb c3i-role  into  master

@@ -20,9 +20,9 @@ 

  USER root

  

  RUN ${DNF_CMD} install -y \

-     java-1.8.0-openjdk-headless gettext nss_wrapper git-core \

+     java-1.8.0-openjdk-headless gettext git-core \

      tar gzip skopeo wget make bind-utils \

-     origin-clients \

+     origin-clients python3-jinja2-cli \

      # Jenkins pipeline 'sh' steps seem to require ps

      procps-ng \

      # Tools to build and test waiverdb

@@ -39,13 +39,10 @@ 

  

  # Dynamically create a passwd file for non-arbitrary UIDs.

  # Taken from: https://docs.openshift.org/latest/creating_images/guidelines.html#openshift-origin-specific-guidelines

- export USER_ID=$(id -u)

- export GROUP_ID=$(id -g)

- 

- # Skip for root user

- if [ x"$USER_ID" != x"0" ]; then

-     cp /etc/passwd $NSS_WRAPPER_PASSWD

-     echo "jenkins:x:${USER_ID}:${GROUP_ID}:jenkins:${HOME}:/bin/bash" >> $NSS_WRAPPER_PASSWD

+ if ! whoami &> /dev/null; then

+   if [ -w /etc/passwd ]; then

+     echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd

+   fi

  fi

  

  if [ $# -eq 1 ]; then

@@ -1,38 +0,0 @@ 

- OC:=oc

- OCFLAGS:=

- JOBS_DIR:=jobs

- TEMPLATES_DIR:=templates

- JOB_PARAM_FILES:=$(wildcard $(JOBS_DIR)/*.env)

- JOBS:=$(patsubst $(JOBS_DIR)/%.env,%,$(JOB_PARAM_FILES))

- 

- OC_CMD=$(OC) $(OCFLAGS)

- 

- help:

- 	@echo TARGETS

- 	@echo -e "\tinstall\t\tInstall or update pipelines to OpenShift"

- 	@echo -e "\tuninstall\tDelete installed pipelines from OpenShift"

- 	@echo

- 	@echo VARIABLES

- 	@echo -e "\tJOBS\t\tSpace seperated list of pipeline jobs to install"

- 	@echo -e "\tJOBS_DIR\tLooking for pipeline job definitions in an alternate directory."

- 	@echo -e "\tTEMPLATES_DIR\tLooking for pipeline job templates in an alternate directory."

- 	@echo -e "\tOC\t\tUse this oc command"

- 	@echo -e "\tOCFLAGS\t\tOptions to append to the oc command arguments"

- install:

- 	@for job in $(JOBS); do \

- 		echo "[PIPELINE] Updating pipeline job \"$${job}\"..." ; \

- 	  template_file=$$(cat ./$(JOBS_DIR)/$${job}.tmpl); \

- 		jinja2 ./$(TEMPLATES_DIR)/$${template_file} | $(OC_CMD) process --local -f - \

- 			--param-file ./$(JOBS_DIR)/$${job}.env | $(OC_CMD) apply -f -; \

- 		echo "[PIPELINE] Pipeline job \"$${job}\" updated" ; \

- 	done

- uninstall:

- 	@for job in $(JOBS); do \

- 	  template_file=$$(cat ./$(JOBS_DIR)/$${job}.tmpl); \

- 		template_name=$${template_file%.y?ml}; \

- 		template_name=$${template_name%-template}; \

- 		echo "[PIPELINE] Deleting pipeline job \"$${job}\"..." ; \

- 		$(OC_CMD) delete all -l template="$$template_name" -l app="$$job" ;\

- 		echo "[PIPELINE] Pipeline job \"$${job}\" deleted" ; \

- 	done

- .PHONY: help install uninstall

@@ -0,0 +1,19 @@ 

+ c3i_component: waiverdb

+ c3i_build_and_test_snippet: snippets/waiverdb-build-and-test.groovy

+ c3i_build_agent_snippet: snippets/build-agent.groovy

+ c3i_integration_test_snippet: snippets/waiverdb-full-integration-test.groovy

+ 

+ c3i_mail_address: pnt-factory2-devel@redhat.com

+ 

+ c3i_integration_test_custom_parameters:

+   - name: BACKEND_INTEGRATION_TEST_REPO

+     value: https://gitlab.cee.redhat.com/devops/factory2-segment-tests.git

+   - name: BACKEND_INTEGRATION_TEST_REPO_BRANCH

+     value: master

+   - name: BACKEND_INTEGRATION_TEST_FILE

+     value: greenwave-segment-test/greenwave-segment-test-c3i.sh

+ 

+ c3i_jenkins_test_agent_image: docker-registry.upshift.redhat.com/factory2/factory2-integration-test-jenkins-slave:latest

+ 

+ c3i_lib_url: https://pagure.io/c3i-library.git

+ c3i_lib_branch: master

@@ -0,0 +1,15 @@ 

+ - name: Deplomyent playbook

+   hosts: localhost

+   vars_files:

+     - c3i-role-vars.yml

+   tasks:

+     - git:

+         repo: "{{ c3i_lib_url }}"

+         dest: c3i-library

+         version: "{{ c3i_lib_branch }}"

+     - file:

+         src: c3i-library/roles

+         dest: roles

+         state: link

+     - include_role:

+         name: c3i

@@ -1,6 +0,0 @@ 

- NAME=waiverdb-greenwave-promote-to-prod

- SOURCE_CONTAINER_REPO=quay.io/factory2/waiverdb

- TARGET_TAG=prod

- DECISION_CONTEXT_REGEX=c3i_promote_stage_to_prod

- MESSAGING_TOPIC=Consumer.rh-jenkins-ci-plugin.c3i-waiverdb-promote-to-prod.VirtualTopic.eng.greenwave.decision.update

- PROMOTING_DESTINATIONS=quay.io/factory2/waiverdb

@@ -1,1 +0,0 @@ 

- waiverdb-greenwave-trigger.yaml

@@ -1,6 +0,0 @@ 

- NAME=waiverdb-greenwave-promote-to-stage

- SOURCE_CONTAINER_REPO=quay.io/factory2/waiverdb

- TARGET_TAG=stage

- DECISION_CONTEXT_REGEX=c3i_promote_dev_to_stage

- MESSAGING_TOPIC=Consumer.rh-jenkins-ci-plugin.c3i-waiverdb-promote-to-stage.VirtualTopic.eng.greenwave.decision.update

- PROMOTING_DESTINATIONS=quay.io/factory2/waiverdb

@@ -1,1 +0,0 @@ 

- waiverdb-greenwave-trigger.yaml

@@ -1,3 +0,0 @@ 

- NAME=waiverdb-polling-for-master

- PAGURE_POLLING_SCHEDULE="H/5 * * * *"

- PAGURE_POLLED_BRANCH=master

@@ -1,1 +0,0 @@ 

- waiverdb-polling-pagure.yaml

@@ -1,3 +0,0 @@ 

- NAME=waiverdb-polling-for-prs

- PAGURE_POLLING_FOR_PR=true

- PAGURE_POLLING_SCHEDULE="H/5 * * * *"

@@ -1,1 +0,0 @@ 

- waiverdb-polling-pagure.yaml

@@ -1,3 +0,0 @@ 

- NAME=waiverdb-postmerge

- PAGURE_DOC_REPO_NAME= # Temporarily disable doc push to workaround https://pagure.io/pagure/issue/3919. Remove this line when it is fixed.

- MAIL_ADDRESS=pnt-factory2-devel@redhat.com 

@@ -1,1 +0,0 @@ 

- waiverdb-build-template.yaml

@@ -1,1 +0,0 @@ 

- NAME=waiverdb-premerge

@@ -1,1 +0,0 @@ 

- waiverdb-build-template.yaml

@@ -1,4 +0,0 @@ 

- NAME=waiverdb-trigger-on-latest-tag

- MESSAGING_TOPIC=Consumer.rh-jenkins-ci-plugin.c3i-waiverdb-trigger-on-latest-tag.VirtualTopic.eng.repotracker.container.tag.>

- ENVIRONMENT=stage

- TRACKED_TAG=latest

@@ -1,1 +0,0 @@ 

- waiverdb-repotracker-trigger.yaml

@@ -1,4 +0,0 @@ 

- NAME=waiverdb-trigger-on-stage-tag

- MESSAGING_TOPIC=Consumer.rh-jenkins-ci-plugin.c3i-waiverdb-trigger-on-stage-tag.VirtualTopic.eng.repotracker.container.tag.>

- TRACKED_TAG=stage

- ENVIRONMENT=prod

@@ -1,1 +0,0 @@ 

- waiverdb-repotracker-trigger.yaml

openshift/pipelines/snippets/build-agent.groovy openshift/pipelines/templates/snippets/default-agent.groovy
file renamed
+36 -6
@@ -1,15 +1,16 @@ 

  agent {

    kubernetes {

-     cloud "${params.OPENSHIFT_CLOUD_NAME}"

+     cloud params.OPENSHIFT_CLOUD_NAME

      label "jenkins-slave-${UUID.randomUUID().toString()}"

-     serviceAccount "${params.JENKINS_AGENT_SERVICE_ACCOUNT}"

+     serviceAccount params.JENKINS_AGENT_SERVICE_ACCOUNT

      defaultContainer 'jnlp'

      yaml """

      apiVersion: v1

      kind: Pod

      metadata:

        labels:

-         app: "${env.JOB_BASE_NAME}"

+         app: "jenkins-${env.JOB_BASE_NAME}"

+         factory2-pipeline-kind: "waiverdb-build-pipeline"

          factory2-pipeline-build-number: "${env.BUILD_NUMBER}"

      spec:

        containers:
@@ -17,13 +18,42 @@ 

          image: "${params.JENKINS_AGENT_IMAGE}"

          imagePullPolicy: Always

          tty: true

+         env:

+         - name: USER_NAME

+           value: jenkins

+         volumeMounts:

+         - name: postgresql-socket

+           mountPath: /var/run/postgresql

          resources:

            requests:

-             memory: 512Mi

-             cpu: 200m

-           limits:

              memory: 768Mi

              cpu: 300m

+           limits:

+             memory: 1Gi

+             cpu: 500m

+       - name: db

+         image: registry.access.redhat.com/rhscl/postgresql-95-rhel7:latest

+         imagePullPolicy: Always

+         env:

+         - name: POSTGRESQL_USER

+           value: waiverdb

+         - name: POSTGRESQL_PASSWORD

+           value: waiverdb

+         - name: POSTGRESQL_DATABASE

+           value: waiverdb

+         volumeMounts:

+         - name: postgresql-socket

+           mountPath: /var/run/postgresql

+         resources:

+           requests:

+             memory: 256Mi

+             cpu: 100m

+           limits:

+             memory: 384Mi

+             cpu: 200m

+       volumes:

+       - name: postgresql-socket

+         emptyDir: {}

      """

    }

  }

@@ -0,0 +1,326 @@ 

+ stage('Install pip dependencies') {

+   steps {

+     script {

+       if (sh(returnStatus: true, script: 'pip3 install --user -r ./requirements.txt') != 0) {

+         echo 'WARNING: Failed to install dependencies from requirements.txt.'

+       }

+     }

+   }

+ }

+ stage('Run checks') {

+   failFast false

+   parallel {

+     stage('Invoke Flake8') {

+       steps {

+         sh 'flake8'

+       }

+     }

+     stage('Invoke Pylint') {

+       steps {

+         sh 'pylint-3 --reports=n waiverdb'

+       }

+     }

+   }

+ }

+ stage('Run unit tests') {

+   steps {

+     sh 'cp conf/settings.py.example conf/settings.py'

+     // wait for the test datebase to come up

+     sh 'wait-for-it -s -t 300 127.0.0.1:5432'

+     // create a database role

+     sh "psql -h 127.0.0.1 -U postgres -q -d waiverdb -c 'CREATE ROLE \"jenkins\" WITH LOGIN SUPERUSER;'"

+     // run unit tests

+     sh 'py.test-3 -v --junitxml=junit-tests.xml tests'

+   }

+   post {

+     always {

+       junit 'junit-tests.xml'

+     }

+   }

+ }

+ stage('Build Artifacts') {

+   failFast false

+   parallel {

+     stage('Branch Docs') {

+       stages {

+         stage('Build Docs') {

+           steps {

+             sh 'make -C docs html'

+           }

+           post {

+             always {

+               archiveArtifacts artifacts: 'docs/_build/html/**'

+             }

+           }

+         }

+         stage('Publish Docs') {

+           when {

+             expression {

+               return "${params.PAGURE_DOC_REPO_NAME}" && (env.GIT_REPO_REF == params.PAGURE_MAIN_BRANCH || env.FORCE_PUBLISH_DOCS == "true")

+             }

+           }

+           steps {

+             sshagent (credentials: ["${env.TRIGGER_NAMESPACE}-${params.PAGURE_DOC_SECRET}"]) {

+               sh '''

+               mkdir -p ~/.ssh/

+               touch ~/.ssh/known_hosts

+               ssh-keygen -R pagure.io

+               echo 'pagure.io ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC198DWs0SQ3DX0ptu+8Wq6wnZMrXUCufN+wdSCtlyhHUeQ3q5B4Hgto1n2FMj752vToCfNTn9mWO7l2rNTrKeBsELpubl2jECHu4LqxkRVihu5UEzejfjiWNDN2jdXbYFY27GW9zymD7Gq3u+T/Mkp4lIcQKRoJaLobBmcVxrLPEEJMKI4AJY31jgxMTnxi7KcR+U5udQrZ3dzCn2BqUdiN5dMgckr4yNPjhl3emJeVJ/uhAJrEsgjzqxAb60smMO5/1By+yF85Wih4TnFtF4LwYYuxgqiNv72Xy4D/MGxCqkO/nH5eRNfcJ+AJFE7727F7Tnbo4xmAjilvRria/+l' >>~/.ssh/known_hosts

+               rm -rf docs-on-pagure

+               git clone ssh://git@pagure.io/docs/${params.PAGURE_DOC_REPO_NAME}.git docs-on-pagure

+               rm -rf docs-on-pagure/*

+               cp -r docs/_build/html/* docs-on-pagure/

+               cd docs-on-pagure

+               git config user.name 'Pipeline Bot'

+               git config user.email "pipeline-bot@localhost.localdomain"

+               git add -A .

+               if [[ "$(git diff --cached --numstat | wc -l)" -eq 0 ]] ; then

+                   exit 0 # No changes, nothing to commit

+               fi

+               git commit -m "Automatic commit of docs built by Jenkins job ${JOB_NAME} #${BUILD_NUMBER}"

+               git push origin master

+               '''

+             }

+           }

+         }

+       }

+     }

+     stage('Build SRPM') {

+       steps {

+         sh './rpmbuild.sh -bs'

+       }

+       post {

+         success {

+           archiveArtifacts artifacts: 'rpmbuild-output/*.src.rpm'

+         }

+       }

+     }

+     stage('Branch RPM') {

+       stages {

+         stage('Build RPM') {

+           steps {

+             sh './rpmbuild.sh -bb'

+           }

+           post {

+             success {

+               archiveArtifacts artifacts: 'rpmbuild-output/*/*.rpm'

+             }

+           }

+         }

+         stage('Invoke Rpmlint') {

+           steps {

+             sh 'rpmlint -f rpmlint-config.py rpmbuild-output/*/*.rpm'

+           }

+         }

+       }

+     }

+   }

+ }

+ stage('Build container') {

+   environment {

+     BUILDCONFIG_INSTANCE_ID = "waiverdb-temp-${currentBuild.id}-${UUID.randomUUID().toString().substring(0,7)}"

+   }

+   steps {

+     script {

+       // Generate a version-release number for the target Git commit

+       def versions = sh(returnStdout: true, script: 'source ./version.sh && echo -en "$WAIVERDB_VERSION\n$WAIVERDB_CONTAINER_VERSION"').split('\n')

+       def waiverdb_version = versions[0]

+       env.TEMP_TAG = versions[1] + '-jenkins-' + currentBuild.id

+ 

+       openshift.withCluster() {

+         // OpenShift BuildConfig doesn't support specifying a tag name at build time.

+         // We have to create a new BuildConfig for each container build.

+         // Create a BuildConfig from a seperated Template.

+         echo 'Creating a BuildConfig for container build...'

+         def template = readYaml file: 'openshift/waiverdb-container-template.yaml'

+         def processed = openshift.process(template,

+           "-p", "NAME=${env.BUILDCONFIG_INSTANCE_ID}",

+           '-p', "WAIVERDB_GIT_REPO=${params.GIT_REPO}",

+           // A pull-request branch, like pull/123/head, cannot be built with commit ID

+           // because refspec cannot be customized in an OpenShift build .

+           '-p', "WAIVERDB_GIT_REF=${env.PR_NO ? env.GIT_REPO_REF : env.GIT_COMMIT}",

+           '-p', "WAIVERDB_IMAGE_TAG=${env.TEMP_TAG}",

+           '-p', "WAIVERDB_VERSION=${waiverdb_version}",

+           '-p', "WAIVERDB_IMAGESTREAM_NAME=${params.IMAGESTREAM_NAME}",

+           '-p', "WAIVERDB_IMAGESTREAM_NAMESPACE=${params.IMAGESTREAM_NAMESPACE}",

+         )

+         def build = c3i.buildAndWait(script: this, objs: processed)

+         echo 'Container build succeeds.'

+         def ocpBuild = build.object()

+         env.RESULTING_IMAGE_REF = ocpBuild.status.outputDockerImageReference

+         env.RESULTING_IMAGE_DIGEST = ocpBuild.status.output.to.imageDigest

+         def imagestream = openshift.selector('is', ['app': env.BUILDCONFIG_INSTANCE_ID]).object()

+         env.RESULTING_IMAGE_REPOS = imagestream.status.dockerImageRepository

+         env.RESULTING_TAG = env.TEMP_TAG

+       }

+     }

+   }

+   post {

+     failure {

+       echo "Failed to build container image ${env.TEMP_TAG}."

+     }

+     cleanup {

+       script {

+         openshift.withCluster() {

+           echo 'Tearing down...'

+           openshift.selector('bc', [

+             'app': env.BUILDCONFIG_INSTANCE_ID,

+             'template': 'waiverdb-container-template',

+             ]).delete()

+         }

+       }

+     }

+   }

+ }

+ stage("Functional tests phase") {

+   stages {

+     stage('Prepare') {

+       steps {

+         script {

+           env.IMAGE = "${env.RESULTING_IMAGE_REPOS}:${env.RESULTING_TAG}"

+         }

+       }

+     }

+     stage('Cleanup') {

+       // Cleanup all test environments that were created 1 hour ago in case of failures of previous cleanups.

+       steps {

+         script {

+           openshift.withCluster() {

+             openshift.withProject(env.PIPELINE_ID) {

+               c3i.cleanup(script: this, age: 60, 'waiverdb')

+             }

+           }

+         }

+       }

+     }

+     stage('Run functional tests') {

+       environment {

+         // Jenkins BUILD_TAG could be too long (> 63 characters) for OpenShift to consume

+         TEST_ID = "${params.TEST_ID ?: 'jenkins-' + currentBuild.id + '-' + UUID.randomUUID().toString().substring(0,7)}"

+       }

+       steps {

+         echo "Container image ${env.IMAGE} will be tested."

+         script {

+           openshift.withCluster() {

+             // Don't set ENVIRONMENT_LABEL in the environment block! Otherwise you will get 2 different UUIDs.

+             env.ENVIRONMENT_LABEL = "test-${env.TEST_ID}"

+             def template = readYaml file: 'openshift/waiverdb-test-template.yaml'

+             def webPodReplicas = 1 // The current quota in UpShift is agressively limited

+             echo "Creating testing environment with TEST_ID=${env.TEST_ID}..."

+             def models = openshift.process(template,

+               '-p', "TEST_ID=${env.TEST_ID}",

+               '-p', "WAIVERDB_APP_IMAGE=${env.IMAGE}",

+               '-p', "WAIVERDB_REPLICAS=${webPodReplicas}",

+             )

+             c3i.deployAndWait(script: this, objs: models, timeout: 15)

+             def appPod = openshift.selector('pods', ['environment': env.ENVIRONMENT_LABEL, 'service': 'web']).object()

+             env.IMAGE_DIGEST = appPod.status.containerStatuses[0].imageID.split('@')[1]

+             // Run functional tests

+             def route_hostname = openshift.selector('routes', ['environment': env.ENVIRONMENT_LABEL]).object().spec.host

+             echo "Running tests against https://${route_hostname}/"

+             withEnv(["WAIVERDB_TEST_URL=https://${route_hostname}/"]) {

+               sh 'py.test-3 -v --junitxml=junit-functional-tests.xml functional-tests/'

+             }

+           }

+         }

+       }

+       post {

+         always {

+           script {

+             junit 'junit-functional-tests.xml'

+             archiveArtifacts artifacts: 'junit-functional-tests.xml'

+             openshift.withCluster() {

+               /* Extract logs for debugging purposes */

+               openshift.selector('deploy,pods', ['environment': env.ENVIRONMENT_LABEL]).logs()

+             }

+           }

+         }

+         cleanup {

+           script {

+             openshift.withCluster() {

+               /* Tear down everything we just created */

+               echo "Tearing down test resources..."

+               try {

+                 openshift.selector('dc,deploy,rc,configmap,secret,svc,route',

+                       ['environment': env.ENVIRONMENT_LABEL]).delete()

+               } catch (e) {

+                 echo "Failed to tear down test resources: ${e.message}"

+               }

+             }

+           }

+         }

+       }

+     }

+   }

+   post {

+     always {

+       script {

+         if (!env.IMAGE_DIGEST) {

+           // Don't send a message if the job fails before getting the image digest.

+           return;

+         }

+         if (!env.MESSAGING_PROVIDER) {

+           // Don't send a message if messaging provider is not configured

+           return

+         }

+         // currentBuild.result == null || currentBuild.result == 'SUCCESS' indicates a successful build,

+         // because it's possible that the pipeline engine hasn't set the value nor seen an error when reaching to this line.

+         // See example code in https://jenkins.io/doc/book/pipeline/jenkinsfile/#deploy

+         def sendResult = sendCIMessage \

+           providerName: params.MESSAGING_PROVIDER, \

+           overrides: [topic: 'VirtualTopic.eng.ci.container-image.test.complete'], \

+           messageType: 'Custom', \

+           messageProperties: '', \

+           messageContent: """

+           {

+             "ci": {

+               "name": "C3I Jenkins",

+               "team": "DevOps",

+               "url": "${env.JENKINS_URL}",

+               "docs": "https://pagure.io/waiverdb/blob/master/f/openshift",

+               "irc": "#pnt-devops-dev",

+               "email": "pnt-factory2-devel@redhat.com",

+               "environment": "stage"

+             },

+             "run": {

+               "url": "${env.BUILD_URL}",

+               "log": "${env.BUILD_URL}/console",

+               "debug": "",

+               "rebuild": "${env.BUILD_URL}/rebuild/parametrized"

+             },

+             "artifact": {

+               "type": "container-image",

+               "repository": "factory2/waiverdb",

+               "digest": "${env.IMAGE_DIGEST}",

+               "nvr": "${env.IMAGE}",

+               "issuer": "c3i-jenkins",

+               "scratch": ${params.GIT_REPO_REF != params.PAGURE_MAIN_BRANCH},

+               "id": "waiverdb@${env.IMAGE_DIGEST}"

+             },

+             "system":

+                [{

+                   "os": "${params.JENKINS_AGENT_IMAGE}",

+                   "provider": "openshift",

+                   "architecture": "x86_64"

+                }],

+             "type": "integration",

+             "category": "dev",

+             "status": "${currentBuild.result == null || currentBuild.result == 'SUCCESS' ? 'passed':'failed'}",

+             "xunit": "${env.BUILD_URL}/artifacts/junit-functional-tests.xml",

+             "generated_at": "${new Date().format("yyyy-MM-dd'T'HH:mm:ss'Z'", TimeZone.getTimeZone('UTC'))}",

+             "namespace": "c3i",

+             "version": "0.1.0"

+           }

+           """

+         if (sendResult.getMessageId()) {

+           // echo sent message id and content

+           echo 'Successfully sent the test result to ResultsDB.'

+           echo "Message ID: ${sendResult.getMessageId()}"

+           echo "Message content: ${sendResult.getMessageContent()}"

+         } else {

+           echo 'Failed to sent the test result to ResultsDB.'

+         }

+       }

+     }

+   }

+ }

openshift/pipelines/snippets/waiverdb-full-integration-test.groovy openshift/pipelines/templates/snippets/waiverdb-full-integration-test.groovy
file renamed
+6 -43
@@ -3,22 +3,6 @@ 

      stage('Request Pipeline') {

        steps {

          script {

-           env.TESTCASE_CATEGORY = env.ENVIRONMENT

-           if (!env.TRIGGER_NAMESPACE) {

-             env.TRIGGER_NAMESPACE = readFile("/run/secrets/kubernetes.io/serviceaccount/namespace").trim()

-           }

-           if (!env.PAAS_DOMAIN) {

-             openshift.withCluster() {

-               openshift.withProject(env.TRIGGER_NAMESPACE) {

-                 def testroute = openshift.create('route', 'edge', "test-${env.BUILD_NUMBER}",  '--service=test', '--port=8080')

-                 def testhost = testroute.object().spec.host

-                 env.PAAS_DOMAIN = testhost.minus("test-${env.BUILD_NUMBER}-${env.TRIGGER_NAMESPACE}.")

-                 testroute.delete()

-               }

-             }

-             echo "Routes end with ${env.PAAS_DOMAIN}"

-           }

-           env.PIPELINE_ID = 'c3i-pipeline-' + UUID.randomUUID().toString().substring(0,4)

            openshift.withCluster() {

              openshift.withProject(params.PIPELINE_AS_A_SERVICE_BUILD_NAMESPACE) {

                c3i.buildAndWait(script: this, objs: "bc/pipeline-as-a-service",
@@ -26,7 +10,7 @@ 

                  '-e', "WAIVERDB_IMAGE=${env.IMAGE}",

                  '-e', "PIPELINE_ID=${env.PIPELINE_ID}",

                  '-e', "PAAS_DOMAIN=${env.PAAS_DOMAIN}",

-                 '-e', "SERVICES_TO_DEPLOY='resultsdb-updater datanommer greenwave resultsdb umb waiverdb datagrepper krb5 ldap koji'",

+                 '-e', "SERVICES_TO_DEPLOY='resultsdb-updater datanommer greenwave resultsdb umb waiverdb datagrepper krb5 ldap koji-hub'",

                  '-e', "TRIGGERED_BY=${env.BUILD_URL}"

                )

              }
@@ -56,19 +40,13 @@ 

      }

      always {

        script {

-         if (!env.MESSAGING_PROVIDER) {

-           // Don't send a message if messaging provider is not configured

-           return

-         }

          pipeline_data = controller.getVars()

-         // convert 'quay.io/factory2/waiverdb@sha256:1647bbaa..' or 'quay.io/factory2/waiverdb:tag' to factory2/waiverdb

-         def image_repo = pipeline_data.WAIVERDB_IMAGE.tokenize(':@')[0].tokenize('/')[1..-1].join('/')

          c3i.sendResultToMessageBus(

-           image_repo,

-           pipeline_data.WAIVERDB_IMAGE_DIGEST,

-           env.BUILD_TAG,

-           env.TARGET_IMAGE_IS_SCRATCH == "true",

-           env.MESSAGING_PROVIDER

+           imageRef: pipeline_data.WAIVERDB_IMAGE,

+           digest: pipeline_data.WAIVERDB_IMAGE_DIGEST,

+           environment: env.ENVIRONMENT,

+           scratch: false,

+           docs: 'https://gitlab.cee.redhat.com/devops/factory2-segment-tests/tree/master/integration-test'

          )

        }

      }
@@ -77,20 +55,5 @@ 

          c3i.archiveContainersLogs(env.PIPELINE_ID)

        }

      }

-     cleanup {

-       script {

-         if (env.NO_CLEANUP_AFTER_TEST == 'true') {

-           return

-         }

-         openshift.withCluster() {

-           openshift.withProject(env.PIPELINE_ID) {

-             /* Tear down everything we just created */

-             echo 'Tearing down test resources...'

-             openshift.selector('all,pvc,configmap,secret',

-                                ['c3i.redhat.com/pipeline': env.PIPELINE_ID]).delete('--ignore-not-found=true')

-           }

-         }

-       }

-     }

    }

  }

@@ -1,8 +0,0 @@ 

- - name: C3I_LIB_URL

-   displayName: C3I library git url

-   required: true

-   value: "https://pagure.io/c3i-library.git"

- - name: C3I_LIB_BRANCH

-   displayName: C3I library branch

-   required: true

-   value: "master"

@@ -1,2 +0,0 @@ 

- library identifier: "c3i@${C3I_LIB_BRANCH}", changelog: false,

-   retriever: modernSCM([$class: 'GitSCMSource', remote: "${C3I_LIB_URL}"])

@@ -1,152 +0,0 @@ 

- stage("Functional tests phase") {

-   stages {

-     stage('Prepare') {

-       steps {

-         script {

-           env.IMAGE = "${env.RESULTING_IMAGE_REPO}:${env.RESULTING_TAG}"

-         }

-       }

-     }

-     stage('Cleanup') {

-       // Cleanup all test environments that were created 1 hour ago in case of failures of previous cleanups.

-       steps {

-         script {

-           openshift.withCluster() {

-             openshift.withProject(env.PIPELINE_ID) {

-               c3i.cleanup(script: this, age: 60, 'waiverdb')

-             }

-           }

-         }

-       }

-     }

-     stage('Run functional tests') {

-       environment {

-         // Jenkins BUILD_TAG could be too long (> 63 characters) for OpenShift to consume

-         TEST_ID = "${params.TEST_ID ?: 'jenkins-' + currentBuild.id + '-' + UUID.randomUUID().toString().substring(0,7)}"

-       }

-       steps {

-         echo "Container image ${env.IMAGE} will be tested."

-         script {

-           openshift.withCluster() {

-             // Don't set ENVIRONMENT_LABEL in the environment block! Otherwise you will get 2 different UUIDs.

-             env.ENVIRONMENT_LABEL = "test-${env.TEST_ID}"

-             def template = readYaml file: 'openshift/waiverdb-test-template.yaml'

-             def webPodReplicas = 1 // The current quota in UpShift is agressively limited

-             echo "Creating testing environment with TEST_ID=${env.TEST_ID}..."

-             def models = openshift.process(template,

-               '-p', "TEST_ID=${env.TEST_ID}",

-               '-p', "WAIVERDB_APP_IMAGE=${env.IMAGE}",

-               '-p', "WAIVERDB_REPLICAS=${webPodReplicas}",

-             )

-             c3i.deployAndWait(script: this, objs: models, timeout: 15)

-             def appPod = openshift.selector('pods', ['environment': env.ENVIRONMENT_LABEL, 'service': 'web']).object()

-             env.IMAGE_DIGEST = appPod.status.containerStatuses[0].imageID.split('@')[1]

-             // Run functional tests

-             def route_hostname = openshift.selector('routes', ['environment': env.ENVIRONMENT_LABEL]).object().spec.host

-             echo "Running tests against https://${route_hostname}/"

-             withEnv(["WAIVERDB_TEST_URL=https://${route_hostname}/"]) {

-               sh 'py.test-3 -v --junitxml=junit-functional-tests.xml functional-tests/'

-             }

-           }

-         }

-       }

-       post {

-         always {

-           script {

-             junit 'junit-functional-tests.xml'

-             archiveArtifacts artifacts: 'junit-functional-tests.xml'

-             openshift.withCluster() {

-               /* Extract logs for debugging purposes */

-               openshift.selector('deploy,pods', ['environment': env.ENVIRONMENT_LABEL]).logs()

-             }

-           }

-         }

-         cleanup {

-           script {

-             openshift.withCluster() {

-               /* Tear down everything we just created */

-               echo "Tearing down test resources..."

-               try {

-                 openshift.selector('dc,deploy,rc,configmap,secret,svc,route',

-                       ['environment': env.ENVIRONMENT_LABEL]).delete()

-               } catch (e) {

-                 echo "Failed to tear down test resources: ${e.message}"

-               }

-             }

-           }

-         }

-       }

-     }

-   }

-   post {

-     always {

-       script {

-         if (!env.IMAGE_DIGEST) {

-           // Don't send a message if the job fails before getting the image digest.

-           return;

-         }

-         if (!env.MESSAGING_PROVIDER) {

-           // Don't send a message if messaging provider is not configured

-           return

-         }

-         // currentBuild.result == null || currentBuild.result == 'SUCCESS' indicates a successful build,

-         // because it's possible that the pipeline engine hasn't set the value nor seen an error when reaching to this line.

-         // See example code in https://jenkins.io/doc/book/pipeline/jenkinsfile/#deploy

-         def sendResult = sendCIMessage \

-           providerName: params.MESSAGING_PROVIDER, \

-           overrides: [topic: 'VirtualTopic.eng.ci.container-image.test.complete'], \

-           messageType: 'Custom', \

-           messageProperties: '', \

-           messageContent: """

-           {

-             "ci": {

-               "name": "C3I Jenkins",

-               "team": "DevOps",

-               "url": "${env.JENKINS_URL}",

-               "docs": "https://pagure.io/waiverdb/blob/master/f/openshift",

-               "irc": "#pnt-devops-dev",

-               "email": "pnt-factory2-devel@redhat.com",

-               "environment": "stage"

-             },

-             "run": {

-               "url": "${env.BUILD_URL}",

-               "log": "${env.BUILD_URL}/console",

-               "debug": "",

-               "rebuild": "${env.BUILD_URL}/rebuild/parametrized"

-             },

-             "artifact": {

-               "type": "container-image",

-               "repository": "factory2/waiverdb",

-               "digest": "${env.IMAGE_DIGEST}",

-               "nvr": "${env.IMAGE}",

-               "issuer": "c3i-jenkins",

-               "scratch": ${params.WAIVERDB_GIT_REF != params.WAIVERDB_MAIN_BRANCH},

-               "id": "waiverdb@${env.IMAGE_DIGEST}"

-             },

-             "system":

-                [{

-                   "os": "${params.JENKINS_AGENT_IMAGE}",

-                   "provider": "openshift",

-                   "architecture": "x86_64"

-                }],

-             "type": "integration",

-             "category": "${params.ENVIRONMENT}",

-             "status": "${currentBuild.result == null || currentBuild.result == 'SUCCESS' ? 'passed':'failed'}",

-             "xunit": "${env.BUILD_URL}/artifacts/junit-functional-tests.xml",

-             "generated_at": "${new Date().format("yyyy-MM-dd'T'HH:mm:ss'Z'", TimeZone.getTimeZone('UTC'))}",

-             "namespace": "c3i",

-             "version": "0.1.0"

-           }

-           """

-         if (sendResult.getMessageId()) {

-           // echo sent message id and content

-           echo 'Successfully sent the test result to ResultsDB.'

-           echo "Message ID: ${sendResult.getMessageId()}"

-           echo "Message content: ${sendResult.getMessageContent()}"

-         } else {

-           echo 'Failed to sent the test result to ResultsDB.'

-         }

-       }

-     }

-   }

- }

@@ -1,239 +0,0 @@ 

- # Template to produce a new WaiverDB build job in OpenShift.

- #

- # WaiverDB build job is a part of the WaiverDB C3I Pipeline, covering the following steps:

- #

- # - Run Flake8 and Pylint checks

- # - Run unit tests

- # - Build Docs

- # - Publish Docs

- # - Build SRPM

- # - Build RPM

- # - Invoke Rpmlint

- # - Build container

- # - Run functional tests

- # - Push container

- #

- # Required Jenkins Plugins:

- # - Openshift Sync plugin

- # - Openshift Client plugin

- # - Kubernetes plugin

- # - SSH Agent plugin

- # - Timestamper plugin

- #

- ---

- apiVersion: v1

- kind: Template

- metadata:

-   name: waiverdb-build-pipeline

- parameters:

- - name: NAME

-   displayName: Short unique identifier for the templated instances

-   description: This field is used to deploy multiple pipelines to one OpenShift project from this template.

-   required: true

-   value: waiverdb-build

- - name: WAIVERDB_GIT_REPO

-   displayName: WaiverDB Git repo URL

-   description: Default WaiverDB Git repo URL in which to run dev tests against

-   required: true

-   value: "https://pagure.io/waiverdb.git"

- - name: WAIVERDB_GIT_REF

-   displayName: WaiverDB Git repo ref

-   description: Default WaiverDB Git repo ref in which to run dev tests against

-   required: true

-   value: master

- - name: WAIVERDB_MAIN_BRANCH

-   displayName: Name of the main branch.

-   description: If WAIVERDB_MAIN_BRANCH equals WAIVERDB_GIT_REF, this is a post-merge build, otherwise it's a pre-merge build.

-   value: master

-   required: true

- - name: OPENSHIFT_CLOUD_NAME

-   displayName: Name of OpenShift cloud in Jenkins master configuration

-   required: true

-   value: openshift

- - name: JENKINS_AGENT_IMAGE

-   displayName: Container image for Jenkins slave pods

-   required: true

-   value: docker-registry.upshift.redhat.com/factory2/waiverdb-jenkins-slave:latest

- - name: PAGURE_DOC_REPO_NAME

-   displayName: namespace/project of Pagure doc repo for publishing docs

-   description: If not emptry, docs will be published to the specified Pagure doc repo when this is a post-merge build

-   required: false

-   value: waiverdb

- - name: PAGURE_DOC_SECRET

-   displayName: Name of the OpenShift SSH secret for publishing docs to Pagure.

-   required: false

-   value: pagure-doc-secret

- - name: WAIVERDB_DEV_IMAGE_DESTINATIONS

-   displayName: Comma seperated list of container repositories (without tag) to which the built WaiverDB dev image will be pushed

-   description: OpenShift registries must be prefixed with 'atomic:'

-   required: false

-   value: "quay.io/factory2/waiverdb"

- - name: CONTAINER_REGISTRY_CREDENTIALS

-   displayName: Secret name of container registries used for pulling and pushing images

-   value: factory2-pipeline-registry-credentials

-   required: false

- - name: WAIVERDB_DEV_IMAGE_TAG

-   displayName: Tag name of the resulting container image for development environment

-   value: "latest"

-   required: true

- - name: WAIVERDB_IMAGESTREAM_NAME

-   displayName: Name of ImageStream for WaiverDB container images

-   required: true

-   value: waiverdb

- - name: WAIVERDB_IMAGESTREAM_NAMESPACE

-   displayName: Namespace of ImageStream for WaiverDB container images

-   required: false

- - name: WAIVERDB_INTEGRATION_TEST_BUILD_CONFIG_NAME

-   displayName: Name of BuildConfig for running integration tests

-   required: true

-   value: waiverdb-dev-integration-test

- - name: WAIVERDB_INTEGRATION_TEST_BUILD_CONFIG_NAMESPACE

-   displayName: Namespace of BuildConfig for running integration tests

-   required: false

- - name: FORCE_PUBLISH_IMAGE

-   displayName: Whether to push the resulting image regardless of the Git branch

-   value: "false"

-   required: true

- - name: FORCE_PUBLISH_DOCS

-   displayName: Whether to publish docs regardless of the Git branch

-   value: "false"

-   required: true

- - name: TAG_INTO_IMAGESTREAM

-   displayName: Whether to tag the pushed image as dev

-   value: "true"

-   required: true

- - name: MESSAGING_PROVIDER

-   displayName: Name of the JMS messaging provider

-   value: Red Hat UMB

- - name: PAGURE_URL

-   displayName: Pagure URL

-   value: https://pagure.io

- - name: PAGURE_REPO_NAME

-   value: waiverdb

- - name: PAGURE_REPO_IS_FORK

-   value: 'false'

- - name: PAGURE_API_KEY_SECRET_NAME

-   displayName: Name of Pagure API key secret for updating Pagure pull-request statuses

-   value: 'pagure-api-key'

- - name: MAIL_ADDRESS

-   displayName: If set, build failure messages to this mail address.

- {% include "snippets/c3i-library-parameters.yaml" %}

- labels:

-   template: waiverdb-build

- objects:

- - kind: "BuildConfig"

-   apiVersion: "v1"

-   metadata:

-     name: "${NAME}-jenkins-slave"

-     labels:

-       app: "${NAME}"

-   spec:

-     runPolicy: "Serial"

-     completionDeadlineSeconds: 1800

-     strategy:

-       dockerStrategy:

-         buildArgs:

-         - name: CA_URLS

-           value: https://password.corp.redhat.com/RH-IT-Root-CA.crt

-         forcePull: true

-         dockerfilePath: openshift/containers/jenkins-slave/Dockerfile

-     resources:

-       requests:

-         memory: "512Mi"

-         cpu: "300m"

-       limits:

-        memory: "768Mi"

-        cpu: "500m"

-     source:

-       git:

-         uri: "${WAIVERDB_GIT_REPO}"

-         ref: "${WAIVERDB_GIT_REF}"

-     output:

-       to:

-         kind: "DockerImage"

-         name: "${JENKINS_AGENT_IMAGE}"

-       pushSecret:

-        name: "${CONTAINER_REGISTRY_CREDENTIALS}"

- 

- - kind: ServiceAccount

-   apiVersion: v1

-   metadata:

-     name: "${NAME}-jenkins-slave"

-     labels:

-       app: "${NAME}"

- 

- - kind: RoleBinding

-   apiVersion: v1

-   metadata:

-     name: "${NAME}-jenkins-slave_edit"

-     labels:

-       app: "${NAME}"

-   subjects:

-   - kind: ServiceAccount

-     name: "${NAME}-jenkins-slave"

-   roleRef:

-     name: edit

- 

- - kind: "BuildConfig"

-   apiVersion: "v1"

-   metadata:

-     name: "${NAME}"

-     labels:

-       app: "${NAME}"

-   spec:

-     runPolicy: "Serial"

-     completionDeadlineSeconds: 1800

-     strategy:

-       type: JenkinsPipeline

-       jenkinsPipelineStrategy:

-         env:

-         - name: "WAIVERDB_GIT_REPO"

-           value: "${WAIVERDB_GIT_REPO}"

-         - name: "WAIVERDB_GIT_REF"

-           value: "${WAIVERDB_GIT_REF}"

-         - name: "OPENSHIFT_CLOUD_NAME"

-           value: "${OPENSHIFT_CLOUD_NAME}"

-         - name: "JENKINS_AGENT_IMAGE"

-           value:  "${JENKINS_AGENT_IMAGE}"

-         - name: "JENKINS_AGENT_SERVICE_ACCOUNT"

-           value:  "${NAME}-jenkins-slave"

-         - name: "WAIVERDB_DEV_IMAGE_DESTINATIONS"

-           value: "${WAIVERDB_DEV_IMAGE_DESTINATIONS}"

-         - name: "CONTAINER_REGISTRY_CREDENTIALS"

-           value: "${CONTAINER_REGISTRY_CREDENTIALS}"

-         - name: "FORCE_PUBLISH_IMAGE"

-           value: "${FORCE_PUBLISH_IMAGE}"

-         - name: "TAG_INTO_IMAGESTREAM"

-           value: "${TAG_INTO_IMAGESTREAM}"

-         - name: "WAIVERDB_DEV_IMAGE_TAG"

-           value: "${WAIVERDB_DEV_IMAGE_TAG}"

-         - name: "WAIVERDB_IMAGESTREAM_NAME"

-           value: "${WAIVERDB_IMAGESTREAM_NAME}"

-         - name: "WAIVERDB_IMAGESTREAM_NAMESPACE"

-           value: "${WAIVERDB_IMAGESTREAM_NAMESPACE}"

-         - name: "FORCE_PUBLISH_DOCS"

-           value: "${FORCE_PUBLISH_DOCS}"

-         - name: "PAGURE_DOC_REPO_NAME"

-           value: "${PAGURE_DOC_REPO_NAME}"

-         - name: "PAGURE_DOC_SECRET"

-           value: "${PAGURE_DOC_SECRET}"

-         - name: "WAIVERDB_MAIN_BRANCH"

-           value: "${WAIVERDB_MAIN_BRANCH}"

-         - name: "WAIVERDB_INTEGRATION_TEST_BUILD_CONFIG_NAME"

-           value: "${WAIVERDB_INTEGRATION_TEST_BUILD_CONFIG_NAME}"

-         - name: "WAIVERDB_INTEGRATION_TEST_BUILD_CONFIG_NAMESPACE"

-           value: "${WAIVERDB_INTEGRATION_TEST_BUILD_CONFIG_NAMESPACE}"

-         - name: "MESSAGING_PROVIDER"

-           value: "${MESSAGING_PROVIDER}"

-         - name: PAGURE_REPO_NAME

-           value: "${PAGURE_REPO_NAME}"

-         - name: PAGURE_REPO_IS_FORK

-           value: "${PAGURE_REPO_IS_FORK}"

-         - name: PAGURE_URL

-           value: "${PAGURE_URL}"

-         - name: PAGURE_API_KEY_SECRET_NAME

-           value: "${PAGURE_API_KEY_SECRET_NAME}"

-         - name: MAIL_ADDRESS

-           value: "${MAIL_ADDRESS}"

-         jenkinsfile: |

-           {% filter indent(width=10) %}{% include "waiverdb-build.Jenkinsfile" %}{% endfilter %}

@@ -1,491 +0,0 @@ 

- {% include "snippets/c3i-library.groovy" %}

- import static org.apache.commons.lang.StringEscapeUtils.escapeHtml;

- pipeline {

-   agent {

-     kubernetes {

-       cloud params.OPENSHIFT_CLOUD_NAME

-       label "jenkins-slave-${UUID.randomUUID().toString()}"

-       serviceAccount params.JENKINS_AGENT_SERVICE_ACCOUNT

-       defaultContainer 'jnlp'

-       yaml """

-       apiVersion: v1

-       kind: Pod

-       metadata:

-         labels:

-           app: "jenkins-${env.JOB_BASE_NAME}"

-           factory2-pipeline-kind: "waiverdb-build-pipeline"

-           factory2-pipeline-build-number: "${env.BUILD_NUMBER}"

-       spec:

-         containers:

-         - name: jnlp

-           image: "${params.JENKINS_AGENT_IMAGE}"

-           imagePullPolicy: Always

-           tty: true

-           env:

-           # Required by unit tests: Set up NSS Wrapper to generate a fake user name for the random UID assigned by OpenShift

-           - name: LD_PRELOAD

-             value: '/usr/lib64/libnss_wrapper.so'

-           - name: NSS_WRAPPER_PASSWD

-             value: '/tmp/passwd'

-           - name: NSS_WRAPPER_GROUP

-             value: '/etc/group'

-           volumeMounts:

-           - name: postgresql-socket

-             mountPath: /var/run/postgresql

-           resources:

-             requests:

-               memory: 768Mi

-               cpu: 300m

-             limits:

-               memory: 1Gi

-               cpu: 500m

-         - name: db

-           image: registry.access.redhat.com/rhscl/postgresql-95-rhel7:latest

-           imagePullPolicy: Always

-           env:

-           - name: POSTGRESQL_USER

-             value: waiverdb

-           - name: POSTGRESQL_PASSWORD

-             value: waiverdb

-           - name: POSTGRESQL_DATABASE

-             value: waiverdb

-           volumeMounts:

-           - name: postgresql-socket

-             mountPath: /var/run/postgresql

-           resources:

-             requests:

-               memory: 256Mi

-               cpu: 100m

-             limits:

-               memory: 384Mi

-               cpu: 200m

-         volumes:

-         - name: postgresql-socket

-           emptyDir: {}

-       """

-     }

-   }

-   options {

-     timestamps()

-     timeout(time: 30, unit: 'MINUTES')

-   }

-   environment {

-     TRIGGER_NAMESPACE = readFile('/run/secrets/kubernetes.io/serviceaccount/namespace').trim()

-     PIPELINE_USERNAME = sh(returnStdout: true, script: 'id -un').trim()

-     PAGURE_API = "${params.PAGURE_URL}/api/0"

-     PAGURE_REPO_IS_FORK = "${params.PAGURE_REPO_IS_FORK}"

-     PAGURE_REPO_HOME = "${env.PAGURE_URL}${env.PAGURE_REPO_IS_FORK == 'true' ? '/fork' : ''}/${params.PAGURE_REPO_NAME}"

-   }

-   stages {

-     stage('Prepare') {

-       steps {

-         script {

-           // check out specified branch/commit

-           /*def scmVars =*/ checkout([$class: 'GitSCM',

-             branches: [[name: params.WAIVERDB_GIT_REF]],

-             userRemoteConfigs: [[url: params.WAIVERDB_GIT_REPO, refspec: '+refs/heads/*:refs/remotes/origin/* +refs/pull/*/head:refs/remotes/origin/pull/*/head']],

-           ])

- 

-           // get current commit ID

-           // FIXME: Due to a bug discribed in https://issues.jenkins-ci.org/browse/JENKINS-45489,

-           // the return value of checkout() is unreliable.

-           // Not working: env.WAIVERDB_GIT_COMMIT = scmVars.GIT_COMMIT

-           env.WAIVERDB_GIT_COMMIT = sh(returnStdout: true, script: 'git rev-parse HEAD').trim()

-           echo "Build ${params.WAIVERDB_GIT_REF}, commit=${env.WAIVERDB_GIT_COMMIT}"

- 

-           // Set GIT_COMMIT for pagure in c3i lib

-           env.GIT_COMMIT = env.WAIVERDB_GIT_COMMIT

- 

-           // Is the current branch a pull-request? If no, env.PR_NO will be empty.

-           env.PR_NO = getPrNo(params.WAIVERDB_GIT_REF)

- 

-           // Generate a version-release number for the target Git commit

-           def versions = sh(returnStdout: true, script: 'source ./version.sh && echo -en "$WAIVERDB_VERSION\n$WAIVERDB_CONTAINER_VERSION"').split('\n')

-           env.WAIVERDB_VERSION = versions[0]

-           env.WAIVERDB_CONTAINER_VERSION = versions[1]

-           env.TEMP_TAG = env.WAIVERDB_CONTAINER_VERSION + '-jenkins-' + currentBuild.id

- 

-           if (sh(returnStatus: true, script: 'pip3 install --user -r ./requirements.txt') != 0) {

-             echo 'WARNING: Failed to install dependencies from requirements.txt.'

-           }

-         }

-       }

-     }

-     stage('Update Build Info') {

-       when {

-         expression {

-           return params.PAGURE_URL && params.PAGURE_REPO_NAME

-         }

-       }

-       steps {

-         script {

-           // Set friendly display name and description

-           if (env.PR_NO) { // is pull-request

-             env.PR_URL = "${env.PAGURE_REPO_HOME}/pull-request/${env.PR_NO}"

-             echo "Building PR #${env.PR_NO}: ${env.PR_URL}"

-             // NOTE: Old versions of OpenShift Client Jenkins plugin are buggy to handle arguments

-             // with special bash characters (like whitespaces, #, etc).

-             // https://bugzilla.redhat.com/show_bug.cgi?id=1625518

-             currentBuild.displayName = "PR#${env.PR_NO}"

-             // To enable HTML syntax in build description, go to `Jenkins/Global Security/Markup Formatter` and select 'Safe HTML'.

-             def pagureLink = """<a href="${env.PR_URL}">${currentBuild.displayName}</a>"""

-             try {

-               def prInfo = pagure.getPR(env.PR_NO)

-               pagureLink = """<a href="${env.PR_URL}">PR#${env.PR_NO}: ${escapeHtml(prInfo.title)}</a>"""

-               // set PR status to Pending

-               if (params.PAGURE_API_KEY_SECRET_NAME)

-                 pagure.setBuildStatusOnPR(null, 'Building...')

-             } catch (Exception e) {

-               echo "Error using pagure API: ${e}"

-             }

-             currentBuild.description = pagureLink

-           } else { // is a branch

-             currentBuild.displayName = "${env.WAIVERDB_GIT_REF}: ${env.WAIVERDB_GIT_COMMIT.substring(0, 7)}"

-             currentBuild.description = """<a href="${env.PAGURE_REPO_HOME}/c/${env.WAIVERDB_GIT_COMMIT}">${currentBuild.displayName}</a>"""

-             if (params.PAGURE_API_KEY_SECRET_NAME) {

-               try {

-                 pagure.flagCommit('pending', null, 'Building...')

-                 echo "Updated commit ${env.WAIVERDB_GIT_COMMIT} status to PENDING."

-               } catch (e) {

-                 echo "Error updating commit ${env.WAIVERDB_GIT_COMMIT} status to PENDING: ${e}"

-               }

-             }

-           }

-         }

-       }

-     }

-     stage('Run checks') {

-       failFast false

-       parallel {

-         stage('Invoke Flake8') {

-           steps {

-             sh 'flake8'

-           }

-         }

-         stage('Invoke Pylint') {

-           steps {

-             sh 'pylint-3 --reports=n waiverdb'

-           }

-         }

-       }

-     }

-     stage('Run unit tests') {

-       steps {

-         sh 'cp conf/settings.py.example conf/settings.py'

-         // wait for the test datebase to come up

-         sh 'wait-for-it -s -t 300 127.0.0.1:5432'

-         // create a database role

-         sh 'psql -h 127.0.0.1 -U "postgres" -q -d "waiverdb" -c "CREATE ROLE \"$PIPELINE_USERNAME\" WITH LOGIN SUPERUSER;"'

-         // run unit tests

-         sh 'py.test-3 -v --junitxml=junit-tests.xml tests'

-       }

-       post {

-         always {

-           junit 'junit-tests.xml'

-         }

-       }

-     }

-     stage('Build Artifacts') {

-       failFast false

-       parallel {

-         stage('Branch Docs') {

-           stages {

-             stage('Build Docs') {

-               steps {

-                 sh 'make -C docs html'

-               }

-               post {

-                 always {

-                   archiveArtifacts artifacts: 'docs/_build/html/**'

-                 }

-               }

-             }

-             stage('Publish Docs') {

-               when {

-                 expression {

-                   return "${params.PAGURE_DOC_REPO_NAME}" && (params.WAIVERDB_GIT_REF == params.WAIVERDB_MAIN_BRANCH || env.FORCE_PUBLISH_DOCS == "true")

-                 }

-               }

-               steps {

-                 sshagent (credentials: ["${env.TRIGGER_NAMESPACE}-${params.PAGURE_DOC_SECRET}"]) {

-                   sh '''

-                   mkdir -p ~/.ssh/

-                   touch ~/.ssh/known_hosts

-                   ssh-keygen -R pagure.io

-                   echo 'pagure.io ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC198DWs0SQ3DX0ptu+8Wq6wnZMrXUCufN+wdSCtlyhHUeQ3q5B4Hgto1n2FMj752vToCfNTn9mWO7l2rNTrKeBsELpubl2jECHu4LqxkRVihu5UEzejfjiWNDN2jdXbYFY27GW9zymD7Gq3u+T/Mkp4lIcQKRoJaLobBmcVxrLPEEJMKI4AJY31jgxMTnxi7KcR+U5udQrZ3dzCn2BqUdiN5dMgckr4yNPjhl3emJeVJ/uhAJrEsgjzqxAb60smMO5/1By+yF85Wih4TnFtF4LwYYuxgqiNv72Xy4D/MGxCqkO/nH5eRNfcJ+AJFE7727F7Tnbo4xmAjilvRria/+l' >>~/.ssh/known_hosts

-                   rm -rf docs-on-pagure

-                   git clone ssh://git@pagure.io/docs/${PAGURE_DOC_REPO_NAME}.git docs-on-pagure

-                   rm -rf docs-on-pagure/*

-                   cp -r docs/_build/html/* docs-on-pagure/

-                   cd docs-on-pagure

-                   git config user.name 'Pipeline Bot'

-                   git config user.email "pipeline-bot@localhost.localdomain"

-                   git add -A .

-                   if [[ "$(git diff --cached --numstat | wc -l)" -eq 0 ]] ; then

-                       exit 0 # No changes, nothing to commit

-                   fi

-                   git commit -m "Automatic commit of docs built by Jenkins job ${JOB_NAME} #${BUILD_NUMBER}"

-                   git push origin master

-                   '''

-                 }

-               }

-             }

-           }

-         }

-         stage('Build SRPM') {

-           steps {

-             sh './rpmbuild.sh -bs'

-           }

-           post {

-             success {

-               archiveArtifacts artifacts: 'rpmbuild-output/*.src.rpm'

-             }

-           }

-         }

-         stage('Branch RPM') {

-           stages {

-             stage('Build RPM') {

-               steps {

-                 sh './rpmbuild.sh -bb'

-               }

-               post {

-                 success {

-                   archiveArtifacts artifacts: 'rpmbuild-output/*/*.rpm'

-                 }

-               }

-             }

-             stage('Invoke Rpmlint') {

-               steps {

-                 sh 'rpmlint -f rpmlint-config.py rpmbuild-output/*/*.rpm'

-               }

-             }

-           }

-         }

-       }

-     }

-     stage('Build container') {

-       environment {

-         BUILDCONFIG_INSTANCE_ID = "waiverdb-temp-${currentBuild.id}-${UUID.randomUUID().toString().substring(0,7)}"

-       }

-       steps {

-         script {

-           openshift.withCluster() {

-             // OpenShift BuildConfig doesn't support specifying a tag name at build time.

-             // We have to create a new BuildConfig for each container build.

-             // Create a BuildConfig from a seperated Template.

-             echo 'Creating a BuildConfig for container build...'

-             def template = readYaml file: 'openshift/waiverdb-container-template.yaml'

-             def processed = openshift.process(template,

-               "-p", "NAME=${env.BUILDCONFIG_INSTANCE_ID}",

-               '-p', "WAIVERDB_GIT_REPO=${params.WAIVERDB_GIT_REPO}",

-               // A pull-request branch, like pull/123/head, cannot be built with commit ID

-               // because refspec cannot be customized in an OpenShift build .

-               '-p', "WAIVERDB_GIT_REF=${env.PR_NO ? params.WAIVERDB_GIT_REF : env.WAIVERDB_GIT_COMMIT}",

-               '-p', "WAIVERDB_IMAGE_TAG=${env.TEMP_TAG}",

-               '-p', "WAIVERDB_VERSION=${env.WAIVERDB_VERSION}",

-               '-p', "WAIVERDB_IMAGESTREAM_NAME=${params.WAIVERDB_IMAGESTREAM_NAME}",

-               '-p', "WAIVERDB_IMAGESTREAM_NAMESPACE=${params.WAIVERDB_IMAGESTREAM_NAMESPACE}",

-             )

-             def build = c3i.buildAndWait(script: this, objs: processed)

-             echo 'Container build succeeds.'

-             def ocpBuild = build.object()

-             env.RESULTING_IMAGE_REF = ocpBuild.status.outputDockerImageReference

-             env.RESULTING_IMAGE_DIGEST = ocpBuild.status.output.to.imageDigest

-             def imagestream = openshift.selector('is', ['app': env.BUILDCONFIG_INSTANCE_ID]).object()

-             env.RESULTING_IMAGE_REPO = imagestream.status.dockerImageRepository

-             env.RESULTING_TAG = env.TEMP_TAG

-           }

-         }

-       }

-       post {

-         failure {

-           echo "Failed to build container image ${env.TEMP_TAG}."

-         }

-         cleanup {

-           script {

-             openshift.withCluster() {

-               echo 'Tearing down...'

-               openshift.selector('bc', [

-                 'app': env.BUILDCONFIG_INSTANCE_ID,

-                 'template': 'waiverdb-container-template',

-                 ]).delete()

-             }

-           }

-         }

-       }

-     }

-     {% include "snippets/waiverdb-integration-test.groovy" %}

-     stage('Push container') {

-       when {

-         expression {

-           return params.FORCE_PUBLISH_IMAGE == 'true' ||

-             params.WAIVERDB_GIT_REF == params.WAIVERDB_MAIN_BRANCH

-         }

-       }

-       steps {

-         script {

-           def destinations = env.WAIVERDB_DEV_IMAGE_DESTINATIONS ?

-             env.WAIVERDB_DEV_IMAGE_DESTINATIONS.split(',') : []

-           openshift.withCluster() {

-             def sourceImage = env.RESULTING_IMAGE_REPO + ":" + env.RESULTING_TAG

-             if (params.CONTAINER_REGISTRY_CREDENTIALS) {

-               dir ("${env.HOME}/.docker") {

-                 def dockerconf = openshift.selector('secret', params.CONTAINER_REGISTRY_CREDENTIALS).object().data['.dockerconfigjson']

-                 writeFile file: 'config.json', text: dockerconf, encoding: "Base64"

-               }

-             }

-             // pull the built image from imagestream

-             echo "Pulling container from ${sourceImage}..."

-             def registryToken = readFile(file: '/var/run/secrets/kubernetes.io/serviceaccount/token')

-             withEnv(["SOURCE_IMAGE_REF=${sourceImage}", "TOKEN=${registryToken}"]) {

-               sh '''set -e +x # hide the token from Jenkins console

-               mkdir -p _build

-               skopeo copy \

-                 --src-cert-dir=/var/run/secrets/kubernetes.io/serviceaccount/ \

-                 --src-creds=serviceaccount:"$TOKEN" \

-                 docker://"$SOURCE_IMAGE_REF" dir:_build/waiverdb_container

-               '''

-             }

-             // push to registries

-             def pushTasks = destinations.collectEntries {

-               ["Pushing ${it}" : {

-                 def dest = "${it}:${params.WAIVERDB_DEV_IMAGE_TAG ?: 'latest'}"

-                 // Only docker and atomic registries are allowed

-                 if (!dest.startsWith('atomic:') && !dest.startsWith('docker://')) {

-                   dest = 'docker://' + dest

-                 }

-                 echo "Pushing container to ${dest}..."

-                 withEnv(["DEST_IMAGE_REF=${dest}"]) {

-                   /* Pushes to the internal registry can sometimes randomly fail

-                   * with "unknown blob" due to a known issue with the registry

-                   * storage configuration. So we retry up to 5 times. */

-                   retry(5) {

-                     sh 'skopeo copy dir:_build/waiverdb_container "$DEST_IMAGE_REF"'

-                   }

-                 }

-               }]

-             }

-             parallel pushTasks

-           }

-         }

-       }

-     }

-     stage('Tag into image stream') {

-       when {

-         expression {

-           return "${params.WAIVERDB_DEV_IMAGE_TAG}" && params.TAG_INTO_IMAGESTREAM == "true" &&

-             (params.FORCE_PUBLISH_IMAGE == 'true' || params.WAIVERDB_GIT_REF == params.WAIVERDB_MAIN_BRANCH)

-         }

-       }

-       steps {