Jessica Wagantall [Tue, 12 Dec 2023 23:25:36 +0000 (15:25 -0800)]
Feat: Use Sigstore Cosign to sign docker images and push signature
In order to enable, the project needs to create their keypair and
credentials in Jenkins for cosign-password (keypair password) and
cosign-private-key.
Issue: RELENG-5014
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Ie3e73cb10445b5139417c62fb534ba883a0ad499
Andrew Grimberg [Thu, 9 Nov 2023 20:33:23 +0000 (12:33 -0800)]
Fix: Make sure reno has enough commits
Issue: RELENG-4975
Change-Id: I8f25c8c91278508bf086760ef094f79b9c7f359b
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Jessica Wagantall [Thu, 9 Nov 2023 17:36:15 +0000 (09:36 -0800)]
Fix: Update release jobs triggers
Currently, all active branches verify jobs are triggering
causing verify conflicts when projects are releasing more
than one branch simultaniously.
Update triggers to only trigger the branch in question.
Issue: RELENG-4979
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Ifff3470671df4b6d05d78575d809c1befa7056de
Andrew Grimberg [Mon, 6 Nov 2023 23:32:08 +0000 (15:32 -0800)]
Fix: Move the git fetch depth
It is not possible to specify a depth larger than 1 with the tag
checkout that is performed. Move the depth increase to where it's
actually needed.
Issue: RELENG-4975
Change-Id: I8a33ccb244bb5cff784934fe7bd75e690f6ff222
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Andrew Grimberg [Mon, 6 Nov 2023 22:29:29 +0000 (14:29 -0800)]
CI: Generate GitHub releases
* Increase the checkout depth from 1 to 30 to handle reno needing to be
able to find all relevant tags (current and current -1) and also pull
the tags
* Setup Python to run reno
* Generate a reno report for the given tag and then modify the report to
strip out all the extra garbage that is added by the report process to
get it into a valid markdown file and not RST file
* Use `gh` cli tool to generate the release notes using the
auto-changelog generation plus the reno release notes
Issue: RELENG-4975
Change-Id: Ie05579dfd757e7d3be7169da987bf67229f4f818
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Eric Ball [Wed, 1 Nov 2023 23:16:33 +0000 (16:16 -0700)]
Fix: Handle error in job-cost.sh without failing
We have seen builds get marked as "unstable" due to transient network
failures while retrieving instance type info. This is not an
acceptable criteria for marking a build unstable, so this change will
handle such an error more cleanly.
Issue: RELENG-4970
Change-Id: Ia146e2771df638e8410fb187d730d4faadf132c2
Signed-off-by: Eric Ball <eball@linuxfoundation.org>
Matthew Watkins [Tue, 31 Oct 2023 17:17:11 +0000 (17:17 +0000)]
Merge "Chore: Update Sonar OpenJDK version"
Matthew Watkins [Tue, 31 Oct 2023 14:43:12 +0000 (14:43 +0000)]
Chore: Update Sonar OpenJDK version
Update to OpenJDK17 for Sonar jobs
Also revert from JDK13->JDK11 where previous scope was incorrect
Issue: RELENG-4962
Change-Id: I300c9ccbc47a5fe03354c6a088fd75dff8c55519
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Matthew Watkins [Tue, 31 Oct 2023 08:09:30 +0000 (08:09 +0000)]
Feat: Define naming of K8S clusters to preserve
Issue: RELENG-4963
Change-Id: If7e283b6b2d8bb55a8f4a08b6406b85530f7eedd
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Matthew Watkins [Thu, 26 Oct 2023 11:37:09 +0000 (12:37 +0100)]
Chore: Update Sonar OpenJDK version
Issue: RELENG-4962
Change-Id: I3aa37e4dc09d9efbbc99f5f12e61c29ce86d24d6
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Jessica Wagantall [Mon, 23 Oct 2023 19:39:32 +0000 (12:39 -0700)]
Fix: Pin setuptools in jjb-deploy-job.sh
This is in order to fix the OpenSSL issue:
urllib3 v2.0 only supports OpenSSL 1.1.1+
Issue: RELENG-4952
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I389c29fab9f892950f424d92eff65b8900d3e6e8
Eric Ball [Tue, 29 Aug 2023 22:59:01 +0000 (22:59 +0000)]
Merge "CI!: Create variable for jacoco exclusion pattern"
Andrew Grimberg [Tue, 29 Aug 2023 13:06:37 +0000 (13:06 +0000)]
Merge "Feat: Upgrade Jenkins-job-builder to 5.0.4"
Eric Ball [Tue, 29 Aug 2023 04:13:07 +0000 (21:13 -0700)]
CI!: Create variable for jacoco exclusion pattern
This changes the signature of lf-jacoco-report macro. All
implementations within global-jjb have been updated, but any uses of
this macro outside of global-jjb will need to be updated.
Issue: RELENG-4856
Change-Id: I3db8ab048fb9d79d4503f455e967a4a26a4a0411
Signed-off-by: Eric Ball <eball@linuxfoundation.org>
Kevin Sandi [Thu, 24 Aug 2023 06:54:50 +0000 (00:54 -0600)]
Fix: gradle jobs triggers and scm
Issue: RELENG-4763
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: I773d891518d4de8bf6fc0d5148664ba03958c3e1
Anil Belur [Thu, 24 Aug 2023 00:38:32 +0000 (10:38 +1000)]
Feat: Upgrade Jenkins-job-builder to 5.0.4
Supports urllib3 to newer DEFAULT_TIMEOUT, therefore unpin urllib3<2.0.0
Ref: https://review.opendev.org/c/jjb/python-jenkins/+/882757
Fixes Jenkins version 2.387.1 or earlier can return 'all' as view name when
requested is 'All'.
Issue: RELENG-4853
Change-Id: Idcfae769f5e5c4268380f531ad86e57aab4fbf03
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Tue, 15 Aug 2023 01:34:03 +0000 (11:34 +1000)]
Fix: Rename view name to lower case
Jenkins version 2.387.1 or earlier can return 'all'
as view name when requested is 'All'.
Add workaround and rename the view name to lower case.
Issue: RELENG-4849
Ref: https://review.opendev.org/c/jjb/python-jenkins/+/888285
Change-Id: I374de78a497b4ba38b495a547fcdbbfd176b068e
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Fiete Ostkamp [Mon, 7 Aug 2023 12:16:50 +0000 (12:16 +0000)]
Feat: Add gradle publish job
Issue: RELENG-4763
Change-Id: Ifca59da7e6321815ad1301baa28756461f53ce30
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
Jessica Wagantall [Mon, 24 Jul 2023 15:55:47 +0000 (08:55 -0700)]
CI!: Remove unused WhiteSource templates
Issue: RELENG-4817
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I3bae425c75dfe1df1694f323d76f4559c3252221
Andrew Grimberg [Mon, 24 Jul 2023 15:26:24 +0000 (08:26 -0700)]
Docs: Remove pip install method from RTD config
RTD seems to have a problem with the install method and path with how
they were defined. Remove them as they are the default anyway
Issue: RELENG-4816
Change-Id: I5e8a2a925ee81b5284fc44cf4ec72ef1fa8761d6
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Andrew Grimberg [Mon, 24 Jul 2023 15:17:23 +0000 (08:17 -0700)]
Docs: Add RTD config file
RTD will start requiring configuration files on September 25, 2023.
This also makes sure that we properly unshallow the clone as that is a
feature flag that is going away as well.
Issue: RELENG-4816
Change-Id: Ia3015cd6f519158ac03ddcb3453d3ac4fb233d51
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Fiete Ostkamp [Mon, 3 Jul 2023 12:21:38 +0000 (12:21 +0000)]
Feat: Switch gerrit-gradle-build template to the gradle builder
Issue: RELENG-4763
Change-Id: Id31d9e23c8df1470c41eab58a91a005b5bd9a4db
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
Eric Ball [Fri, 30 Jun 2023 21:57:58 +0000 (21:57 +0000)]
Merge "Fix: Run docker login for gradle build jobs"
Jessica Wagantall [Fri, 30 Jun 2023 21:32:33 +0000 (14:32 -0700)]
Fix: Add {stream} in release verify and merge jobs
Issue: RELENG-4782
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Ib319f90e5e1b64b837588f46314766e55431e4fb
Jessica Wagantall [Thu, 29 Jun 2023 20:58:50 +0000 (13:58 -0700)]
Fix: Run docker login for gradle build jobs
Issue: RELENG-4763
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I24aa3a8a8982a048d760d3012b9645e2689e8996
Anil Belur [Fri, 30 Jun 2023 04:53:22 +0000 (14:53 +1000)]
Fix: Add target filename for config file
Pass target file where the config file should be created. Newer
version of packer accepts only .json or .hcl extension filenames.
Error:
Could not guess format of
/w/workspace/builder-packer-verify@tmp/config5102323344744095713tmp
A var file must be suffixed with `.hcl` or `.json`.'
Issue: RELENG-4764
Change-Id: Ief8b703246667c38c216ede6ac94e5d549cfe46b
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Wed, 28 Jun 2023 02:20:36 +0000 (12:20 +1000)]
Feat: Rewrite packer jobs to work with hcl2 format
Rewrite packer jobs to work with HCL2 format.
As of packer version 1.7.0 HCL2 is the preferred way to write Packer
templates. HCL2 preserves existing workflows while leveraging HCL2’s
advanced features like variable interpolation and configuration
composability.
Upgrade packer version to v1.9.1. JSON format templates are
deprecated and no longer work with packer version > 1.9.x.
Project specific templates require to be upgraded to HCL2 format.
Support for '.json' templates will be removed from common-packer in
subsequent releases. Therefore, the jobs are expected to work with
older templates.
Ref: https://gerrit.linuxfoundation.org/infra/c/releng/common-packer/+/71859
Issue: RELENG-4764
Change-Id: Ie591343ac87caca217ff7125a84f4b769bb3a40c
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Jessica Wagantall [Fri, 23 Jun 2023 17:09:32 +0000 (10:09 -0700)]
Fix: Add JDK configuration step in Gradle jobs
Issue: RELENG-4769
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I50eb766d7b60e8da8ff3eafbda1d9fc4f2e817ca
Jessica Wagantall [Thu, 15 Jun 2023 20:06:27 +0000 (13:06 -0700)]
CI: Add initial gradle jobs file
Issue: RELENG-4763
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I2d3d8627c0b9fa1e76b3d83ce5755c25fae79f8a
Anil Belur [Tue, 13 Jun 2023 07:58:16 +0000 (17:58 +1000)]
Fix: Pin urllib3 to <2.0.0 for the JJB cleanup
Issue: RELENG-4715
Change-Id: I8d5ef5e30682654b4212a320ffa20f061e11d828
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Jessica Wagantall [Thu, 8 Jun 2023 19:06:11 +0000 (12:06 -0700)]
Fix: Pin urllib3 in pypi-upload script
Issue: RELENG-4715
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I0f8b34516d00d7eec95422c8552f2ec4ee404294
Anil Belur [Mon, 22 May 2023 00:41:23 +0000 (10:41 +1000)]
Fix: Pin urllib3~=1.26.15 in pypi dist jobs
Issue: RELENG-4715
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Change-Id: I8acbb9250a3224c29b6582940f60f6f8ebe19586
Jessica Wagantall [Tue, 16 May 2023 20:00:03 +0000 (13:00 -0700)]
Fix: Pin urllib3~=1.26.15 in jjb-deploy job
Issue: RELENG-4731
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I7efdb713bec085356d972d5f9213aec335959c63
Andrew Grimberg [Wed, 10 May 2023 12:17:00 +0000 (05:17 -0700)]
Fix: Pin urllib3 for RTD builds
RTD needs urllib3 pinned in the requirements.txt for proper building of
the RTD site itself.
Issue: RELENG-4715
Change-Id: Id125e99c8dff5239e95567e7148c595e10096044
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Anil Belur [Wed, 10 May 2023 06:57:04 +0000 (16:57 +1000)]
Fix: pin urllib3 to <2.0.0 for RTD jobs
The latest version of module breaks compatibility
with RTDv3 jobs during tox install and run.
Note: The pip upgrade eager option pulls in the newer
version of urllib3>2.0.0 unless the exact version is passed
with lftools.
Issue: RELENG-4715
Change-Id: I8aae2505eb20e7dc8bef02f5687f9dad9b0e8ef0
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Wed, 10 May 2023 01:15:38 +0000 (11:15 +1000)]
Fix: pin urllib3 to <2.0.0 for verify jobs
The latest version of module breaks compatibility
with python-jenkins.
Note: The pip upgrade eager option pulls in the newer
version of urllib3>2.0.0 unless the exact version is passed
with lftools.
Issue: RELENG-4715
Change-Id: Ib0136e8155b6a654d1b15a558796774e78a31a4d
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Sun, 7 May 2023 21:47:45 +0000 (07:47 +1000)]
Fix: pin urllib3 to <2.0.0
The latest version of module breaks compatibility
with python-jenkins.
Note: The pip upgrade eager option pulls in the newer
version of urllib3>2.0.0 unless the exact version is passed
with lftools.
Issue: RELENG-4715
Change-Id: Ie2fbc7fe1eb57e8936a50b176f7aae6e47efa7e6
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Andrew Grimberg [Mon, 24 Apr 2023 18:10:04 +0000 (11:10 -0700)]
Fix: Correct action version
Issue: RELENG-4563
Change-Id: Ie3129c744d3774d88ed042609e6de7044f7f4de7
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Anil Belur [Wed, 19 Apr 2023 22:35:51 +0000 (08:35 +1000)]
Fix: Use refspec to push tag and code
The CR
365d0c0fe65 for the ODL release custom bits
uses the GERRIT_BRANCH while pushing the tag and code,
however that does not work returns an error.
error: src refspec stable/chlorine does not match any
Push the code bundle and tag as separate operations.
Issue: RELENG-4696
Change-Id: I62d472b998a2d799990605482e5433fb7c721e5f
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Andrew Grimberg [Tue, 18 Apr 2023 16:21:08 +0000 (09:21 -0700)]
Fix: Correct bad action call
Issue: RELENG-4563
Change-Id: Idb27ec5805d2a52bb2e30e72931745e023b5ea80
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Anil Belur [Mon, 17 Apr 2023 22:00:14 +0000 (08:00 +1000)]
Fix: Remove recursive vars for release jobs
JJB 5x treats recursive parameters as an error.
Issue: RELENG-4686
Change-Id: I07df6e5662d1301caaafb628b0d884b7990e6809
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Mon, 17 Apr 2023 22:00:14 +0000 (08:00 +1000)]
Fix: Update JJB to 5.0.2
JJB's 5.0.1 has a bug that return an error when a macro is
set as null. This issue is resolved in 5.0.2.
TypeError: 'NoneType' object is not a mapping
Issue: RELENG-4686
Change-Id: Iba6680ca7e3d54ca88b4854d9ba40006efe3f3e2
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Andrew Grimberg [Mon, 17 Apr 2023 17:22:41 +0000 (17:22 +0000)]
Merge "Refactor!: JJB code to comply with v5.x"
Andrew Grimberg [Wed, 12 Apr 2023 12:47:49 +0000 (05:47 -0700)]
CI: Add release GitHub Action
Issue: RELENG-4563
Change-Id: I5164d1e76df6dbd74c1b00b7e98b67519940bcda
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Anil Belur [Thu, 13 Apr 2023 03:20:36 +0000 (13:20 +1000)]
Refactor!: JJB code to comply with v5.x
There has been an update to the YAML parser with more fine-tuned
control over YAML parsing. YAML objects and parameter expansion logic
is in accordance with the latest YAML specification 1.2.2 (released
in Oct 2021).
Notable changes include:
- Aggressive parameter expansion. This may lead to parameters expanded
in places where they were not expanded before.
- Recursive parameters usage is being treated as error.
- Strict checking for missing parameters.
- Files included using '!include-raw:' elements and having formatting
it path ('lazy-loaded' in previous implementation) are now expanded too.
Use '!include-raw-escape:' for them instead.
NOTE: this is a beaking change would have potential impact many of jobs
in global-jjb and in ci-man repo that DO NOT use global-jjb templates.
Issue: RELENG-4686
Change-Id: Ie7417956bdcf5f4d6477dbff87baca6b1b8aeeaf
Ref: https://groups.google.com/u/2/g/jenkins-job-builder/c/1fx7PmADgXw
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Wed, 12 Apr 2023 14:17:50 +0000 (14:17 +0000)]
Merge "Refactor: pre-commit cleanups"
Andrew Grimberg [Wed, 12 Apr 2023 14:10:03 +0000 (07:10 -0700)]
Refactor: pre-commit cleanups
Cleanup errors being caught by pre-commit that is preventing GitHub
Actions runs of pre-commit (aka pre-commit run -a) from passing
Issue: RELENG-4687
Change-Id: I09636538d1d34e5ab2deeb05c112632540a17368
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Anil Belur [Wed, 12 Apr 2023 10:50:29 +0000 (20:50 +1000)]
Fix: Use the python3 module opt to call pip
This fixes the issue where pip is not available in the
venv path.
Error: /tmp/venv-knWF/bin/pip: No such file or directory
Issue-ID: RELENG-4688
Change-Id: I6d6edeb8c3cdf0c36f271412d3d2e96db96f6e4b
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Andrew Grimberg [Wed, 12 Apr 2023 13:16:00 +0000 (06:16 -0700)]
CI: Disable jjb-latest tox test
JJB v5.x released this morning (April 12, 2023) and started breaking the
jjb-latest validation test. As the test is a canary test, it did the
correct thing and broke our builds alerting us to the issue.
This disables the test so that other work is unblocked until such time
as we can determine the correct way forward with fixes and can turn this
test back on.
Issue: RELENG-4686
Change-Id: I94f6e944356c5aabb75434165a738b4d9336d818
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Andrew Grimberg [Fri, 7 Apr 2023 15:48:10 +0000 (08:48 -0700)]
CI: Add GHA for verification
Issue: RELENG-4564
Change-Id: I61c91c14b2e2211fae5062ac0b5354d6e84d3feb
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Andrew Grimberg [Tue, 11 Apr 2023 20:26:26 +0000 (13:26 -0700)]
Fix: Newer tox needs allowlist vs whitelist
Issue: RELENG-4539
Change-Id: Id137b386671258f2c4fbdc115ea38429abfa3f43
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Jessica Wagantall [Mon, 3 Apr 2023 16:52:07 +0000 (16:52 +0000)]
Merge "Chore: Remove daily cron on stage jobs"
Anil Belur [Sun, 2 Apr 2023 02:34:11 +0000 (08:04 +0530)]
Fix: condition before pushing the object.
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Change-Id: If1d091bd9e94fa5337053094b0101541bb056ca4
Anil Belur [Thu, 19 Jan 2023 11:34:27 +0000 (21:34 +1000)]
Fix: Ensure tag and object are pushed together
Address the problem where the tag is not pushed to the mainline
branch therefore causing the tag missing in the git history.
To fix this check commit count between the HEAD and
origin/${GERRIT_BRANCH} before the fetch and merge operation.
This is done to ensure that the tag lands on the target branch.
If the branch has already moved forward from the tagging point,
then a spur commit is created for the tag.
Change-Id: I675c815d4ac39244adf5168c1fbd051f8c626290
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Jessica Wagantall [Wed, 29 Mar 2023 21:17:21 +0000 (14:17 -0700)]
Chore: Remove daily cron on stage jobs
Remove daily cron on maven-stage and maven-docker-stage
jobs. Cron triggers stay configurable.
Issue: RELENG-4666
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I15931a8d691bffa77dd0d50f638fc38590d33255
Anil Belur [Thu, 9 Mar 2023 16:18:23 +0000 (16:18 +0000)]
Merge "Fix!: Un-pin tox version from 3.27.1 and remove tox-pyenv"
Bengt Thuree [Thu, 9 Mar 2023 09:50:41 +0000 (20:50 +1100)]
FIX: Revert clm-maven plugin
Latest version of clm-maven plugin (clm-maven-plugin:2.42.0-01)
is not working in our environment.
We get the following error
Failed to execute goal com.sonatype.clm:clm-maven-plugin:2.42.0-01:index
(default-cli) on project babel: Failed to invoke Maven build.
Maven execution failed, exit code: 1 -> [Help 1]
This patch pins the previous working plugin which is 2.41.0-02
Issue-ID: IT-25225
Change-Id: I3d87d5adc954baf703f29816c0e295e0203b4f40
Signed-off-by: Bengt Thuree <bthuree@linuxfoundation.org>
Bengt Thuree [Thu, 9 Mar 2023 09:32:12 +0000 (09:32 +0000)]
Merge "Fix: Update path/location of update-alternatives"
Jessica Wagantall [Tue, 7 Mar 2023 20:54:25 +0000 (12:54 -0800)]
Feat: Add Docker Snyk CLI Scanner jobs
Introduce Docker Snyk CLI scanner jobs. These jobs can be triggered
to download the latest version of Snyk's CLI scanner and trigger a
scan for Docker based repos. These jobs produce a report which is
published into Snyk's dashboard. These reports are fetched and
reflected back into the LFX Security tool.
Issue: RELENG-4609
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Ifc9ab4c51393e893b22b06844f3701caaca06c6f
Jessica Wagantall [Tue, 7 Mar 2023 03:23:03 +0000 (19:23 -0800)]
Feat: Add Python Snyk CLI Scanner jobs
Introduce Python Snyk CLI scanner jobs. These jobs can be triggered
to download the latest version of Snyk's CLI scanner and trigger a
scan for Python based repos. These jobs produce a report which is
published into Snyk's dashboard. These reports are fetched and
reflected back into the LFX Security tool.
Issue: RELENG-4609
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I5414d04ccc7472a6b3cd2576da1cb6bc36d1ea25
Matthew Watkins [Tue, 7 Mar 2023 12:59:27 +0000 (12:59 +0000)]
Fix!: Un-pin tox version from 3.27.1 and remove tox-pyenv
Un-pin tox version from 3.27.1 and remove tox-pyenv. Testing has
demonstrated that tox-pyenv is no longer required to obtain correct
Python runtime versions when running tests. Also, removed Python 3.8
from the VENV setup where it was being specifically requested.
Due to unpinning of the tox version, tox.ini configuration files may
need modifying to reflect a change in configuration syntax; where
whitelist_externals needs to be replaced with allowlist_externals.
Issue-ID: RELENG-4539
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: Ifdd49de2a8e5054dad4a5d52125ede537049ad8e
Matthew Watkins [Thu, 12 Jan 2023 00:25:35 +0000 (00:25 +0000)]
Fix: Update path/location of update-alternatives
The path is different between CentOS7/8 and was incorrect for Ubuntu
Issue-ID: IT-25261
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: I91bfed027dcbe10c0dc39beac2ae71fb4f5f00ad
Signed-off-by: Bengt Thuree <bthuree@linuxfoundation.org>
Jessica Wagantall [Tue, 7 Mar 2023 02:24:13 +0000 (18:24 -0800)]
Fix: Add missing mark in docs
Add missing docs mark in latest "add-go-snyk-cli-scanner"
release notes.
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Id0b2ceeb849a274704dec047667d43cfc7114fc0
Jessica Wagantall [Tue, 7 Mar 2023 00:41:08 +0000 (16:41 -0800)]
Feat: Add Go Snyk CLI Scanner jobs
Introduce Go Snyk CLI scanner jobs. These jobs can be triggered to
download the latest version of Snyk's CLI scanner and trigger a scan
for Go based repos. These jobs produce a report which is published
into Snyk's dashboard. These reports are fetched and reflected back
into the LFX Security tool.
Issue: RELENG-4609
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Id1f80d255896b44977979322fae663da13c95287
Jessica Wagantall [Mon, 6 Mar 2023 21:30:43 +0000 (13:30 -0800)]
Fix: Allow SNYK scanner to take additional options
Add SNYK_CLI_OPTIONS parameter which can be used to pass additional Snyk
CLI options as per https://docs.snyk.io/snyk-cli/cli-reference.
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I7fb8157a263d03f3780beb044e2e7c5093c2877b
Jessica Wagantall [Thu, 2 Mar 2023 02:30:13 +0000 (18:30 -0800)]
Feat: Add Maven Snyk CLI Scanner
Introduce Maven Snyk CLI scanner jobs. These jobs can be triggered
to download the latest version of Snyk's CLI scanner and trigger a
scan for Maven based repos.
These jobs produce a report which is published into Snyk's dashboard.
These reports are fetched and reflected back into the LFX Security tool.
Issue: RELENG-4609
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I183bd1e8d22caa832b04b7d1d5b078b0a8946285
Matthew Watkins [Thu, 12 Jan 2023 17:04:19 +0000 (17:04 +0000)]
Fix: Update Nexus IQ script output to include Python dependencies
Script now downloads module dependencies into the target directory.
Also, print a warning if the target variable is not set/populated and
print the correct variable in the job output.
Issue-ID: RELENG-4557
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: I1d4bbd752dd2282fc58c10636ad1aa228ad919a8
Kevin Sandi [Fri, 20 Jan 2023 18:47:46 +0000 (12:47 -0600)]
Fix: pin setuptools to 65.7.0 everywhere
Issue-ID: RELENG-4562
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: Idf7d1538ef38af3aeaf5444986a8932acada8904
Kevin Sandi [Fri, 20 Jan 2023 16:44:41 +0000 (10:44 -0600)]
Fix: pin setuptools to avoid version string format issues
Issue-ID: RELENG-4562
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: I13737f8a5d671ba2c1f66cd87ae817ead8d5442c
Anil Belur [Mon, 9 Jan 2023 08:11:25 +0000 (18:11 +1000)]
Revert "Fix: Add missing sctp.h header file to sonarqube cmake/build"
This reverts commit
5c69133bfea3ca1b895219b509b9c1353e122c4c.
The changes being installed runtime through the global-jjb scripts
should be moved into the ansible-roles repo.
Change-Id: I31a03f97cee285ea1bdb1227e4f150ac1f5f8b9d
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Matthew Watkins [Wed, 21 Dec 2022 14:57:08 +0000 (14:57 +0000)]
Fix: Add missing sctp.h header file to sonarqube cmake/build
Addresses a cmake/build failure due to a missing header file.
Adds the required platform-specific package dependency to the relevant
script.
Issue-ID: RELENG-4551
Signed-off-by: MatthewWatkins <mwatkins@linuxfoundation.org>
Change-Id: Icfef14917bf4dbc0dd4c506b44648e9ccae78131
Kevin Sandi [Mon, 12 Dec 2022 19:54:37 +0000 (13:54 -0600)]
Fix: pin tox version on rtd-verify.sh
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: I0e29b59fd5c22bad43a7c6ef865d6d15f7ea6af3
Kevin Sandi [Fri, 9 Dec 2022 02:36:30 +0000 (20:36 -0600)]
Fix: pin tox version
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: Ic015a210ec2d9af2d6b7ce182a6121d8c37b984b
Kevin Sandi [Thu, 1 Dec 2022 22:06:46 +0000 (16:06 -0600)]
Feat: update release note of sonarcloud token change
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: I8f643d1b944fb6cda75997ad801835ed5381b8cf
Andrew Grimberg [Thu, 1 Dec 2022 21:35:02 +0000 (21:35 +0000)]
Merge "Feat: use credential for sonarcloud token"
Kevin Sandi [Mon, 14 Nov 2022 06:19:14 +0000 (00:19 -0600)]
Feat: use credential for sonarcloud token
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>
Change-Id: I4c2b513a32d44795cc40832622dc6054640940a0
Anil Belur [Wed, 30 Nov 2022 08:57:05 +0000 (18:57 +1000)]
Fix: Remove unnecessary quotes around the variable
Additional quotes changes the behavior while processing glob patterns.
Issue-ID: RELENG-4530
Change-Id: Ia986e1a3d1e6cbb2ad655aa83c3a5d3c865a782a
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Jessica Wagantall [Tue, 29 Nov 2022 19:55:03 +0000 (11:55 -0800)]
Fix: Use NEXUS_TARGET_BUILD in Nexus IQ CLI scanner
Replace Nexus IQ build Target from "${REQUIREMENTS_FILE}"
to "${NEXUS_TARGET_BUILD}".
The scanner is only including the requirements.txt
file in its scan which should not contain other information
than python package requirements.
Instead, use a "${NEXUS_TARGET_BUILD}" parameter which the
user can optionally provide to the scanner to indicate a
file or directory to include in the scan. By default, this
variable is **/*.
For more information on how to use the "Target" parameter:
https://help.sonatype.com/iqserver/integrations/nexus-iq-cli#NexusIQCLI
Issue: RELENG-4530
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: Ifb6947de3d0ff282d461b12332e6d4c2f4ac0198
Anil Belur [Wed, 26 Oct 2022 23:34:26 +0000 (09:34 +1000)]
Fix: Copy the spdx file in root of the $project
The SBOM generator script creates an spdx file in the root level.
When the artifacts are pushed the spdx file gets overwritten.
Create the spdx file as ${PROJECT}-sbom-${release_version}.spdx
and then copy the spdx file under the namespace ${group_id_path} dir.
Change-Id: Ia8bd06ac160e30886c7133aef8f0c82e5aded3dd
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Matthew Watkins [Mon, 17 Oct 2022 20:55:55 +0000 (21:55 +0100)]
Fix: Abort script earlier when no objects to cleanup
Issue-ID: RELENG-4483
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: I3311fc09a61f4d30fff8dd52e387c11dbcdc2aea
Eric Ball [Mon, 17 Oct 2022 17:53:38 +0000 (17:53 +0000)]
Merge "Fix: Use lf-activate-venv to reuse venv"
Anil Belur [Fri, 14 Oct 2022 23:05:52 +0000 (09:05 +1000)]
Fix: Use lf-activate-venv to reuse venv
The venv created for tox is unavailable when the semantics of the
script is split across files, therefore ensure venv is created with
--venv-file option and set.
Issue-ID: RELENG-4485
Change-Id: I18c0d255cc7bd282fca20bb31b02ba41c8a74c85
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Matthew Watkins [Thu, 13 Oct 2022 13:24:40 +0000 (14:24 +0100)]
Fix: set correct exit status when parsing openstack port objects
Addresses a bug with the exit status of the orphaned ports script.
Mirrors the same fix to the equivalent generic objects script.
Issue: RELENG-4483
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: I7cb6465076817d2699970f450c2d7c8c3bda6c31
Andrew Grimberg [Tue, 11 Oct 2022 19:10:20 +0000 (19:10 +0000)]
Merge "Feat: Added a script to cleanup generic openstack objects"
Andrew Grimberg [Tue, 11 Oct 2022 19:08:18 +0000 (19:08 +0000)]
Merge "Fix: Correctly capture openstack port cli output"
Matthew Watkins [Thu, 6 Oct 2022 15:57:15 +0000 (16:57 +0100)]
Feat: Added a script to cleanup generic openstack objects
This script will by default replicate the cleanup ports script.
However, the standard behaviour can be overridden by providing
various variables that can change the objects being managed.
Issue: RELENG-4467
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: I8c3a6d9f6011346e08465b24aecdd068beefdb25
Matthew Watkins [Tue, 6 Sep 2022 15:09:49 +0000 (16:09 +0100)]
Fix: Correctly capture openstack port cli output
Issue: RELENG-4467
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: I5a0dbee41060e8786574030629f9a17e19a48d66
Vanessa Valderrama [Fri, 7 Oct 2022 17:24:26 +0000 (12:24 -0500)]
Fix: docker-push failure
Reomving the line break in the docker_push_command which is
causing the variable to not be set properly.
Signed-off-by: Vanessa Valderrama <vvalderrama@linuxfoundation.org>
Change-Id: Icfefd02eda2ec225cb74e91ff4637457b907ac7f
Vanessa Valderrama [Thu, 6 Oct 2022 18:49:03 +0000 (13:49 -0500)]
Fix: docker-push failure
Fixing a syntax error causing the docker_push_command
variable to not be set properly.
Signed-off-by: Vanessa Valderrama <vvalderrama@linuxfoundation.org>
Change-Id: Ie82a4db9b559009943017747e07101e3ae547fe7
Andrew Grimberg [Wed, 5 Oct 2022 15:57:49 +0000 (08:57 -0700)]
CI: Disable second bashate call
CI is having an issue with the second call to bashate which is supposed
to warn on lines > 80 characters. I cannot seem to get this to replicate
properly locally and bashate is still not a hard requirement for our CI,
we're disabling the extra call for now.
Issue: RELENG-4467
Change-Id: I2bf092b8026d60848796f3357e46d3e877417896
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
Anil Belur [Tue, 4 Oct 2022 01:15:08 +0000 (11:15 +1000)]
Fix: Use pyenv for PyPI verify jobs
PyPI verify jobs requires Python 3.x. The tox run picks up default version
of python instead of the version made available through pyenv.
To fix this Re-factor lf-activate-venv() to skip a return, while the venv is
re-used, so that the PATH can be set.
Update the tox install and run script to Call lf-avtivate-venv().
Issue-ID: https://jira.linuxfoundation.org/browse/RELENG-4468
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Change-Id: Ibde3ba8beb5be75fa69c9ee6cf36a80768a8f368
Jessica Wagantall [Fri, 30 Sep 2022 20:45:26 +0000 (13:45 -0700)]
Fix: Update Sonar CLI credential ID
Sonar CLI job needs to use the credential that matches the name of the
project. That is, "sonar-token-{project-name}".
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: I4e6bf5dce0b9fcfea352f9e13208698371783de8
Matthew Watkins [Wed, 28 Sep 2022 16:05:38 +0000 (17:05 +0100)]
Fix: Request Python 3 -> 3.8
Issue: RELENG-4462
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Change-Id: Id986f183aa233879c805c52f3839b36087ab1e84
Jessica Wagantall [Mon, 15 Aug 2022 19:30:10 +0000 (12:30 -0700)]
Feat: Add CLI Sonar scanner job
Add gerrit-cli-sonar and github-cli-sonar scanner job for
non maven based repos. This job downloads a specific Sonar
CLI version and runs sonnar-scanner on the code to produce
a report which is pushed in SonarCloud.
Issue: RELENG-4427
Co-authored-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Co-authored-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Change-Id: If02a2c78bddacdcc273fb5a0b9f60b99d2da221d
Anil Belur [Sun, 18 Sep 2022 02:09:06 +0000 (12:09 +1000)]
Fix: Install missing dependency - yq
Install yq in the venv that is called by the builder scripts of
RTDv3 and docker jobs.
Effect of changes to lf-activate-venv() from CR I559f759a8dba7
Issue-ID: RELENG-4403
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Change-Id: If9ff9ab247812b9997ba8a2d96e5bd4a50dfd54a
Anil Belur [Fri, 16 Sep 2022 12:20:48 +0000 (12:20 +0000)]
Merge "Fix: JAVA_HOME directory detection"
Sangwook Ha [Thu, 15 Sep 2022 01:12:12 +0000 (18:12 -0700)]
Fix: Address submodule update issues
There are two issues affecting the autorelease-update-submodules jobs:
- git-review tries to copy commit-msg hook to submodules with incorrect
source file path (.git/hooks/commit-msg) and fails - the path should
be ../.git/hooks/commit-msg if a relative path is used since the copy
command is run in the submodule directory
- lf-activate-venv creates a virtual environment in the current working
directory where lf-activate-venv is run. This clutters the repository
and all the files for the virtual environment are added for update.
To address the bug of git-review set 'core.hooksPath' with the absolute
path of the top-level hooks directory so that the correct source path
can be used regardless of the working directory.
The reason why a virtual environment is created in the working directory
is because the following command
$python -m venv "$install_args" "$lf_venv"
is not equivalent to
$python -m venv "$lf_venv"
even when $install_args is empty.
Hence the first command creates two virtual environments, one in the
current working directory and another one in $lf_venv.
Use the correct command depending on the $install_args value to avoid
the issue.
Signed-off-by: Sangwook Ha <sangwook.ha@verizon.com>
Change-Id: I445d010c5f5b9e3576bdafb0335ada1092de9d0c
guillaume.lambert [Thu, 1 Sep 2022 09:58:58 +0000 (11:58 +0200)]
Fix: JAVA_HOME directory detection
OpenDaylight jenkins maven jobs with jdk17 and CentOS7 currently fails
with a confusing message stating that the JAVA_HOME variable is not
correctly set.
This can happen in various cases, usually when there is a mismatch
between the jdk used by maven and the folder pointed by JAVA_HOME.
It appears that openjdk17 is not available with CentOS7 and that
the folder indeed does not exist.
To avoid misinterpretation
- add a folder existence check in related script
before propagating JAVA_HOME variable to other scripts
- if no folder was found, try to find an approaching solution
and exit in case of failure with a more relevant error message
- adapt and refactor code consequently to be more agnostic to
distribution and jdk installation specificities
Signed-off-by: guillaume.lambert <guillaume.lambert@orange.com>
Change-Id: I585cb34e8126ac5827ae33b5c1ed771fd78b3d10
Anil Belur [Fri, 9 Sep 2022 03:35:05 +0000 (13:35 +1000)]
Feat: Upgrade git-review to 2.3.1
The previous version of git-review is incompatible with the latest
version of git due to renaming flags.
Error:
Errors running git rebase -p -i remotes/gerrit/master
fatal: --preserve-merges was replaced by --rebase-merges
This is fixed in 2.2.0, upgrade to 2.3.1 its more recent.
Ref: https://review.opendev.org/c/opendev/git-review/+/818219
Issue-ID: RELENG-4418
Change-Id: I6057f4a197aa6ae38598b51d3ed62b8b0948db67
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Anil Belur [Wed, 7 Sep 2022 12:20:28 +0000 (22:20 +1000)]
Feat!: Re-factor lf-activate-venv() to re-use venv
Add new CLI option to set venv file.
Example:
lf-activate-venv --venv-file /tmp/.robot_venv \
robotframework
Modify lf-activate-venv() to allow creation of a venv file and re-use
the venv to improve job performance. When a dependency is already
installed, pip skips the package therefore reduces the time it takes
to create venv in every script.
Precedence for venv file.
a. Re-use an existing venv file if one exists.
1. Use venv file path from --venv-file
2. Use default venv file path "/tmp/.os_lf_venv"
b. Create new venv when 1. and 2. is absent
Note: The default file "/tmp/.os_lf_venv" is created by a pre-build
script (../shell/python-tools-install.sh).
In the situation where a fresh venv is required remove
"/tmp/.os_lf_venv" before calling lf-activate-venv().
Update all the required scripts that call lf-activate-venv().
Issue-ID: RELENG-4403
Change-Id: I559f759a8dba7eca0a62f8b73a360dc627699ed2
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>