1 .. _lf-global-jjb-release:
3 #######################
4 Self-Serve Release Jobs
5 #######################
7 Self-serve release jobs allow a project team to direct Jenkins to
8 promote a jar file or container image from a staging area to a release
9 area. To trigger the action, create a releases/ or .releases/
10 directory, add a release yaml file to it, and submit a change set with
11 one release yaml file to Gerrit. Upon merge of the change, Jenkins will
12 sign the reference extrapolated by log_dir and promote the artifact. The
13 expected format of the release yaml file appears in schemas and examples
16 The build node for maven and container release jobs must be CentOS,
17 which supports the sigul client for accessing a signing server. The
18 build node for container release jobs must have Docker installed.
20 A Jenkins user can also trigger a release job via the "Build with
21 parameters" action, removing the need for a release yaml file. The
22 user must enter parameters in the same way as a release yaml file,
23 except for the special USE_RELEASE_FILE and DRY_RUN check boxes. The
24 user must uncheck the USE_RELEASE_FILE check box if the job should
25 run with a release file, while passing the required information as
26 build parameters. Similarly, the user must uncheck the DRY_RUN check
27 box to test the job while skipping repository promotion to Nexus.
29 The special parameters are as follows::
31 GERRIT_BRANCH = master
33 LOG_DIR = example-project-maven-stage-master/17/
34 DISTRIBUTION_TYPE = maven
35 USE_RELEASE_FILE = false
40 The release file regex is: (releases\/.*\.yaml|\.releases\/.*\.yaml).
41 In words, the directory name can be ".releases" or "releases"; the file
42 name can be anything with suffix ".yaml".
44 The JSON schema for a maven release job appears below.
49 $schema: "http://json-schema.org/schema#"
50 $id: "https://github.com/lfit/releng-global-jjb/blob/master/release-schema.yaml"
69 Example of a maven release file:
73 $ cat releases/1.0.0-maven.yaml
75 distribution_type: 'maven'
77 project: 'example-project'
78 log_dir: 'example-project-maven-stage-master/17/'
81 The JSON schema for a container release job appears below.
86 $schema: "http://json-schema.org/schema#"
87 $id: "https://github.com/lfit/releng-global-jjb/blob/master/release-container-schema.yaml"
93 - "container_release_tag"
104 additionalProperties: false
109 container_release_tag:
111 container_pull_registry"
113 container_push_registry"
119 An example of a container release file appears below. The job tags the
120 git repository at the specified commit reference. The job applies the
121 container_release_tag string to all released containers. The job uses the
122 per-container version strings to pull images from the container registry.
126 $ cat releases/1.0.0-container.yaml
128 distribution_type: 'container'
129 container_release_tag: '1.0.0'
130 container_pull_registry: 'nexus.onap.org:10003"
131 container_push_registry: 'nexus.onap.org:10002"
133 ref: d1b9cd2dd345fbeec0d3e2162e008358b8b663b2
136 version: 1.0.0-20190806T184921Z
137 - name: test-frontend
138 version: 1.0.0-20190806T184921Z
141 Example of a Jenkins job configuration that uses the global-jjb
142 templates for Gerrit:
147 name: my-project-release
149 project-name: my-project
150 build-node: centos7-docker-4c-4g
151 mvn-settings: my-project-settings
153 - '{project-name}-gerrit-release-jobs'
158 Release Engineers: please follow the setup guide below before adding the job definition.
161 Setup for LFID, Nexus, Jenkins and Gerrit
162 =========================================
167 Create an ``lfid`` and an ``ssh-key``
169 ``YOUR_RELEASE_USERNAME`` for example: onap-release
171 ``YOUR_RELEASE_EMAIL`` for example: collab-it+onap-release@linuxfoundation.org
177 ssh-keygen -t rsa -C "collab-it+odl-release@linuxfoundation.org" -f /tmp/odl-release
180 `Create an LFID with the above values <https://identity.linuxfoundation.org>`_
186 Create a Nexus account called ``'jenkins-release'`` with promote privileges.
188 .. image:: ../_static/nexus-promote-privs.png
193 Log into your Gerrit with ``YOUR_RELEASE_USERNAME``, upload the public
194 part of the ``ssh-key`` you created earlier. Log out of Gerrit and log
195 in again with your normal account for the next steps.
198 In Gerrit create a new group called ``self-serve-release`` and give it
199 direct push rights via ``All-Projects`` Add ``YOUR_RELEASE_USERNAME``
200 to group ``self-serve-release`` and group ``Non-Interactive Users``
203 In All project, grant group self-serve-release the following:
207 [access "refs/heads/*"]
208 push = group self-serve-release
209 [access "refs/tags/*"]
210 createTag = group self-serve-release
211 createSignedTag = group self-serve-release
212 forgeCommitter = group self-serve-release
213 push = group self-serve-release
219 Add a global credential to Jenkins called ``jenkins-release`` and set
220 the ID: ``'jenkins-release'`` as its value insert the private half of
221 the ``ssh-key`` that you created for your Gerrit user.
223 Add Global vars in Jenkins:
224 Jenkins configure -> Global properties -> Environment variables
226 ``RELEASE_USERNAME = YOUR_RELEASE_USERNAME``
227 ``RELEASE_EMAIL = YOUR_RELEASE_EMAIL``
232 Add these variables to your global-vars-$SILO.sh file or they will
235 Jenkins configure -> Managed Files -> Add a New Config -> Custom File
238 Name: SIGNING_PUBKEY (optional)
239 Comment: SIGNING_PUBKEY (optional)
241 Content: (Ask Andy for the public signing key)
242 -----BEGIN PGP PUBLIC KEY BLOCK-----
245 Add or edit the managed file in Jenkins called ``lftoolsini``,
246 appending a nexus section: Jenkins Settings -> Managed files -> Add
247 (or edit) -> Custom file
252 username=jenkins-release
253 password=<plaintext password>
258 Upgrade your project's global-jjb if needed, then add the following to
259 your global defaults file (e.g., jjb/defaults.yaml).
263 jenkins-ssh-release-credential: 'jenkins-release'
271 Release verify and merge jobs are the same except for their scm,
272 trigger, and builders definition. This anchor is the common template.
280 :Template Name: {project-name}-release-merge
282 :Comment Trigger: remerge
284 :Required parameters:
286 :build-node: The node to run build on.
287 :jenkins-ssh-release-credential: Credential to use for SSH. (Generally set
289 :stream: run this job against: **
291 :Optional parameters:
293 :branch: Git branch to fetch for the build. (default: all)
294 :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
295 :build-timeout: Timeout in minutes before aborting build. (default: 15)
296 :project-pattern: Project to trigger build against. (default: \*\*)
298 :gerrit_merge_triggers: Override Gerrit Triggers.
299 :gerrit_trigger_file_paths: Override file paths filter which checks which
300 file modifications will trigger a build.
303 - compare-type: REG_EXP
304 pattern: '(releases\/.*\.yaml|\.releases\/.*\.yaml)'
310 :Template Name: {project-name}-release-verify
312 :Comment Trigger: recheck|reverify
314 :Required Parameters:
316 :build-node: The node to run build on.
317 :jenkins-ssh-credential: Credential to use for SSH. (Generally set
319 :stream: run this job against: **
321 :Optional Parameters:
323 :branch: Git branch to fetch for the build. (default: all)
324 :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
325 :build-node: The node to run build on.
326 :build-timeout: Timeout in minutes before aborting build. (default: 15)
327 :doc-dir: Directory where tox will place built docs.
328 as defined in the tox.ini (default: docs/_build/html)
329 :gerrit-skip-vote: Skip voting for this job. (default: false)
330 :git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
331 :project-pattern: Project to trigger build against. (default: \*\*)
333 :gerrit_verify_triggers: Override Gerrit Triggers.
334 :gerrit_trigger_file_paths: Override file paths filter which checks which
335 file modifications will trigger a build.
338 - compare-type: REG_EXP
339 pattern: '(releases\/.*\.yaml|\.releases\/.*\.yaml)'