blob: ff6c3097200b163a271378f183a59671947ee084 [file] [log] [blame]
---
# CORD JJB macros
# control how long builds and artifact are retained
- property:
name: cord-infra-properties
properties:
- build-discarder:
days-to-keep: '{build-days-to-keep}'
artifact-num-to-keep: '{artifact-num-to-keep}'
# checkout entire source tree with repo
# docs: https://docs.openstack.org/infra/jenkins-job-builder/scm.html#scm.repo
- scm:
name: cord-infra-gerrit-repo-scm
scm:
- repo:
manifest-url: '{manifest-url}'
manifest-branch: '{branch}'
destination-dir: '{destination-dir}'
jobs: 4
reset-first: true
depth: 1
# same as lf-infra-gerrit-scm, but allows checkouts to a subdir of $WORKSPACE
# with the `basedir` option
#
# `basedir` serves the same function as `destination-dir` in the repo scm
# macros, seems strange that they're named differently.
- scm:
name: cord-infra-gerrit-scm
scm:
- git:
credentials-id: '{jenkins-ssh-credential}'
url: '{git-url}'
refspec: '{refspec}'
branches:
- 'refs/heads/{branch}'
skip-tag: true
wipe-workspace: true
submodule:
recursive: '{submodule-recursive}'
choosing-strategy: '{choosing-strategy}'
basedir: '{basedir}'
# trigger on gerrit patchsets and actions
# docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit
- trigger:
name: cord-infra-gerrit-trigger-patchset
triggers:
- gerrit:
server-name: '{gerrit-server-name}'
dependency-jobs: '{dependency-jobs}'
silent-start: true
trigger-on:
- patchset-created-event:
exclude-drafts: true
exclude-trivial-rebase: false
exclude-no-code-change: true
- draft-published-event
- comment-added-contains-event:
comment-contains-value: '(?i)^.*recheck$'
projects:
- project-compare-type: REG_EXP
project-pattern: '{project-regexp}'
branches:
- branch-compare-type: REG_EXP
branch-pattern: '{branch-regexp}'
file-paths:
- compare-type: REG_EXP
pattern: '{file-include-regexp}'
# trigger on gerrit commits/merges
- trigger:
name: cord-infra-gerrit-trigger-merge
triggers:
- gerrit:
server-name: '{gerrit-server-name}'
dependency-jobs: '{dependency-jobs}'
silent-start: true
trigger-on:
- change-merged-event
projects:
- project-compare-type: REG_EXP
project-pattern: '{project-regexp}'
branches:
- branch-compare-type: REG_EXP
branch-pattern: '{branch-regexp}'
file-paths:
- compare-type: REG_EXP
pattern: '{file-include-regexp}'
# Trigger on GitHub pull requests
# docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.github-pull-request
# Uses the standard 'ok to test', etc. commands per the plugin:
# https://github.com/jenkinsci/ghprb-plugin
- trigger:
name: cord-infra-github-pr-trigger
triggers:
- github-pull-request:
auth-id: '{github_pr_auth_id}'
github-hooks: true # Create github hooks automatically
cancel-builds-on-update: true
auto-close-on-fail: false
only-trigger-phrase: false
status-context: '{status_context}' # Name of testing system in PR
permit-all: false # don't trigger on every PR
org-list: '{obj:github_pr_org_list}'
allow-whitelist-orgs-as-admins: true
# Trigger on GitHub PR merge
# docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.generic-webhook-trigger
- trigger:
name: cord-infra-github-pr-trigger-merge
triggers:
- generic-webhook-trigger:
post-content-params:
- type: JSONPath
key: action
value: $.action
- type: JSONPath
key: merged
value: $.pull_request.merged
- type: JSONPath
key: repoUrl
value: $.pull_request.base.repo.html_url
- type: JSONPath
key: repoName
value: $.pull_request.base.repo.name
- type: JSONPath
key: branchName
value: $.pull_request.base.ref
- type: JSONPath
key: commitHash
value: $.pull_request.merge_commit_sha
regex-filter-text: $action,$merged
regex-filter-expression: ^(closed,true)$
cause: Generic Cause
token: '{project}'
# wrapper to provide pypi config file
- wrapper:
name: cord-pypi-wrapper
wrappers:
- mask-passwords
- timeout:
type: absolute
timeout: '{build-timeout}'
timeout-var: 'BUILD_TIMEOUT'
fail: true
- timestamps
- ssh-agent-credentials:
users:
- '{jenkins-ssh-credential}'
- config-file-provider:
files:
- file-id: pypirc
target: '$HOME/.pypirc'
- file-id: pipconf
target: '$HOME/.config/pip/pip.conf'
# Sets permissions for job to be visible to AetherAccess only
# (for Aether member-only repos).
- property:
name: cord-infra-aether-private
properties:
- raw:
xml: |
<hudson.security.AuthorizationMatrixProperty>
<inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
<permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
<permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
<permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
<permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
<permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
<permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
<permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
<permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
<permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
<permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
<permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
<permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
<permission>hudson.model.Item.Discover:AetherAccess</permission>
<permission>hudson.model.Item.Discover:anonymous</permission>
<permission>hudson.model.Item.Discover:ONFStaff</permission>
<permission>hudson.model.Item.Read:AetherAccess</permission>
<permission>hudson.model.Item.Read:ONFStaff</permission>
<permission>hudson.model.Item.ViewStatus:anonymous</permission>
</hudson.security.AuthorizationMatrixProperty>
################## NEW and CONVERGED MACROS ###################
# Name matches macro in ONOS/Aether JJB, for future unification
# control how long builds and artifact are retained
# differs from lf-infra-properties as it retains artifacts
- property:
name: onf-infra-properties
properties:
- build-discarder:
days-to-keep: '{build-days-to-keep}'
artifact-num-to-keep: '{artifact-num-to-keep}'
# wrapper to provide SSH key and fill in ~/.ssh/known_hosts file for use with rsync
- wrapper:
name: onf-infra-rsync-wrappers
wrappers:
- mask-passwords
- timeout:
type: absolute
timeout: '{build-timeout}'
timeout-var: 'BUILD_TIMEOUT'
fail: true
- timestamps
- ssh-agent-credentials:
users: '{obj:ssh_credential_list}'
- config-file-provider:
files:
- file-id: known_hosts
target: '$HOME/.ssh/known_hosts'
# trigger on gerrit patchsets and actions
# docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit
# Uses a regex based project match
- trigger:
name: onf-infra-gerrit-trigger-patchset
triggers:
- gerrit:
server-name: '{gerrit-server-name}'
dependency-jobs: '{dependency-jobs}'
silent-start: true
trigger-on:
- patchset-created-event:
exclude-drafts: true
exclude-trivial-rebase: false
exclude-no-code-change: false
- draft-published-event
- comment-added-contains-event:
comment-contains-value: '(?i)^.*recheck$'
projects:
- project-compare-type: REG_EXP
project-pattern: '{project-regexp}'
branches:
- branch-compare-type: REG_EXP
branch-pattern: '{branch-regexp}'
file-paths:
- compare-type: REG_EXP
pattern: '{file-include-regexp}'
# trigger for gerrit patch submission
- trigger:
name: onf-infra-gerrit-trigger-merge
triggers:
- gerrit:
server-name: '{gerrit-server-name}'
dependency-jobs: '{dependency-jobs}'
silent-start: true
trigger-on:
- change-merged-event
projects:
- project-compare-type: REG_EXP
project-pattern: '{project-regexp}'
branches:
- branch-compare-type: REG_EXP
branch-pattern: '{branch-regexp}'
file-paths:
- compare-type: REG_EXP
pattern: '{file-include-regexp}'
# same as lf-infra-*-scm, but allows checkouts to a subdir of $WORKSPACE
# with the `basedir` option
#
# `basedir` is used as `destination-dir` for the repo scm macros for
# consistency
- scm:
name: onf-infra-gerrit-scm
scm:
- git:
credentials-id: '{jenkins-ssh-credential}'
url: '{git-url}'
refspec: '{refspec}'
branches:
- 'refs/heads/{branch}'
wipe-workspace: true
submodule:
disable: '{submodule-disable}'
recursive: '{submodule-recursive}'
timeout: '{submodule-timeout}'
choosing-strategy: '{choosing-strategy}'
basedir: '{basedir}'
- scm:
name: onf-infra-gerrit-repo-scm
scm:
- repo:
manifest-url: '{manifest-url}'
manifest-branch: '{branch}'
destination-dir: '{basedir}'
jobs: 4
reset-first: true
depth: 1
# download a specific patchset after checking out entire source tree with repo
# docs: https://docs.openstack.org/infra/jenkins-job-builder/builders.html#builders.inject
- builder:
name: onf-infra-gerrit-repo-patch
builders:
- inject:
properties-content: |
BASEDIR={basedir}
GERRIT_PROJECT={project}
GERRIT_CHANGE_NUMBER={change-number}
GERRIT_PATCHSET_NUMBER={patchset-number}
- shell: !include-raw-escape: shell/repo-patch.sh
# publisher to clean up the workspace after the build whatever the result
- publisher:
name: onf-infra-wscleanup-publisher
publishers:
- workspace-cleanup:
clean-if:
- success: true
- unstable: true
- failure: true
- aborted: true
- not-built: true
dirmatch: false
fail-build: true
clean-parent: false
disable-deferred-wipeout: false