| --- |
| # CORD JJB macros |
| |
| # control how long builds and artifact are retained |
| - property: |
| name: cord-infra-properties |
| properties: |
| - build-discarder: |
| days-to-keep: '{build-days-to-keep}' |
| artifact-num-to-keep: '{artifact-num-to-keep}' |
| |
| # checkout entire source tree with repo |
| # docs: https://docs.openstack.org/infra/jenkins-job-builder/scm.html#scm.repo |
| - scm: |
| name: cord-infra-gerrit-repo-scm |
| scm: |
| - repo: |
| manifest-url: '{manifest-url}' |
| manifest-branch: '{branch}' |
| destination-dir: '{destination-dir}' |
| jobs: 4 |
| reset-first: true |
| depth: 1 |
| |
| # same as lf-infra-gerrit-scm, but allows checkouts to a subdir of $WORKSPACE |
| # with the `basedir` option |
| # |
| # `basedir` serves the same function as `destination-dir` in the repo scm |
| # macros, seems strange that they're named differently. |
| - scm: |
| name: cord-infra-gerrit-scm |
| scm: |
| - git: |
| credentials-id: '{jenkins-ssh-credential}' |
| url: '{git-url}' |
| refspec: '{refspec}' |
| branches: |
| - 'refs/heads/{branch}' |
| skip-tag: true |
| wipe-workspace: true |
| submodule: |
| recursive: '{submodule-recursive}' |
| choosing-strategy: '{choosing-strategy}' |
| basedir: '{basedir}' |
| |
| # trigger on gerrit patchsets and actions |
| # docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit |
| - trigger: |
| name: cord-infra-gerrit-trigger-patchset |
| triggers: |
| - gerrit: |
| server-name: '{gerrit-server-name}' |
| dependency-jobs: '{dependency-jobs}' |
| silent-start: true |
| trigger-on: |
| - patchset-created-event: |
| exclude-drafts: true |
| exclude-trivial-rebase: false |
| exclude-no-code-change: true |
| - draft-published-event |
| - comment-added-contains-event: |
| comment-contains-value: '(?i)^.*recheck$' |
| projects: |
| - project-compare-type: REG_EXP |
| project-pattern: '{project-regexp}' |
| branches: |
| - branch-compare-type: REG_EXP |
| branch-pattern: '{branch-regexp}' |
| file-paths: |
| - compare-type: REG_EXP |
| pattern: '{file-include-regexp}' |
| |
| # trigger on gerrit commits/merges |
| - trigger: |
| name: cord-infra-gerrit-trigger-merge |
| triggers: |
| - gerrit: |
| server-name: '{gerrit-server-name}' |
| dependency-jobs: '{dependency-jobs}' |
| silent-start: true |
| trigger-on: |
| - change-merged-event |
| projects: |
| - project-compare-type: REG_EXP |
| project-pattern: '{project-regexp}' |
| branches: |
| - branch-compare-type: REG_EXP |
| branch-pattern: '{branch-regexp}' |
| file-paths: |
| - compare-type: REG_EXP |
| pattern: '{file-include-regexp}' |
| |
| # Trigger on GitHub pull requests |
| # docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.github-pull-request |
| # Uses the standard 'ok to test', etc. commands per the plugin: |
| # https://github.com/jenkinsci/ghprb-plugin |
| - trigger: |
| name: cord-infra-github-pr-trigger |
| triggers: |
| - github-pull-request: |
| auth-id: '{github_pr_auth_id}' |
| github-hooks: true # Create github hooks automatically |
| cancel-builds-on-update: true |
| auto-close-on-fail: false |
| only-trigger-phrase: false |
| status-context: '{status_context}' # Name of testing system in PR |
| permit-all: false # don't trigger on every PR |
| org-list: '{obj:github_pr_org_list}' |
| allow-whitelist-orgs-as-admins: true |
| |
| # Trigger on GitHub PR merge |
| # docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.generic-webhook-trigger |
| - trigger: |
| name: cord-infra-github-pr-trigger-merge |
| triggers: |
| - generic-webhook-trigger: |
| post-content-params: |
| - type: JSONPath |
| key: action |
| value: $.action |
| - type: JSONPath |
| key: merged |
| value: $.pull_request.merged |
| - type: JSONPath |
| key: repoUrl |
| value: $.pull_request.base.repo.html_url |
| - type: JSONPath |
| key: repoName |
| value: $.pull_request.base.repo.name |
| - type: JSONPath |
| key: branchName |
| value: $.pull_request.base.ref |
| - type: JSONPath |
| key: commitHash |
| value: $.pull_request.merge_commit_sha |
| regex-filter-text: $action,$merged |
| regex-filter-expression: ^(closed,true)$ |
| cause: Generic Cause |
| token: '{project}' |
| |
| # wrapper to provide pypi config file |
| |
| - wrapper: |
| name: cord-pypi-wrapper |
| wrappers: |
| - mask-passwords |
| - timeout: |
| type: absolute |
| timeout: '{build-timeout}' |
| timeout-var: 'BUILD_TIMEOUT' |
| fail: true |
| - timestamps |
| - ssh-agent-credentials: |
| users: |
| - '{jenkins-ssh-credential}' |
| - config-file-provider: |
| files: |
| - file-id: pypirc |
| target: '$HOME/.pypirc' |
| - file-id: pipconf |
| target: '$HOME/.config/pip/pip.conf' |
| |
| |
| # Sets permissions for job to be visible to AetherAccess only |
| # (for Aether member-only repos). |
| - property: |
| name: cord-infra-aether-private |
| properties: |
| - raw: |
| xml: | |
| <hudson.security.AuthorizationMatrixProperty> |
| <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/> |
| <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission> |
| <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission> |
| <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission> |
| <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission> |
| <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission> |
| <permission>hudson.model.Item.Build:JenkinsPowerusers</permission> |
| <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission> |
| <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission> |
| <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission> |
| <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission> |
| <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission> |
| <permission>hudson.model.Item.Move:JenkinsPowerusers</permission> |
| <permission>hudson.model.Item.Read:JenkinsPowerusers</permission> |
| <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission> |
| <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission> |
| <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission> |
| <permission>hudson.model.Run.Update:JenkinsPowerusers</permission> |
| <permission>hudson.model.Item.Discover:AetherAccess</permission> |
| <permission>hudson.model.Item.Discover:anonymous</permission> |
| <permission>hudson.model.Item.Discover:ONFStaff</permission> |
| <permission>hudson.model.Item.Read:AetherAccess</permission> |
| <permission>hudson.model.Item.Read:ONFStaff</permission> |
| <permission>hudson.model.Item.ViewStatus:anonymous</permission> |
| </hudson.security.AuthorizationMatrixProperty> |
| |
| ################## NEW and CONVERGED MACROS ################### |
| # Name matches macro in ONOS/Aether JJB, for future unification |
| |
| # control how long builds and artifact are retained |
| # differs from lf-infra-properties as it retains artifacts |
| - property: |
| name: onf-infra-properties |
| properties: |
| - build-discarder: |
| days-to-keep: '{build-days-to-keep}' |
| artifact-num-to-keep: '{artifact-num-to-keep}' |
| |
| # wrapper to provide SSH key and fill in ~/.ssh/known_hosts file for use with rsync |
| - wrapper: |
| name: onf-infra-rsync-wrappers |
| wrappers: |
| - mask-passwords |
| - timeout: |
| type: absolute |
| timeout: '{build-timeout}' |
| timeout-var: 'BUILD_TIMEOUT' |
| fail: true |
| - timestamps |
| - ssh-agent-credentials: |
| users: '{obj:ssh_credential_list}' |
| - config-file-provider: |
| files: |
| - file-id: known_hosts |
| target: '$HOME/.ssh/known_hosts' |
| |
| # trigger on gerrit patchsets and actions |
| # docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit |
| # Uses a regex based project match |
| - trigger: |
| name: onf-infra-gerrit-trigger-patchset |
| triggers: |
| - gerrit: |
| server-name: '{gerrit-server-name}' |
| dependency-jobs: '{dependency-jobs}' |
| silent-start: true |
| trigger-on: |
| - patchset-created-event: |
| exclude-drafts: true |
| exclude-trivial-rebase: false |
| exclude-no-code-change: false |
| - draft-published-event |
| - comment-added-contains-event: |
| comment-contains-value: '(?i)^.*recheck$' |
| projects: |
| - project-compare-type: REG_EXP |
| project-pattern: '{project-regexp}' |
| branches: |
| - branch-compare-type: REG_EXP |
| branch-pattern: '{branch-regexp}' |
| file-paths: |
| - compare-type: REG_EXP |
| pattern: '{file-include-regexp}' |
| |
| # trigger for gerrit patch submission |
| - trigger: |
| name: onf-infra-gerrit-trigger-merge |
| triggers: |
| - gerrit: |
| server-name: '{gerrit-server-name}' |
| dependency-jobs: '{dependency-jobs}' |
| silent-start: true |
| trigger-on: |
| - change-merged-event |
| projects: |
| - project-compare-type: REG_EXP |
| project-pattern: '{project-regexp}' |
| branches: |
| - branch-compare-type: REG_EXP |
| branch-pattern: '{branch-regexp}' |
| file-paths: |
| - compare-type: REG_EXP |
| pattern: '{file-include-regexp}' |
| |
| # same as lf-infra-*-scm, but allows checkouts to a subdir of $WORKSPACE |
| # with the `basedir` option |
| # |
| # `basedir` is used as `destination-dir` for the repo scm macros for |
| # consistency |
| |
| - scm: |
| name: onf-infra-gerrit-scm |
| scm: |
| - git: |
| credentials-id: '{jenkins-ssh-credential}' |
| url: '{git-url}' |
| refspec: '{refspec}' |
| branches: |
| - 'refs/heads/{branch}' |
| wipe-workspace: true |
| submodule: |
| disable: '{submodule-disable}' |
| recursive: '{submodule-recursive}' |
| timeout: '{submodule-timeout}' |
| choosing-strategy: '{choosing-strategy}' |
| basedir: '{basedir}' |
| |
| - scm: |
| name: onf-infra-gerrit-repo-scm |
| scm: |
| - repo: |
| manifest-url: '{manifest-url}' |
| manifest-branch: '{branch}' |
| destination-dir: '{basedir}' |
| jobs: 4 |
| reset-first: true |
| depth: 1 |
| |
| # download a specific patchset after checking out entire source tree with repo |
| # docs: https://docs.openstack.org/infra/jenkins-job-builder/builders.html#builders.inject |
| - builder: |
| name: onf-infra-gerrit-repo-patch |
| builders: |
| - inject: |
| properties-content: | |
| BASEDIR={basedir} |
| GERRIT_PROJECT={project} |
| GERRIT_CHANGE_NUMBER={change-number} |
| GERRIT_PATCHSET_NUMBER={patchset-number} |
| - shell: !include-raw-escape: shell/repo-patch.sh |
| |
| # publisher to clean up the workspace after the build whatever the result |
| - publisher: |
| name: onf-infra-wscleanup-publisher |
| publishers: |
| - workspace-cleanup: |
| clean-if: |
| - success: true |
| - unstable: true |
| - failure: true |
| - aborted: true |
| - not-built: true |
| dirmatch: false |
| fail-build: true |
| clean-parent: false |
| disable-deferred-wipeout: false |