From c90444b34acce55c33b17d91c0e47612345b2249 Mon Sep 17 00:00:00 2001
From: Eric Ball <eball@linuxfoundation.org>
Date: Wed, 5 Dec 2018 08:01:38 -0800
Subject: [PATCH] Add puppet-verify job to lf-ci-jobs

This job performs linting of Puppet modules.

Issue: RELENG-988
Change-Id: I8ab6e828e378eb9186187edb80487e0332ac144f
Signed-off-by: Eric Ball <eball@linuxfoundation.org>
---
 docs/jjb/lf-ci-jobs.rst                            |  53 +++++++
 jjb/lf-ci-jobs.yaml                                | 153 +++++++++++++++++++++
 .../puppet-verify-linting-1bb7dd93dcf20ddc.yaml    |  14 ++
 shell/puppet-lint.sh                               |  23 ++++
 4 files changed, 243 insertions(+)
 create mode 100644 releasenotes/notes/puppet-verify-linting-1bb7dd93dcf20ddc.yaml
 create mode 100644 shell/puppet-lint.sh

diff --git a/docs/jjb/lf-ci-jobs.rst b/docs/jjb/lf-ci-jobs.rst
index 299d201d..8d6ef7d2 100644
--- a/docs/jjb/lf-ci-jobs.rst
+++ b/docs/jjb/lf-ci-jobs.rst
@@ -96,6 +96,16 @@ lf-packer-verify-file-paths
 
 Gerrit file-paths for packer verify jobs.
 
+lf-puppet-parameters
+--------------------
+
+Parameters useful for Puppet related tasks.
+
+:Parameters:
+
+    :puppet-lint-version: Version of puppet-lint to install / use.
+        (shell: PUPPET_LINT_VERSION)
+
 Job Templates
 =============
 
@@ -721,3 +731,46 @@ Packer Verify job runs `packer validate` to verify packer configuration.
     :gerrit_verify_triggers: Override Gerrit Triggers.
     :gerrit_trigger_file_paths: Override file paths which can be used to
         filter which file modifications will trigger a build.
+
+
+Puppet Verify
+-------------
+
+Runs puppet-lint in the ``puppet-dir`` directory. puppet-lint runs recursively,
+so the base directory is usually the best place to run from.
+
+:Template Names:
+
+    - {project-name}-puppet-verify
+    - gerrit-puppet-verify
+    - github-puppet-verify
+
+:Comment Trigger: recheck|reverify
+
+:Required Parameters:
+
+    :build-node: The node to run build on.
+    :jenkins-ssh-credential: Credential to use for SSH. (Generally set
+        in defaults.yaml)
+
+:Optional Parameters:
+
+    :branch: The branch to build against. (default: master)
+    :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
+    :build-timeout: Timeout in minutes before aborting build. (default: 15)
+    :gerrit_trigger_file_paths: Override file paths which used to filter which
+        file modifications will trigger a build. Refer to JJB documentation for
+        "file-path" details.
+        https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit
+    :git-url: URL clone project from. (default: $GIT_URL/$GERRIT_PROJECT)
+    :puppet-dir: Directory containing the project's puppet module(s) relative
+        to the workspace.
+        (default: '')
+    :puppet-lint-version: Version of puppet-lint to use for testing.
+        (default: 2.3.6)
+    :stream: Keyword representing a release code-name.
+        Often the same as the branch. (default: master)
+    :submodule-recursive: Whether to checkout submodules recursively.
+        (default: true)
+    :submodule-timeout: Timeout (in minutes) for checkout operation.
+        (default: 10)
diff --git a/jjb/lf-ci-jobs.yaml b/jjb/lf-ci-jobs.yaml
index e02d7531..c34f63d1 100644
--- a/jjb/lf-ci-jobs.yaml
+++ b/jjb/lf-ci-jobs.yaml
@@ -89,6 +89,14 @@
           default: '{packer-version}'
           description: Packer version to download and install.
 
+- parameter:
+    name: lf-puppet-parameters
+    parameters:
+      - string:
+          name: PUPPET_LINT_VERSION
+          default: '{puppet-lint-version}'
+          description: Puppet-lint version to download and install.
+
 - lf_jjb_common: &lf_jjb_common
     name: lf-jjb-common
 
@@ -1634,3 +1642,148 @@
           included-regions: '{obj:github_included_regions}'
           white-list-target-branches:
             - '{branch}'
+
+#################
+# Puppet Verify #
+#################
+
+- lf_puppet_verify: &lf_puppet_verify
+    name: lf-puppet-verify
+
+    ######################
+    # Default parameters #
+    ######################
+
+    branch: master
+    build-days-to-keep: 7
+    build-timeout: 15
+    disable-job: false
+    git-url: '$GIT_URL/$GERRIT_PROJECT'
+    github-url: 'https://github.com'
+    parallel: true
+    puppet-dir: ''
+    puppet-lint-version: 2.3.6
+    stream: master
+    submodule-recursive: true
+    submodule-timeout: 10
+
+    gerrit_trigger_file_paths:
+      - compare-type: REG_EXP
+        pattern: '.*'
+
+    # github_included_regions MUST match gerrit_trigger_file_paths
+    github_included_regions:
+      - '.*'
+
+    #####################
+    # Job Configuration #
+    #####################
+
+    project-type: freestyle
+    node: '{build-node}'
+    concurrent: true
+    disabled: '{disable-job}'
+
+    properties:
+      - lf-infra-properties:
+          build-days-to-keep: '{build-days-to-keep}'
+
+    parameters:
+      - lf-infra-parameters:
+          project: '{project}'
+          branch: '{branch}'
+          stream: '{stream}'
+      - lf-puppet-parameters:
+          puppet-lint-version: '{puppet-lint-version}'
+
+    wrappers:
+      - lf-infra-wrappers:
+          build-timeout: '{build-timeout}'
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    builders:
+      - shell: !include-raw-escape: ../shell/puppet-lint.sh
+
+    publishers:
+      - lf-infra-publish
+
+- job-template:
+    name: '{project-name}-puppet-verify'
+    id: gerrit-puppet-verify
+    <<: *lf_puppet_verify
+
+    ######################
+    # Default parameters #
+    ######################
+
+    gerrit_verify_triggers:
+      - patchset-created-event:
+          exclude-drafts: true
+          exclude-trivial-rebase: false
+          exclude-no-code-change: false
+      - draft-published-event
+      - comment-added-contains-event:
+          comment-contains-value: '^Patch Set[ ]+[0-9]+:([ ]+|[\n]+)(recheck|reverify)$'
+
+    #####################
+    # Job Configuration #
+    #####################
+
+    scm:
+      - lf-infra-gerrit-scm:
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+          git-url: '{git-url}'
+          refspec: '$GERRIT_REFSPEC'
+          branch: '$GERRIT_BRANCH'
+          submodule-recursive: '{submodule-recursive}'
+          submodule-timeout: '{submodule-timeout}'
+          choosing-strategy: gerrit
+
+    triggers:
+      - gerrit:
+          server-name: '{gerrit-server-name}'
+          trigger-on: '{obj:gerrit_verify_triggers}'
+          projects:
+            - project-compare-type: ANT
+              project-pattern: '{project}'
+              branches:
+                - branch-compare-type: ANT
+                  branch-pattern: '**/{branch}'
+              file-paths: '{obj:gerrit_trigger_file_paths}'
+
+- job-template:
+    name: '{project-name}-puppet-verify'
+    id: github-puppet-verify
+    <<: *lf_puppet_verify
+
+    #####################
+    # Job Configuration #
+    #####################
+
+    properties:
+      - lf-infra-properties:
+          project: '{project}'
+          build-days-to-keep: 7
+      - github:
+          url: '{github-url}/{github-org}/{project}'
+
+    scm:
+      - lf-infra-github-scm:
+          url: '{git-clone-url}{github-org}/{project}'
+          refspec: '+refs/pull/*:refs/remotes/origin/pr/*'
+          branch: '$sha1'
+          submodule-recursive: '{submodule-recursive}'
+          submodule-timeout: '{submodule-timeout}'
+          choosing-strategy: default
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    triggers:
+      - github-pull-request:
+          trigger-phrase: '^(recheck|reverify)$'
+          only-trigger-phrase: false
+          status-context: 'Puppet Verify'
+          permit-all: true
+          github-hooks: true
+          included-regions: '{obj:github_included_regions}'
+          white-list-target-branches:
+            - '{branch}'
diff --git a/releasenotes/notes/puppet-verify-linting-1bb7dd93dcf20ddc.yaml b/releasenotes/notes/puppet-verify-linting-1bb7dd93dcf20ddc.yaml
new file mode 100644
index 00000000..bfe64738
--- /dev/null
+++ b/releasenotes/notes/puppet-verify-linting-1bb7dd93dcf20ddc.yaml
@@ -0,0 +1,14 @@
+---
+features:
+  - |
+    Add a puppet-verify job to lf-ci-jobs. This job will perform Puppet
+    linting on the specified repository.
+
+    .. code-block:: yaml
+
+       - project:
+           name: lf-infra-puppet-mymodule
+           project-name: lf-infra-puppet
+           project: puppet/modules/mymodule
+           jobs:
+             - gerrit-puppet-verify
diff --git a/shell/puppet-lint.sh b/shell/puppet-lint.sh
new file mode 100644
index 00000000..0ceb5b0e
--- /dev/null
+++ b/shell/puppet-lint.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+# SPDX-License-Identifier: EPL-1.0
+##############################################################################
+# Copyright (c) 2018 The Linux Foundation and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+##############################################################################
+echo "---> puppet-lint.sh"
+
+# Performs linting for Puppet code.
+set -e -o pipefail
+
+BINDIR=$(ruby -r rubygems -e 'puts Gem.bindir')
+ARCHIVE_PUPPETLINT_DIR="$WORKSPACE/archives/puppet-lint"
+mkdir -p "$ARCHIVE_PUPPETLINT_DIR"
+cd "$WORKSPACE/$PUPPET_DIR"
+
+gem install puppet-lint -v $PUPPET_LINT_VERSION
+echo "---> Running puppet-lint"
+"$BINDIR/puppet-lint" . | tee -a "$ARCHIVE_PUPPETLINT_DIR/puppet-lint.log"
-- 
2.16.6