:Required Parameters:
+ :jjb-cache: Location of Jenkins Job Builder (JJB) cache used for jjb
+ jobs.
:jjb-version: Version of Jenkins Job Builder (JJB) to install and use in
the jjb jobs.
Provides jenkins_jobs.ini configuration for Jenkins.
-lf-infra-jjbini-sandbox
------------------------
-
-Provides jenkins_jobs.ini configuration for Jenkins sandbox.
-
-.. todo:: This needs to be consolidated into lf-infra-jjbini when JJB 2.0 is available
-
lf-packer-common
----------------
Gerrit file-paths for packer verify jobs.
+lf-puppet-parameters
+--------------------
+
+Parameters useful for Puppet related tasks.
+
+:Parameters:
+
+ :puppet-lint-version: Version of puppet-lint to install / use.
+ (shell: PUPPET_LINT_VERSION)
+
Job Templates
=============
Gerrit Branch Lock
------------------
-Job submits a patch to lock or unlock a project's branch.
+Job submits a patch to lock or unlock a project's branch. This should only be
+loaded once, as "ci-management-gerrit-branch-lock" (or "ci-management"
+equivalent). That job will process lock/unlock requests for all projects and
+all branches.
:Template Names:
- - {project-name}-gerrit-branch-lock-{stream}
+ - {project-name}-gerrit-branch-lock
- gerrit-branch-lock
:Comment Trigger:
:Optional parameters:
- :branch: Git branch to build against. (default: master)
:git-url: URL to clone project from. (default: $GIT_URL/$GERRIT_PROJECT)
- :stream: Keyword that can be used to represent a release code-name.
- Often the same as the branch. (default: master)
:submodule-timeout: Timeout (in minutes) for checkout operation.
(default: 10)
:gerrit_merge_triggers: Override Gerrit Triggers.
used to push to Jenkins. In the event of a job failure this file can be
inspected.
+ .. _lf-global-jjb-jenkins-cfg-verify:
+
+Jenkins Configuration Verify
+----------------------------
+
+Jenkins job to verify the Global Jenkins configuration.
+
+Requires the ``clouds-yaml`` file to be setup on the Jenkins host.
+
+:Template names:
+
+ - {project-name}-jenkins-cfg-verify
+ - gerrit-jenkins-cfg-verify
+ - github-jenkins-cfg-verify
+
+:Optional parameters:
+
+ :branch: Git branch to build against. (default: master)
+ :git-url: URL to clone project from. (default: $GIT_URL/$GERRIT_PROJECT)
+
+This job is not part of the "{project-name}-ci-jobs" group. It must be called
+explicitly.
+
+Example:
+
+.. literalinclude:: ../../.jjb-test/lf-ci-jobs/jenkins-cfg-verify.yaml
+ :language: yaml
+
+
+.. _jenkins-sandbox-cleanup:
Jenkins Sandbox Cleanup
-----------------------
:cron: Schedule to run job. (default: '0 8 * * 6')
+.. _jjb-deploy:
+
JJB Deploy Job
--------------
-Deploy jobs to jenkins-sandbox system via code review comment
+Deploy jobs to jenkins-sandbox system via code review comment.
This job checks out the current code review patch and then runs a
-`jenkins-jobs update` to push a patch defined by the comment.
+``jenkins-jobs update`` to push a patch defined by the comment.
:Template names:
.. note::
+ The JJB Deploy Job is configured to trigger only if the Gerrit comment
+ starts with the `jjb-deploy` keyword.
+
+ Example of a valid command in Gerrit comment that triggers the job:
+
+ ``jjb-deploy builder-jjb-*``
+
+ Example of a invalid command in Gerrit comment that would _not_ trigger
+ the job:
+
+ ``Update the job. jjb-deploy builder-jjb-*``
+
JOB_NAME can include the * wildcard character to push multiple jobs
- matching the pattern. For example `jjb-deploy builder-jjb-*`` will push
+ matching the pattern. For example ``jjb-deploy builder-jjb-*`` will push
all builder-jjb-* jobs to the sandbox system.
:Required parameters:
:gerrit_jjb_deploy_job_triggers: Override Gerrit Triggers.
+.. _jjb-merge:
+
JJB Merge
---------
:build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
:build-timeout: Timeout in minutes before aborting build. (default: 10)
:git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
+ :jjb-cache: JJB cache location. (default: $HOME/.cache/jenkins_jobs)
+ :jjb-workers: Number of threads to run **update** with. Set to 0 by default
+ which is equivalent to the number of available CPU cores. (default: 0)
:jjb-version: JJB version to install. (default: see job-template)
:stream: Keyword that can be used to represent a release code-name.
Often the same as the branch. (default: master)
(default: true)
:submodule-timeout: Timeout (in minutes) for checkout operation.
(default: 10)
+ :submodule-disable: Disable submodule checkout operation.
+ (default: false)
:gerrit_merge_triggers: Override Gerrit Triggers.
:gerrit_trigger_file_paths: Override file paths which can be used to
(default defined by lf_jjb_common)
+.. _jjb-verify:
+
JJB Verify
----------
:Optional parameters:
:branch: Git branch to fetch for the build. (default: master)
+ :build-concurrent: Whether or not to allow this job to run multiple jobs
+ simultaneously. (default: true)
:build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
:build-timeout: Timeout in minutes before aborting build. (default: 10)
:git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
+ :jjb-cache: JJB cache location. (default: $HOME/.cache/jenkins_jobs)
:jjb-version: JJB version to install. (default: see job-template)
:stream: Keyword that can be used to represent a release code-name.
Often the same as the branch. (default: master)
(default: true)
:submodule-timeout: Timeout (in minutes) for checkout operation.
(default: 10)
+ :submodule-disable: Disable submodule checkout operation.
+ (default: false)
+ :throttle_categories: List of categories to throttle by.
+ :throttle-enabled: Whether or not to enable throttling on the job.
+ (default: true)
+ :throttle-max-per-node: Max jobs to run on the same node. (default: 1)
+ :throttle-max-total: Max jobs to run across the entire project. - 0
+ means 'unlimited' (default: 0)
+ :throttle-option: Throttle by the project or by list of categories
+ defined in the throttle plugin configuration. (options: 'project',
+ 'category'; default: project)
:gerrit_verify_triggers: Override Gerrit Triggers.
:gerrit_trigger_file_paths: Override file paths which can be used to
:build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
:build-timeout: Timeout in minutes before aborting build. (default: 10)
:git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
+ :jjb-cache: JJB cache location. (default: $HOME/.cache/jenkins_jobs)
:jjb-version: JJB version to install. (default: see job-template)
:stream: Keyword that can be used to represent a release code-name.
Often the same as the branch. (default: master)
Info YAML Verify job validates that INFO.yaml file changes are kept isolated from
other file changes. Verifies INFO.yaml files follow the schema defined in
-`global-jjb/info-schema`.
+`lfit/releng-global-jjb/schema/info-schema.yaml`.
:Template Names:
- {project-name}-info-yaml-verify
(default: true)
:submodule-timeout: Timeout (in minutes) for checkout operation.
(default: 10)
+ :submodule-disable: Disable submodule checkout operation.
+ (default: false)
:gerrit_verify_triggers: Override Gerrit Triggers.
:build-node: The node to run build on.
:jenkins-ssh-credential: Credential to use for SSH. (Generally should
be configured in defaults.yaml)
+ :jenkins-urls: URLs to Jenkins systems to check for active builds.
+
+:Optional parameters:
+
+ :branch: Git branch to fetch for the build. (default: master)
+ :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
+ :build-timeout: Timeout in minutes before aborting build. (default: 90)
+ :cron: Time when the packer image should be rebuilt (default: @hourly)
+ :git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
+ :openstack-cloud: OS_CLOUD setting to pass to openstack client.
+ (default: vex)
+ :openstack-image-cleanup: Whether or not to run the image cleanup script.
+ (default: true)
+ :openstack-image-cleanup-age: Age in days of image before marking it for
+ removal. (default: 30)
+ :openstack-image-protect: Whether or not to run the image protect script.
+ (default: true)
+ :openstack-server-cleanup: Whether or not to run the server cleanup script.
+ (default: true)
+ :openstack-stack-cleanup: Whether or not to run the stack cleanup script.
+ (default: true)
+ :openstack-volume-cleanup: Whether or not to run the volume cleanup script.
+ (default: true)
+ :stream: Keyword that can be used to represent a release code-name.
+ Often the same as the branch. (default: master)
+ :submodule-recursive: Whether to checkout submodules recursively.
+ (default: true)
+ :submodule-timeout: Timeout (in minutes) for checkout operation.
+ (default: 10)
+ :submodule-disable: Disable submodule checkout operation.
+ (default: false)
+
+Minimal Example:
+
+.. literalinclude:: ../../.jjb-test/lf-ci-jobs/openstack-cron-minimal.yaml
+
+Full Example:
+
+.. literalinclude:: ../../.jjb-test/lf-ci-jobs/openstack-cron-full.yaml
+
+.. _gjjb-openstack-update-cloud-image:
+
+OpenStack Update Cloud Image
+----------------------------
+
+This job finds and updates OpenStack cloud images on the ci-management source
+repository.
+
+The job is triggered in two ways:
+
+1. When packer merge job completes, the new image name created is passed
+ down to the job.
+2. When the job is triggered manually to update all new images.
+
+When the job is triggered through an upstream packer merge job, this only
+generates a change request for the new image built.
+
+When the job is triggered manually, this job finds the latest images on
+OpenStack cloud and compares them with the images currently used in the source
+ci-management source repository. If the compared images have newer
+time stamps are **all** updated through a change request.
+
+This job requires a Jenkins configuration merge and verify job setup and
+working on Jenkins.
+
+:Template Names:
+ - {project-name}-openstack-update-cloud-image
+ - gerrit-openstack-update-cloud-image
+ - github-openstack-update-cloud-image
+
+:Required parameters:
+
+ :build-node: The node to run build on.
+ :jenkins-ssh-credential: Credential to use for SSH. (Generally should
+ be configured in defaults.yaml)
+ :new-image-name: Name of new image name passed from packer merge job or
+ set to 'all' to update all images. (default: all)
:Optional parameters:
:branch: Git branch to fetch for the build. (default: master)
:build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
:build-timeout: Timeout in minutes before aborting build. (default: 90)
- :cron: Time when the packer image should be rebuilt (default: @daily)
:git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
:openstack-cloud: OS_CLOUD setting to pass to openstack client.
(default: vex)
(default: true)
:submodule-timeout: Timeout (in minutes) for checkout operation.
(default: 10)
+ :submodule-disable: Disable submodule checkout operation.
+ (default: false)
+ :update-cloud-image: Submit a change request to update new built cloud
+ image to Jenkins. (default: false)
+
+Minimal Example:
+
+.. literalinclude:: ../../.jjb-test/lf-ci-jobs/openstack-update-cloud-image-minimal.yaml
+
+Full Example:
+
+.. literalinclude:: ../../.jjb-test/lf-ci-jobs/openstack-update-cloud-image-full.yaml
+
.. _gjjb-packer-merge:
(default: true)
:submodule-timeout: Timeout (in minutes) for checkout operation.
(default: 10)
+ :submodule-disable: Disable submodule checkout operation.
+ (default: false)
:gerrit_verify_triggers: Override Gerrit Triggers.
+ :update-cloud-image: Submit a change request to update new built cloud
+ image to Jenkins. (default: false)
+
+
+Test an in-progress patch
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+To test an in-progress patch from a GitHub Pull Request. Upload this
+job to the :doc:`Jenkins Sandbox <lfdocs:jenkins-sandbox>`. Then when manually
+building the job replace the GERRIT_REFSPEC parameter with the GitHub Pull
+Request number of the patch you would like to test.
+
+Example GitHub:
+.. code-block:: none
+
+ GERRIT_REFSPEC: origin/pr/49/merge
.. _gjjb-packer-verify:
(default: true)
:submodule-timeout: Timeout (in minutes) for checkout operation.
(default: 10)
+ :submodule-disable: Disable submodule checkout operation.
+ (default: false)
:gerrit_verify_triggers: Override Gerrit Triggers.
:gerrit_trigger_file_paths: Override file paths which can be used to
filter which file modifications will trigger a build.
+
+
+Puppet Verify
+-------------
+
+Runs puppet-lint in the ``puppet-dir`` directory. puppet-lint runs recursively,
+the base directory is usually the best place to run from.
+
+:Template Names:
+
+ - {project-name}-puppet-verify
+ - gerrit-puppet-verify
+ - github-puppet-verify
+
+:Comment Trigger: recheck|reverify
+
+:Required Parameters:
+
+ :build-node: The node to run build on.
+ :jenkins-ssh-credential: Credential to use for SSH. (Generally set
+ in defaults.yaml)
+
+:Optional Parameters:
+
+ :branch: The branch to build against. (default: master)
+ :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
+ :build-timeout: Timeout in minutes before aborting build. (default: 15)
+ :gerrit_trigger_file_paths: Override file paths which used to filter which
+ file modifications will trigger a build. Refer to JJB documentation for
+ "file-path" details.
+ https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit
+ :git-url: URL clone project from. (default: $GIT_URL/$GERRIT_PROJECT)
+ :puppet-dir: Directory containing the project's puppet module(s) relative
+ to the workspace.
+ (default: '')
+ :puppet-lint-version: Version of puppet-lint to use for testing.
+ (default: 2.3.6)
+ :stream: Keyword representing a release code-name.
+ Often the same as the branch. (default: master)
+ :submodule-recursive: Whether to checkout submodules recursively.
+ (default: true)
+ :submodule-timeout: Timeout (in minutes) for checkout operation.
+ (default: 10)
+ :submodule-disable: Disable submodule checkout operation.
+ (default: false)
+
+
+Sonar
+-----
+
+Runs Jenkins Sonarqube plug-in to review for bugs, code smells,
+and security vulnerabilities.
+
+Requires ``SonarQube Scanner for Jenkins``
+
+Plug-in configurations
+ Manage Jenkins --> Configure System --> SonarQube servers
+ - Name: Sonar (fixed)
+ - Server URL: https://sonar.server.org/ or https://sonarcloud.io
+ - Server authentication token: none for local, API token (saved as a
+ "secret text" credential) for Sonarcloud
+
+ Manage Jenkins --> Global Tool Configuration --> SonarQube Scanner
+ - Name: SonarQube Scanner (fixed)
+ - Install automatically
+ - Select latest version
+
+.. note:: Sonar properties can be set directly in the job definition by
+ setting the sonar-project-file to ``""`` and adding all properties under
+ ``sonar-properties``.
+
+:Template Names:
+
+ - {project-name}-sonar
+ - gerrit-sonar
+ - github-sonar
+
+:Optional Parameters:
+ :sonar-task: Sonar task to run. (default: "")
+ :sonar-project-file: The filename for the project's properties
+ (default: "sonar-project.properties")
+ :sonar-properties: Sonar configuration properties. (default: "")
+ :sonar-java-opts: JVM options. (default: "")
+ :sonar-additional-args: Additional command line arguments. (default: "")
+
+
+Sonar with Prescan
+------------------
+
+The same as the Sonar job above, except the caller also defines a builder
+called ``lf-sonar-prescan``, in which they can put any builders that they want
+to run prior to the Sonar scan.
+
+.. code-block:: yaml
+
+ - builder:
+ name: lf-sonar-prescan
+ builders:
+ - shell: "# Pre-scan shell script"
+
+:Template Names:
+
+ - {project-name}-sonar-prescan
+ - gerrit-sonar-prescan
+ - github-sonar-prescan
+
+:Required Parameters:
+ :lf-sonar-prescan: A builder that will run prior to the Sonar scan.
+
+:Optional Parameters:
+ :sonar-task: Sonar task to run. (default: "")
+ :sonar-project-file: The filename for the project's properties
+ (default: "sonar-project.properties")
+ :sonar-properties: Sonar configuration properties. (default: "")
+ :sonar-java-opts: JVM options. (default: "")
+ :sonar-additional-args: Additional command line arguments. (default: "")
Code Review / releng / global-jjb.git / blobdiff