X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=docs%2Fjjb%2Flf-release-jobs.rst;h=f5572473113294e34bc2588342e68cb17dffc346;hb=5c8d53b2aca8d051b3e20a21b6e6a88cc57a9930;hp=856523568812b18d682b7d8d8ddf1327d5966ded;hpb=537527c06103a54534680740bf25651a7642242d;p=releng%2Fglobal-jjb.git diff --git a/docs/jjb/lf-release-jobs.rst b/docs/jjb/lf-release-jobs.rst index 85652356..f5572473 100644 --- a/docs/jjb/lf-release-jobs.rst +++ b/docs/jjb/lf-release-jobs.rst @@ -1,34 +1,156 @@ .. _lf-global-jjb-release: -#################### -Releng Release Files -#################### +####################### +Self Serve Release Jobs +####################### -Projects can create a releases directory and then place a release file in it. -Jenkins will pick this up and then promote the artifact from the staging log -directory (log_dir) and tag the release with the defined version. -if a maven_central_url is given artifact will be pushed there as well. +Self serve release jobs allow a project to create a releases directory and then place a release file in it. +Jenkins will pick this up and then promote the artifact from the staging log directory (log_dir) and tag the release +with the defined version. maven_central_url is optional -example of a projects release file +.. note:: + + Example of a maven release file: + +.. code-block:: bash + + $ cat releases/maven-1.0.0.yaml + --- + distribution_type: 'maven' + version: '1.0.0' + project: 'example-project' + log_dir: 'example-project-maven-stage-master/17/' + + + Example of a container release file: + +.. code-block:: bash + + $ cat releases/container-1.0.0.yaml + --- + distribution_type: 'container' + version: '1.0.0' + project: 'example-project' + log_dir: 'example-project-maven-docker-stage-master/17/' + + +.. note:: + + Job should be appended under gerrit-maven-stage + Example of a terse Jenkins job to call global-jjb macro: + +.. code-block:: none + + - gerrit-maven-stage: + sign-artifacts: true + build-node: centos7-docker-8c-8g + maven-versions-plugin: true + - '{project-name}-gerrit-release-jobs': + build-node: centos7-docker-8c-8g + +.. note:: + + Release Engineers Please follow the setup guide before adding the job definition: + + +Setup for LFID Nexus Jenkins and Gerrit: +======================================== + +LFID +==== + +Create an ``lfid`` and an ``ssh-key`` + +``YOUR_RELEASE_USERNAME`` for example: onap-release +``YOUR_RELEASE_EMAIL`` for example: collab-it+onap-release@linuxfoundation.org + +ssh-key example: .. code-block:: bash - $ cat releases/1.0.0.yaml - --- - distribution_type: 'maven' - version: '1.0.0' - project: 'zzz-test-release' - log_dir: 'zzz-test-release-maven-stage-master/17/' - maven_central_url: 'oss.sonatype.org' + ssh-keygen -t rsa -C "collab-it+odl-release@linuxfoundation.org" -f /tmp/odl-release + + +`Create an LFID with the above values `_ + -lftools nexus release is used so there must be a lftoolsini section in jenkins -configfiles with a [nexus] section for auth. +Nexus +===== + +Create a Nexus account called ``'jenkins-release'`` with promote privileges. + +.. image:: ../_static/nexus-promote-privs.png + +Gerrit +====== + +Log into your Gerrit with ``YOU_RELEASE_USERNAME``, upload the publick part of the ``ssh-key`` you created earlier. +Log out of Gerrit and log in again with your normal account for the next steps. + + +In Gerrit create a new group called ``self-serve-release`` and give it direct push rights via ``All-Projects`` +Add ``YOUR_RELEASE_USERNAME`` to group ``self-serve-release`` and group ``Non-Interactive Users`` + + +In All project, grant group self-serve-release the following: + +.. code-block:: none + + [access "refs/heads/*"] + push = group self-serve-release + [access "refs/tags/*"] + createTag = group self-serve-release + createSignedTag = group self-serve-release + forgeCommitter = group self-serve-release + push = group self-serve-release + + +Jenkins +======= + +Add a global credential to Jenkins called ``jenkins-release`` and set the ID: ``'jenkins-release'`` +as its value insert the private portion of the ``ssh-key`` that you created for your Gerrit user. + +Add Global vars in Jenkins: +Jenkins configure -> Global properties -> Environment variables + +``RELEASE_USERNAME = YOUR_RELEASE_USERNAME`` +``RELEASE_EMAIL = YOUR_RELEASE_EMAIL`` + +Jenkins configure -> Managed Files -> Add a New Config -> Custom File + +id: signing-pubkey +Name: SIGNING_PUBKEY (optional) +Comment: SIGNING_PUBKEY (optional) + +Content: (Ask Andy for the public signing key) +-----BEGIN PGP PUBLIC KEY BLOCK----- + + +Add or edit the managed file in Jenkins called ``lftoolsini``, appending a nexus section: +Jenkins Settings -> Managed files -> Add (or edit) -> Custom file + +.. code-block:: none + + [nexus.example.com] + username=jenkins-release + password= + +Ci-management +============= + +Upgrade your projects global-jjb if needed +add this to your global defaults file (eg: jjb/defaults.yaml). + +.. code-block:: bash + + jenkins-ssh-release-credential: 'jenkins-release' Macros ====== -lf-releases ------------ +lf-release +---------- Release verify and merge jobs are the same except for their scm, trigger, and builders definition. This anchor is the common template. @@ -53,20 +175,20 @@ Runs: :Template Name: - - {project-name}-releases-merge-{stream} + - {project-name}-release-merge-{stream} :Comment Trigger: remerge :Required parameters: :build-node: The node to run build on. - :jenkins-ssh-credential: Credential to use for SSH. (Generally set + :jenkins-ssh-release-credential: Credential to use for SSH. (Generally set in defaults.yaml) - :stream: run this job against: master + :stream: run this job against: ** :Optional parameters: - :branch: Git branch to fetch for the build. (default: master) + :branch: Git branch to fetch for the build. (default: all) :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) :build-timeout: Timeout in minutes before aborting build. (default: 15) :project-pattern: Project to trigger build against. (default: \*\*) @@ -94,7 +216,7 @@ is available on the job. :Template Names: - - {project-name}-releases-verify-{stream} + - {project-name}-release-verify-{stream} :Comment Trigger: recheck|reverify @@ -103,11 +225,11 @@ is available on the job. :build-node: The node to run build on. :jenkins-ssh-credential: Credential to use for SSH. (Generally set in defaults.yaml) - :stream: run this job against: master + :stream: run this job against: ** :Optional Parameters: - :branch: Git branch to fetch for the build. (default: master) + :branch: Git branch to fetch for the build. (default: all) :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) :build-node: The node to run build on. :build-timeout: Timeout in minutes before aborting build. (default: 15)