[CORD-3117]v2
Fixes to versioning scripts
Change-Id: I3a56619f9bf88625c6f22cecbd187f917935c332
diff --git a/jjb/defaults.yaml b/jjb/defaults.yaml
index e6940a7..7c9857f 100644
--- a/jjb/defaults.yaml
+++ b/jjb/defaults.yaml
@@ -7,8 +7,9 @@
# lftools
lftools-version: <1.0.0
- # name of the SSH key to use
+ # name of the SSH key to use in most cases
jenkins-ssh-credential: 'cord-jenkins-ssh'
+ gerrit-ssh-credential: 'gerrit-jenkins-user'
# by default, don't depend on other jobs
dependency-jobs: ''
@@ -48,7 +49,7 @@
modern-branches-regexp: '^(master|cord-6.0)$'
# for matching repos that build docker images with imagebuilder
- imagebuilder-projects-regexp: '^(automation-tools|xos.*|chameleon|rcord|mcord|ecord|acordion|addressmanager|epc-service|exampleservice|fabric|globalxos|hippie-oss|hss_db|hypercache|internetemulator|kubernetes-service|monitoring|olt-service|onos-service|openstack|progran|sdn-controller|simpleexampleservice|templateservice|vEE|vEG|vbbu|venb|vhss|vmm|vmme|vnaas|vpgwc|vrouter|vsg|vsg-hw|vsgw|vsm|vspgwc|vspgwu|vtn-service|vtr)$'
+ imagebuilder-projects-regexp: '^(xos.*|chameleon|rcord|mcord|ecord|acordion|addressmanager|epc-service|exampleservice|fabric|globalxos|hippie-oss|hss_db|hypercache|internetemulator|kubernetes-service|monitoring|olt-service|onos-service|openstack|progran|sdn-controller|simpleexampleservice|templateservice|vEE|vEG|vbbu|venb|vhss|vmm|vmme|vnaas|vpgwc|vrouter|vsg|vsg-hw|vsgw|vsm|vspgwc|vspgwu|vtn-service|vtr)$'
# for matching files with file-include-regexp
all-files-regexp: '.*'
diff --git a/jjb/shell/tagcollisionreject.sh b/jjb/shell/tagcollisionreject.sh
index c9523e0..81ffaeb 100755
--- a/jjb/shell/tagcollisionreject.sh
+++ b/jjb/shell/tagcollisionreject.sh
@@ -19,7 +19,14 @@
set -eu -o pipefail
-NEW_VERSION=""
+VERSIONFILE="" # file path to file containing version number
+NEW_VERSION="" # version number found in $VERSIONFILE
+
+releaseversion=0
+fail_validation=0
+
+# when not running under Jenkins, use current dir as workspace
+WORKSPACE=${WORKSPACE:-.}
# find the version string in the repo, read into NEW_VERSION
# Add additional places NEW_VERSION could be found to this function
@@ -27,7 +34,7 @@
if [ -f "VERSION" ]
then
NEW_VERSION=$(head -n1 "VERSION")
- echo "New version: $NEW_VERSION"
+ VERSIONFILE="VERSION"
else
echo "ERROR: No versioning file found!"
exit 1
@@ -46,6 +53,64 @@
done
}
+# check if the version is a released version
+function check_if_releaseversion {
+ if [[ "$NEW_VERSION" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]
+ then
+ echo "Version string '$NEW_VERSION' found in '$VERSIONFILE' is a SemVer released version!"
+ releaseversion=1
+ else
+ echo "Version string '$NEW_VERSION' found in '$VERSIONFILE' is not a SemVer released version, skipping."
+ fi
+}
+
+# check if Dockerfiles have a released version as their parent
+function dockerfile_parentcheck {
+ while IFS= read -r -d '' dockerfile
+ do
+ echo "Checking dockerfile: '$dockerfile'"
+
+ # split on newlines
+ IFS=$'\n'
+ df_parents=($(grep "^FROM" "$dockerfile"))
+
+ # check all parents in the Dockerfile
+ for df_parent in "${df_parents[@]}"
+ do
+
+ df_pattern="FROM (.*):(.*)"
+ if [[ "$df_parent" =~ $df_pattern ]]
+ then
+
+ p_image="${BASH_REMATCH[1]}"
+ p_version="${BASH_REMATCH[2]}"
+
+ if [[ "${p_version}" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]
+ then
+ echo " OK: Parent '$p_image:$p_version' is a released SemVer version"
+ elif [[ "${p_version}" =~ ^([0-9]+)\.([0-9]+).*$ ]]
+ then
+ # handle the non-SemVer 'ubuntu:16.04' and 'postgres:10.3-alpine' cases
+ echo " OK: Parent '$p_image:$p_version' is using a non-SemVer, but sufficient, version"
+ else
+ echo " ERROR: Parent '$p_image:$p_version' is NOT using an specific version"
+ fail_validation=1
+ fi
+
+ elif [[ "$df_parent" =~ ^FROM\ scratch$ ]]
+ then
+ # Handle the parent-less `FROM scratch` case:
+ # https://docs.docker.com/develop/develop-images/baseimages/
+ echo " OK: Using the versionless 'scratch' parent: '$df_parent'"
+ else
+ echo " ERROR: Couldn't find a parent image in $df_parent"
+ fi
+
+ done
+
+ done < <( find "${WORKSPACE}" -name 'Dockerfile*' -print0 )
+}
+
echo "Checking git repo with remotes:"
git remote -v
@@ -56,7 +121,13 @@
git tag -n
read_version
-is_git_tag_duplicated
+check_if_releaseversion
-exit 0
+# perform checks if a released version
+if [ "$releaseversion" -eq "1" ]
+then
+ is_git_tag_duplicated
+ dockerfile_parentcheck
+fi
+exit $fail_validation
diff --git a/jjb/shell/versiontag.sh b/jjb/shell/versiontag.sh
index 8636cd4..1ee9246 100755
--- a/jjb/shell/versiontag.sh
+++ b/jjb/shell/versiontag.sh
@@ -20,10 +20,14 @@
set -eu -o pipefail
-NEW_VERSION=""
-VERSIONFILE=""
+VERSIONFILE="" # file path to file containing version number
+NEW_VERSION="" # version number found in $VERSIONFILE
releaseversion=0
+fail_validation=0
+
+# when not running under Jenkins, use current dir as workspace
+WORKSPACE=${WORKSPACE:-.}
# find the version string in the repo, read into NEW_VERSION
# Add additional places NEW_VERSION could be found to this function
@@ -32,13 +36,23 @@
then
NEW_VERSION=$(head -n1 "VERSION")
VERSIONFILE="VERSION"
- echo "New version: $NEW_VERSION"
else
echo "ERROR: No versioning file found!"
exit 1
fi
}
+# check if the version is a released version
+function check_if_releaseversion {
+ if [[ "$NEW_VERSION" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]
+ then
+ echo "Version string '$NEW_VERSION' in '$VERSIONFILE' is a SemVer released version!"
+ releaseversion=1
+ else
+ echo "Version string '$NEW_VERSION' in '$VERSIONFILE' is not a SemVer released version, skipping."
+ fi
+}
+
# check if the version is already a tag in git
function is_git_tag_duplicated {
for existing_tag in $(git tag)
@@ -51,22 +65,67 @@
done
}
-# check if the version is a released version
-function check_if_releasever {
- if [[ "$NEW_VERSION" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]
- then
- echo "Version string '$NEW_VERSION' in '$VERSIONFILE' is a SemVer released version!"
- releaseversion=1
- else
- echo "Version string '$NEW_VERSION' in '$VERSIONFILE' is not a SemVer released version, skipping."
- fi
+# check if Dockerfiles have a released version as their parent
+function dockerfile_parentcheck {
+ while IFS= read -r -d '' dockerfile
+ do
+ echo "Checking dockerfile: '$dockerfile'"
+
+ # split on newlines
+ IFS=$'\n'
+ df_parents=($(grep "^FROM" "$dockerfile"))
+
+ # check all parents in the Dockerfile
+ for df_parent in "${df_parents[@]}"
+ do
+
+ df_pattern="FROM (.*):(.*)"
+ if [[ "$df_parent" =~ $df_pattern ]]
+ then
+
+ p_image="${BASH_REMATCH[1]}"
+ p_version="${BASH_REMATCH[2]}"
+
+ if [[ "${p_version}" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]
+ then
+ echo " OK: Parent '$p_image:$p_version' is a released SemVer version"
+ elif [[ "${p_version}" =~ ^([0-9]+)\.([0-9]+).*$ ]]
+ then
+ # handle the non-SemVer 'ubuntu:16.04' and 'postgres:10.3-alpine' cases
+ echo " OK: Parent '$p_image:$p_version' is using a non-SemVer, but sufficient, version"
+ else
+ echo " ERROR: Parent '$p_image:$p_version' is NOT using an specific version"
+ fail_validation=1
+ fi
+
+ elif [[ "$df_parent" =~ ^FROM\ scratch$ ]]
+ then
+ # Handle the parent-less `FROM scratch` case:
+ # https://docs.docker.com/develop/develop-images/baseimages/
+ echo " OK: Using the versionless 'scratch' parent: '$df_parent'"
+ else
+ echo " ERROR: Couldn't find a parent image in $df_parent"
+ fi
+
+ done
+
+ done < <( find "${WORKSPACE}" -name 'Dockerfile*' -print0 )
}
+
# create a git tag
function create_git_tag {
echo "Creating git tag: $NEW_VERSION"
git checkout "$GERRIT_PATCHSET_REVISION"
+
+ git config --global user.email "do-not-reply@opencord.org"
+ git config --global user.name "Jenkins"
+
git tag -a "$NEW_VERSION" -m "Tagged by CORD Jenkins version-tag job: $BUILD_NUMBER, for Gerrit patchset: $GERRIT_CHANGE_NUMBER"
+
+ echo "Tags including new tag:"
+ git tag -n
+
git push origin "$NEW_VERSION"
}
@@ -80,12 +139,20 @@
git tag -n
read_version
-is_git_tag_duplicated
-check_if_releasever
+check_if_releaseversion
-if $releaseversion
+# perform checks if a released version
+if [ "$releaseversion" -eq "1" ]
then
- create_git_tag
+ is_git_tag_duplicated
+ dockerfile_parentcheck
+
+ if [ "$fail_validation" -eq "0" ]
+ then
+ create_git_tag
+ else
+ echo "ERROR: commit merged but failed validation, not tagging!"
+ fi
fi
-exit 0
+exit $fail_validation
diff --git a/jjb/versioning.yaml b/jjb/versioning.yaml
index d51efdb..020691b 100644
--- a/jjb/versioning.yaml
+++ b/jjb/versioning.yaml
@@ -22,7 +22,8 @@
name: versioning-jobs
branch-regexp: '{modern-branches-regexp}'
- project: '^bogus-project$'
+ project-regexp: '^bogus-project$'
+# project-regexp: '{imagebuilder-projects-regexp}'
jobs:
- 'tag-collision-reject'
@@ -39,7 +40,7 @@
triggers:
- cord-infra-gerrit-trigger-patchset:
gerrit-server-name: '{gerrit-server-name}'
- project-regexp: '^{project}$'
+ project-regexp: '{project-regexp}'
branch-regexp: '{branch-regexp}'
file-include-regexp: '{all-files-regexp}'
dependency-jobs: '{dependency-jobs}'
@@ -52,7 +53,7 @@
wrappers:
- lf-infra-wrappers:
build-timeout: '{build-timeout}'
- jenkins-ssh-credential: '{jenkins-ssh-credential}'
+ jenkins-ssh-credential: '{gerrit-ssh-credential}'
scm:
- lf-infra-gerrit-scm:
@@ -61,7 +62,7 @@
branch: '$GERRIT_BRANCH'
submodule-recursive: 'false'
choosing-strategy: gerrit
- jenkins-ssh-credential: '{jenkins-ssh-credential}'
+ jenkins-ssh-credential: '{gerrit-ssh-credential}'
node: '{build-node}'
project-type: freestyle
@@ -82,7 +83,7 @@
triggers:
- cord-infra-gerrit-trigger-merge:
gerrit-server-name: '{gerrit-server-name}'
- project-regexp: '^{project}$'
+ project-regexp: '{project-regexp}'
branch-regexp: '{branch-regexp}'
file-include-regexp: '{all-files-regexp}'
dependency-jobs: '{dependency-jobs}'
@@ -95,7 +96,7 @@
wrappers:
- lf-infra-wrappers:
build-timeout: '{build-timeout}'
- jenkins-ssh-credential: '{jenkins-ssh-credential}'
+ jenkins-ssh-credential: '{gerrit-ssh-credential}'
scm:
- lf-infra-gerrit-scm:
@@ -104,7 +105,7 @@
branch: '$GERRIT_BRANCH'
submodule-recursive: 'false'
choosing-strategy: gerrit
- jenkins-ssh-credential: '{jenkins-ssh-credential}'
+ jenkins-ssh-credential: '{gerrit-ssh-credential}'
node: '{build-node}'
project-type: freestyle