X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=docs%2Fjjb%2Flf-ci-jobs.rst;h=9883dd7a74be04cb68729aa0ad8aca4f03da3dd6;hb=dac841636d7872b5f1028909a226b2d32b671a05;hp=f4e11d1d087806709f3e90b24ce749e7b262bd88;hpb=1446ca9ed6f9eab0f36a5a45f4b62a377341b7f5;p=releng%2Fglobal-jjb.git diff --git a/docs/jjb/lf-ci-jobs.rst b/docs/jjb/lf-ci-jobs.rst index f4e11d1d..9883dd7a 100644 --- a/docs/jjb/lf-ci-jobs.rst +++ b/docs/jjb/lf-ci-jobs.rst @@ -5,52 +5,42 @@ CI Jobs Job Groups ========== -{project-name}-ci-jobs ----------------------- +.. include:: ../job-groups.rst -Recommended jobs that should be deployed for CI using Gerrit. +Below is a list of CI job groups: -:Includes: - - - gerrit-jenkins-cfg-merge - - gerrit-jjb-deploy-job - - gerrit-jjb-merge - - gerrit-jjb-verify - -{project-name}-github-ci-jobs ------------------------------ - -Recommended jobs that should be deployed CI using GitHub. +.. literalinclude:: ../../jjb/lf-ci-job-groups.yaml + :language: yaml -:Includes: - - github-jenkins-cfg-merge - - github-jjb-deploy-job - - github-jjb-merge - - github-jjb-verify +Macros +====== -{project-name}-packer-jobs --------------------------- +lf-infra-jjb-parameters +----------------------- -Jobs related to Packer builds for CI using Gerrit. +:Required Parameters: -:Includes: + :jjb-cache: Location of Jenkins Job Builder (JJB) cache used for jjb + jobs. + :jjb-version: Version of Jenkins Job Builder (JJB) to install and use in + the jjb jobs. - - gerrit-packer-merge - - gerrit-packer-verify +lf-jenkins-cfg-clouds +--------------------- -{project-name}-github-packer-jobs ---------------------------------- +Deploys Jenkins Cloud configuration read from the ``jenkins-clouds`` directory +in ci-management repositories. -Jobs related to Packer builds for CI using GitHub. +.. note:: -:Includes: + Requires the jjbini file in Jenkins CFP to contain JJB 2.0 style + config definitions for "production" and "sandbox" systems. - - github-packer-merge - - github-packer-verify +:Required Parameters: -Macros -====== + :jenkins-silos: Space-separated list of Jenkins silos to update + configuration for as defined in ~/.config/jenkins_jobs/jenkins_jobs.ini lf-jenkins-cfg-global-vars -------------------------- @@ -66,7 +56,7 @@ ci-management/jenkins-config/global-vars-SILO.sh script. :Required parameters: - :jenkins-silos: Space separated list of Jenkins silos to update + :jenkins-silos: Space-separated list of Jenkins silos to update configuration for as defined in ~/.config/jenkins_jobs/jenkins_jobs.ini lf-infra-jjbini @@ -74,13 +64,6 @@ lf-infra-jjbini Provides jenkins_jobs.ini configuration for Jenkins. -lf-infra-jjbini-sandbox ------------------------ - -Provides jenkins_jobs.ini configuration for Jenkins sandbox. - -.. todo:: This needs to be consolidated into lf-infra-jjbini when JJB 2.0 is available - lf-packer-common ---------------- @@ -106,9 +89,21 @@ lf-packer-verify-file-paths Gerrit file-paths for packer verify jobs. +lf-puppet-parameters +-------------------- + +Parameters useful for Puppet related tasks. + +:Parameters: + + :puppet-lint-version: Version of puppet-lint to install / use. + (shell: PUPPET_LINT_VERSION) + Job Templates ============= +.. _gerrit-branch-lock: + Gerrit Branch Lock ------------------ @@ -118,6 +113,28 @@ Job submits a patch to lock or unlock a project's branch. - {project-name}-gerrit-branch-lock-{stream} - gerrit-branch-lock +:Comment Trigger: + + * lock branch + * unlock branch + +:Required parameters: + + :build-node: The node to run build on. + :jenkins-ssh-credential: Credential to use for SSH. (Generally + should be configured in defaults.yaml) + +:Optional parameters: + + :branch: Git branch to build against. (default: master) + :git-url: URL to clone project from. (default: $GIT_URL/$GERRIT_PROJECT) + :stream: Keyword that can be used to represent a release code-name. + Often the same as the branch. (default: master) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) + :gerrit_merge_triggers: Override Gerrit Triggers. .. _lf-global-jjb-jenkins-cfg-merge: @@ -150,7 +167,7 @@ Typically this template is automatically pulled in by the "{project-name}-ci-jobs" job-group and does not need to be explicitly called if the job group is being used. -Miniaml Example: +Minimal Example: .. literalinclude:: ../../.jjb-test/lf-ci-jobs/jenkins-cfg-merge-minimal.yaml :language: yaml @@ -189,11 +206,8 @@ currently the only cloud plugin supported. OpenStack Cloud plugin version supported: -* 2.30 -* 2.31 -* 2.32 -* 2.33 -* 2.34 +* 2.30 - 2.34 +* 2.35 - 2.37 Cloud configuration are managed via a directory structure in ci-management as follows: @@ -220,7 +234,7 @@ configuration in the format ``KEY=value``. (default: "os-cloud") :INSTANCE_CAP: Total number of instances the cloud will allow spin up. (default: null) - :SANDBOX_CAP: Total number of instances the clodu will allow to + :SANDBOX_CAP: Total number of instances the cloud will allow to spin up. This applies to "sandbox" systems and overrides the INSTANCE_CAP setting. (default: null) @@ -232,9 +246,10 @@ configuration in the format ``KEY=value``. the one defined in default clouds will be inherited. :IMAGE_NAME: The image name to use for this template. - (default: "") + (required) + :HARDWARE_ID: OpenStack flavor to use. (required) + :LABELS: Labels to assign to the vm. (default: FILE_NAME) - :HARDWARE_ID: OpenStack flavor to use. (default: "") :NETWORK_ID: OpenStack network to use. (default: "") :USER_DATA_ID: User Data to pass into the instance. (default: jenkins-init-script) @@ -259,6 +274,8 @@ configuration in the format ``KEY=value``. :RETENTION_TIME: Number of minutes to wait for an idle slave to be used again before it's removed. If set to -1, the slave will be kept forever. (default: 0) + :CONNECTION_TYPE: The connection type for Jenkins to connect to the build + minion. Valid options: JNLP, SSH. (default: "SSH") For a live example see the OpenDaylight project jenkins-config directory. https://github.com/opendaylight/releng-builder/tree/master/jenkins-config @@ -272,14 +289,70 @@ Troubleshooting used to push to Jenkins. In the event of a job failure this file can be inspected. + .. _lf-global-jjb-jenkins-cfg-verify: + +Jenkins Configuration Verify +---------------------------- + +Jenkins job to verify the Global Jenkins configuration. + +Requires the ``clouds-yaml`` file to be setup on the Jenkins host. + +:Template names: + + - {project-name}-jenkins-cfg-verify + - gerrit-jenkins-cfg-verify + - github-jenkins-cfg-verify + +:Optional parameters: + + :branch: Git branch to build against. (default: master) + :git-url: URL to clone project from. (default: $GIT_URL/$GERRIT_PROJECT) + +This job is not part of the "{project-name}-ci-jobs" group. It must be called +explicitly. + +Example: + +.. literalinclude:: ../../.jjb-test/lf-ci-jobs/jenkins-cfg-verify.yaml + :language: yaml + + +.. _jenkins-sandbox-cleanup: + +Jenkins Sandbox Cleanup +----------------------- + +Cleanup Jenkins Sandbox of jobs and views periodically. + +:Template names: + + - {project-name}-jenkins-sandbox-cleanup + - gerrit-jenkins-sandbox-cleanup + - github-jenkins-sandbox-cleanup + +:Comment Trigger: NONE + +:Required parameters: + + :build-node: The node to run build on. + :jenkins-ssh-credential: Credential to use for SSH. (Generally + should be configured in defaults.yaml) + +:Optional parameters: + + :cron: Schedule to run job. (default: '0 8 * * 6') + + +.. _jjb-deploy: JJB Deploy Job -------------- -Deploy jobs to jenkins-sandbox system via code review comment +Deploy jobs to jenkins-sandbox system via code review comment. This job checks out the current code review patch and then runs a -`jenkins-jobs update` to push a patch defined by the comment. +``jenkins-jobs update`` to push a patch defined by the comment. :Template names: @@ -291,8 +364,20 @@ This job checks out the current code review patch and then runs a .. note:: + The JJB Deploy Job is configured to trigger only if the Gerrit comment + starts with the `jjb-deploy` keyword. + + Example of a valid command in Gerrit comment that triggers the job: + + ``jjb-deploy builder-jjb-*`` + + Example of a invalid command in Gerrit comment that would _not_ trigger + the job: + + ``Update the job. jjb-deploy builder-jjb-*`` + JOB_NAME can include the * wildcard character to push multiple jobs - matching the pattern. For example `jjb-deploy builder-jjb-*`` will push + matching the pattern. For example ``jjb-deploy builder-jjb-*`` will push all builder-jjb-* jobs to the sandbox system. :Required parameters: @@ -307,6 +392,8 @@ This job checks out the current code review patch and then runs a :gerrit_jjb_deploy_job_triggers: Override Gerrit Triggers. +.. _jjb-merge: + JJB Merge --------- @@ -317,24 +404,32 @@ Runs `jenkins-jobs update` to update production job configuration - gerrit-jjb-merge - github-jjb-merge +:Comment Trigger: remerge + :Required parameters: :build-node: The node to run build on. :jenkins-ssh-credential: Credential to use for SSH. (Generally should be configured in defaults.yaml) - :mvn-settings: The name of settings file containing credentials for - the project. :Optional parameters: :branch: Git branch to fetch for the build. (default: master) :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) - :build-timeout: Timeout in seconds before aborting build. (default: 10) + :build-timeout: Timeout in minutes before aborting build. (default: 10) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :jjb-cache: JJB cache location. (default: $HOME/.cache/jenkins_jobs) + :jjb-workers: Number of threads to run **update** with. Set to 0 by default + which is equivalent to the number of available CPU cores. (default: 0) + :jjb-version: JJB version to install. (default: see job-template) :stream: Keyword that can be used to represent a release code-name. Often the same as the branch. (default: master) :submodule-recursive: Whether to checkout submodules recursively. (default: true) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) :gerrit_merge_triggers: Override Gerrit Triggers. :gerrit_trigger_file_paths: Override file paths which can be used to @@ -342,6 +437,8 @@ Runs `jenkins-jobs update` to update production job configuration (default defined by lf_jjb_common) +.. _jjb-verify: + JJB Verify ---------- @@ -352,30 +449,207 @@ Runs `jenkins-jobs test` to validate JJB syntax - gerrit-jjb-verify - github-jjb-verify +:Comment Trigger: recheck|reverify + :Required parameters: :build-node: The node to run build on. :jenkins-ssh-credential: Credential to use for SSH. (Generally should be configured in defaults.yaml) - :mvn-settings: The name of settings file containing credentials for - the project. :Optional parameters: :branch: Git branch to fetch for the build. (default: master) + :build-concurrent: Whether or not to allow this job to run multiple jobs + simultaneously. (default: true) :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) - :build-timeout: Timeout in seconds before aborting build. (default: 10) + :build-timeout: Timeout in minutes before aborting build. (default: 10) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :jjb-cache: JJB cache location. (default: $HOME/.cache/jenkins_jobs) + :jjb-version: JJB version to install. (default: see job-template) :stream: Keyword that can be used to represent a release code-name. Often the same as the branch. (default: master) :submodule-recursive: Whether to checkout submodules recursively. (default: true) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) + :throttle_categories: List of categories to throttle by. + :throttle-enabled: Whether or not to enable throttling on the job. + (default: true) + :throttle-max-per-node: Max jobs to run on the same node. (default: 1) + :throttle-max-total: Max jobs to run across the entire project. - 0 + means 'unlimited' (default: 0) + :throttle-option: Throttle by the project or by list of categories + defined in the throttle plugin configuration. (options: 'project', + 'category'; default: project) :gerrit_verify_triggers: Override Gerrit Triggers. :gerrit_trigger_file_paths: Override file paths which can be used to filter which file modifications will trigger a build. (default defined by lf_jjb_common) +.. _jjb-verify-upstream-gjjb: + +JJB Verify Upstream Global JJB +------------------------------ + +Runs ``jenkins-jobs test`` to validate JJB syntax for upstream global-jjb +patches. This job is useful to notify upstream that they may be breaking +project level jobs. + +:Template Names: + - {project-name}-jjb-verify-upstream-gjjb + - gerrit-jjb-verify-upstream-gjjb + +:Comment Trigger: recheck|reverify + +:Required parameters: + + :build-node: The node to run build on. + :jenkins-ssh-credential: Credential to use for SSH. (Generally should + be configured in defaults.yaml) + +:Optional parameters: + + :branch: Git branch to fetch for the build. (default: master) + :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) + :build-timeout: Timeout in minutes before aborting build. (default: 10) + :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :jjb-cache: JJB cache location. (default: $HOME/.cache/jenkins_jobs) + :jjb-version: JJB version to install. (default: see job-template) + :stream: Keyword that can be used to represent a release code-name. + Often the same as the branch. (default: master) + +.. _info-yaml-verify: + +Info YAML Verify +---------------- + +Info YAML Verify job validates that INFO.yaml file changes are kept isolated from +other file changes. Verifies INFO.yaml files follow the schema defined in +`lfit/releng-global-jjb/schema/info-schema.yaml`. + +:Template Names: + - {project-name}-info-yaml-verify + - gerrit-info-yaml-verify + - github-info-yaml-verify + +:Required parameters: + + :build-node: The node to run build on. + :jenkins-ssh-credential: Credential to use for SSH. (Generally should + be configured in defaults.yaml) + +:Optional parameters: + + :branch: Git branch to fetch for the build. (default: master) + :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) + :build-timeout: Timeout in minutes before aborting build. (default: 10) + :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :stream: Keyword that can be used to represent a release code-name. + Often the same as the branch. (default: master) + :submodule-recursive: Whether to checkout submodules recursively. + (default: true) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) + + :gerrit_verify_triggers: Override Gerrit Triggers. + +.. _license-checker: + +License Checker +--------------- + +Job to scan projects for files missing license headers. + +:Template Names: + - {project-name}-license-check + - gerrit-license-check + - github-license-check + +:Optional parameters: + + :build-timeout: Timeout in minutes before aborting build. (default: 15) + :file-patterns: Space-separated list of file patterns to scan. + (default: \*.go \*.groovy \*.java \*.py \*.sh) + :spdx-disable: Disable the SPDX-Identifier checker. (default: false) + :lhc-version: Version of LHC to use. (default: 0.2.0) + :license-exclude-paths: Comma-separated list of paths to exclude from the + license checker. The paths used here will be matched using a contains + rule so it is best to be as precise with the path as possible. + For example a path of '/src/generated/' will be searched as + '**/src/generated/**'. + Example: org/opendaylight/yang/gen,protobuff/messages + (default: '') + :licenses-allowed: Comma-separated list of allowed licenses. + (default: Apache-2.0,EPL-1.0,MIT) + :project-pattern: The ANT based pattern for Gerrit Trigger to choose which + projects to trigger job against. (default: '**') + +.. _gjjb-openstack-cron: + +OpenStack Cron +-------------- + +Cron job that runs regularly to perform periodic tasks against OpenStack. + +This job requires a Config File Provider file named ``clouds-yaml`` available +containing the credentials for the cloud. + +:Template Names: + - {project-name}-openstack-cron + - gerrit-openstack-cron + - github-openstack-cron + +:Required parameters: + + :build-node: The node to run build on. + :jenkins-ssh-credential: Credential to use for SSH. (Generally should + be configured in defaults.yaml) + :jenkins-urls: URLs to Jenkins systems to check for active builds. + +:Optional parameters: + + :branch: Git branch to fetch for the build. (default: master) + :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) + :build-timeout: Timeout in minutes before aborting build. (default: 90) + :cron: Time when the packer image should be rebuilt (default: @hourly) + :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :openstack-cloud: OS_CLOUD setting to pass to openstack client. + (default: vex) + :openstack-image-cleanup: Whether or not to run the image cleanup script. + (default: true) + :openstack-image-cleanup-age: Age in days of image before marking it for + removal. (default: 30) + :openstack-image-protect: Whether or not to run the image protect script. + (default: true) + :openstack-server-cleanup: Whether or not to run the server cleanup script. + (default: true) + :openstack-stack-cleanup: Whether or not to run the stack cleanup script. + (default: true) + :openstack-volume-cleanup: Whether or not to run the volume cleanup script. + (default: true) + :stream: Keyword that can be used to represent a release code-name. + Often the same as the branch. (default: master) + :submodule-recursive: Whether to checkout submodules recursively. + (default: true) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) + +Minimal Example: + +.. literalinclude:: ../../.jjb-test/lf-ci-jobs/openstack-cron-minimal.yaml + +Full Example: + +.. literalinclude:: ../../.jjb-test/lf-ci-jobs/openstack-cron-full.yaml + .. _gjjb-packer-merge: @@ -389,6 +663,8 @@ Packer Merge job runs `packer build` to build system images in the cloud. - gerrit-packer-merge - github-packer-merge +:Comment Trigger: remerge + :Required parameters: :build-node: The node to run build on. @@ -406,8 +682,11 @@ Packer Merge job runs `packer build` to build system images in the cloud. :cron: Time when the packer image should be rebuilt (default: @monthly) :branch: Git branch to fetch for the build. (default: master) :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) - :build-timeout: Timeout in seconds before aborting build. (default: 10) + :build-timeout: Timeout in minutes before aborting build. (default: 90) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :openstack: Packer template uses an OpenStack builder (default: true). + :openstack-cloud: Sets OS_CLOUD variable to the value of this parameter. + (default: vex). :packer-cloud-settings: Name of settings file containing credentials for the cloud that packer will build on. (default: packer-cloud-env) :packer-version: Version of packer to install / use in build. (default: 1.0.2) @@ -415,9 +694,26 @@ Packer Merge job runs `packer build` to build system images in the cloud. Often the same as the branch. (default: master) :submodule-recursive: Whether to checkout submodules recursively. (default: true) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) :gerrit_verify_triggers: Override Gerrit Triggers. +Test an in-progress patch +^^^^^^^^^^^^^^^^^^^^^^^^^ + +To test an in-progress patch from a GitHub Pull Request. Upload this +job to the :doc:`Jenkins Sandbox `. Then when manually +building the job replace the GERRIT_REFSPEC parameter with the GitHub Pull +Request number of the patch you would like to test. + +Example GitHub: + +.. code-block:: none + + GERRIT_REFSPEC: origin/pr/49/merge .. _gjjb-packer-verify: @@ -431,6 +727,8 @@ Packer Verify job runs `packer validate` to verify packer configuration. - gerrit-packer-verify - github-packer-verify +:Comment Trigger: recheck|reverify + :Required parameters: :build-node: The node to run build on. @@ -443,8 +741,11 @@ Packer Verify job runs `packer validate` to verify packer configuration. :branch: Git branch to fetch for the build. (default: master) :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) - :build-timeout: Timeout in seconds before aborting build. (default: 10) + :build-timeout: Timeout in minutes before aborting build. (default: 10) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :openstack: Packer template uses an OpenStack builder (default: true). + :openstack-cloud: Sets OS_CLOUD variable to the value of this parameter. + (default: vex). :packer-cloud-settings: Name of settings file containing credentials for the cloud that packer will build on. (default: packer-cloud-env) :packer-version: Version of packer to install / use in build. (default: 1.0.2) @@ -452,7 +753,88 @@ Packer Verify job runs `packer validate` to verify packer configuration. Often the same as the branch. (default: master) :submodule-recursive: Whether to checkout submodules recursively. (default: true) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) :gerrit_verify_triggers: Override Gerrit Triggers. :gerrit_trigger_file_paths: Override file paths which can be used to filter which file modifications will trigger a build. + + +Puppet Verify +------------- + +Runs puppet-lint in the ``puppet-dir`` directory. puppet-lint runs recursively, +the base directory is usually the best place to run from. + +:Template Names: + + - {project-name}-puppet-verify + - gerrit-puppet-verify + - github-puppet-verify + +:Comment Trigger: recheck|reverify + +:Required Parameters: + + :build-node: The node to run build on. + :jenkins-ssh-credential: Credential to use for SSH. (Generally set + in defaults.yaml) + +:Optional Parameters: + + :branch: The branch to build against. (default: master) + :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) + :build-timeout: Timeout in minutes before aborting build. (default: 15) + :gerrit_trigger_file_paths: Override file paths which used to filter which + file modifications will trigger a build. Refer to JJB documentation for + "file-path" details. + https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit + :git-url: URL clone project from. (default: $GIT_URL/$GERRIT_PROJECT) + :puppet-dir: Directory containing the project's puppet module(s) relative + to the workspace. + (default: '') + :puppet-lint-version: Version of puppet-lint to use for testing. + (default: 2.3.6) + :stream: Keyword representing a release code-name. + Often the same as the branch. (default: master) + :submodule-recursive: Whether to checkout submodules recursively. + (default: true) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) + + +Sonar +----- + +Runs Jenkins Sonarqube plug-in to review for bugs, code smells, +and security vulnerabilities. + +Requires ``SonarQube Scanner for Jenkins`` + +Plug-in configurations + Manage Jenkins --> Configure System --> SonarQube servers + - Name: Sonar (fixed) + - Server URL: https://sonar.server.org/ + - Server authentication token: none + + Manage Jenkins --> Global Tool Configuration --> SonarQube Scanner + - Name: SonarQube Scanner (fixed) + - Install automatically + - Select latest version + +:Template Names: + + - {project-name}-sonar + - gerrit-sonar + - github-sonar + +:Optional Parameters: + :sonar-task: Sonar task to run. (default: "") + :sonar-properties: Sonar configuration properties. (default: "") + :sonar-java-opts: JVM options. (default: "") + :sonar-additional-args: Additional command line arguments. (default: "")