Self serve release docs

And code fixes for new:
jenkins-ssh-release-credential

Fix in release-job.sh
These were overlooked for merge:

git config user.name
git config user.email
gerrit_ssh=$(echo "$GERRIT_URL" | awk -F"/" '{print $3}')
git remote set-url origin ssh://"$RELEASE_USERNAME"@"$gerrit_ssh":29418/$PROJECT

Also included a small capitalization fix in lf-info-vote.rst

ISSUE: RELENG-2127
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Change-Id: I11ad122153d71a3d25d6b8839e09435f8b27b19d

diff --git a/.jjb-test/defaults.yaml b/.jjb-test/defaults.yaml
index ddf07c0..f7d8894 100644 (file)
--- a/.jjb-test/defaults.yaml
+++ b/.jjb-test/defaults.yaml
@@ -4,6 +4,7 @@
 
     # General
     jenkins-ssh-credential: test-credential
+    jenkins-ssh-release-credential: test-release-credential
 
     # Gerrit Infra
     gerrit-server-name: test-server

diff --git a/docs/_static/nexus-promote-privs.png b/docs/_static/nexus-promote-privs.png
new file mode 100644 (file)
index 0000000..b770123
Binary files /dev/null and b/docs/_static/nexus-promote-privs.png differ

diff --git a/docs/jjb/lf-info-vote.rst b/docs/jjb/lf-info-vote.rst
index 64151f1..733a551 100644 (file)
--- a/docs/jjb/lf-info-vote.rst
+++ b/docs/jjb/lf-info-vote.rst
@@ -1,7 +1,7 @@
 .. _lf-global-jjb-info-vote:
 
 #############
-INFO VOTE JOB
+Info Vote Job
 #############
 
 Job counts the votes from the committers against a change

diff --git a/docs/jjb/lf-release-jobs.rst b/docs/jjb/lf-release-jobs.rst
index 87932f8..73187b1 100644 (file)
--- a/docs/jjb/lf-release-jobs.rst
+++ b/docs/jjb/lf-release-jobs.rst
@@ -1,28 +1,141 @@
 .. _lf-global-jjb-release:
 
-####################
-Releng Release Files
-####################
+#######################
+Self Serve Release Jobs
+#######################
 
-Projects can create a releases directory and then place a release file in it.
-Jenkins will pick this up and then promote the artifact from the staging log
-directory (log_dir) and tag the release with the defined version.
-if a maven_central_url is given artifact will be pushed there as well.
+Self serve release jobs allow a project to create a releases directory and then place a release file in it.
+Jenkins will pick this up and then promote the artifact from the staging log directory (log_dir) and tag the release
+with the defined version. maven_central_url is optional
 
-example of a projects release file
+.. note::
+
+   Example of a project's release file:
+
+.. code-block:: bash
+
+   $ cat releases/1.0.0.yaml
+   ---
+   distribution_type: 'maven'
+   version: '1.0.0'
+   project: 'example-test-release'
+   log_dir: 'example-test-release-maven-stage-master/17/'
+   maven_central_url: 'oss.sonatype.org'
+
+.. note::
+
+   Example of a terse Jenkins job to call global-jjb macro:
+
+.. code-block:: none
+
+   - project:
+       name: '{project-name}-gerrit-release-jobs'
+       project: 'example-test-release'
+       build-node: centos7-builder-2c-1g
+       project-name: example-test-release
+       jobs:
+         - '{project-name}-gerrit-release-jobs'
+
+.. note::
+
+   Example of a verbose Jenkins job to call global-jjb macro:
+
+.. code-block:: none
+
+   - project:
+       name: '{project-name}-releases-verify'
+       project: 'example-test-release'
+       build-node: centos7-builder-2c-1g
+       project-name: example-test-release
+       jobs:
+         - 'gerrit-releases-verify'
+
+.. code-block:: none
+
+   - project:
+       name: '{project-name}-releases-merge'
+       project: 'example-test-release'
+       build-node: centos7-builder-2c-1g
+       project-name: example-test-release
+       jobs:
+         - 'gerrit-releases-merge'
+
+.. note::
+
+   Release Engineers Please follow the setup guide before adding the job definition:
+
+Setup for LFID Nexus Jenkins and Gerrit:
+========================================
+
+LFID
+====
+
+Create an ``lfid`` and an ``ssh-key``
+
+``RELEASE_USERNAME``
+``RELEASE_EMAIL``
+
+ssh-key example:
 
 .. code-block:: bash
 
-    $ cat releases/1.0.0.yaml
-    ---
-    distribution_type: 'maven'
-    version: '1.0.0'
-    project: 'zzz-test-release'
-    log_dir: 'zzz-test-release-maven-stage-master/17/'
-    maven_central_url: 'oss.sonatype.org'
+   ssh-keygen -t rsa -C "collab-it+odl-release@linuxfoundation.org"  -f /tmp/odl-release
+
+
+`Create an LFID <https://identity.linuxfoundation.org>`_
+
+Nexus
+=====
+
+Create a Nexus account called ``'jenkins-release'`` with promote privileges.
+
+.. image:: ../_static/nexus-promote-privs.png
+
+Gerrit
+======
+
+Log into your Gerrit with ``RELEASE_USERNAME``, upload the ``ssh-key`` you created earlier.
+Log out of Gerrit and log in again with your normal account for the next steps.
+
+In Gerrit create a new group called ``self-serve-release`` and give it direct push rights via ``All-Projects``
+``push - refs/heads/*``
+
+1. Add a push reference
+2. Set the ref as refs/heads/*
+3. Make sure "force push" is not checked
+
+Add ``RELEASE_USERNAME`` to group ``self-serve-release`` and group ``Non-Interactive Users``
+
+Jenkins
+=======
+
+Add a global credential to Jenkins called ``jenkins-release`` and set the ID: ``'jenkins-release'``
+as its value insert the ``ssh-key`` that you uploaded to Gerrit.
+
+Add Global vars in Jenkins:
+Jenkins configre -> Global properties -> Environment variables
+
+``RELEASE_USERNAME = $RELEASE_USERNAME``
+``RELEASE_EMAIL = $RELEASE_EMAIL``
+
+Add or edit the managed file in Jenkins called ``lftoolsini``, appending a nexus section:
+Jenkins Settings -> Managed files -> Add (or edit) -> Custom file
+
+.. code-block:: none
+
+   [nexus]
+   username=jenkins-release
+   password=redacted
+
+Ci-management
+=============
+
+upgrade you projects global-jjb if needed
+add this to your global defaults file (eg: jjb/defaults.yaml)
+
+.. code-block:: bash
 
-lftools nexus release is used so there must be a lftoolsini section in jenkins
-configfiles with a [nexus] section for auth.
+   jenkins-ssh-release-credential: 'jenkins-release'
 
 Macros
 ======
@@ -60,7 +173,7 @@ Runs:
 :Required parameters:
 
     :build-node: The node to run build on.
-    :jenkins-ssh-credential: Credential to use for SSH. (Generally set
+    :jenkins-ssh-release-credential: Credential to use for SSH. (Generally set
         in defaults.yaml)
     :stream: run this job against: master
 
@@ -101,7 +214,7 @@ is available on the job.
 :Required Parameters:
 
     :build-node: The node to run build on.
-    :jenkins-ssh-credential: Credential to use for SSH. (Generally set
+    :jenkins-ssh-release-credential: Credential to use for SSH. (Generally set
         in defaults.yaml)
     :stream: run this job against: master
 

diff --git a/releasenotes/notes/lf-release-jobs-f470e781be753872.yaml b/releasenotes/notes/lf-release-jobs-f470e781be753872.yaml
new file mode 100644 (file)
index 0000000..bd82c3a
--- /dev/null
+++ b/releasenotes/notes/lf-release-jobs-f470e781be753872.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Allows projects to promote their own builds.
+    Requires setup of accounts and permissions in
+    Gerrit, Jenkins and Nexus. Please refer to the
+    lf-release-jobs documentation for details.

diff --git a/shell/release-job.sh b/shell/release-job.sh
index ec59da0..783979a 100644 (file)
--- a/shell/release-job.sh
+++ b/shell/release-job.sh
@@ -105,6 +105,10 @@ for release_file in $release_files; do
     ########## Merge Part ##############
     if [[ "$JOB_NAME" =~ "merge" ]]; then
         echo "Running merge"
+        gerrit_ssh=$(echo "$GERRIT_URL" | awk -F"/" '{print $3}')
+        git remote set-url origin ssh://"$RELEASE_USERNAME"@"$gerrit_ssh":29418/$PROJECT
+        git config user.name "$RELEASE_USERNAME"
+        git config user.email "$RELEASE_EMAIL"
         git push origin "$VERSION"
         lftools nexus release --server "$NEXUS_URL" "$STAGING_REPO"
         if [ "${MAVEN_CENTRAL_URL}" == 'None' ]; then