Merge "feat(CI) optional gating"

2021-02-24 23:25:52 +00:00 · 2021-02-24 23:25:52 +00:00 · 3892be195a
commit 3892be195a
parent 3fac7a245e baec5970e5
4 changed files with 82 additions and 22 deletions
--- a/charts/jarvis-project/templates/Job-project.yaml
+++ b/charts/jarvis-project/templates/Job-project.yaml
@ -40,10 +40,20 @@ spec:
            - sh
            - -cex
            - |
-
              # Create gerrit repo
-              ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null -p 29418 -i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" gerrit ls-projects -r "^$JARVIS_PROJECT_NAME\$" | grep -q "^${JARVIS_PROJECT_NAME}\$" || \
-                ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null -p 29418 -i /run/jarvis/secret/gerrit-ssh-key ${GERRIT_USERNAME}@${GERRIT_HOST} gerrit create-project "${JARVIS_PROJECT_NAME}" --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit
+              ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
+                -p 29418 \
+                -i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \
+                gerrit ls-projects -r "^$JARVIS_PROJECT_NAME\$" | grep -q "^${JARVIS_PROJECT_NAME}\$" \
+              || \
+              ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
+                -p 29418 \
+                -i /run/jarvis/secret/gerrit-ssh-key ${GERRIT_USERNAME}@${GERRIT_HOST} \
+                gerrit create-project "${JARVIS_PROJECT_NAME}" \
+                --owner Administrators \
+                {{ if eq $.Values.config.ci.verify true }} --parent Verified-Label-Projects {{ else }} --parent Non-Verified-Label-Projects {{ end }} \
+                --submit-type MERGE_IF_NECESSARY \
+                --empty-commit

              # Set up checks on the repo
              jarvis-connector --auth_file /run/jarvis/gerrit-authfile --gerrit $GERRIT_URL --update --repo "${JARVIS_PROJECT_NAME}" --prefix jarvispipeline || \
--- a/charts/jarvis-project/values.yaml
+++ b/charts/jarvis-project/values.yaml
@ -35,6 +35,8 @@ params:
        kind: ClusterIssuer

 config:
+  ci:
+    verify: true
  test:
    ldap_username: jarvis
    ldap_password: password
--- a/tools/gate/jarvis/500-deploy-gerrit.sh
+++ b/tools/gate/jarvis/500-deploy-gerrit.sh
@ -127,17 +127,6 @@ function gerrit_bootstrap() {
  git fetch origin refs/meta/config:refs/remotes/origin/meta/config
  git checkout meta/config

-  # Configure Verified Label
-  tee --append project.config <<EOF
-[label "Verified"]
-        function = MaxWithBlock
-        defaultValue = 0
-        value = -1 Fails
-        value = 0 No score
-        value = +1 Verified
-        copyAllScoresIfNoCodeChange = true
-EOF
-
  # Give Admins, Service Users and Project Owners voting rights for the Verified Label
  sed -i '/\[access "refs\/heads\/\*"\]/a\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Administrators\n\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Service Users\n\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Project Owners' project.config

@ -149,6 +138,31 @@ EOF
  git commit -asm "Create Verified Label"
  git push origin HEAD:refs/meta/config
  popd
+
+  # Create template repositories for voting and non-voting CI
+  ssh -p 29418 ${ldap_username}@gerrit.jarvis.local gerrit create-project "Verified-Label-Projects" --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit
+  ssh -p 29418 ${ldap_username}@gerrit.jarvis.local gerrit create-project "Non-Verified-Label-Projects" --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit
+
+  # Configure Verified Label for the parent repository that will utilize it
+  verified_repo=$(mktemp -d)
+  git clone ssh://${ldap_username}@gerrit.jarvis.local:29418/Verified-Label-Projects.git "${verified_repo}"
+  pushd "${verified_repo}"
+  git fetch origin refs/meta/config:refs/remotes/origin/meta/config
+  git checkout meta/config
+  tee --append project.config <<EOF
+[label "Verified"]
+        function = MaxWithBlock
+        defaultValue = 0
+        value = -1 Fails
+        value = 0 No score
+        value = +1 Verified
+        copyAllScoresIfNoCodeChange = true
+EOF
+  # Commit and push config
+  git add .
+  git commit -asm "Create Submission Rules"
+  git push origin HEAD:refs/meta/config
+  popd
 }

 gerrit_bootstrap
--- a/tools/gate/jarvis/800-deploy-jarvis-projects.sh
+++ b/tools/gate/jarvis/800-deploy-jarvis-projects.sh
@ -16,7 +16,17 @@ EOF
 }
 generate_gerrit_creds_override

+COUNTER=0
 for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth 1 -type d -printf '%f\n'`; do
+  # Half of Jarvis-Projects will be made with required CI, half will be made with optional CI to
+  # offer examples to developers using Jarvis.
+  if (( COUNTER % 2 ));
+  then
+    voting_ci="true"
+  else
+    voting_ci="false"
+  fi
+
  # shellcheck disable=SC2046
  helm upgrade \
      --create-namespace \
@ -25,6 +35,7 @@ for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth
      "${jarvis_project}" \
      "./charts/jarvis-project" \
      --values="${gerrit_creds_override}" \
+      --set config.ci.verify="$voting_ci" \
      $(./tools/deployment/common/get-values-overrides.sh jarvis-project)

  ./tools/deployment/common/wait-for-pods.sh jarvis-projects
@ -69,18 +80,41 @@ EOF
    fi
  done

-  # Check that Jarvis-System has reported the success of the pipeline run to Gerrit
+  ### Ensure the repository is configured correctly ###
  end=$(date +%s)
  timeout="30"
  end=$((end + timeout))
  while true; do
-    VERIFIED="$(curl -L https://gerrit.jarvis.local/changes/${change_id}/revisions/1/review/ | tail -1 | jq -r .labels.Verified.all[0].value)"
-    [ "$VERIFIED" == 1 ] && break || true
-    sleep 5
-    now=$(date +%s)
-    if [ "$now" -gt "$end" ] ; then
-      echo "Jarvis-System has not verified the change"
-      exit 1
+    if [ "$voting_ci" = "true" ];
+    then
+      # Check that Jarvis-System has reported the success of the pipeline run to Gerrit, by checking the value of the Verified label
+      VERIFIED="$(curl -L https://gerrit.jarvis.local/changes/${change_id}/revisions/1/review/ | tail -1 | jq -r .labels.Verified.all[0].value)"
+      [ "$VERIFIED" == 1 ] && break || true
+      sleep 5
+      now=$(date +%s)
+      if [ "$now" -gt "$end" ] ; then
+        echo "Jarvis-System has not verified the change"
+        exit 1
+      fi
+    else
+      # Ensure that the patchset doesn't have the Verified label available to it.
+      LABELS=$(curl -L https://gerrit.jarvis.local/changes/${change_id}/revisions/1/review/ | tail -1 | jq -r .labels)
+      if [ -z "$LABELS" ]; then
+        # The curl request didn't give us the labels available to this revision, try again when Gerrit is ready
+        sleep 5
+        continue
+      fi
+      VERIFIED_NULL="$( jq -r .Verified <<< "$LABELS" )"
+      if [ -z "$VERIFIED_NULL" ]; then
+        echo "Verified label found"
+        # Verified label should not be found, exit.
+        exit 1
+      else
+        # Labels curl returned all the labels successfully, and Verified was not in the list. This is desired.
+        break
+      fi
    fi
  done
+
+  COUNTER=$((COUNTER+1))
 done