From: Aric Gardner Date: Wed, 19 Jun 2019 18:10:42 +0000 (-0400) Subject: Self serve release docs X-Git-Tag: v0.40.0^2 X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F44%2F15944%2F20;p=releng%2Fglobal-jjb.git Self serve release docs And code fixes for new: jenkins-ssh-release-credential Fix in release-job.sh These were overlooked for merge: git config user.name git config user.email gerrit_ssh=$(echo "$GERRIT_URL" | awk -F"/" '{print $3}') git remote set-url origin ssh://"$RELEASE_USERNAME"@"$gerrit_ssh":29418/$PROJECT Also included a small capitalization fix in lf-info-vote.rst ISSUE: RELENG-2127 Signed-off-by: Aric Gardner Signed-off-by: Anil Belur Change-Id: I11ad122153d71a3d25d6b8839e09435f8b27b19d --- diff --git a/.jjb-test/defaults.yaml b/.jjb-test/defaults.yaml index ddf07c0c..f7d88947 100644 --- a/.jjb-test/defaults.yaml +++ b/.jjb-test/defaults.yaml @@ -4,6 +4,7 @@ # General jenkins-ssh-credential: test-credential + jenkins-ssh-release-credential: test-release-credential # Gerrit Infra gerrit-server-name: test-server diff --git a/docs/_static/nexus-promote-privs.png b/docs/_static/nexus-promote-privs.png new file mode 100644 index 00000000..b770123d Binary files /dev/null and b/docs/_static/nexus-promote-privs.png differ diff --git a/docs/jjb/lf-info-vote.rst b/docs/jjb/lf-info-vote.rst index 64151f1f..733a5510 100644 --- a/docs/jjb/lf-info-vote.rst +++ b/docs/jjb/lf-info-vote.rst @@ -1,7 +1,7 @@ .. _lf-global-jjb-info-vote: ############# -INFO VOTE JOB +Info Vote Job ############# Job counts the votes from the committers against a change diff --git a/docs/jjb/lf-release-jobs.rst b/docs/jjb/lf-release-jobs.rst index 87932f85..73187b13 100644 --- a/docs/jjb/lf-release-jobs.rst +++ b/docs/jjb/lf-release-jobs.rst @@ -1,28 +1,141 @@ .. _lf-global-jjb-release: -#################### -Releng Release Files -#################### +####################### +Self Serve Release Jobs +####################### -Projects can create a releases directory and then place a release file in it. -Jenkins will pick this up and then promote the artifact from the staging log -directory (log_dir) and tag the release with the defined version. -if a maven_central_url is given artifact will be pushed there as well. +Self serve release jobs allow a project to create a releases directory and then place a release file in it. +Jenkins will pick this up and then promote the artifact from the staging log directory (log_dir) and tag the release +with the defined version. maven_central_url is optional -example of a projects release file +.. note:: + + Example of a project's release file: + +.. code-block:: bash + + $ cat releases/1.0.0.yaml + --- + distribution_type: 'maven' + version: '1.0.0' + project: 'example-test-release' + log_dir: 'example-test-release-maven-stage-master/17/' + maven_central_url: 'oss.sonatype.org' + +.. note:: + + Example of a terse Jenkins job to call global-jjb macro: + +.. code-block:: none + + - project: + name: '{project-name}-gerrit-release-jobs' + project: 'example-test-release' + build-node: centos7-builder-2c-1g + project-name: example-test-release + jobs: + - '{project-name}-gerrit-release-jobs' + +.. note:: + + Example of a verbose Jenkins job to call global-jjb macro: + +.. code-block:: none + + - project: + name: '{project-name}-releases-verify' + project: 'example-test-release' + build-node: centos7-builder-2c-1g + project-name: example-test-release + jobs: + - 'gerrit-releases-verify' + +.. code-block:: none + + - project: + name: '{project-name}-releases-merge' + project: 'example-test-release' + build-node: centos7-builder-2c-1g + project-name: example-test-release + jobs: + - 'gerrit-releases-merge' + +.. note:: + + Release Engineers Please follow the setup guide before adding the job definition: + +Setup for LFID Nexus Jenkins and Gerrit: +======================================== + +LFID +==== + +Create an ``lfid`` and an ``ssh-key`` + +``RELEASE_USERNAME`` +``RELEASE_EMAIL`` + +ssh-key example: .. code-block:: bash - $ cat releases/1.0.0.yaml - --- - distribution_type: 'maven' - version: '1.0.0' - project: 'zzz-test-release' - log_dir: 'zzz-test-release-maven-stage-master/17/' - maven_central_url: 'oss.sonatype.org' + ssh-keygen -t rsa -C "collab-it+odl-release@linuxfoundation.org" -f /tmp/odl-release + + +`Create an LFID `_ + +Nexus +===== + +Create a Nexus account called ``'jenkins-release'`` with promote privileges. + +.. image:: ../_static/nexus-promote-privs.png + +Gerrit +====== + +Log into your Gerrit with ``RELEASE_USERNAME``, upload the ``ssh-key`` you created earlier. +Log out of Gerrit and log in again with your normal account for the next steps. + +In Gerrit create a new group called ``self-serve-release`` and give it direct push rights via ``All-Projects`` +``push - refs/heads/*`` + +1. Add a push reference +2. Set the ref as refs/heads/* +3. Make sure "force push" is not checked + +Add ``RELEASE_USERNAME`` to group ``self-serve-release`` and group ``Non-Interactive Users`` + +Jenkins +======= + +Add a global credential to Jenkins called ``jenkins-release`` and set the ID: ``'jenkins-release'`` +as its value insert the ``ssh-key`` that you uploaded to Gerrit. + +Add Global vars in Jenkins: +Jenkins configre -> Global properties -> Environment variables + +``RELEASE_USERNAME = $RELEASE_USERNAME`` +``RELEASE_EMAIL = $RELEASE_EMAIL`` + +Add or edit the managed file in Jenkins called ``lftoolsini``, appending a nexus section: +Jenkins Settings -> Managed files -> Add (or edit) -> Custom file + +.. code-block:: none + + [nexus] + username=jenkins-release + password=redacted + +Ci-management +============= + +upgrade you projects global-jjb if needed +add this to your global defaults file (eg: jjb/defaults.yaml) + +.. code-block:: bash -lftools nexus release is used so there must be a lftoolsini section in jenkins -configfiles with a [nexus] section for auth. + jenkins-ssh-release-credential: 'jenkins-release' Macros ====== @@ -60,7 +173,7 @@ Runs: :Required parameters: :build-node: The node to run build on. - :jenkins-ssh-credential: Credential to use for SSH. (Generally set + :jenkins-ssh-release-credential: Credential to use for SSH. (Generally set in defaults.yaml) :stream: run this job against: master @@ -101,7 +214,7 @@ is available on the job. :Required Parameters: :build-node: The node to run build on. - :jenkins-ssh-credential: Credential to use for SSH. (Generally set + :jenkins-ssh-release-credential: Credential to use for SSH. (Generally set in defaults.yaml) :stream: run this job against: master diff --git a/releasenotes/notes/lf-release-jobs-f470e781be753872.yaml b/releasenotes/notes/lf-release-jobs-f470e781be753872.yaml new file mode 100644 index 00000000..bd82c3ac --- /dev/null +++ b/releasenotes/notes/lf-release-jobs-f470e781be753872.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Allows projects to promote their own builds. + Requires setup of accounts and permissions in + Gerrit, Jenkins and Nexus. Please refer to the + lf-release-jobs documentation for details. diff --git a/shell/release-job.sh b/shell/release-job.sh index ec59da09..783979a6 100644 --- a/shell/release-job.sh +++ b/shell/release-job.sh @@ -105,6 +105,10 @@ for release_file in $release_files; do ########## Merge Part ############## if [[ "$JOB_NAME" =~ "merge" ]]; then echo "Running merge" + gerrit_ssh=$(echo "$GERRIT_URL" | awk -F"/" '{print $3}') + git remote set-url origin ssh://"$RELEASE_USERNAME"@"$gerrit_ssh":29418/$PROJECT + git config user.name "$RELEASE_USERNAME" + git config user.email "$RELEASE_EMAIL" git push origin "$VERSION" lftools nexus release --server "$NEXUS_URL" "$STAGING_REPO" if [ "${MAVEN_CENTRAL_URL}" == 'None' ]; then