1 .. _lf-global-jjb-release:
3 #######################
4 Self-Serve Release Jobs
5 #######################
7 Self-serve release jobs allow a project team to direct Jenkins to promote jar files or container
8 images from staging areas to release areas. To trigger the action, create a releases/ or .releases/
9 directory, place one or more release yaml files in it, and submit the change to Gerrit. Upon merge
10 of the change, Jenkins will sign the reference(s) extrapolated by log_dir and promote the artifact(s).
12 Release jobs can also be triggered from Jenkins via the "Build with parameters" action, removing the
13 need for a release yaml file. The parameters must be filled out in the same way as a release file,
14 except for the special USE_RELEASE_FILE and DRY_RUN check boxes. The USE_RELEASE_FILE check box must
15 be unchecked if the job is expected to run with a release file, while passing the required information
16 as build parameters. Similarly, the DRY_RUN check box must be unchecked if the job needs to be tested
17 while skipping repository promotion to Nexus.
19 The special parameters are as follows::
21 GERRIT_BRANCH = master
23 LOG_DIR = example-project-maven-stage-master/17/
24 DISTRIBUTION_TYPE = maven
25 USE_RELEASE_FILE = false
30 The release files regex is: (releases\/.*\.yaml|\.releases\/.*\.yaml).
31 In words, the directory name can be ".releases" or "releases"; the file
32 name can be any name with suffix ".yaml".
34 Example of a maven release file:
38 $ cat releases/maven-1.0.0.yaml
40 distribution_type: 'maven'
42 project: 'example-project'
43 log_dir: 'example-project-maven-stage-master/17/'
46 Example of a container release file:
50 $ cat releases/container-1.0.0.yaml
52 distribution_type: 'container'
57 version: 1.0.0-20190806T184921Z
59 version: 1.0.0-20190806T184921Z
64 Job should be appended under gerrit-maven-stage
66 Example of a terse Jenkins job to call the global-jjb macro:
72 build-node: centos7-docker-8c-8g
73 maven-versions-plugin: true
74 - '{project-name}-gerrit-release-jobs':
75 build-node: centos7-docker-8c-8g
79 Release Engineers: please follow the setup guide below before adding the job definition.
82 Setup for LFID, Nexus, Jenkins and Gerrit
83 =========================================
88 Create an ``lfid`` and an ``ssh-key``
90 ``YOUR_RELEASE_USERNAME`` for example: onap-release
92 ``YOUR_RELEASE_EMAIL`` for example: collab-it+onap-release@linuxfoundation.org
98 ssh-keygen -t rsa -C "collab-it+odl-release@linuxfoundation.org" -f /tmp/odl-release
101 `Create an LFID with the above values <https://identity.linuxfoundation.org>`_
107 Create a Nexus account called ``'jenkins-release'`` with promote privileges.
109 .. image:: ../_static/nexus-promote-privs.png
114 Log into your Gerrit with ``YOU_RELEASE_USERNAME``, upload the public part of the ``ssh-key`` you
115 created earlier. Log out of Gerrit and log in again with your normal account for the next steps.
118 In Gerrit create a new group called ``self-serve-release`` and give it direct push rights via ``All-Projects``
119 Add ``YOUR_RELEASE_USERNAME`` to group ``self-serve-release`` and group ``Non-Interactive Users``
122 In All project, grant group self-serve-release the following:
126 [access "refs/heads/*"]
127 push = group self-serve-release
128 [access "refs/tags/*"]
129 createTag = group self-serve-release
130 createSignedTag = group self-serve-release
131 forgeCommitter = group self-serve-release
132 push = group self-serve-release
138 Add a global credential to Jenkins called ``jenkins-release`` and set the ID: ``'jenkins-release'``
139 as its value insert the private half of the ``ssh-key`` that you created for your Gerrit user.
141 Add Global vars in Jenkins:
142 Jenkins configure -> Global properties -> Environment variables
144 ``RELEASE_USERNAME = YOUR_RELEASE_USERNAME``
145 ``RELEASE_EMAIL = YOUR_RELEASE_EMAIL``
147 Jenkins configure -> Managed Files -> Add a New Config -> Custom File
150 Name: SIGNING_PUBKEY (optional)
151 Comment: SIGNING_PUBKEY (optional)
153 Content: (Ask Andy for the public signing key)
154 -----BEGIN PGP PUBLIC KEY BLOCK-----
157 Add or edit the managed file in Jenkins called ``lftoolsini``, appending a nexus section:
158 Jenkins Settings -> Managed files -> Add (or edit) -> Custom file
163 username=jenkins-release
164 password=<plaintext password>
169 Upgrade your project's global-jjb if needed, then add the following to your global defaults
170 file (e.g., jjb/defaults.yaml).
174 jenkins-ssh-release-credential: 'jenkins-release'
182 Release verify and merge jobs are the same except for their scm, trigger, and
183 builders definition. This anchor is the common template.
191 :Template Name: {project-name}-release-merge
193 :Comment Trigger: remerge
195 :Required parameters:
197 :build-node: The node to run build on.
198 :jenkins-ssh-release-credential: Credential to use for SSH. (Generally set
200 :stream: run this job against: **
202 :Optional parameters:
204 :branch: Git branch to fetch for the build. (default: all)
205 :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
206 :build-timeout: Timeout in minutes before aborting build. (default: 15)
207 :project-pattern: Project to trigger build against. (default: \*\*)
209 :gerrit_merge_triggers: Override Gerrit Triggers.
210 :gerrit_trigger_file_paths: Override file paths filter which checks which
211 file modifications will trigger a build.
214 - compare-type: REG_EXP
215 pattern: '(releases\/.*\.yaml|\.releases\/.*\.yaml)'
221 :Template Name: {project-name}-release-verify
223 :Comment Trigger: recheck|reverify
225 :Required Parameters:
227 :build-node: The node to run build on.
228 :jenkins-ssh-credential: Credential to use for SSH. (Generally set
230 :stream: run this job against: **
232 :Optional Parameters:
234 :branch: Git branch to fetch for the build. (default: all)
235 :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
236 :build-node: The node to run build on.
237 :build-timeout: Timeout in minutes before aborting build. (default: 15)
238 :doc-dir: Directory where tox will place built docs.
239 as defined in the tox.ini (default: docs/_build/html)
240 :gerrit-skip-vote: Skip voting for this job. (default: false)
241 :git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
242 :project-pattern: Project to trigger build against. (default: \*\*)
244 :gerrit_verify_triggers: Override Gerrit Triggers.
245 :gerrit_trigger_file_paths: Override file paths filter which checks which
246 file modifications will trigger a build.
249 - compare-type: REG_EXP
250 pattern: '(releases\/.*\.yaml|\.releases\/.*\.yaml)'