1 .. _lf-global-jjb-release:
3 #######################
4 Self Serve Release Jobs
5 #######################
7 Self serve release jobs allow a project to create a releases/ or .releases/ directory and then place a release yaml file in it.
8 Jenkins will pick this up and sign the ref extrapolated by log_dir and promote the artifact, whether maven or container.
10 Maven release jobs can also trigger via "Build with parameters" negating the need for a release file.
11 The parameters will need to be filled out in the same was as a release file's would, excepting the speacial
12 USE_RELEASE_FILE parameter which will need to be set to False to inform the job that it should not expect a release file.
13 The Special Parameters are as follows:
15 GERRIT_BRANCH = master
17 LOG_DIR = example-project-maven-stage-master/17/
18 DISTRIBUTION_TYPE = maven
19 USE_RELEASE_FILE = false
23 Example of a maven release file:
27 Release files regex: (releases\/.*\.yaml|\.releases\/.*\.yaml)
28 directory can be .releases/ or releases/
29 file can be ANYTHING.yaml
34 $ cat releases/maven-1.0.0.yaml
36 distribution_type: 'maven'
38 project: 'example-project'
39 log_dir: 'example-project-maven-stage-master/17/'
42 Example of a container release file:
46 $ cat releases/container-1.0.0.yaml
48 distribution_type: 'container'
53 version: 1.0.0-20190806T184921Z
55 version: 1.0.0-20190806T184921Z
60 Job should be appended under gerrit-maven-stage
61 Example of a terse Jenkins job to call global-jjb macro:
67 build-node: centos7-docker-8c-8g
68 maven-versions-plugin: true
69 - '{project-name}-gerrit-release-jobs':
70 build-node: centos7-docker-8c-8g
74 Release Engineers Please follow the setup guide before adding the job definition:
77 Setup for LFID Nexus Jenkins and Gerrit:
78 ========================================
83 Create an ``lfid`` and an ``ssh-key``
85 ``YOUR_RELEASE_USERNAME`` for example: onap-release
86 ``YOUR_RELEASE_EMAIL`` for example: collab-it+onap-release@linuxfoundation.org
92 ssh-keygen -t rsa -C "collab-it+odl-release@linuxfoundation.org" -f /tmp/odl-release
95 `Create an LFID with the above values <https://identity.linuxfoundation.org>`_
101 Create a Nexus account called ``'jenkins-release'`` with promote privileges.
103 .. image:: ../_static/nexus-promote-privs.png
108 Log into your Gerrit with ``YOU_RELEASE_USERNAME``, upload the publick part of the ``ssh-key`` you created earlier.
109 Log out of Gerrit and log in again with your normal account for the next steps.
112 In Gerrit create a new group called ``self-serve-release`` and give it direct push rights via ``All-Projects``
113 Add ``YOUR_RELEASE_USERNAME`` to group ``self-serve-release`` and group ``Non-Interactive Users``
116 In All project, grant group self-serve-release the following:
120 [access "refs/heads/*"]
121 push = group self-serve-release
122 [access "refs/tags/*"]
123 createTag = group self-serve-release
124 createSignedTag = group self-serve-release
125 forgeCommitter = group self-serve-release
126 push = group self-serve-release
132 Add a global credential to Jenkins called ``jenkins-release`` and set the ID: ``'jenkins-release'``
133 as its value insert the private half of the ``ssh-key`` that you created for your Gerrit user.
135 Add Global vars in Jenkins:
136 Jenkins configure -> Global properties -> Environment variables
138 ``RELEASE_USERNAME = YOUR_RELEASE_USERNAME``
139 ``RELEASE_EMAIL = YOUR_RELEASE_EMAIL``
141 Jenkins configure -> Managed Files -> Add a New Config -> Custom File
144 Name: SIGNING_PUBKEY (optional)
145 Comment: SIGNING_PUBKEY (optional)
147 Content: (Ask Andy for the public signing key)
148 -----BEGIN PGP PUBLIC KEY BLOCK-----
151 Add or edit the managed file in Jenkins called ``lftoolsini``, appending a nexus section:
152 Jenkins Settings -> Managed files -> Add (or edit) -> Custom file
157 username=jenkins-release
158 password=<plaintext password>
163 Upgrade your projects global-jjb if needed
164 add this to your global defaults file (eg: jjb/defaults.yaml).
168 jenkins-ssh-release-credential: 'jenkins-release'
176 Release verify and merge jobs are the same except for their scm, trigger, and
177 builders definition. This anchor is the common template.
186 - {project-name}-release-merge
188 :Comment Trigger: remerge
190 :Required parameters:
192 :build-node: The node to run build on.
193 :jenkins-ssh-release-credential: Credential to use for SSH. (Generally set
195 :stream: run this job against: **
197 :Optional parameters:
199 :branch: Git branch to fetch for the build. (default: all)
200 :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
201 :build-timeout: Timeout in minutes before aborting build. (default: 15)
202 :project-pattern: Project to trigger build against. (default: \*\*)
204 :gerrit_merge_triggers: Override Gerrit Triggers.
205 :gerrit_trigger_file_paths: Override file paths filter which checks which
206 file modifications will trigger a build.
209 - compare-type: REG_EXP
210 pattern: '(releases\/.*\.yaml|\.releases\/.*\.yaml)'
217 - {project-name}-release-verify
219 :Comment Trigger: recheck|reverify
221 :Required Parameters:
223 :build-node: The node to run build on.
224 :jenkins-ssh-credential: Credential to use for SSH. (Generally set
226 :stream: run this job against: **
228 :Optional Parameters:
230 :branch: Git branch to fetch for the build. (default: all)
231 :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
232 :build-node: The node to run build on.
233 :build-timeout: Timeout in minutes before aborting build. (default: 15)
234 :doc-dir: Directory where tox will place built docs.
235 as defined in the tox.ini (default: docs/_build/html)
236 :gerrit-skip-vote: Skip voting for this job. (default: false)
237 :git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
238 :project-pattern: Project to trigger build against. (default: \*\*)
240 :gerrit_verify_triggers: Override Gerrit Triggers.
241 :gerrit_trigger_file_paths: Override file paths filter which checks which
242 file modifications will trigger a build.
245 - compare-type: REG_EXP
246 pattern: '(releases\/.*\.yaml|\.releases\/.*\.yaml)'