Jessica Wagantall [Tue, 7 Mar 2023 20:54:25 +0000 (12:54 -0800)]
Feat: Add Docker Snyk CLI Scanner jobs
Introduce Docker Snyk CLI scanner jobs. These jobs can be triggered
to download the latest version of Snyk's CLI scanner and trigger a
scan for Docker based repos. These jobs produce a report which is
published into Snyk's dashboard. These reports are fetched and
reflected back into the LFX Security tool.
Issue: RELENG-4609
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Ifc9ab4c51393e893b22b06844f3701caaca06c6f
Jessica Wagantall [Tue, 7 Mar 2023 03:23:03 +0000 (19:23 -0800)]
Feat: Add Python Snyk CLI Scanner jobs
Introduce Python Snyk CLI scanner jobs. These jobs can be triggered
to download the latest version of Snyk's CLI scanner and trigger a
scan for Python based repos. These jobs produce a report which is
published into Snyk's dashboard. These reports are fetched and
reflected back into the LFX Security tool.
Issue: RELENG-4609
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I5414d04ccc7472a6b3cd2576da1cb6bc36d1ea25
Matthew Watkins [Tue, 7 Mar 2023 12:59:27 +0000 (12:59 +0000)]
Fix!: Un-pin tox version from 3.27.1 and remove tox-pyenv
Un-pin tox version from 3.27.1 and remove tox-pyenv. Testing has
demonstrated that tox-pyenv is no longer required to obtain correct
Python runtime versions when running tests. Also, removed Python 3.8
from the VENV setup where it was being specifically requested.
Due to unpinning of the tox version, tox.ini configuration files may
need modifying to reflect a change in configuration syntax; where
whitelist_externals needs to be replaced with allowlist_externals.
Issue-ID: RELENG-4539
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: Ifdd49de2a8e5054dad4a5d52125ede537049ad8e
Matthew Watkins [Thu, 12 Jan 2023 00:25:35 +0000 (00:25 +0000)]
Fix: Update path/location of update-alternatives
The path is different between CentOS7/8 and was incorrect for Ubuntu
Issue-ID: IT-25261
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: I91bfed027dcbe10c0dc39beac2ae71fb4f5f00ad
Signed-off-by: Bengt Thuree <bthuree@linuxfoundation.org>
Jessica Wagantall [Tue, 7 Mar 2023 02:24:13 +0000 (18:24 -0800)]
Fix: Add missing mark in docs
Add missing docs mark in latest "add-go-snyk-cli-scanner"
release notes.
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Id0b2ceeb849a274704dec047667d43cfc7114fc0
Jessica Wagantall [Tue, 7 Mar 2023 00:41:08 +0000 (16:41 -0800)]
Feat: Add Go Snyk CLI Scanner jobs
Introduce Go Snyk CLI scanner jobs. These jobs can be triggered to
download the latest version of Snyk's CLI scanner and trigger a scan
for Go based repos. These jobs produce a report which is published
into Snyk's dashboard. These reports are fetched and reflected back
into the LFX Security tool.
Issue: RELENG-4609
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Id1f80d255896b44977979322fae663da13c95287
Jessica Wagantall [Mon, 6 Mar 2023 21:30:43 +0000 (13:30 -0800)]
Fix: Allow SNYK scanner to take additional options
Add SNYK_CLI_OPTIONS parameter which can be used to pass additional Snyk
CLI options as per https://docs.snyk.io/snyk-cli/cli-reference.
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I7fb8157a263d03f3780beb044e2e7c5093c2877b
Jessica Wagantall [Thu, 2 Mar 2023 02:30:13 +0000 (18:30 -0800)]
Feat: Add Maven Snyk CLI Scanner
Introduce Maven Snyk CLI scanner jobs. These jobs can be triggered
to download the latest version of Snyk's CLI scanner and trigger a
scan for Maven based repos.
These jobs produce a report which is published into Snyk's dashboard.
These reports are fetched and reflected back into the LFX Security tool.
Issue: RELENG-4609
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I183bd1e8d22caa832b04b7d1d5b078b0a8946285
Matthew Watkins [Thu, 12 Jan 2023 17:04:19 +0000 (17:04 +0000)]
Fix: Update Nexus IQ script output to include Python dependencies
Script now downloads module dependencies into the target directory.
Also, print a warning if the target variable is not set/populated and
print the correct variable in the job output.
Issue-ID: RELENG-4557
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: I1d4bbd752dd2282fc58c10636ad1aa228ad919a8
Kevin Sandi [Fri, 20 Jan 2023 18:47:46 +0000 (12:47 -0600)]
Fix: pin setuptools to 65.7.0 everywhere
Issue-ID: RELENG-4562
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: Idf7d1538ef38af3aeaf5444986a8932acada8904
Kevin Sandi [Fri, 20 Jan 2023 16:44:41 +0000 (10:44 -0600)]
Fix: pin setuptools to avoid version string format issues
Issue-ID: RELENG-4562
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: I13737f8a5d671ba2c1f66cd87ae817ead8d5442c
Anil Belur [Mon, 9 Jan 2023 08:11:25 +0000 (18:11 +1000)]
Revert "Fix: Add missing sctp.h header file to sonarqube cmake/build"
This reverts commit
5c69133bfea3ca1b895219b509b9c1353e122c4c.
The changes being installed runtime through the global-jjb scripts
should be moved into the ansible-roles repo.
Change-Id: I31a03f97cee285ea1bdb1227e4f150ac1f5f8b9d
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Matthew Watkins [Wed, 21 Dec 2022 14:57:08 +0000 (14:57 +0000)]
Fix: Add missing sctp.h header file to sonarqube cmake/build
Addresses a cmake/build failure due to a missing header file.
Adds the required platform-specific package dependency to the relevant
script.
Issue-ID: RELENG-4551
Signed-off-by: MatthewWatkins <mwatkins@linuxfoundation.org>
Change-Id: Icfef14917bf4dbc0dd4c506b44648e9ccae78131
Kevin Sandi [Mon, 12 Dec 2022 19:54:37 +0000 (13:54 -0600)]
Fix: pin tox version on rtd-verify.sh
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: I0e29b59fd5c22bad43a7c6ef865d6d15f7ea6af3
Kevin Sandi [Fri, 9 Dec 2022 02:36:30 +0000 (20:36 -0600)]
Fix: pin tox version
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: Ic015a210ec2d9af2d6b7ce182a6121d8c37b984b
Kevin Sandi [Thu, 1 Dec 2022 22:06:46 +0000 (16:06 -0600)]
Feat: update release note of sonarcloud token change
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: I8f643d1b944fb6cda75997ad801835ed5381b8cf
Andrew Grimberg [Thu, 1 Dec 2022 21:35:02 +0000 (21:35 +0000)]
Merge "Feat: use credential for sonarcloud token"
Kevin Sandi [Mon, 14 Nov 2022 06:19:14 +0000 (00:19 -0600)]
Feat: use credential for sonarcloud token
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: I4c2b513a32d44795cc40832622dc6054640940a0
Anil Belur [Wed, 30 Nov 2022 08:57:05 +0000 (18:57 +1000)]
Fix: Remove unnecessary quotes around the variable
Additional quotes changes the behavior while processing glob patterns.
Issue-ID: RELENG-4530
Change-Id: Ia986e1a3d1e6cbb2ad655aa83c3a5d3c865a782a
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Jessica Wagantall [Tue, 29 Nov 2022 19:55:03 +0000 (11:55 -0800)]
Fix: Use NEXUS_TARGET_BUILD in Nexus IQ CLI scanner
Replace Nexus IQ build Target from "${REQUIREMENTS_FILE}"
to "${NEXUS_TARGET_BUILD}".
The scanner is only including the requirements.txt
file in its scan which should not contain other information
than python package requirements.
Instead, use a "${NEXUS_TARGET_BUILD}" parameter which the
user can optionally provide to the scanner to indicate a
file or directory to include in the scan. By default, this
variable is **/*.
For more information on how to use the "Target" parameter:
https://help.sonatype.com/iqserver/integrations/nexus-iq-cli#NexusIQCLI
Issue: RELENG-4530
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Ifb6947de3d0ff282d461b12332e6d4c2f4ac0198
Anil Belur [Wed, 26 Oct 2022 23:34:26 +0000 (09:34 +1000)]
Fix: Copy the spdx file in root of the $project
The SBOM generator script creates an spdx file in the root level.
When the artifacts are pushed the spdx file gets overwritten.
Create the spdx file as ${PROJECT}-sbom-${release_version}.spdx
and then copy the spdx file under the namespace ${group_id_path} dir.
Change-Id: Ia8bd06ac160e30886c7133aef8f0c82e5aded3dd
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Matthew Watkins [Mon, 17 Oct 2022 20:55:55 +0000 (21:55 +0100)]
Fix: Abort script earlier when no objects to cleanup
Issue-ID: RELENG-4483
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: I3311fc09a61f4d30fff8dd52e387c11dbcdc2aea
Eric Ball [Mon, 17 Oct 2022 17:53:38 +0000 (17:53 +0000)]
Merge "Fix: Use lf-activate-venv to reuse venv"
Anil Belur [Fri, 14 Oct 2022 23:05:52 +0000 (09:05 +1000)]
Fix: Use lf-activate-venv to reuse venv
The venv created for tox is unavailable when the semantics of the
script is split across files, therefore ensure venv is created with
--venv-file option and set.
Issue-ID: RELENG-4485
Change-Id: I18c0d255cc7bd282fca20bb31b02ba41c8a74c85
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Matthew Watkins [Thu, 13 Oct 2022 13:24:40 +0000 (14:24 +0100)]
Fix: set correct exit status when parsing openstack port objects
Addresses a bug with the exit status of the orphaned ports script.
Mirrors the same fix to the equivalent generic objects script.
Issue: RELENG-4483
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: I7cb6465076817d2699970f450c2d7c8c3bda6c31
Andrew Grimberg [Tue, 11 Oct 2022 19:10:20 +0000 (19:10 +0000)]
Merge "Feat: Added a script to cleanup generic openstack objects"
Andrew Grimberg [Tue, 11 Oct 2022 19:08:18 +0000 (19:08 +0000)]
Merge "Fix: Correctly capture openstack port cli output"
Matthew Watkins [Thu, 6 Oct 2022 15:57:15 +0000 (16:57 +0100)]
Feat: Added a script to cleanup generic openstack objects
This script will by default replicate the cleanup ports script.
However, the standard behaviour can be overridden by providing
various variables that can change the objects being managed.
Issue: RELENG-4467
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: I8c3a6d9f6011346e08465b24aecdd068beefdb25
Matthew Watkins [Tue, 6 Sep 2022 15:09:49 +0000 (16:09 +0100)]
Fix: Correctly capture openstack port cli output
Issue: RELENG-4467
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: I5a0dbee41060e8786574030629f9a17e19a48d66
Vanessa Valderrama [Fri, 7 Oct 2022 17:24:26 +0000 (12:24 -0500)]
Fix: docker-push failure
Reomving the line break in the docker_push_command which is
causing the variable to not be set properly.
Signed-off-by: Vanessa Valderrama <vvalderrama@linuxfoundation.org>
Change-Id: Icfefd02eda2ec225cb74e91ff4637457b907ac7f
Vanessa Valderrama [Thu, 6 Oct 2022 18:49:03 +0000 (13:49 -0500)]
Fix: docker-push failure
Fixing a syntax error causing the docker_push_command
variable to not be set properly.
Signed-off-by: Vanessa Valderrama <vvalderrama@linuxfoundation.org>
Change-Id: Ie82a4db9b559009943017747e07101e3ae547fe7
Andrew Grimberg [Wed, 5 Oct 2022 15:57:49 +0000 (08:57 -0700)]
CI: Disable second bashate call
CI is having an issue with the second call to bashate which is supposed
to warn on lines > 80 characters. I cannot seem to get this to replicate
properly locally and bashate is still not a hard requirement for our CI,
we're disabling the extra call for now.
Issue: RELENG-4467
Change-Id: I2bf092b8026d60848796f3357e46d3e877417896
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Anil Belur [Tue, 4 Oct 2022 01:15:08 +0000 (11:15 +1000)]
Fix: Use pyenv for PyPI verify jobs
PyPI verify jobs requires Python 3.x. The tox run picks up default version
of python instead of the version made available through pyenv.
To fix this Re-factor lf-activate-venv() to skip a return, while the venv is
re-used, so that the PATH can be set.
Update the tox install and run script to Call lf-avtivate-venv().
Issue-ID: https://jira.linuxfoundation.org/browse/RELENG-4468
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Change-Id: Ibde3ba8beb5be75fa69c9ee6cf36a80768a8f368
Jessica Wagantall [Fri, 30 Sep 2022 20:45:26 +0000 (13:45 -0700)]
Fix: Update Sonar CLI credential ID
Sonar CLI job needs to use the credential that matches the name of the
project. That is, "sonar-token-{project-name}".
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I4e6bf5dce0b9fcfea352f9e13208698371783de8
Matthew Watkins [Wed, 28 Sep 2022 16:05:38 +0000 (17:05 +0100)]
Fix: Request Python 3 -> 3.8
Issue: RELENG-4462
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: Id986f183aa233879c805c52f3839b36087ab1e84
Jessica Wagantall [Mon, 15 Aug 2022 19:30:10 +0000 (12:30 -0700)]
Feat: Add CLI Sonar scanner job
Add gerrit-cli-sonar and github-cli-sonar scanner job for
non maven based repos. This job downloads a specific Sonar
CLI version and runs sonnar-scanner on the code to produce
a report which is pushed in SonarCloud.
Issue: RELENG-4427
Co-authored-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Co-authored-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: If02a2c78bddacdcc273fb5a0b9f60b99d2da221d
Anil Belur [Sun, 18 Sep 2022 02:09:06 +0000 (12:09 +1000)]
Fix: Install missing dependency - yq
Install yq in the venv that is called by the builder scripts of
RTDv3 and docker jobs.
Effect of changes to lf-activate-venv() from CR I559f759a8dba7
Issue-ID: RELENG-4403
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Change-Id: If9ff9ab247812b9997ba8a2d96e5bd4a50dfd54a
Anil Belur [Fri, 16 Sep 2022 12:20:48 +0000 (12:20 +0000)]
Merge "Fix: JAVA_HOME directory detection"
Sangwook Ha [Thu, 15 Sep 2022 01:12:12 +0000 (18:12 -0700)]
Fix: Address submodule update issues
There are two issues affecting the autorelease-update-submodules jobs:
- git-review tries to copy commit-msg hook to submodules with incorrect
source file path (.git/hooks/commit-msg) and fails - the path should
be ../.git/hooks/commit-msg if a relative path is used since the copy
command is run in the submodule directory
- lf-activate-venv creates a virtual environment in the current working
directory where lf-activate-venv is run. This clutters the repository
and all the files for the virtual environment are added for update.
To address the bug of git-review set 'core.hooksPath' with the absolute
path of the top-level hooks directory so that the correct source path
can be used regardless of the working directory.
The reason why a virtual environment is created in the working directory
is because the following command
$python -m venv "$install_args" "$lf_venv"
is not equivalent to
$python -m venv "$lf_venv"
even when $install_args is empty.
Hence the first command creates two virtual environments, one in the
current working directory and another one in $lf_venv.
Use the correct command depending on the $install_args value to avoid
the issue.
Signed-off-by: Sangwook Ha <sangwook.ha@verizon.com>
Change-Id: I445d010c5f5b9e3576bdafb0335ada1092de9d0c
guillaume.lambert [Thu, 1 Sep 2022 09:58:58 +0000 (11:58 +0200)]
Fix: JAVA_HOME directory detection
OpenDaylight jenkins maven jobs with jdk17 and CentOS7 currently fails
with a confusing message stating that the JAVA_HOME variable is not
correctly set.
This can happen in various cases, usually when there is a mismatch
between the jdk used by maven and the folder pointed by JAVA_HOME.
It appears that openjdk17 is not available with CentOS7 and that
the folder indeed does not exist.
To avoid misinterpretation
- add a folder existence check in related script
before propagating JAVA_HOME variable to other scripts
- if no folder was found, try to find an approaching solution
and exit in case of failure with a more relevant error message
- adapt and refactor code consequently to be more agnostic to
distribution and jdk installation specificities
Signed-off-by: guillaume.lambert <guillaume.lambert@orange.com>
Change-Id: I585cb34e8126ac5827ae33b5c1ed771fd78b3d10
Anil Belur [Fri, 9 Sep 2022 03:35:05 +0000 (13:35 +1000)]
Feat: Upgrade git-review to 2.3.1
The previous version of git-review is incompatible with the latest
version of git due to renaming flags.
Error:
Errors running git rebase -p -i remotes/gerrit/master
fatal: --preserve-merges was replaced by --rebase-merges
This is fixed in 2.2.0, upgrade to 2.3.1 its more recent.
Ref: https://review.opendev.org/c/opendev/git-review/+/818219
Issue-ID: RELENG-4418
Change-Id: I6057f4a197aa6ae38598b51d3ed62b8b0948db67
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Wed, 7 Sep 2022 12:20:28 +0000 (22:20 +1000)]
Feat!: Re-factor lf-activate-venv() to re-use venv
Add new CLI option to set venv file.
Example:
lf-activate-venv --venv-file /tmp/.robot_venv \
robotframework
Modify lf-activate-venv() to allow creation of a venv file and re-use
the venv to improve job performance. When a dependency is already
installed, pip skips the package therefore reduces the time it takes
to create venv in every script.
Precedence for venv file.
a. Re-use an existing venv file if one exists.
1. Use venv file path from --venv-file
2. Use default venv file path "/tmp/.os_lf_venv"
b. Create new venv when 1. and 2. is absent
Note: The default file "/tmp/.os_lf_venv" is created by a pre-build
script (../shell/python-tools-install.sh).
In the situation where a fresh venv is required remove
"/tmp/.os_lf_venv" before calling lf-activate-venv().
Update all the required scripts that call lf-activate-venv().
Issue-ID: RELENG-4403
Change-Id: I559f759a8dba7eca0a62f8b73a360dc627699ed2
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Thu, 1 Sep 2022 03:03:24 +0000 (13:03 +1000)]
Fix: Use lf-activate-venv to install openstack dep
Using python-tools-install.sh for the pre/post build is not recommended
approach for installing python dependencies since this installs the
dependencies with `--user` option (removed in I821a86ac3b54f284e8).
Instead use lf-activate-venv to setup an venv and pull in the required
dependencies and save the path of the virtualenv in a temp file that
can be checked before attempting to create a venv.
Issue-ID: RELENG-4357
Change-Id: I00bbf08921a3ddc6349e74e9cd9d6316b0876749
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Sangwook Ha [Wed, 31 Aug 2022 06:54:49 +0000 (23:54 -0700)]
Fix: Update pyenv version selection
lf-pyver() fails to include the currently selected version in the output
of 'pyenv versions', which makes the version change every time the local
version is set by pyenv with the version from lf-pyver().
Fix the command to extract the list of Python versions to include all
the numeric versions in the list.
Issue-ID: RELENG-4403
Change-Id: I8eb1a1842a9ccd7514f096ec6989559a5526c3b6
Signed-off-by: Sangwook Ha <sangwook.ha@verizon.com>
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Tue, 30 Aug 2022 11:31:05 +0000 (21:31 +1000)]
Fix: Install yq through lf-activate-venv
Install yq through lf-activate-venv instead of the
python tools install script.
Change-Id: Ifd36a7820854e2a1ee15447c966fc3e4629c9fe4
Issue-ID: RELENG-4357
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Tue, 30 Aug 2022 01:14:13 +0000 (11:14 +1000)]
Fix: Update python tools install
- Set the default version of python3 instead of 3.8.x since
some of the older images may not have this version installed.
The default version is only used when lf-env.sh is not
available.
- CR I821a86ac3b54f2 sets and uses python 3.x version
made available by pyenv therefore remove the --user
option which is no longer required.
Issue-ID: RELENG-4357
Change-Id: Ic01b696354434291b49c5f8a125fd6593ca37c96
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Tue, 23 Aug 2022 04:02:18 +0000 (14:02 +1000)]
Feat: Set python3 version from pyenv
Use pyenv whih is the standard way to manage, set and use a python3
installation on the system.
The required version of python3 for all jobs should be > 3.8.x, to
avoid PyPI dependencies conflicts with outdated versions. However the
lf-activate-venv() uses the system default version python installed
through packages. This can cause warning and build failures that source
lf-env.sh.
Update lf-activate-venv to use pyenv versions of python3 installed
through the lfit.python-install galaxy ansible role.
Issue-ID: RELENG-4357
Change-Id: I821a86ac3b54f284e853316f0d782ad551249925
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Tue, 9 Aug 2022 08:35:51 +0000 (18:35 +1000)]
Chore: Cleanup unused deprecated code
Cleanup lftools_activate is no longer used or supported.
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Change-Id: Ie6a23f2697e14bbfc400ff8362a9426c984402be
Anil Belur [Tue, 9 Aug 2022 08:27:51 +0000 (18:27 +1000)]
Chore: Fix bashate warnings
./shell/common-variables.sh:21:1: E006 Line too long
./shell/common-variables.sh:26:1: E006 Line too long
./shell/docker-build.sh:20:1: E006 Line too long
./shell/docker-login.sh:50:1: E006 Line too long
./shell/docker-push.sh:18:1: E006 Line too long
./shell/gerrit-branch-lock.sh:49:1: E006 Line too long
./shell/gerrit-branch-lock.sh:50:1: E006 Line too long
./shell/gerrit-branch-lock.sh:56:1: E006 Line too long
Issue-ID: RELENG-4358
Change-Id: I37198320bc512f2c75c47346e991ea0f0a182fab
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Tue, 9 Aug 2022 07:22:42 +0000 (17:22 +1000)]
Chore: Fix bashate warnings
./shell/autotools-sonarqube.sh:59:1: E006 Line too long
./shell/check-info-votes.sh:45:1: E006 Line too long
./shell/check-info-votes.sh:54:1: E006 Line too long
./shell/check-info-votes.sh:56:1: E006 Line too long
./shell/cmake-sonar.sh:25:1: E006 Line too long
./shell/cmake-sonar.sh:31:1: E006 Line too long
./shell/cmake-sonar.sh:49:1: E006 Line too long
./shell/cmake-sonarqube.sh:31:1: E006 Line too long
./shell/cmake-sonarqube.sh:44:1: E006 Line too long
./shell/cmake-stage.sh:42:1: E006 Line too long
./shell/cmake-stage.sh:64:1: E006 Line too long
./shell/cmake-stage.sh:68:1: E006 Line too long
Issue-ID: RELENG-4358
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Change-Id: I5f4a9dab38287901fcac9937fec111a1020de27e
Andrew Grimberg [Fri, 19 Aug 2022 17:13:56 +0000 (17:13 +0000)]
Merge "Chore: Fix bashate warnings"
Andrew Grimberg [Fri, 19 Aug 2022 17:12:06 +0000 (17:12 +0000)]
Merge "Fix: safer behaviour handling java variables"
Matthew Watkins [Tue, 16 Aug 2022 16:08:39 +0000 (17:08 +0100)]
Fix: safer behaviour handling java variables
Detect both Debian and Ubuntu when configuring java runtime parameters.
This works around a minor OS detection bugs that applies to Docker
containers. Also, improved the handling of an unset variable when
setting the java runtime. This reduces the likelihood of rewriting a
working variable with a broken one.
Change-Id: I69c0756d740430dabef823fa8eed8cbf67e343c6
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Anil Belur [Tue, 9 Aug 2022 04:08:11 +0000 (14:08 +1000)]
Chore: Fix bashate warnings
./jenkins-init-scripts/disable-firewall.sh:19:1: E006 Line too long
./jjb-compare-xml.sh:28:1: E006 Line too long
./jjb-compare-xml.sh:59:1: E006 Line too long
Issue-ID: RELENG-4358
Change-Id: I0ab6d09e9904ec1eb93ef9f8248ea29048c632f3
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Andrew Grimberg [Wed, 17 Aug 2022 17:36:13 +0000 (10:36 -0700)]
CI: Require RELENG changes in commit messages
To make sure that JSD issues are not being referenced since that is not
public data, we will now start enforcing a requirement that commits have
a RELENG issue associated with them.
Issue: RELENG-4375
Change-Id: Ia7800de3097e30670d83b3fdcce0191144cea3a7
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Anil Belur [Wed, 17 Aug 2022 02:21:23 +0000 (02:21 +0000)]
Merge "Feat: Upgrade packer version to v1.8.2"
Anil Belur [Wed, 10 Aug 2022 00:58:41 +0000 (10:58 +1000)]
Feat: Upgrade packer version to v1.8.2
v1.8.2 addresses certain security issues which may not
directly imapact us.
Issue-ID: IT-24377
Change-Id: I275e99e8a7debdf9cae4ca943e19125293d9560b
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Andrew Grimberg [Tue, 16 Aug 2022 23:10:46 +0000 (23:10 +0000)]
Merge "Fix: Update lf-activate-env code comment"
Anil Belur [Mon, 8 Aug 2022 11:58:24 +0000 (21:58 +1000)]
Fix: Update lf-activate-env code comment
Fix lf-activate-env code comment. The comment suggests
using just the version number ``--python <x.y>``, however
as per the code the correct format as per the code is
``--python python<x.y>``
Also update the fix in the
9915b0bb42077428478e2.
Change-Id: Ic135036ded75f0b16525ef78bdec9e90c72a5c44
Issue-ID: RELENG-4348
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Jessica Wagantall [Mon, 8 Aug 2022 19:28:32 +0000 (12:28 -0700)]
Add SBOM report to staging package
The SBOM report should be made available as part of the
build's artifacts as well as part of the staging package.
Copy the SBOM report to the m2repo so that is signed by
SIGUL and packaged along with the staging artifacts.
Issue: RELENG-4356
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I360bb4a26e7b70d9ec6ce8848ecc3365abb8b034
Anil Belur [Tue, 2 Aug 2022 00:34:36 +0000 (10:34 +1000)]
Fix: Set lf-activate-env to use Python 3.8
Set lf-activate-env to use Python 3.8 while running lftools deploy
logs. This fixes the below warnings which when jobs try to use
default version of python 3.6 which is EOL.
CryptographyDeprecationWarning: Python 3.6 is no longer supported
by the Python core team. Therefore, support for it is deprecated in
cryptography and will be removed in a future release.
PythonDeprecationWarning: Boto3 will no longer support Python 3.6
starting May 30, 2022. To continue receiving service updates, bug
fixes, and security updates please upgrade to Python 3.7 or later.
Issue-ID: RELENG-4348
Change-Id: I7177eda0afab58bd775801e955c8759c57554ff3
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Tue, 26 Jul 2022 21:20:50 +0000 (07:20 +1000)]
Fix: Ignore unbounded variable BUILD_RESULT
Error: BUILD_RESULT: unbound variable
Change-Id: Iefbf3d6f658632990529015f35336cadb65e379c
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Jessica Wagantall [Tue, 12 Jul 2022 22:32:09 +0000 (15:32 -0700)]
Update SBOM generator script
- Allow the usage of a maven settings file to resolve transitive
dependencies
- Update sbom file name to reflect more information
Issue: RELENG-4300
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Ibc5f636a946879282b594c3975a1ca53bc159f6a
Anil Belur [Tue, 5 Jul 2022 22:52:41 +0000 (08:52 +1000)]
Feat: Upgrade NexusIQ Client 1.140.0-01.
Issue-ID: RELENG-4306
Change-Id: Ic48cdfc7303e20a1070bfd35e26f22649520b6f0
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Eric Ball [Wed, 8 Jun 2022 13:38:28 +0000 (06:38 -0700)]
Fix: Remove hosts file creation in sigul-install
Our Sigul bridges now have publicly accessible DNS names, so it is no
longer necessary to create an entry in the hosts file.
Issue: RELENG-4269
Change-Id: I8417747b598d4fad3bfef192ccf1056899ffdf0a
Signed-off-by: Eric Ball <eball@linuxfoundation.org>
Anil Belur [Tue, 31 May 2022 23:54:05 +0000 (09:54 +1000)]
Fix: Update script and Dockerfile
Fix URL path indent, add a default ARG to the Dockerfile to
remove WARNING. Set the .asc files permissions to jenkins after
the sigul has signed the files.
Issue-ID: IT-23826
Change-Id: Idfa32e797320e7a580516a4b137202faf5bd37b0
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Andrew Grimberg [Tue, 31 May 2022 16:00:35 +0000 (16:00 +0000)]
Merge "Fix: Sign artifacts on CentOS Stream 8/9"
Anil Belur [Thu, 26 May 2022 23:58:32 +0000 (09:58 +1000)]
Fix: Sign artifacts on CentOS Stream 8/9
Update the sigul-sign-dir.sh to sign artifacts using docker.
The docker image is built on CentOS Streams 8/9. The newer version
of sigul 1.1.1 available for CentOS 8 is not backwords compatible
with the version of sigul on CentOS 7.
As a temporary workaround build a CentOS7 docker image with
sigul installed and use it for signing artificats on platforms
where sigul is not readly available.
Issue-ID: IT-23826
Change-Id: Ie22e23240f7fe388219c0afc4d4c229f390efa9c
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Fri, 27 May 2022 03:30:16 +0000 (13:30 +1000)]
Fix: bashate E006 warnings for lines > 80 chars
Change-Id: Id0ddfbe03e2853019a53b3a76af7f63256c05582
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Tue, 24 May 2022 21:29:25 +0000 (07:29 +1000)]
Fix: Pin openstacksdk<0.99
This fixes the builder-openstack-cron job.
With the recent updates on the pypi dependencies,
some of attributes of various resources may have been
named differently to follow SDK attribute naming convention.
Issue-ID: RELENG-4243
Change-Id: Iadcfe9ddc9645ad6743bde9498ec85599f6fcf06
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Andrew Grimberg [Thu, 19 May 2022 16:55:43 +0000 (09:55 -0700)]
Chore: Update pre-commit hooks
github.com/pre-commit/pre-commit-hooks: v4.0.1 -> v4.2.0
github.com/pre-commit/mirrors-prettier: v2.4.1 -> v2.6.2
github.com/jorisroovers/gitlint: v0.16.0 -> v0.17.0
github.com/jumanjihouse/pre-commit-hooks: 2.1.5 -> 2.1.6
github.com/btford/write-good: v1.0.4 -> v1.0.8
Change-Id: I26bff86b5b0f9c6c624b9b2ba0400b6dadb59c2c
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Andrew Grimberg [Wed, 18 May 2022 17:58:24 +0000 (10:58 -0700)]
Chore: Upgrade base version of JJB to 4.1.0
JJB has been pinned to v2.8.0 for nearly 2 years. It's time move on,
particularly since we've been hard at work dropping support for Python
2.7. This also brings in needed fixes to support recent changes in how
many plugins for Jenkins are getting versioned.
Change-Id: I1ee78f1b7b5a8fa019cb6fe5a322d02ff8d114e2
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Jessica Wagantall [Wed, 27 Apr 2022 19:09:12 +0000 (12:09 -0700)]
Fix: Add maven pre and post build scripts
Optionally run a script before and/or after maven goals.
This will help add dependencies and post process builds with more
flexibility to the project's needs.
Issue: IT-23957
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I7075972c796a2cac17d9ad7ec9e99be1699354c3
Andrew Grimberg [Wed, 27 Apr 2022 18:17:11 +0000 (18:17 +0000)]
Merge "Fix: Isolate SBOM PATH flag"
Jessica Wagantall [Wed, 27 Apr 2022 02:30:50 +0000 (19:30 -0700)]
Fix: Isolate SBOM PATH flag
SBOM's path flag does not work as expected. We need to introduce a new
flag called SBOM_PATH to isolate the path where SBOM is going to be
extracted to and executed from. By default this is set to $WORKSPACE but
some projects need to execute the sbom from a different location in their
code. See https://github.com/opensbom-generator/spdx-sbom-generator/issues/227
Issue: RELENG-4213
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Ibaaf4f89035f8aa9a773e199cf0cacb6c1e14947
Eric Ball [Thu, 21 Apr 2022 23:43:59 +0000 (16:43 -0700)]
Feat: Choose best python version to run venv
We've seen problems with capture-instance-metadata.sh choosing the
best python path, so this should help get the best version on each
builder.
If the $PYTHON variable is set, this will be used. If not, we check to
see if python3 is available, as this should point to the latest
version. If this is also not available, we run with the basic python
command.
Change-Id: I9950cc286c72fd17eac7a3c678ef8ca04ccd8921
Signed-off-by: Eric Ball <eball@linuxfoundation.org>
Anil Belur [Wed, 20 Apr 2022 23:56:25 +0000 (09:56 +1000)]
Revert "Fix: Remove "--python" flag from venv act"
This reverts commit
18d90a9e0b74515b6aa2ac8fc4a17b9d98a7680e.
The issue does not happen on C7/C8 but mostly on Ubuntu and
needs to be addressed elsewhere.
Change-Id: I54abbea2550ed6d80e3c7d75ab86d246c0ec98d2
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Eric Ball [Tue, 19 Apr 2022 15:55:59 +0000 (08:55 -0700)]
Fix: Remove "--python" flag from venv activation
Remove "--python" flag from lf-activate-venv call in
capture-instance-metadata. This forces the system to use Python 2,
which is not available on newer systems, and is causing failures.
Change-Id: I456a1463885b6269b555edbd587c9cfc039c78da
Issue: RELENG-4192
Signed-off-by: Eric Ball <eball@linuxfoundation.org>
Jessica Wagantall [Wed, 20 Apr 2022 19:24:37 +0000 (12:24 -0700)]
CI: Disable pre-commit in CI
Packer has been having issues creating new images for a bit and
pre-commit is no longer working in CI because of something upstream
because of this.
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I64d9e9b2d3edf3ff395ef0886d4e2fe0a5a2dad4
Andrew Grimberg [Wed, 13 Apr 2022 23:07:30 +0000 (23:07 +0000)]
Merge "Feat: Append build result to cost file"
Anil Belur [Fri, 25 Mar 2022 00:43:03 +0000 (10:43 +1000)]
Fix: Activate the virtual environment
Install Python to make sure its available on all images.
Issue-ID: RELENG-4182
Change-Id: Ic8900474fdfd4ce1bdaeecc1e80fef74ca6538f7
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Kevin Sandi [Thu, 17 Mar 2022 23:04:29 +0000 (17:04 -0600)]
Feat: Append build result to cost file
Change-Id: I0f08f364432d4f102655dfe80e98d5202a6b0349
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Jessica Wagantall [Mon, 7 Feb 2022 23:35:09 +0000 (15:35 -0800)]
Feat: Add SBOM Generator conditional step
This is a conditional step which calls a specific
version of SPDX SBOM generator, runs a scan and generates a
report of software bill of materials in a specific repo.
Issue: RELENG-4104
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I3433a93efc4141b5e5e1949d7260f7686a015506
Andrew Grimberg [Mon, 7 Mar 2022 21:43:22 +0000 (13:43 -0800)]
Docs: Update JJB documentation pointers
JJB changed where they are hosting documentation and it's causing issues
with Sphinx link checking
Change-Id: Iedd85caa71cd45a706a278a020b7dab6b4612438
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Robert Varga [Mon, 7 Mar 2022 07:01:55 +0000 (08:01 +0100)]
Refactor: future-proof Java version selector
In terms of Java versioning we have version epoch transition:
- Java 7 and Java 8 use 1.[7,8].0 as their version
- Java 9 and later use plain {9,10,...} as their version
Adjust the version matching machinery to cover not only Java 11/12, but
all future versions -- assuming versioning schema does not change.
Change-Id: I9b12223c39780353bd8921af4ce8ba1349fbcf13
Signed-off-by: Robert Varga <nite@hq.sk>
Anil Belur [Mon, 31 Jan 2022 00:48:51 +0000 (10:48 +1000)]
Feat: Process orphaned coe clusters for K8S jobs
K8s jobs by default creates stacks names that does not match
JOB_NAME, therefore ignore them while processing orphaned stacks
and handle them separatly when cleaning up the orphaned clusters.
The stack naming scheme is limited to take first 20 chars from the
JOB_NAME while the rest is randomly generated for uniqueness which
breaks the openstack cron jobs.
Ref: https://github.com/openstack/magnum/blob/master/magnum/
drivers/heat/driver.py#L202-L212
Issue-ID: RELENG-4106
Change-Id: Id3d9b74c3e6e2a0abbddb771b7fc7d5ba2b59ca5
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Thu, 20 Jan 2022 06:45:06 +0000 (16:45 +1000)]
Feat: Add support for OpenJDK17
Change-Id: Ic6369e120cc256d081ebdd66c5d0d154c86fc73b
Issue-ID: RELENG-4097
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Kevin Sandi [Wed, 8 Dec 2021 22:27:32 +0000 (16:27 -0600)]
Feat: Add new job gerrit-go-verify
This job adds support for running unit tests on Go projects
Issue-ID: RELENG-4055
Change-Id: I6c4d8bfbaf131837ba91aa1bc1cdf5e2f3f0a790
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Kevin Sandi [Mon, 22 Nov 2021 23:15:39 +0000 (17:15 -0600)]
Feat: Add wait flag for SonarCloud quality gates
Add support for wait flag on SonarCloud quality gates, this way jobs
won't finish until the quality gate reports back the result during
the analysis step, which will fail anytime the quality gate fails.
Issue-ID: RELENG-4011
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: Idd75faab59e55363d65fc930790336f370ce60d4
Anil Belur [Thu, 11 Nov 2021 22:39:58 +0000 (22:39 +0000)]
Merge "Chore: Update pre-commit dependencies"
Eric Ball [Thu, 11 Nov 2021 22:10:54 +0000 (14:10 -0800)]
Fix: sonary-verify choosing strategy to "gerrit"
Change-Id: Id5d1f3b2a832c2206788bb0a06a1173cb9018666
Signed-off-by: Eric Ball <eball@linuxfoundation.org>
Anil Belur [Thu, 11 Nov 2021 22:03:43 +0000 (08:03 +1000)]
Chore: Update pre-commit dependencies
Change-Id: I15f1f1b59ca8d77e6b4052682af2a4b9e8236308
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Kevin Sandi [Tue, 9 Nov 2021 23:23:04 +0000 (17:23 -0600)]
Fix: bug in shell script maven-sonar.sh
In order to fix a bug in maven-sonar.sh we should treat parameter
scan-dev-branch as string instead of boolean
Issue-ID: RELENG-4011
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: I6aa16ef65ded5c35174003439f7d183cfa8d0fcf
Anil Belur [Tue, 9 Nov 2021 00:25:03 +0000 (10:25 +1000)]
Feat!: Add builder macro to set ansible.cfg file
Add packer builder macros to create a 'ansible.cfg' file.
This is required by packer build jobs to set ansible host
configuration. The job or image specific configuration can
be created using JCasC custom files in the ci-man repository.
Issue-ID: RELENG-4032
Change-Id: Ia9fc4d26341228ba8009de6d2ec3c46e31bfc45b
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Thu, 4 Nov 2021 01:25:59 +0000 (11:25 +1000)]
Chore!: Rename 'whitelist' to 'allowlist'
Improve global-jjb code and documentation to minimize
non-inclusivity.
Change-Id: I3c70ad4ad2c4d34510410b0baab439ab8681954d
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Kevin Sandi [Mon, 25 Oct 2021 23:39:41 +0000 (23:39 +0000)]
Merge "Feat: Add Maven SonarCloud verify job"
Anil Belur [Mon, 25 Oct 2021 10:40:08 +0000 (20:40 +1000)]
Fix: Pin pyparsing<3.0.0 required by httplib2
Pin pyparsing<3.0.0 required by httplib2 0.20.1. A new version
of pip 21.3.1 is out that has removed this dependency
(pyparsing<3,>=2.4.2) as required by httplib2.
Issue-ID: RELENG-4022
Change-Id: Ifc00a6c82f82b57768330b491828a159be561679
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Kevin Sandi [Thu, 14 Oct 2021 22:55:42 +0000 (16:55 -0600)]
Feat: Add Maven SonarCloud verify job
Add new Maven SonarCloud verify job that will execute SonarCloud
scans before a change gets merged.
Issue-ID: RELENG-4011
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: I6045b186bfde76e19d77f50ef14c98107e2cb0c5
Andrew Grimberg [Mon, 18 Oct 2021 23:51:39 +0000 (16:51 -0700)]
Fix: Correct boot source options for OpenStack
If a VOLUME_SIZE option is not defined in the base cloud configuration
then the default OpenStack boot selection should be 'image' not
'volumeFromImage' otherwise we are unable to properly take advantage of
all options provided by an OpenStack cloud.
Change-Id: I76ae042d598c9f7fa1868d4ea6a3566f8c6b8115
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Andrew Grimberg [Fri, 15 Oct 2021 00:05:27 +0000 (17:05 -0700)]
Fix: Correct bad conversion of OpenStack config
While attempting to get the OpenDaylight Jenkins Sandbox configured to
start working with JCasC cloud management it was discovered that the
numExecutors flag was being mistranslated.
Change-Id: I5598f9936a2a3190e0ff326dad8ef4503aaceaa2
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>