From baec5970e54f9910bb16eed1e4484eb2aa9b8d42 Mon Sep 17 00:00:00 2001
From: Danny Massa <dan.massa@outlook.com>
Date: Tue, 16 Feb 2021 17:10:27 +0000
Subject: [PATCH] feat(CI) optional gating
This change adds two repositories intended to be used as templates to the Gerrit setup. One repository will utilize the 'Verified' label, one repository will not. This will divide the repositories into two groups, a group where the checks provided by Jarvis is enforced as CI, and a group where the checks provided by Jarvis are informational only, and do not block patch sets. This is configurable in the Jarvis-Project Helm chart.
Change-Id: Iff8a2b1a29883837ac7dab49056fe0c64d675e10
---
.../jarvis-project/templates/Job-project.yaml | 16 ++++--
charts/jarvis-project/values.yaml | 2 +
tools/gate/jarvis/500-deploy-gerrit.sh | 36 +++++++++----
.../gate/jarvis/800-deploy-jarvis-projects.sh | 50 ++++++++++++++++---
4 files changed, 82 insertions(+), 22 deletions(-)
diff --git a/charts/jarvis-project/templates/Job-project.yaml b/charts/jarvis-project/templates/Job-project.yaml
index 75679d5b..b1fd4b50 100644
--- a/charts/jarvis-project/templates/Job-project.yaml
+++ b/charts/jarvis-project/templates/Job-project.yaml
@@ -40,10 +40,20 @@ spec:
- sh
- -cex
- |
-
# Create gerrit repo
- ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null -p 29418 -i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" gerrit ls-projects -r "^$JARVIS_PROJECT_NAME\$" | grep -q "^${JARVIS_PROJECT_NAME}\$" || \
- ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null -p 29418 -i /run/jarvis/secret/gerrit-ssh-key ${GERRIT_USERNAME}@${GERRIT_HOST} gerrit create-project "${JARVIS_PROJECT_NAME}" --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit
+ ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
+ -p 29418 \
+ -i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \
+ gerrit ls-projects -r "^$JARVIS_PROJECT_NAME\$" | grep -q "^${JARVIS_PROJECT_NAME}\$" \
+ || \
+ ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
+ -p 29418 \
+ -i /run/jarvis/secret/gerrit-ssh-key ${GERRIT_USERNAME}@${GERRIT_HOST} \
+ gerrit create-project "${JARVIS_PROJECT_NAME}" \
+ --owner Administrators \
+ {{ if eq $.Values.config.ci.verify true }} --parent Verified-Label-Projects {{ else }} --parent Non-Verified-Label-Projects {{ end }} \
+ --submit-type MERGE_IF_NECESSARY \
+ --empty-commit
# Set up checks on the repo
jarvis-connector --auth_file /run/jarvis/gerrit-authfile --gerrit $GERRIT_URL --update --repo "${JARVIS_PROJECT_NAME}" --prefix jarvispipeline || \
diff --git a/charts/jarvis-project/values.yaml b/charts/jarvis-project/values.yaml
index 73f7091a..4d9c9f17 100644
--- a/charts/jarvis-project/values.yaml
+++ b/charts/jarvis-project/values.yaml
@@ -35,6 +35,8 @@ params:
kind: ClusterIssuer
config:
+ ci:
+ verify: true
test:
ldap_username: jarvis
ldap_password: password
diff --git a/tools/gate/jarvis/500-deploy-gerrit.sh b/tools/gate/jarvis/500-deploy-gerrit.sh
index 26a97e06..62256ea9 100755
--- a/tools/gate/jarvis/500-deploy-gerrit.sh
+++ b/tools/gate/jarvis/500-deploy-gerrit.sh
@@ -127,17 +127,6 @@ function gerrit_bootstrap() {
git fetch origin refs/meta/config:refs/remotes/origin/meta/config
git checkout meta/config
- # Configure Verified Label
- tee --append project.config <<EOF
-[label "Verified"]
- function = MaxWithBlock
- defaultValue = 0
- value = -1 Fails
- value = 0 No score
- value = +1 Verified
- copyAllScoresIfNoCodeChange = true
-EOF
-
# Give Admins, Service Users and Project Owners voting rights for the Verified Label
sed -i '/\[access "refs\/heads\/\*"\]/a\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Administrators\n\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Service Users\n\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Project Owners' project.config
@@ -149,6 +138,31 @@ EOF
git commit -asm "Create Verified Label"
git push origin HEAD:refs/meta/config
popd
+
+ # Create template repositories for voting and non-voting CI
+ ssh -p 29418 ${ldap_username}@gerrit.jarvis.local gerrit create-project "Verified-Label-Projects" --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit
+ ssh -p 29418 ${ldap_username}@gerrit.jarvis.local gerrit create-project "Non-Verified-Label-Projects" --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit
+
+ # Configure Verified Label for the parent repository that will utilize it
+ verified_repo=$(mktemp -d)
+ git clone ssh://${ldap_username}@gerrit.jarvis.local:29418/Verified-Label-Projects.git "${verified_repo}"
+ pushd "${verified_repo}"
+ git fetch origin refs/meta/config:refs/remotes/origin/meta/config
+ git checkout meta/config
+ tee --append project.config <<EOF
+[label "Verified"]
+ function = MaxWithBlock
+ defaultValue = 0
+ value = -1 Fails
+ value = 0 No score
+ value = +1 Verified
+ copyAllScoresIfNoCodeChange = true
+EOF
+ # Commit and push config
+ git add .
+ git commit -asm "Create Submission Rules"
+ git push origin HEAD:refs/meta/config
+ popd
}
gerrit_bootstrap
diff --git a/tools/gate/jarvis/800-deploy-jarvis-projects.sh b/tools/gate/jarvis/800-deploy-jarvis-projects.sh
index a2f2fec8..6a5d67aa 100755
--- a/tools/gate/jarvis/800-deploy-jarvis-projects.sh
+++ b/tools/gate/jarvis/800-deploy-jarvis-projects.sh
@@ -16,7 +16,17 @@ EOF
}
generate_gerrit_creds_override
+COUNTER=0
for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth 1 -type d -printf '%f\n'`; do
+ # Half of Jarvis-Projects will be made with required CI, half will be made with optional CI to
+ # offer examples to developers using Jarvis.
+ if (( COUNTER % 2 ));
+ then
+ voting_ci="true"
+ else
+ voting_ci="false"
+ fi
+
# shellcheck disable=SC2046
helm upgrade \
--create-namespace \
@@ -25,6 +35,7 @@ for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth
"${jarvis_project}" \
"./charts/jarvis-project" \
--values="${gerrit_creds_override}" \
+ --set config.ci.verify="$voting_ci" \
$(./tools/deployment/common/get-values-overrides.sh jarvis-project)
./tools/deployment/common/wait-for-pods.sh jarvis-projects
@@ -69,18 +80,41 @@ EOF
fi
done
- # Check that Jarvis-System has reported the success of the pipeline run to Gerrit
+ ### Ensure the repository is configured correctly ###
end=$(date +%s)
timeout="30"
end=$((end + timeout))
while true; do
- VERIFIED="$(curl -L https://gerrit.jarvis.local/changes/${change_id}/revisions/1/review/ | tail -1 | jq -r .labels.Verified.all[0].value)"
- [ "$VERIFIED" == 1 ] && break || true
- sleep 5
- now=$(date +%s)
- if [ "$now" -gt "$end" ] ; then
- echo "Jarvis-System has not verified the change"
- exit 1
+ if [ "$voting_ci" = "true" ];
+ then
+ # Check that Jarvis-System has reported the success of the pipeline run to Gerrit, by checking the value of the Verified label
+ VERIFIED="$(curl -L https://gerrit.jarvis.local/changes/${change_id}/revisions/1/review/ | tail -1 | jq -r .labels.Verified.all[0].value)"
+ [ "$VERIFIED" == 1 ] && break || true
+ sleep 5
+ now=$(date +%s)
+ if [ "$now" -gt "$end" ] ; then
+ echo "Jarvis-System has not verified the change"
+ exit 1
+ fi
+ else
+ # Ensure that the patchset doesn't have the Verified label available to it.
+ LABELS=$(curl -L https://gerrit.jarvis.local/changes/${change_id}/revisions/1/review/ | tail -1 | jq -r .labels)
+ if [ -z "$LABELS" ]; then
+ # The curl request didn't give us the labels available to this revision, try again when Gerrit is ready
+ sleep 5
+ continue
+ fi
+ VERIFIED_NULL="$( jq -r .Verified <<< "$LABELS" )"
+ if [ -z "$VERIFIED_NULL" ]; then
+ echo "Verified label found"
+ # Verified label should not be found, exit.
+ exit 1
+ else
+ # Labels curl returned all the labels successfully, and Verified was not in the list. This is desired.
+ break
+ fi
fi
done
+
+ COUNTER=$((COUNTER+1))
done
\ No newline at end of file