airship/charts
Code Issues Proposed changes

feat(gerrit) adding pipeline to automatically merge submittable patchsets

Browse Source 
This 'jarvis-merge' pipeline reruns validation of a submittable
patchset and upon success, will submit the patchset, integrating it to
the main branch.

It will also promote a repository's artifacts from their respective -staging
areas to their non-staging counterparts.

Change-Id: I2e46d95543c6a835f7c17c1097a7ea84b1092f4d
This commit is contained in:
Danny Massa 2021-03-10 19:43:22 -06:00
parent dbfd217e26
commit 5e9118762e
20 changed files with 644 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
charts/jarvis-project/templates/Job-project.yaml
View File

@ -51,16 +51,19 @@ spec:
- -cex
- |
# Create gerrit repo
ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
-p 29418 \
-i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \
gerrit ls-projects -r "^$JARVIS_PROJECT_NAME\$" | grep -q "^${JARVIS_PROJECT_NAME}\$" \
&&
ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
-p 29418 \
-i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \
gerrit set-project-parent \
{{ if eq $.Values.config.ci.verify true }} --parent Verified-Label-Projects {{ else }} --parent Non-Verified-Label-Projects {{ end }} \
( \
ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
-p 29418 \
-i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \
gerrit ls-projects -r "^$JARVIS_PROJECT_NAME\$" | grep -q "^${JARVIS_PROJECT_NAME}\$" \
&&
ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
-p 29418 \
-i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \
gerrit set-project-parent \
{{ if eq $.Values.config.ci.verify true }} --parent Verified-Label-Projects {{ else }} --parent Non-Verified-Label-Projects {{ end }} \
--children-of Non-Verified-Label-Projects \
) \
|| \
ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \
-p 29418 \

32
charts/jarvis-system/templates/EventListener-system.yaml
View File

@ -7,6 +7,7 @@ metadata:
spec:
serviceAccountName: {{ template "helpers.labels.fullname" . }}-el
triggers:
# Gating Pipeline
- name: jarvis-create
interceptors:
- cel:
@ -36,6 +37,37 @@ spec:
- ref: {{ template "helpers.labels.fullname" . }}-createresult
template:
ref: {{ template "helpers.labels.fullname" . }}-createfailure
# Integration Pipeline
- name: jarvis-merge
interceptors:
- cel:
filter: >-
header.match('X-Jarvis', 'merge')
bindings:
- ref: {{ template "helpers.labels.fullname" . }}-merge
template:
ref: {{ template "helpers.labels.fullname" . }}-merge
- name: jarvis-merge-success
interceptors:
- cel:
filter: >-
header.match('Ce-Type', 'dev.tekton.event.pipelinerun.successful.v1') &&
body.pipelineRun.metadata.labels['triggers.tekton.dev/trigger'] == 'jarvis-merge'
bindings:
- ref: {{ template "helpers.labels.fullname" . }}-mergeresult
template:
ref: {{ template "helpers.labels.fullname" . }}-mergesuccess
- name: jarvis-merge-failure
interceptors:
- cel:
filter: >-
header.match('Ce-Type', 'dev.tekton.event.pipelinerun.failed.v1') &&
body.pipelineRun.metadata.labels['triggers.tekton.dev/trigger'] == 'jarvis-merge'
bindings:
- ref: {{ template "helpers.labels.fullname" . }}-mergeresult
template:
ref: {{ template "helpers.labels.fullname" . }}-mergefailure
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "EventListener-system" ) }}

4
charts/jarvis-system/templates/Pipeline-create.yaml
View File

@ -40,9 +40,11 @@ spec:
value: $(params.changeNumber)
- name: patchSetNumber
value: $(params.patchSetNumber)
- name: pipeline
value: "create"
workspaces:
- name: output
workspace: output
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-create" ) }}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-create" ) }}

36
charts/jarvis-system/templates/Pipeline-merge.yaml Normal file
View File

@ -0,0 +1,36 @@
{{- define "Pipeline-merge" -}}
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: {{ template "helpers.labels.fullname" . }}-merge
spec:
params:
- name: repoRoot
- name: project
- name: changeNumber
- name: patchSetNumber
- name: checkerUUID
workspaces:
- name: output
tasks:
- name: createprojectaccess
taskRef:
name: {{ template "helpers.labels.fullname" . }}-createprojectaccess
params:
- name: repoRoot
value: $(params.repoRoot)
- name: project
value: $(params.project)
- name: changeNumber
value: $(params.changeNumber)
- name: patchSetNumber
value: $(params.patchSetNumber)
- name: pipeline
value: "merge"
workspaces:
- name: output
workspace: output
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-merge" ) }}

40
charts/jarvis-system/templates/Pipeline-mergeFailure.yaml Normal file
View File

@ -0,0 +1,40 @@
{{- define "Pipeline-mergeFailure" -}}
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: {{ template "helpers.labels.fullname" . }}-mergefailure
spec:
params:
- name: repoRoot
- name: project
- name: changeNumber
- name: patchSetNumber
- name: checkerUUID
- name: pipelineName
- name: pipelineRunName
- name: pipelineRunNamespace
tasks:
- name: mergefailure
taskRef:
name: {{ template "helpers.labels.fullname" . }}-mergefailure
params:
- name: repoRoot
value: $(params.repoRoot)
- name: project
value: $(params.project)
- name: changeNumber
value: $(params.changeNumber)
- name: patchSetNumber
value: $(params.patchSetNumber)
- name: checkerUUID
value: $(params.checkerUUID)
- name: pipelineName
value: $(params.pipelineName)
- name: pipelineRunName
value: $(params.pipelineRunName)
- name: pipelineRunNamespace
value: $(params.pipelineRunNamespace)
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-mergeFailure" ) }}

40
charts/jarvis-system/templates/Pipeline-mergeSuccess.yaml Normal file
View File

@ -0,0 +1,40 @@
{{- define "Pipeline-mergeSuccess" -}}
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: {{ template "helpers.labels.fullname" . }}-mergesuccess
spec:
params:
- name: repoRoot
- name: project
- name: changeNumber
- name: patchSetNumber
- name: checkerUUID
- name: pipelineName
- name: pipelineRunName
- name: pipelineRunNamespace
tasks:
- name: mergesuccess
taskRef:
name: {{ template "helpers.labels.fullname" . }}-mergesuccess
params:
- name: repoRoot
value: $(params.repoRoot)
- name: project
value: $(params.project)
- name: changeNumber
value: $(params.changeNumber)
- name: patchSetNumber
value: $(params.patchSetNumber)
- name: checkerUUID
value: $(params.checkerUUID)
- name: pipelineName
value: $(params.pipelineName)
- name: pipelineRunName
value: $(params.pipelineRunName)
- name: pipelineRunNamespace
value: $(params.pipelineRunNamespace)
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Pipeline-mergeSuccess" ) }}

4
charts/jarvis-system/templates/Task-createProjectAccess.yaml
View File

@ -10,6 +10,7 @@ spec:
- name: project
- name: changeNumber
- name: patchSetNumber
- name: pipeline
workspaces:
- name: output
description: The git repo will be cloned onto the volume backing this workspace
@ -231,8 +232,7 @@ spec:
kubectl create \
-n jarvis-$(params.changeNumber)-$(params.patchSetNumber) \
-f "$(workspaces.output.path)"/jarvis/development-pipeline/pipelinerun-validation.yaml
-f "$(workspaces.output.path)"/jarvis/development-pipeline/pipelinerun-$(params.pipeline).yaml
# Default wait timeout is 1000 seconds
end=$(date +%s)
timeout=${3:-3000}

4
charts/jarvis-system/templates/Task-createRegisterScheduled.yaml
View File

@ -30,7 +30,6 @@ spec:
script: |
#!/bin/sh
set -eu -o pipefail -x
curl \
--netrc-file /run/jarvis/gerrit-netrc \
--fail \
@ -46,7 +45,6 @@ spec:
"message": "Jarvis has started to process the run for change #$(params.changeNumber) ps #$(params.patchSetNumber) to the $(params.project) repo"
}
EOF
curl \
--netrc-file /run/jarvis/gerrit-netrc \
--fail \
@ -71,4 +69,4 @@ spec:
path: gerrit-netrc
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createRegisterScheduled" ) }}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createRegisterScheduled" ) }}

111
charts/jarvis-system/templates/Task-mergeFailure.yaml Normal file
View File

@ -0,0 +1,111 @@
{{- define "Task-mergeFailure" -}}
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: {{ template "helpers.labels.fullname" . }}-mergefailure
spec:
params:
- name: repoRoot
- name: project
- name: changeNumber
- name: patchSetNumber
- name: checkerUUID
- name: pipelineName
- name: pipelineRunName
- name: pipelineRunNamespace
steps:
- name: mergefailure
image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_results" ) }}
volumeMounts:
- name: gerrit-netrc
mountPath: /run/jarvis/gerrit-netrc
subPath: gerrit-netrc
script: |
#!/bin/bash
set -eu -o pipefail -x
# Get project information from Harbor
PROJECT_INFO=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H "accept: application/json")
PROJECT_ID=$(echo $PROJECT_INFO | jq -r '.project'[0].'project_id')
# Get the taskRun uid from the microflow-setup-image pod
TASK_RUN_NAMESPACE="jarvis-$(params.changeNumber)-$(params.patchSetNumber)"
TASK_RUN_DEV_PIPELINE=$(kubectl get taskrun -n "${TASK_RUN_NAMESPACE}" | grep microflow-setup-image | awk '{print $1}') || true
if [[ -z "$TASK_RUN_DEV_PIPELINE" ]]; then
# Do not append the CVE report link, if there is no 'microflow-setup-image' pod to get the taskRun uid from
REPO_COUNT=0
else
TASK_RUN_UID=$(kubectl get taskrun -n "${TASK_RUN_NAMESPACE}" "${TASK_RUN_DEV_PIPELINE}" -o jsonpath='{.metadata.uid}')
# For first time run, there may be no repositories, so only check for artifacts if the project has repositories
REPO_COUNT=$(echo $PROJECT_INFO | jq -r '.project'[0].'repo_count')
fi
MESSAGE="Jarvis failed to process the run for change #$(params.changeNumber) ps #$(params.patchSetNumber) to the $(params.project)"
if [ $REPO_COUNT -gt 0 ]; then
REPOSITORY_NAME=$(echo $PROJECT_INFO | jq -r '.repository'[0].'repository_name' | awk -F"/" '{print $2}')
# Grabs the SHA256 of the corresponding artifact based off taskrun uid
SHA256=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H "accept: application/json" | jq -r '.digest')
MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}"
fi
curl \
--netrc-file /run/jarvis/gerrit-netrc \
--fail \
--insecure \
-L \
-H "Content-Type: application/json; charset=UTF-8" \
$(params.repoRoot)/a/changes/$(params.changeNumber)/revisions/$(params.patchSetNumber)/checks/ \
--data-binary @- << EOF
{
"checker_uuid": "$(params.checkerUUID)",
"state": "FAILED",
"url": "https://{{ .Values.params.grafana.dashboard.host }}/d/{{ .Values.params.grafana.dashboard.uid }}/{{ .Values.params.grafana.dashboard.title }}?orgId={{ .Values.params.grafana.dashboard.orgid }}&var-namespace=$(params.pipelineRunNamespace)&var-tekton_dev_pipeline=$(params.pipelineName)&var-tekton_dev_pipelineRun=$(params.pipelineRunName)&var-tekton_dev_taskRun=All",
"message": "${MESSAGE}",
"finished": "$(date --utc '+%F %T.%N')"
}
EOF
curl \
--netrc-file /run/jarvis/gerrit-netrc \
--fail \
--insecure \
-L \
-H "Content-Type: application/json; charset=UTF-8" \
$(params.repoRoot)/a/changes/$(params.changeNumber)/revisions/$(params.patchSetNumber)/review/ \
--data-binary @- << EOF
{
"labels": {
"Verified": "-1"
}
}
EOF
curl \
--netrc-file /run/jarvis/gerrit-netrc \
--fail \
--insecure \
-L \
-H "Content-Type: application/json; charset=UTF-8" \
$(params.repoRoot)/a/changes/$(params.changeNumber)/hashtags/ \
--data-binary @- << EOF
{
"add": [],
"remove": [
"jarvis-merge"
]
}
EOF
volumes:
- name: gerrit-netrc
secret:
secretName: {{ template "helpers.labels.fullname" . }}-gerrit
defaultMode: 0444
items:
- key: gerrit-netrc
path: gerrit-netrc
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-mergeFailure" ) }}

61
charts/jarvis-system/templates/Task-mergeSuccess.yaml Normal file
View File

@ -0,0 +1,61 @@
{{- define "Task-mergeSuccess" -}}
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: {{ template "helpers.labels.fullname" . }}-mergesuccess
spec:
params:
- name: repoRoot
- name: project
- name: changeNumber
- name: patchSetNumber
- name: checkerUUID
- name: pipelineName
- name: pipelineRunName
- name: pipelineRunNamespace
steps:
- name: mergesuccess
image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_results" ) }}
volumeMounts:
- name: gerrit-netrc
mountPath: /run/jarvis/gerrit-netrc
subPath: gerrit-netrc
script: |
#!/bin/bash
set -eu -o pipefail -x
curl \
-X POST \
--fail \
--netrc-file /run/jarvis/gerrit-netrc \
--insecure \
-L \
$(params.repoRoot)/a/changes/$(params.changeNumber)/submit/
curl \
--netrc-file /run/jarvis/gerrit-netrc \
--fail \
--insecure \
-L \
-H "Content-Type: application/json; charset=UTF-8" \
$(params.repoRoot)/a/changes/$(params.changeNumber)/hashtags/ \
--data-binary @- << EOF
{
"add": [],
"remove": [
"jarvis-merge"
]
}
EOF
volumes:
- name: gerrit-netrc
secret:
secretName: {{ template "helpers.labels.fullname" . }}-gerrit
defaultMode: 0444
items:
- key: gerrit-netrc
path: gerrit-netrc
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-mergeSuccess" ) }}

21
charts/jarvis-system/templates/TriggerBinding-merge.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- define "TriggerBinding-merge" -}}
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: {{ template "helpers.labels.fullname" . }}-merge
spec:
params:
- name: repoRoot
value: $(body.repoRoot)
- name: project
value: $(body.project)
- name: changeNumber
value: $(body.changeNumber)
- name: patchSetNumber
value: $(body.patchSetNumber)
- name: checkerUUID
value: $(body.checkerUUID)
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerBinding-merge" ) }}

27
charts/jarvis-system/templates/TriggerBinding-mergeResult.yaml Normal file
View File

@ -0,0 +1,27 @@
{{- define "TriggerBinding-mergeResult" -}}
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
name: {{ template "helpers.labels.fullname" . }}-mergeresult
spec:
params:
- name: repoRoot
value: $(body.pipelineRun.spec.params[?(@.name=='repoRoot')].value)
- name: project
value: $(body.pipelineRun.spec.params[?(@.name=='project')].value)
- name: changeNumber
value: $(body.pipelineRun.spec.params[?(@.name=='changeNumber')].value)
- name: patchSetNumber
value: $(body.pipelineRun.spec.params[?(@.name=='patchSetNumber')].value)
- name: checkerUUID
value: $(body.pipelineRun.spec.params[?(@.name=='checkerUUID')].value)
- name: pipelineName
value: $(body.pipelineRun.spec.pipelineRef.name)
- name: pipelineRunName
value: $(body.pipelineRun.metadata.name)
- name: pipelineRunNamespace
value: $(body.pipelineRun.metadata.namespace)
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerBinding-mergeResult" ) }}

39
charts/jarvis-system/templates/TriggerTemplate-merge.yaml Normal file
View File

@ -0,0 +1,39 @@
{{- define "TriggerTemplate-merge" -}}
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: {{ template "helpers.labels.fullname" . }}-merge
spec:
params:
- name: repoRoot
- name: project
- name: changeNumber
- name: patchSetNumber
- name: checkerUUID
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: {{ template "helpers.labels.fullname" . }}-merge-
spec:
serviceAccountName: jarvis-system-el
pipelineRef:
name: {{ template "helpers.labels.fullname" . }}-merge
params:
- name: repoRoot
value: $(tt.params.repoRoot)
- name: project
value: $(tt.params.project)
- name: changeNumber
value: $(tt.params.changeNumber)
- name: patchSetNumber
value: $(tt.params.patchSetNumber)
- name: checkerUUID
value: $(tt.params.checkerUUID)
workspaces:
- name: output
emptyDir: {}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerTemplate-merge" ) }}

45
charts/jarvis-system/templates/TriggerTemplate-mergeFailure.yaml Normal file
View File

@ -0,0 +1,45 @@
{{- define "TriggerTemplate-mergeFailure" -}}
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: {{ template "helpers.labels.fullname" . }}-mergefailure
spec:
params:
- name: repoRoot
- name: project
- name: changeNumber
- name: patchSetNumber
- name: checkerUUID
- name: pipelineName
- name: pipelineRunName
- name: pipelineRunNamespace
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: {{ template "helpers.labels.fullname" . }}-mergefailure-
spec:
serviceAccountName: jarvis-system-el
pipelineRef:
name: {{ template "helpers.labels.fullname" . }}-mergefailure
params:
- name: repoRoot
value: $(tt.params.repoRoot)
- name: project
value: $(tt.params.project)
- name: changeNumber
value: $(tt.params.changeNumber)
- name: patchSetNumber
value: $(tt.params.patchSetNumber)
- name: checkerUUID
value: $(tt.params.checkerUUID)
- name: pipelineName
value: $(tt.params.pipelineName)
- name: pipelineRunName
value: $(tt.params.pipelineRunName)
- name: pipelineRunNamespace
value: $(tt.params.pipelineRunNamespace)
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerTemplate-mergeFailure" ) }}

45
charts/jarvis-system/templates/TriggerTemplate-mergeSuccess.yaml Normal file
View File

@ -0,0 +1,45 @@
{{- define "TriggerTemplate-mergeSuccess" -}}
---
apiVersion: triggers.tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
name: {{ template "helpers.labels.fullname" . }}-mergesuccess
spec:
params:
- name: repoRoot
- name: project
- name: changeNumber
- name: patchSetNumber
- name: checkerUUID
- name: pipelineName
- name: pipelineRunName
- name: pipelineRunNamespace
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: {{ template "helpers.labels.fullname" . }}-mergesuccess-
spec:
serviceAccountName: jarvis-system-el
pipelineRef:
name: {{ template "helpers.labels.fullname" . }}-mergesuccess
params:
- name: repoRoot
value: $(tt.params.repoRoot)
- name: project
value: $(tt.params.project)
- name: changeNumber
value: $(tt.params.changeNumber)
- name: patchSetNumber
value: $(tt.params.patchSetNumber)
- name: checkerUUID
value: $(tt.params.checkerUUID)
- name: pipelineName
value: $(tt.params.pipelineName)
- name: pipelineRunName
value: $(tt.params.pipelineRunName)
- name: pipelineRunNamespace
value: $(tt.params.pipelineRunNamespace)
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "TriggerTemplate-mergeSuccess" ) }}

155
tools/gate/jarvis/500-deploy-gerrit.sh
View File

@ -161,36 +161,14 @@ function gerrit_bootstrap() {
forgeCommitter = group Administrators
forgeCommitter = group Project Owners
push = group Administrators
push = group Project Owners
submit = group Administrators
submit = group Project Owners
label-Code-Review = -2..+2 group Administrators
label-Code-Review = -2..+2 group Project Owners
label-Code-Review = -1..+1 group Registered Users
label-Verified = -1..+1 group Administrators
label-Verified = -1..+1 group Service Users
label-Verified = -1..+1 group Project Owners
label-Workflow = -1..+1 group Administrators
label-Workflow = -1..+1 group Service Users
label-Workflow = -1..+1 group Project Owners
[access "refs/meta/config"]
exclusiveGroupPermissions = read
create = group Administrators
push = group Administrators
push = group Project Owners
read = group Administrators
read = group Project Owners
submit = group Administrators
submit = group Project Owners
label-Code-Review = -2..+2 group Administrators
label-Code-Review = -2..+2 group Project Owners
label-Code-Review = -1..+1 group Registered Users
label-Verified = -1..+1 group Administrators
label-Verified = -1..+1 group Service Users
label-Verified = -1..+1 group Project Owners
label-Workflow = -1..+1 group Administrators
label-Workflow = -1..+1 group Service Users
label-Workflow = -1..+1 group Project Owners
[access "refs/tags/*"]
create = group Administrators
create = group Project Owners
@ -220,11 +198,26 @@ EOF
git checkout meta/config
rm project.config || true
rm rules.pl || true
tee --append groups <<EOF
global:Project-Owners Project Owners
EOF
tee project.config << EOF
[access]
inheritFrom = All-Projects
[access "refs/*"]
owner = group Administrators
[access "refs/heads/*"]
label-Code-Review = -2..+2 group Administrators
label-Code-Review = -2..+2 group Project Owners
label-Verified = -1..+1 group Administrators
label-Workflow = -1..+1 group Administrators
label-Workflow = -1..+1 group Project Owners
[access "refs/meta/config"]
label-Code-Review = -2..+2 group Administrators
label-Code-Review = -2..+2 group Project Owners
label-Verified = -1..+1 group Administrators
label-Workflow = -1..+1 group Administrators
label-Workflow = -1..+1 group Project Owners
[label "Code-Review"]
function = MaxWithBlock
defaultValue = 0
@ -250,29 +243,30 @@ EOF
value = +1 Approved
EOF
tee rules.pl << EOF
sum_list([], 0).
sum_list([H | Rest], Sum) :- sum_list(Rest,Tmp), Sum is H + Tmp.
add_category_min_score(In, Category, Min, P) :-
findall(2, gerrit:commit_label(label(Category,2),R),Z),
sum_list(Z, Sum),
Sum >= Min, !,
gerrit:commit_label(label(Category, V), U),
V >= 1,
!,
P = [label(Category,ok(U)) | In].
add_category_min_score(In, Category,Min,P) :-
P = [label(Category,need(Min)) | In].
submit_filter(In, Out) :-
In =.. [submit | Ls],
gerrit:remove_label(Ls,label('Code-Review',_),NoCR),
add_category_min_score(NoCR,'Code-Review', 4, Labels),
Out =.. [submit | Labels].
EOF
# TODO enable rules.pl once more LDAP users are registered
# tee rules.pl << EOF
#sum_list([], 0).
#sum_list([H | Rest], Sum) :- sum_list(Rest,Tmp), Sum is H + Tmp.
#
#add_category_min_score(In, Category, Min, P) :-
# findall(2, gerrit:commit_label(label(Category,2),R),Z),
# sum_list(Z, Sum),
# Sum >= Min, !,
# gerrit:commit_label(label(Category, V), U),
# V >= 1,
# !,
# P = [label(Category,ok(U)) | In].
#
#add_category_min_score(In, Category,Min,P) :-
# P = [label(Category,need(Min)) | In].
#
#submit_filter(In, Out) :-
# In =.. [submit | Ls],
# gerrit:remove_label(Ls,label('Code-Review',_),NoCR),
# add_category_min_score(NoCR,'Code-Review', 4, Labels),
# Out =.. [submit | Labels].
#
#EOF
git add .
git commit -asm "Create Submission Rules"
git push origin HEAD:refs/meta/config
@ -287,11 +281,28 @@ EOF
git checkout meta/config
rm project.config || true
rm rules.pl || true
tee --append groups <<EOF
global:Project-Owners Project Owners
EOF
tee project.config << EOF
[access]
inheritFrom = All-Projects
[access "refs/*"]
owner = group Administrators
[access "refs/heads/*"]
label-Code-Review = -2..+2 group Administrators
label-Code-Review = -2..+2 group Project Owners
label-Verified = -1..+1 group Administrators
label-Verified = -1..+1 group Project Owners
label-Workflow = -1..+1 group Administrators
label-Workflow = -1..+1 group Project Owners
[access "refs/meta/config"]
label-Code-Review = -2..+2 group Administrators
label-Code-Review = -2..+2 group Project Owners
label-Verified = -1..+1 group Administrators
label-Verified = -1..+1 group Project Owners
label-Workflow = -1..+1 group Administrators
label-Workflow = -1..+1 group Project Owners
[label "Code-Review"]
function = MaxWithBlock
defaultValue = 0
@ -302,6 +313,13 @@ EOF
value = 0 No score
value = +1 Looks good to me, but someone else must approve
value = +2 Looks good to me, approved
[label "Verified"]
function = MaxWithBlock
defaultValue = 0
value = -1 Fails
value = 0 No score
value = +1 Verified
copyAllScoresIfNoCodeChange = true
[label "Workflow"]
function = MaxWithBlock
defaultValue = 0
@ -310,29 +328,30 @@ EOF
value = +1 Approved
EOF
tee rules.pl << EOF
sum_list([], 0).
sum_list([H | Rest], Sum) :- sum_list(Rest,Tmp), Sum is H + Tmp.
add_category_min_score(In, Category, Min, P) :-
findall(2, gerrit:commit_label(label(Category,2),R),Z),
sum_list(Z, Sum),
Sum >= Min, !,
gerrit:commit_label(label(Category, V), U),
V >= 1,
!,
P = [label(Category,ok(U)) | In].
add_category_min_score(In, Category,Min,P) :-
P = [label(Category,need(Min)) | In].
submit_filter(In, Out) :-
In =.. [submit | Ls],
gerrit:remove_label(Ls,label('Code-Review',_),NoCR),
add_category_min_score(NoCR,'Code-Review', 4, Labels),
Out =.. [submit | Labels].
EOF
# TODO enable rules.pl once more LDAP users are registered
# tee rules.pl << EOF
#sum_list([], 0).
#sum_list([H | Rest], Sum) :- sum_list(Rest,Tmp), Sum is H + Tmp.
#
#add_category_min_score(In, Category, Min, P) :-
# findall(2, gerrit:commit_label(label(Category,2),R),Z),
# sum_list(Z, Sum),
# Sum >= Min, !,
# gerrit:commit_label(label(Category, V), U),
# V >= 1,
# !,
# P = [label(Category,ok(U)) | In].
#
#add_category_min_score(In, Category,Min,P) :-
# P = [label(Category,need(Min)) | In].
#
#submit_filter(In, Out) :-
# In =.. [submit | Ls],
# gerrit:remove_label(Ls,label('Code-Review',_),NoCR),
# add_category_min_score(NoCR,'Code-Review', 4, Labels),
# Out =.. [submit | Labels].
#
#EOF
git add .
git commit -asm "Create Submission Rules"
git push origin HEAD:refs/meta/config

38
tools/gate/jarvis/800-deploy-jarvis-projects.sh
View File

@ -105,36 +105,14 @@ for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth
timeout="120"
end=$((end + timeout))
while true; do
if [ $voting_ci = "true" ];
then
voting_ci="false"
# Check that Jarvis-System has reported the success of the pipeline run to Gerrit, by checking the value of the Verified label
VERIFIED="$(curl -L https://gerrit.jarvis.local/changes/${CHANGE_ID_COUNTER}/revisions/1/review/ | tail -1 | jq -r .labels.Verified.all[0].value)"
[ "$VERIFIED" == 1 ] && break || true
sleep 5
now=$(date +%s)
if [ "$now" -gt "$end" ] ; then
echo "Jarvis-System has not verified the change"
exit 1
fi
else
voting_ci="true"
# Ensure that the patchset doesn't have the Verified label available to it.
LABELS=$(curl -L https://gerrit.jarvis.local/changes/${CHANGE_ID_COUNTER}/revisions/1/review/ | tail -1 | jq -r .labels)
if [ -z "$LABELS" ]; then
# The curl request didn't give us the labels available to this revision, try again when Gerrit is ready
sleep 5
continue
fi
VERIFIED_NULL="$( jq -r .Verified <<< "$LABELS" )"
if [ -z "$VERIFIED_NULL" ]; then
echo "Verified label found"
# Verified label should not be found, exit.
exit 1
else
# Labels curl returned all the labels successfully, and Verified was not in the list. This is desired.
break
fi
# Check that Jarvis-System has reported the success of the pipeline run to Gerrit, by checking the value of the Verified label
VERIFIED="$(curl -L https://gerrit.jarvis.local/changes/${CHANGE_ID_COUNTER}/revisions/1/review/ | tail -1 | jq -r .labels.Verified.all[0].value)"
[ "$VERIFIED" == 1 ] && break || true
sleep 5
now=$(date +%s)
if [ "$now" -gt "$end" ] ; then
echo "Jarvis-System has not verified the change"
exit 1
fi
done
CHANGE_ID_COUNTER=$((CHANGE_ID_COUNTER+1))

24
tools/gate/jarvis/development-pipeline/pipelinerun-create.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: development-pipeline-run
spec:
params:
- name: pipeline
value: "create"
pipelineRef:
name: development-pipeline
serviceAccountName: sa-development-pipeline
workspaces:
- name: k8s_cluster_data
configMap:
name: deployment-flow
- name: development_pipeline_data
volumeClaimTemplate:
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

3
tools/gate/jarvis/development-pipeline/pipelinerun-validation.yaml → tools/gate/jarvis/development-pipeline/pipelinerun-merge.yaml
View File

@ -3,6 +3,9 @@ kind: PipelineRun
metadata:
generateName: development-pipeline-run
spec:
params:
- name: pipeline
value: "merge"
pipelineRef:
name: development-pipeline
serviceAccountName: sa-development-pipeline

6
tools/gate/jarvis/development-pipeline/templates/pipeline.yaml
View File

@ -4,6 +4,8 @@ metadata:
name: development-pipeline
namespace: {{ $.Release.Namespace }}
spec:
params:
- name: pipeline
workspaces:
- name: k8s_cluster_data
- name: development_pipeline_data
@ -108,6 +110,10 @@ spec:
name: functional
- name: microflow-promote-artifacts
when:
- input: $(params.pipeline)
operator: in
values: ["merge"]
runAfter:
- microflow-functional
workspaces: