airship/charts
Code Issues Proposed changes

Merge "feat(CI) optional gating"

Browse Source
This commit is contained in:
Zuul 2021-02-24 23:25:52 +00:00 committed by Gerrit Code Review
commit 3892be195a
4 changed files with 82 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
charts/jarvis-project/templates/Job-project.yaml
View File

@ -40,10 +40,20 @@ spec:
- sh - sh
- -cex - -cex
- | - |
# Create gerrit repo # Create gerrit repo
ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null -p 29418 -i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" gerrit ls-projects -r "^$JARVIS_PROJECT_NAME\$" | grep -q "^${JARVIS_PROJECT_NAME}\$" || \ ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null -p 29418 -i /run/jarvis/secret/gerrit-ssh-key ${GERRIT_USERNAME}@${GERRIT_HOST} gerrit create-project "${JARVIS_PROJECT_NAME}" --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit -p 29418 \
-i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \
gerrit ls-projects -r "^$JARVIS_PROJECT_NAME\$" | grep -q "^${JARVIS_PROJECT_NAME}\$" \
|| \
ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
-p 29418 \
-i /run/jarvis/secret/gerrit-ssh-key ${GERRIT_USERNAME}@${GERRIT_HOST} \
gerrit create-project "${JARVIS_PROJECT_NAME}" \
--owner Administrators \
{{ if eq $.Values.config.ci.verify true }} --parent Verified-Label-Projects {{ else }} --parent Non-Verified-Label-Projects {{ end }} \
--submit-type MERGE_IF_NECESSARY \
--empty-commit
# Set up checks on the repo # Set up checks on the repo
jarvis-connector --auth_file /run/jarvis/gerrit-authfile --gerrit $GERRIT_URL --update --repo "${JARVIS_PROJECT_NAME}" --prefix jarvispipeline || \ jarvis-connector --auth_file /run/jarvis/gerrit-authfile --gerrit $GERRIT_URL --update --repo "${JARVIS_PROJECT_NAME}" --prefix jarvispipeline || \

2
charts/jarvis-project/values.yaml
View File

@ -35,6 +35,8 @@ params:
kind: ClusterIssuer kind: ClusterIssuer
config: config:
ci:
verify: true
test: test:
ldap_username: jarvis ldap_username: jarvis
ldap_password: password ldap_password: password

36
tools/gate/jarvis/500-deploy-gerrit.sh
View File

@ -127,17 +127,6 @@ function gerrit_bootstrap() {
git fetch origin refs/meta/config:refs/remotes/origin/meta/config git fetch origin refs/meta/config:refs/remotes/origin/meta/config
git checkout meta/config git checkout meta/config
# Configure Verified Label
tee --append project.config <<EOF
[label "Verified"]
function = MaxWithBlock
defaultValue = 0
value = -1 Fails
value = 0 No score
value = +1 Verified
copyAllScoresIfNoCodeChange = true
EOF
# Give Admins, Service Users and Project Owners voting rights for the Verified Label # Give Admins, Service Users and Project Owners voting rights for the Verified Label
sed -i '/\[access "refs\/heads\/\*"\]/a\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Administrators\n\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Service Users\n\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Project Owners' project.config sed -i '/\[access "refs\/heads\/\*"\]/a\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Administrators\n\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Service Users\n\ \ \ \ \ \ \ \ label-Verified = -1..+1 group Project Owners' project.config
@ -149,6 +138,31 @@ EOF
git commit -asm "Create Verified Label" git commit -asm "Create Verified Label"
git push origin HEAD:refs/meta/config git push origin HEAD:refs/meta/config
popd popd
# Create template repositories for voting and non-voting CI
ssh -p 29418 ${ldap_username}@gerrit.jarvis.local gerrit create-project "Verified-Label-Projects" --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit
ssh -p 29418 ${ldap_username}@gerrit.jarvis.local gerrit create-project "Non-Verified-Label-Projects" --submit-type MERGE_IF_NECESSARY --owner Administrators --empty-commit
# Configure Verified Label for the parent repository that will utilize it
verified_repo=$(mktemp -d)
git clone ssh://${ldap_username}@gerrit.jarvis.local:29418/Verified-Label-Projects.git "${verified_repo}"
pushd "${verified_repo}"
git fetch origin refs/meta/config:refs/remotes/origin/meta/config
git checkout meta/config
tee --append project.config <<EOF
[label "Verified"]
function = MaxWithBlock
defaultValue = 0
value = -1 Fails
value = 0 No score
value = +1 Verified
copyAllScoresIfNoCodeChange = true
EOF
# Commit and push config
git add .
git commit -asm "Create Submission Rules"
git push origin HEAD:refs/meta/config
popd
} }
gerrit_bootstrap gerrit_bootstrap

36
tools/gate/jarvis/800-deploy-jarvis-projects.sh
View File

@ -16,7 +16,17 @@ EOF
} }
generate_gerrit_creds_override generate_gerrit_creds_override
COUNTER=0
for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth 1 -type d -printf '%f\n'`; do for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth 1 -type d -printf '%f\n'`; do
# Half of Jarvis-Projects will be made with required CI, half will be made with optional CI to
# offer examples to developers using Jarvis.
if (( COUNTER % 2 ));
then
voting_ci="true"
else
voting_ci="false"
fi
# shellcheck disable=SC2046 # shellcheck disable=SC2046
helm upgrade \ helm upgrade \
--create-namespace \ --create-namespace \
@ -25,6 +35,7 @@ for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth
"${jarvis_project}" \ "${jarvis_project}" \
"./charts/jarvis-project" \ "./charts/jarvis-project" \
--values="${gerrit_creds_override}" \ --values="${gerrit_creds_override}" \
--set config.ci.verify="$voting_ci" \
$(./tools/deployment/common/get-values-overrides.sh jarvis-project) $(./tools/deployment/common/get-values-overrides.sh jarvis-project)
./tools/deployment/common/wait-for-pods.sh jarvis-projects ./tools/deployment/common/wait-for-pods.sh jarvis-projects
@ -69,11 +80,14 @@ EOF
fi fi
done done
# Check that Jarvis-System has reported the success of the pipeline run to Gerrit ### Ensure the repository is configured correctly ###
end=$(date +%s) end=$(date +%s)
timeout="30" timeout="30"
end=$((end + timeout)) end=$((end + timeout))
while true; do while true; do
if [ "$voting_ci" = "true" ];
then
# Check that Jarvis-System has reported the success of the pipeline run to Gerrit, by checking the value of the Verified label
VERIFIED="$(curl -L https://gerrit.jarvis.local/changes/${change_id}/revisions/1/review/ | tail -1 | jq -r .labels.Verified.all[0].value)" VERIFIED="$(curl -L https://gerrit.jarvis.local/changes/${change_id}/revisions/1/review/ | tail -1 | jq -r .labels.Verified.all[0].value)"
[ "$VERIFIED" == 1 ] && break || true [ "$VERIFIED" == 1 ] && break || true
sleep 5 sleep 5
@ -82,5 +96,25 @@ EOF
echo "Jarvis-System has not verified the change" echo "Jarvis-System has not verified the change"
exit 1 exit 1
fi fi
else
# Ensure that the patchset doesn't have the Verified label available to it.
LABELS=$(curl -L https://gerrit.jarvis.local/changes/${change_id}/revisions/1/review/ | tail -1 | jq -r .labels)
if [ -z "$LABELS" ]; then
# The curl request didn't give us the labels available to this revision, try again when Gerrit is ready
sleep 5
continue
fi
VERIFIED_NULL="$( jq -r .Verified <<< "$LABELS" )"
if [ -z "$VERIFIED_NULL" ]; then
echo "Verified label found"
# Verified label should not be found, exit.
exit 1
else
# Labels curl returned all the labels successfully, and Verified was not in the list. This is desired.
break
fi
fi
done done
COUNTER=$((COUNTER+1))
done done