X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=docs%2Fjjb%2Flf-python-jobs.rst;h=475bc2abac034b2d4ae34b4a143ff2aad43fa8f7;hb=433ed7f919bda559a367a828df0fcfb1656d265e;hp=117ab3875191f9ca2aa28f7e929318f245008d7b;hpb=a84f98eb5f612bff6f751e576dc34d41fed76609;p=releng%2Fglobal-jjb.git diff --git a/docs/jjb/lf-python-jobs.rst b/docs/jjb/lf-python-jobs.rst index 117ab387..475bc2ab 100644 --- a/docs/jjb/lf-python-jobs.rst +++ b/docs/jjb/lf-python-jobs.rst @@ -111,6 +111,8 @@ Sonar scans for Python based repos. This job invokes tox to run tests and gather coverage statistics from the test results, then invokes Maven to publish the results to either a Sonar server or SonarCloud. +**Deprecated**, new projects should use Tox Sonarqube. + To get the Sonar coverage results, file tox.ini must exist and contain coverage commands to run. @@ -213,6 +215,133 @@ https://docs.sonarqube.org/display/PLUG/Python+Coverage+Results+Import .. comment Stop ignoring +Tox SonarQube +------------- + +The SonarQube job invokes tox to run tests and generate code-coverage +statistics, then runs the SonarQube Scanner Jenkins plug-in to analyze +code, gather coverage data, and upload the results to a SonarQube server +such as SonarCloud.io. Optionally runs a shell script before tox. + +Requires ``SonarQube Scanner for Jenkins`` + +This job runs on the master branch because the basic Sonar configuration +does not support multi-branch. + +Plug-in configurations + Manage Jenkins --> Configure System --> SonarQube servers + - Name: Sonar (fixed) + - Server URL: https://sonar.project.org/ or https://sonarcloud.io + - Server authentication token: none for local, API token (saved as + a "secret text" credential) for Sonarcloud + + Manage Jenkins --> Global Tool Configuration --> SonarQube Scanner + - Name: SonarQube Scanner (fixed) + - Install automatically + - Select latest version + +:Template Names: + + - {project-name}-tox-sonarqube + - gerrit-tox-sonarqube + - github-tox-sonarqube + +:Comment Trigger: ``run-sonar`` + +:Required parameters: + + :build-node: The node to run the build on. + (Commonly in defaults.yaml) + :jenkins-ssh-credential: Credential to use for SSH. + (Commonly in defaults.yaml) + :project: The git repository name. + :project-name: Prefix used to name jobs. + +.. comment Start ignoring WriteGoodLintBear + +:Optional Parameters: + + :archive-artifacts: Pattern for files to archive to the logs server + (default: '\*\*/\*.log') + :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) + :build-timeout: Timeout in minutes before aborting build. (default: 15) + :cron: Cron schedule when to trigger the job. This parameter also + supports multiline input via YAML pipe | character in cases where + one may want to provide more than 1 cron timer. (default: @weekly) + :disable-job: Whether to disable the job (default: false) + :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :github-url: URL for Github. (default: https://github.com) + :parallel: Boolean indicator for tox to run tests in parallel or series. + (default: false, in series) + :pre-build-script: Shell script to run before tox. Useful for setting up + dependencies. (default: a string with a shell comment) + :python-version: Python version to invoke pip install of tox-pyenv + (default: python3) + :sonar-additional-args: Command line arguments. (default: '') + :sonar-java-opts: JVM options. For example, use option -Xmx + to increase the memory size limit. (default: '') + :sonar-project-file: The file name with Sonar configuration properties + (default: sonar-project.properties) + :sonar-properties: Sonar configuration properties. (default: '') + :sonar-task: Sonar task to run. (default: '') + :tox-dir: Directory containing the project's tox.ini relative to + the workspace. The default uses tox.ini at the project root. + (default: '.') + :tox-envs: Tox environments to run. If blank run everything described + in tox.ini. (default: '') + +.. comment Stop ignoring + +.. note:: A job definition must provide one of the optional parameters + ``sonar-project-file`` and ``sonar-properties``; they cannot both be + empty. Set Sonar properties directly in the job definition by setting + the ``sonar-project-file`` property to ``""`` and adding all properties + under ``sonar-properties``. + +:Required Sonar Properties: + + - sonar.login: The API token for authentication at SonarCloud. + Commonly defined as key "sonarcloud_api_token" in defaults.yaml. + - sonar.organization: The umbrella project name; e.g., "opendaylight". + Commonly defined as key "sonarcloud_project_organization" in defaults.yaml. + - sonar.projectName: The git repository name without slashes; e.g., "infrautils". + - sonar.projectKey: The globally unique key for the report in SonarCloud. Most + teams use the catenation of sonar.organization, an underscore, and + sonar.projectName; e.g., "opendaylight_infrautils". + +:Optional Sonar Properties: + + - sonar.cfamily.gcov.reportsPath: directory with GCOV output files + - Documentation of SonarQube properties is here: + https://docs.sonarqube.org/latest/analysis/overview/ + + +Example job definition +^^^^^^^^^^^^^^^^^^^^^^ + +The following example defines a job for a basic Python project. This definition +uses configuration parameters in the umbrella project's defaults.yaml file. + +.. code-block:: yaml + + - project: + name: my-package-sonar + project: my/package + project-name: my-package + sonar-project-file: "" + sonar-properties: | + sonar.login={sonarcloud_api_token} + sonar.projectKey={sonarcloud_project_organization}_{project-name} + sonar.projectName={project-name} + sonar.organization={sonarcloud_project_organization} + sonar.sourceEncoding=UTF-8 + sonar.sources=mypackage + sonar.exclusions=tests/*,setup.py + sonar.python.coverage.reportPaths=coverage.xml + jobs: + - gerrit-tox-sonarqube + + Tox Verify ---------- @@ -336,12 +465,15 @@ variables before running. PyPI Merge ---------- -Creates and uploads distribution files on merge of a patch set. Runs -tox, builds a source distribution and (optionally) a binary +Creates and uploads package distribution files on merge of a patch set. +Runs tox, builds a source distribution and (optionally) a binary distribution, and uploads the distribution(s) to a PyPI repository. The project git repository must have a setup.py file with configuration for packaging the component. +Projects can choose **either** this template to publish on merge, +**or** the Stage template to publish on command. + This job should use a staging repository like testpypi.python.org, which sets up use of release jobs to promote the distributions later. This job can also use a public release area like the global PyPI @@ -361,50 +493,9 @@ pyenv variables before running. export PYENV_ROOT="/opt/pyenv" export PATH="$PYENV_ROOT/bin:$PATH" -Installable package projects should use the directory layout shown -below. All Python files are in a repo subdirectory separate from -non-Python files like documentation. This layout allows highly -specific build-job triggers in Jenkins using the subdirectory -paths. For example, a PyPI merge job should not run on a non-Python -file change such as documentation, because the job cannot upload the -same package twice. - -To make the document files available for building a Python package -long description in setup.py, add a symbolic link "docs" in the -package subdirectory pointing to the top-level docs directory. - -.. code-block:: bash +See the recommended directory layout documented in the PyPI Verify job. - git-repo-name/ - │ - ├── docs/ - │ ├── index.rst - │ └── release-notes.rst - │ - ├── helloworld-package/ - │ │ - │ └── helloworld/ - │ │ ├── __init__.py - │ │ ├── helloworld.py - │ │ └── helpers.py - │ │ - │ ├── tests/ - │ │ ├── helloworld_tests.py - │ │ └── helloworld_mocks.py - │ │ - │ ├── requirements.txt - │ └── setup.py - │ └── tox.ini - │ - ├── releases/ - │ └── pypi-helloworld.yaml - │ - ├── .gitignore - ├── LICENSE - └── README.md - - -Jobs built from the PyPI templates depend on a .pypirc configuration file +Jobs using this PyPI template depend on a .pypirc configuration file in the Jenkins builder home directory. An example appears next that uses API tokens. Note that in the [pypi] entry the repository key-value pair is optional, it defaults to pypi.org. @@ -448,9 +539,9 @@ is optional, it defaults to pypi.org. :branch: The branch to build against. (default: master) :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) :build-timeout: Timeout in minutes before aborting build. (default: 15) - :cron: Cron schedule when to trigger the job. Supports daily builds. - This parameter also supports multiline input via YAML pipe | character in - cases where one may want to provide more than 1 cron timer. (default: empty) + :cron: Cron schedule when to trigger the job. Supports regular builds. + Not useful when publishing to pypi.org because that rejects a package + if the version exists. (default: empty) :disable-job: Whether to disable the job (default: false) :dist-binary: Whether to build a binary wheel distribution. (default: true) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) @@ -462,7 +553,7 @@ is optional, it defaults to pypi.org. :pre-build-script: Shell script to execute before the tox builder. For example, install system prerequisites. (default: a shell comment) :pypi-repo: Key for the PyPI target repository in the .pypirc file, - ideally a server like test.pypy.org. (default: pypi-test) + ideally a server like test.pypi.org. (default: pypi-test) :python-version: Python version to invoke pip install of tox-pyenv (default: python3) :stream: Keyword representing a release code-name. @@ -483,6 +574,117 @@ is optional, it defaults to pypi.org. https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit +PyPI Stage +---------- + +Creates and uploads package distribution files on receipt of a comment. +Runs tox, builds a source distribution and (optionally) a binary +distribution, and uploads the distribution(s) to a PyPI repository. +The project git repository must have a setup.py file with configuration +for packaging the component. + +Projects can choose **either** this template to publish on command, +**or** the Merge template to publish on merge. + +This job should use a staging repository like testpypi.python.org, +which sets up use of release jobs to promote the distributions later. +This job can also use a public release area like the global PyPI +repository if the release process is not needed. These PyPI +repositories allow upload of a package at a specific version once, +they do not allow overwrite of a package. This means that a job +will fail in the upload step if the package version already exists in +the target repository. + +The tox runner is pyenv aware so if the image contains an installation +of pyenv at /opt/pyenv it will pick it up and run Python tests with +the appropriate Python versions. The tox runner sets the following +pyenv variables before running. + +.. code:: bash + + export PYENV_ROOT="/opt/pyenv" + export PATH="$PYENV_ROOT/bin:$PATH" + +See the recommended directory layout documented in the PyPI Verify job. + +Jobs using this PyPI template depend on a .pypirc configuration file +in the Jenkins builder home directory. An example appears next that uses +API tokens. Note that in the [pypi] entry the repository key-value pair +is optional, it defaults to pypi.org. + +.. code-block:: bash + + [distutils] # this tells distutils what package indexes you can push to + index-servers = pypi-test pypi + + [pypi-test] + repository: https://test.pypi.org/legacy/ + username: __token__ + password: pypi-test-api-token-goes-here + + [pypi] + username: __token__ + password: pypi-api-token-goes-here + + +:Template Names: + + - {project-name}-pypi-stage-{stream} + - gerrit-pypi-stage + - github-pypi-stage + +:Comment Trigger: **stage-release** post a comment with the trigger to launch + this job manually. Do not include any other text or vote in the + same comment. + +:Required Parameters: + + :build-node: The node to run the build on. + :jenkins-ssh-credential: Credential to use for SSH. (Generally set + in defaults.yaml) + :mvn-settings: The settings file with credentials for the project + :project: Git repository name + :project-name: Jenkins job name prefix + +:Optional Parameters: + + :branch: The branch to build against. (default: master) + :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) + :build-timeout: Timeout in minutes before aborting build. (default: 15) + :cron: Cron schedule when to trigger the job. Supports regular builds. + Not useful when publishing to pypi.org because that rejects a package + if the version exists. (default: empty) + :disable-job: Whether to disable the job (default: false) + :dist-binary: Whether to build a binary wheel distribution. (default: true) + :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :mvn-opts: Sets MAVEN_OPTS to start up the JVM running Maven. (default: '') + :mvn-params: Parameters to pass to the mvn CLI. (default: '') + :mvn-version: Version of maven to use. (default: mvn35) + :parallel: Boolean indicator for tox to run tests in parallel or series. + (default: false, in series) + :pre-build-script: Shell script to execute before the tox builder. For + example, install system prerequisites. (default: a shell comment) + :pypi-repo: Key for the PyPI target repository in the .pypirc file, + ideally a server like test.pypi.org. (default: pypi-test) + :python-version: Python version to invoke pip install of tox-pyenv + (default: python3) + :stream: Keyword representing a release code-name. + Often the same as the branch. (default: master) + :submodule-recursive: Whether to checkout submodules recursively. + (default: true) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) + :tox-dir: Directory containing the project's tox.ini relative to + the workspace. The default uses tox.ini at the project root. + (default: '.') + :tox-envs: Tox environments to run. If blank run everything described + in tox.ini. (default: '') + :gerrit_trigger_file_paths: Override file paths used to filter which file + modifications trigger a build. Refer to JJB documentation for "file-path" details. + https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit + PyPI Verify ----------- @@ -491,6 +693,49 @@ then builds a source distribution and (optionally) a binary distribution. The project repository must have a setup.py file with configuration for packaging the component. +Installable package projects should use the directory layout shown +below. All Python files are in a repo subdirectory separate from +non-Python files like documentation. This layout allows highly +specific build-job triggers in Jenkins using the subdirectory +paths. For example, a PyPI publisher job should not run on a non-Python +file change such as documentation, because the job cannot upload the +same package twice. + +To make the document files available for building a Python package +long description in setup.py, add a symbolic link "docs" in the +package subdirectory pointing to the top-level docs directory. + +.. code-block:: bash + + git-repo-name/ + │ + ├── docs/ + │ ├── index.rst + │ └── release-notes.rst + │ + ├── helloworld-package/ + │ │ + │ └── helloworld/ + │ │ ├── __init__.py + │ │ ├── helloworld.py + │ │ └── helpers.py + │ │ + │ ├── tests/ + │ │ ├── helloworld_tests.py + │ │ └── helloworld_mocks.py + │ │ + │ ├── requirements.txt + │ └── setup.py + │ └── tox.ini + │ + ├── releases/ + │ └── pypi-helloworld.yaml + │ + ├── .gitignore + ├── LICENSE + └── README.md + + The tox runner is pyenv aware so if the image contains an installation of pyenv at /opt/pyenv it will pick it up and run Python tests with the appropriate Python versions. The tox runner sets the following