1 .. _lf-global-jjb-release:
3 #######################
4 Self Serve Release Jobs
5 #######################
7 Self serve release jobs allow a project to create a releases directory and then place a release file in it.
8 Jenkins will pick this up and then promote the artifact from the staging log directory (log_dir) and tag the release
9 with the defined version. maven_central_url is optional
13 Example of a maven release file:
17 $ cat releases/maven-1.0.0.yaml
19 distribution_type: 'maven'
21 project: 'example-project'
22 log_dir: 'example-project-maven-stage-master/17/'
25 Example of a container release file:
29 $ cat releases/container-1.0.0.yaml
31 distribution_type: 'container'
33 project: 'example-project'
34 log_dir: 'example-project-maven-docker-stage-master/17/'
39 Job should be appended under gerrit-maven-stage
40 Example of a terse Jenkins job to call global-jjb macro:
46 build-node: centos7-docker-8c-8g
47 maven-versions-plugin: true
48 - '{project-name}-gerrit-release-jobs':
49 build-node: centos7-docker-8c-8g
53 Release Engineers Please follow the setup guide before adding the job definition:
56 Setup for LFID Nexus Jenkins and Gerrit:
57 ========================================
62 Create an ``lfid`` and an ``ssh-key``
64 ``YOUR_RELEASE_USERNAME`` for example: onap-release
65 ``YOUR_RELEASE_EMAIL`` for example: collab-it+onap-release@linuxfoundation.org
71 ssh-keygen -t rsa -C "collab-it+odl-release@linuxfoundation.org" -f /tmp/odl-release
74 `Create an LFID with the above values <https://identity.linuxfoundation.org>`_
80 Create a Nexus account called ``'jenkins-release'`` with promote privileges.
82 .. image:: ../_static/nexus-promote-privs.png
87 Log into your Gerrit with ``YOU_RELEASE_USERNAME``, upload the publick part of the ``ssh-key`` you created earlier.
88 Log out of Gerrit and log in again with your normal account for the next steps.
91 In Gerrit create a new group called ``self-serve-release`` and give it direct push rights via ``All-Projects``
92 Add ``YOUR_RELEASE_USERNAME`` to group ``self-serve-release`` and group ``Non-Interactive Users``
95 In All project, grant group self-serve-release the following:
99 [access "refs/heads/*"]
100 push = group self-serve-release
101 [access "refs/tags/*"]
102 createTag = group self-serve-release
103 createSignedTag = group self-serve-release
104 forgeCommitter = group self-serve-release
105 push = group self-serve-release
111 Add a global credential to Jenkins called ``jenkins-release`` and set the ID: ``'jenkins-release'``
112 as its value insert the private portion of the ``ssh-key`` that you created for your Gerrit user.
114 Add Global vars in Jenkins:
115 Jenkins configure -> Global properties -> Environment variables
117 ``RELEASE_USERNAME = YOUR_RELEASE_USERNAME``
118 ``RELEASE_EMAIL = YOUR_RELEASE_EMAIL``
120 Jenkins configure -> Managed Files -> Add a New Config -> Custom File
123 Name: SIGNING_PUBKEY (optional)
124 Comment: SIGNING_PUBKEY (optional)
126 Content: (Ask Andy for the public signing key)
127 -----BEGIN PGP PUBLIC KEY BLOCK-----
130 Add or edit the managed file in Jenkins called ``lftoolsini``, appending a nexus section:
131 Jenkins Settings -> Managed files -> Add (or edit) -> Custom file
136 username=jenkins-release
137 password=<plaintext password>
142 Upgrade your projects global-jjb if needed
143 add this to your global defaults file (eg: jjb/defaults.yaml).
147 jenkins-ssh-release-credential: 'jenkins-release'
155 Release verify and merge jobs are the same except for their scm, trigger, and
156 builders definition. This anchor is the common template.
167 - sigul-configuration
168 - checkout ref from taglist.log
169 - applies the $PROJECT.bundle
170 - signs, tags and pushes
174 lftools nexus release --server $NEXUS_URL $STAGING_REPO
178 - {project-name}-release-merge-{stream}
180 :Comment Trigger: remerge
182 :Required parameters:
184 :build-node: The node to run build on.
185 :jenkins-ssh-release-credential: Credential to use for SSH. (Generally set
187 :stream: run this job against: **
189 :Optional parameters:
191 :branch: Git branch to fetch for the build. (default: all)
192 :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
193 :build-timeout: Timeout in minutes before aborting build. (default: 15)
194 :project-pattern: Project to trigger build against. (default: \*\*)
196 :gerrit_merge_triggers: Override Gerrit Triggers.
197 :gerrit_trigger_file_paths: Override file paths filter which checks which
198 file modifications will trigger a build.
202 pattern: 'releases/*.yaml'
208 Release verify job checks the schema and ensures that the staging-repo.txt.gz
209 is available on the job.
212 - sigul-configuration
213 - checkout ref from taglist.log
214 - applies the $PROJECT.bundle
215 - signs and shows signature
219 - {project-name}-release-verify-{stream}
221 :Comment Trigger: recheck|reverify
223 :Required Parameters:
225 :build-node: The node to run build on.
226 :jenkins-ssh-credential: Credential to use for SSH. (Generally set
228 :stream: run this job against: **
230 :Optional Parameters:
232 :branch: Git branch to fetch for the build. (default: all)
233 :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
234 :build-node: The node to run build on.
235 :build-timeout: Timeout in minutes before aborting build. (default: 15)
236 :doc-dir: Directory where tox will place built docs.
237 as defined in the tox.ini (default: docs/_build/html)
238 :gerrit-skip-vote: Skip voting for this job. (default: false)
239 :git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
240 :project-pattern: Project to trigger build against. (default: \*\*)
242 :gerrit_verify_triggers: Override Gerrit Triggers.
243 :gerrit_trigger_file_paths: Override file paths filter which checks which
244 file modifications will trigger a build.
248 pattern: 'releases/*.yaml'