Merge "Add pull request verification job for UP4"
diff --git a/jjb/cord-macros.yaml b/jjb/cord-macros.yaml
index 05dd931..e49239d 100644
--- a/jjb/cord-macros.yaml
+++ b/jjb/cord-macros.yaml
@@ -192,3 +192,35 @@
           files:
             - file-id: known_hosts
               target: '$HOME/.ssh/known_hosts'
+
+# Sets permissions for job to be visible to AetherAccess only
+# (for Aether member-only repos).
+- property:
+    name: cord-infra-aether-private
+    properties:
+      - raw:
+          xml: |
+              <hudson.security.AuthorizationMatrixProperty>
+                <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
+                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
+                <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
+                <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
+                <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
+                <permission>hudson.model.Item.Discover:AetherAccess</permission>
+                <permission>hudson.model.Item.Discover:anonymous</permission>
+                <permission>hudson.model.Item.Read:AetherAccess</permission>
+                <permission>hudson.model.Item.ViewStatus:anonymous</permission>
+              </hudson.security.AuthorizationMatrixProperty>
diff --git a/jjb/verify/up4.yaml b/jjb/verify/up4.yaml
new file mode 100644
index 0000000..524fa39
--- /dev/null
+++ b/jjb/verify/up4.yaml
@@ -0,0 +1,74 @@
+---
+# jobs for https://github.com/omec-project/up4
+
+-  project:
+      name: up4
+      project: "{name}"
+      github-organization: "omec-project"
+      github_pr_auth_id: "64fe2b1a-b33a-4f13-8442-ad8360434003"
+      github_pr_org_list:
+         - "omec-project"
+      jobs:
+         -  "up4-jobs":
+               stream: "master"
+               # As we run integration tests with 3 ONOS instances,
+               # we need a beefy node.
+               build-node: "ubuntu16.04-basebuild-8c-15g"
+
+-  job-group:
+      name: "up4-jobs"
+      jobs:
+         - "up4-pr-verify"
+
+-  job-template:
+      id: "up4-pr-verify"
+      name: "up4-pr-verify"
+      description: |
+         Created by {id} job-template from ci-management/up4.yaml<br/>
+
+      project-type: pipeline
+      concurrent: true
+
+      properties:
+         # Visibility restricted to Aether members only.
+         -  cord-infra-aether-private:
+         -  cord-infra-properties:
+               build-days-to-keep: "15"
+               artifact-num-to-keep: "-1"
+         -  github:
+               url: "https://github.com/{github-organization}/{project}"
+
+      parameters:
+         -  string:
+               name: buildNode
+               default: "{build-node}"
+               description: "Name of the Jenkins executor node to run the job on."
+         -  string:
+               name: sha1
+               default: "origin/{stream}"
+               description: "The actual commit or branch to build."
+
+      # Run pipeline that is checked-in in the same PR we want to verify.
+      pipeline-scm:
+         script-path: ".jenkins/Jenkinsfile"
+         scm:
+            -  git:
+                  url: "git@github.com:{github-organization}/{project}.git"
+                  credentials-id: "github-onf-bot-ssh-key"
+                  refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
+                  branches:
+                     - "$sha1"
+                  submodule:
+                     disable: true
+                  shallow-clone: true
+
+      triggers:
+         -  cord-infra-github-pr-trigger:
+               github_pr_org_list: "{obj:github_pr_org_list}"
+               github_pr_auth_id: "{github_pr_auth_id}"
+               status_context: "up4-pr-verify"
+
+      wrappers:
+         -  lf-infra-wrappers:
+               build-timeout: "{build-timeout}"
+               jenkins-ssh-credential: "{jenkins-ssh-credential}"