mirror of
https://pagure.io/fm-orchestrator.git
synced 2026-04-04 19:28:49 +08:00
Integrate pipeline-as-a-code for build
This commit is contained in:
Michal Kovarik
@@ -1,4 +1,2 @@
|
||||
NAME=mbs-prod-integration-test
|
||||
KOJI_IMAGE=quay.io/factory2/koji:prod
|
||||
UMB_IMAGE=docker-registry.upshift.redhat.com/factory2/umb:prod
|
||||
ENVIRONMENT=prod
|
||||
|
||||
@@ -1,4 +1,2 @@
|
||||
NAME=mbs-stage-integration-test
|
||||
KOJI_IMAGE=quay.io/factory2/koji:stage
|
||||
UMB_IMAGE=docker-registry.upshift.redhat.com/factory2/umb:stage
|
||||
ENVIRONMENT=stage
|
||||
|
||||
@@ -45,7 +45,7 @@ pipeline {
|
||||
skipDefaultCheckout()
|
||||
}
|
||||
environment {
|
||||
PIPELINE_NAMESPACE = readFile("/run/secrets/kubernetes.io/serviceaccount/namespace").trim()
|
||||
TRIGGER_NAMESPACE = readFile("/run/secrets/kubernetes.io/serviceaccount/namespace").trim()
|
||||
PAGURE_API = "${params.PAGURE_URL}/api/0"
|
||||
PAGURE_REPO_IS_FORK = "${params.PAGURE_REPO_IS_FORK}"
|
||||
PAGURE_REPO_HOME = "${env.PAGURE_URL}${env.PAGURE_REPO_IS_FORK == 'true' ? '/fork' : ''}/${params.PAGURE_REPO_NAME}"
|
||||
@@ -128,7 +128,7 @@ pipeline {
|
||||
pagureLink = """<a href="${env.PR_URL}">PR#${env.PR_NO}: ${escapeHtml(prInfo.title)}</a>"""
|
||||
// set PR status to Pending
|
||||
if (params.PAGURE_API_KEY_SECRET_NAME)
|
||||
paguer.setBuildStatusOnPR(null, "Build #${env.BUILD_NUMBER} in progress (commit: ${env.MBS_GIT_COMMIT.take(8)})")
|
||||
pagure.setBuildStatusOnPR(null, "Build #${env.BUILD_NUMBER} in progress (commit: ${env.MBS_GIT_COMMIT.take(8)})")
|
||||
} catch (Exception e) {
|
||||
echo "Error using pagure API: ${e}"
|
||||
}
|
||||
@@ -151,24 +151,27 @@ pipeline {
|
||||
stage('Allocate C3IaaS project') {
|
||||
when {
|
||||
expression {
|
||||
return params.USE_C3IAAS == 'true' &&
|
||||
params.C3IAAS_REQUEST_PROJECT_BUILD_CONFIG_NAMESPACE &&
|
||||
params.C3IAAS_REQUEST_PROJECT_BUILD_CONFIG_NAME
|
||||
return params.USE_C3IAAS == 'true'
|
||||
}
|
||||
}
|
||||
steps {
|
||||
script {
|
||||
if (env.PR_NO) {
|
||||
env.C3IAAS_NAMESPACE = "c3i-mbs-pr-${env.PR_NO}-git${env.MBS_GIT_COMMIT.take(8)}"
|
||||
} else {
|
||||
env.C3IAAS_NAMESPACE = "c3i-mbs-${params.MBS_GIT_REF}-git${env.MBS_GIT_COMMIT.take(8)}"
|
||||
if (!params.C3IAAS_REQUEST_PROJECT_BUILD_CONFIG_NAME ||
|
||||
!params.C3IAAS_REQUEST_PROJECT_BUILD_CONFIG_NAMESPACE) {
|
||||
error("USE_C3IAAS is set to true but missing C3IAAS_REQUEST_PROJECT_BUILD_CONFIG_NAME" +
|
||||
" or C3IAAS_REQUEST_PROJECT_BUILD_CONFIG_NAMESPACE")
|
||||
}
|
||||
echo "Requesting new OpenShift project ${env.C3IAAS_NAMESPACE}..."
|
||||
if (env.PR_NO) {
|
||||
env.PIPELINE_ID = "c3i-mbs-pr-${env.PR_NO}-git${env.MBS_GIT_COMMIT.take(8)}"
|
||||
} else {
|
||||
env.PIPELINE_ID = "c3i-mbs-${params.MBS_GIT_REF}-git${env.MBS_GIT_COMMIT.take(8)}"
|
||||
}
|
||||
echo "Requesting new OpenShift project ${env.PIPELINE_ID}..."
|
||||
openshift.withCluster() {
|
||||
openshift.withProject(params.C3IAAS_REQUEST_PROJECT_BUILD_CONFIG_NAMESPACE) {
|
||||
c3i.buildAndWait(script: this, objs: "bc/${params.C3IAAS_REQUEST_PROJECT_BUILD_CONFIG_NAME}",
|
||||
'-e', "PROJECT_NAME=${env.C3IAAS_NAMESPACE}",
|
||||
'-e', "ADMIN_GROUPS=system:serviceaccounts:${PIPELINE_NAMESPACE}",
|
||||
'-e', "PROJECT_NAME=${env.PIPELINE_ID}",
|
||||
'-e', "ADMIN_GROUPS=system:serviceaccounts:${TRIGGER_NAMESPACE}",
|
||||
'-e', "LIFETIME_IN_MINUTES=${params.C3IAAS_LIFETIME}"
|
||||
)
|
||||
}
|
||||
@@ -177,10 +180,10 @@ pipeline {
|
||||
}
|
||||
post {
|
||||
success {
|
||||
echo "Allocated project ${env.C3IAAS_NAMESPACE}"
|
||||
echo "Allocated project ${env.PIPELINE_ID}"
|
||||
}
|
||||
failure {
|
||||
echo "Failed to allocate ${env.C3IAAS_NAMESPACE} project"
|
||||
echo "Failed to allocate ${env.PIPELINE_ID} project"
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -191,7 +194,7 @@ pipeline {
|
||||
steps {
|
||||
script {
|
||||
openshift.withCluster() {
|
||||
openshift.withProject(env.C3IAAS_NAMESPACE ?: env.PIPELINE_NAMESPACE) {
|
||||
openshift.withProject(env.PIPELINE_ID) {
|
||||
// OpenShift BuildConfig doesn't support specifying a tag name at build time.
|
||||
// We have to create a new BuildConfig for each image build.
|
||||
echo 'Creating a BuildConfig for mbs-backend build...'
|
||||
@@ -204,7 +207,7 @@ pipeline {
|
||||
// because refspec cannot be customized in an OpenShift build.
|
||||
'-p', "MBS_GIT_REF=${env.PR_NO ? params.MBS_GIT_REF : env.MBS_GIT_COMMIT}",
|
||||
'-p', "MBS_BACKEND_IMAGESTREAM_NAME=${params.MBS_BACKEND_IMAGESTREAM_NAME}",
|
||||
'-p', "MBS_BACKEND_IMAGESTREAM_NAMESPACE=${env.C3IAAS_NAMESPACE ?: env.PIPELINE_NAMESPACE}",
|
||||
'-p', "MBS_BACKEND_IMAGESTREAM_NAMESPACE=${env.PIPELINE_ID}",
|
||||
'-p', "MBS_IMAGE_TAG=${env.TEMP_TAG}",
|
||||
'-p', "EXTRA_RPMS=${params.EXTRA_RPMS}",
|
||||
'-p', "CREATED=${created}"
|
||||
@@ -228,13 +231,15 @@ pipeline {
|
||||
}
|
||||
cleanup {
|
||||
script {
|
||||
if (!env.C3IAAS_NAMESPACE) {
|
||||
if (params.USE_C3IAAS != 'true') {
|
||||
openshift.withCluster() {
|
||||
echo 'Tearing down...'
|
||||
openshift.selector('bc', [
|
||||
'app': env.BACKEND_BUILDCONFIG_ID,
|
||||
'template': 'mbs-backend-build-template',
|
||||
]).delete()
|
||||
openshift.withProject(env.PIPELINE_ID) {
|
||||
echo 'Tearing down...'
|
||||
openshift.selector('bc', [
|
||||
'app': env.BACKEND_BUILDCONFIG_ID,
|
||||
'template': 'mbs-backend-build-template',
|
||||
]).delete()
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -248,7 +253,7 @@ pipeline {
|
||||
steps {
|
||||
script {
|
||||
openshift.withCluster() {
|
||||
openshift.withProject(env.C3IAAS_NAMESPACE ?: env.PIPELINE_NAMESPACE) {
|
||||
openshift.withProject(env.PIPELINE_ID) {
|
||||
// OpenShift BuildConfig doesn't support specifying a tag name at build time.
|
||||
// We have to create a new BuildConfig for each image build.
|
||||
echo 'Creating a BuildConfig for mbs-frontend build...'
|
||||
@@ -261,10 +266,10 @@ pipeline {
|
||||
// because refspec cannot be customized in an OpenShift build.
|
||||
'-p', "MBS_GIT_REF=${env.PR_NO ? params.MBS_GIT_REF : env.MBS_GIT_COMMIT}",
|
||||
'-p', "MBS_FRONTEND_IMAGESTREAM_NAME=${params.MBS_FRONTEND_IMAGESTREAM_NAME}",
|
||||
'-p', "MBS_FRONTEND_IMAGESTREAM_NAMESPACE=${env.C3IAAS_NAMESPACE ?: env.PIPELINE_NAMESPACE}",
|
||||
'-p', "MBS_FRONTEND_IMAGESTREAM_NAMESPACE=${env.PIPELINE_ID}",
|
||||
'-p', "MBS_IMAGE_TAG=${env.TEMP_TAG}",
|
||||
'-p', "MBS_BACKEND_IMAGESTREAM_NAME=${params.MBS_BACKEND_IMAGESTREAM_NAME}",
|
||||
'-p', "MBS_BACKEND_IMAGESTREAM_NAMESPACE=${env.C3IAAS_NAMESPACE ?: env.PIPELINE_NAMESPACE}",
|
||||
'-p', "MBS_BACKEND_IMAGESTREAM_NAMESPACE=${env.PIPELINE_ID}",
|
||||
'-p', "CREATED=${created}"
|
||||
)
|
||||
def build = c3i.buildAndWait(script: this, objs: processed, '--from-dir=.')
|
||||
@@ -311,8 +316,7 @@ pipeline {
|
||||
'-e', "MBS_FRONTEND_IMAGE=${env.FRONTEND_IMAGE_REF}",
|
||||
'-e', "TEST_IMAGES=${env.BACKEND_IMAGE_REF},${env.FRONTEND_IMAGE_REF}",
|
||||
'-e', "IMAGE_IS_SCRATCH=${params.MBS_GIT_REF != params.MBS_MAIN_BRANCH}",
|
||||
// If env.C3IAAS_NAMESPACE has not been defined, tests will be run in the current namespace
|
||||
'-e', "TEST_NAMESPACE=${env.C3IAAS_NAMESPACE ?: ''}",
|
||||
'-e', "TEST_NAMESPACE=${env.PIPELINE_ID}",
|
||||
'-e', "TESTCASES='${params.TESTCASES}'",
|
||||
'-e', "CLEANUP=${params.CLEANUP}"
|
||||
)
|
||||
@@ -402,8 +406,7 @@ pipeline {
|
||||
when {
|
||||
expression {
|
||||
return "${params.MBS_DEV_IMAGE_TAG}" && params.TAG_INTO_IMAGESTREAM == "true" &&
|
||||
(params.FORCE_PUBLISH_IMAGE == "true" || params.MBS_GIT_REF == params.MBS_MAIN_BRANCH) &&
|
||||
!env.C3IAAS_NAMESPACE
|
||||
(params.FORCE_PUBLISH_IMAGE == "true" || params.MBS_GIT_REF == params.MBS_MAIN_BRANCH)
|
||||
}
|
||||
}
|
||||
steps {
|
||||
@@ -434,18 +437,20 @@ pipeline {
|
||||
post {
|
||||
cleanup {
|
||||
script {
|
||||
if (params.CLEANUP == 'true' && !env.C3IAAS_NAMESPACE) {
|
||||
if (params.CLEANUP == 'true' && params.USE_C3IAAS != 'true') {
|
||||
openshift.withCluster() {
|
||||
if (env.BACKEND_IMAGE_TAG) {
|
||||
echo "Removing tag ${env.BACKEND_IMAGE_TAG} from the ${params.MBS_BACKEND_IMAGESTREAM_NAME} ImageStream..."
|
||||
openshift.withProject(params.MBS_BACKEND_IMAGESTREAM_NAMESPACE) {
|
||||
openshift.tag("${params.MBS_BACKEND_IMAGESTREAM_NAME}:${env.BACKEND_IMAGE_TAG}", "-d")
|
||||
openshift.withProject(env.PIPELINE_ID) {
|
||||
if (env.BACKEND_IMAGE_TAG) {
|
||||
echo "Removing tag ${env.BACKEND_IMAGE_TAG} from the ${params.MBS_BACKEND_IMAGESTREAM_NAME} ImageStream..."
|
||||
openshift.withProject(params.MBS_BACKEND_IMAGESTREAM_NAMESPACE) {
|
||||
openshift.tag("${params.MBS_BACKEND_IMAGESTREAM_NAME}:${env.BACKEND_IMAGE_TAG}", "-d")
|
||||
}
|
||||
}
|
||||
}
|
||||
if (env.FRONTEND_IMAGE_TAG) {
|
||||
echo "Removing tag ${env.FRONTEND_IMAGE_TAG} from the ${params.MBS_FRONTEND_IMAGESTREAM_NAME} ImageStream..."
|
||||
openshift.withProject(params.MBS_FRONTEND_IMAGESTREAM_NAMESPACE) {
|
||||
openshift.tag("${params.MBS_FRONTEND_IMAGESTREAM_NAME}:${env.FRONTEND_IMAGE_TAG}", "-d")
|
||||
if (env.FRONTEND_IMAGE_TAG) {
|
||||
echo "Removing tag ${env.FRONTEND_IMAGE_TAG} from the ${params.MBS_FRONTEND_IMAGESTREAM_NAME} ImageStream..."
|
||||
openshift.withProject(params.MBS_FRONTEND_IMAGESTREAM_NAMESPACE) {
|
||||
openshift.tag("${params.MBS_FRONTEND_IMAGESTREAM_NAME}:${env.FRONTEND_IMAGE_TAG}", "-d")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -35,20 +35,6 @@ parameters:
|
||||
displayName: The Koji container image to be tested
|
||||
description: This field must be in repo:tag or repo@sha256 format
|
||||
value: quay.io/factory2/koji:latest
|
||||
- name: UMB_IMAGE
|
||||
displayName: The UMB container image to be tested
|
||||
description: This field must be in repo:tag or repo@sha256 format
|
||||
value: docker-registry.upshift.redhat.com/factory2/umb:latest
|
||||
- name: USE_KRB5
|
||||
displayName: Deploy a Kerberos KDC and configure the MBS frontend to require Kerberos authentication.
|
||||
description: If not set to "true", no KDC will be deployed and MBS will allow anonymous access.
|
||||
required: true
|
||||
value: "true"
|
||||
- name: KRB5_IMAGE
|
||||
displayName: Kerberos 5 KDC image
|
||||
description: The image used to deploy a Kerberos 5 KDC, if configured to do so.
|
||||
required: false
|
||||
value: quay.io/factory2/krb5-fedora:latest
|
||||
- name: TEST_IMAGES
|
||||
displayName: Images being tested
|
||||
description: >-
|
||||
@@ -67,6 +53,9 @@ parameters:
|
||||
Namespace where the Jenkins agent for this test will run, and where
|
||||
test resources will be created.
|
||||
required: false
|
||||
- name: PIPELINE_AS_A_SERVICE_BUILD_NAMESPACE
|
||||
displayName: Namespace with pipeline-as-a-service build
|
||||
value: c3i
|
||||
- name: ENVIRONMENT
|
||||
displayName: environment name (dev/stage/prod)
|
||||
required: true
|
||||
@@ -129,18 +118,10 @@ objects:
|
||||
value: "${MBS_FRONTEND_IMAGE}"
|
||||
- name: KOJI_IMAGE
|
||||
value: "${KOJI_IMAGE}"
|
||||
- name: UMB_IMAGE
|
||||
value: "${UMB_IMAGE}"
|
||||
- name: USE_KRB5
|
||||
value: "${USE_KRB5}"
|
||||
- name: KRB5_IMAGE
|
||||
value: "${KRB5_IMAGE}"
|
||||
- name: TEST_IMAGES
|
||||
value: "${TEST_IMAGES}"
|
||||
- name: IMAGE_IS_SCRATCH
|
||||
value: "true"
|
||||
- name: "TEST_ID"
|
||||
value: ""
|
||||
- name: JENKINS_AGENT_IMAGE
|
||||
value: "${JENKINS_AGENT_IMAGE}"
|
||||
- name: JENKINS_AGENT_CLOUD_NAME
|
||||
@@ -151,6 +132,8 @@ objects:
|
||||
value: "${ENVIRONMENT}"
|
||||
- name: MESSAGING_PROVIDER
|
||||
value: "${MESSAGING_PROVIDER}"
|
||||
- name: PIPELINE_AS_A_SERVICE_BUILD_NAMESPACE
|
||||
value: "${PIPELINE_AS_A_SERVICE_BUILD_NAMESPACE}"
|
||||
- name: JENKINS_AGENT_SERVICE_ACCOUNT
|
||||
value: "${NAME}-jenkins-slave"
|
||||
- name: TESTCASES
|
||||
|
||||
@@ -39,15 +39,12 @@ pipeline {
|
||||
skipDefaultCheckout()
|
||||
}
|
||||
environment {
|
||||
// Jenkins BUILD_TAG could be too long (> 63 characters) for OpenShift to consume
|
||||
TEST_ID = "${params.TEST_ID ?: UUID.randomUUID().toString().substring(0,7)}"
|
||||
PIPELINE_ID = "${params.TEST_NAMESPACE}"
|
||||
}
|
||||
stages {
|
||||
stage('Prepare') {
|
||||
steps {
|
||||
script {
|
||||
// Don't set ENVIRONMENT_LABEL in the environment block! Otherwise you will get 2 different UUIDs.
|
||||
env.ENVIRONMENT_LABEL = "test-${env.TEST_ID}"
|
||||
// MBS_GIT_REF can be either a regular branch (in the heads/ namespace), a pull request
|
||||
// branch (in the pull/ namespace), or a full 40-character sha1, which is assumed to
|
||||
// exist on the master branch.
|
||||
@@ -87,14 +84,16 @@ pipeline {
|
||||
}
|
||||
}
|
||||
stage('Route suffix') {
|
||||
when {
|
||||
expression { !env.PAAS_DOMAIN }
|
||||
}
|
||||
steps {
|
||||
script {
|
||||
openshift.withCluster() {
|
||||
openshift.withProject(params.TEST_NAMESPACE) {
|
||||
openshift.withProject(env.PIPELINE_ID) {
|
||||
def testroute = openshift.create('route', 'edge', 'test', '--service=test', '--port=8080')
|
||||
def testhost = testroute.object().spec.host
|
||||
// trim off the test- prefix
|
||||
env.ROUTE_SUFFIX = testhost.drop(5)
|
||||
env.PAAS_DOMAIN = testhost.minus("test-${env.PIPELINE_ID}.")
|
||||
testroute.delete()
|
||||
}
|
||||
}
|
||||
@@ -102,186 +101,33 @@ pipeline {
|
||||
}
|
||||
post {
|
||||
success {
|
||||
echo "Routes end with ${env.ROUTE_SUFFIX}"
|
||||
echo "Routes end with ${env.PAAS_DOMAIN}"
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Generate CA') {
|
||||
steps {
|
||||
script {
|
||||
ca.gen_ca()
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Deploy KDC') {
|
||||
when {
|
||||
expression {
|
||||
return params.USE_KRB5 == 'true'
|
||||
}
|
||||
}
|
||||
steps {
|
||||
script {
|
||||
env.KRB5_DOMAIN = env.ROUTE_SUFFIX.split('\\.', 2).last()
|
||||
env.KRB5_REALM = env.KRB5_DOMAIN.toUpperCase()
|
||||
env.KRB5_ADMIN_PASSWORD = UUID.randomUUID().toString().take(12)
|
||||
openshift.withCluster() {
|
||||
openshift.withProject(params.TEST_NAMESPACE) {
|
||||
def deployed = krb5.deploy(script: this, test_id: env.TEST_ID,
|
||||
realm: env.KRB5_REALM, domain: env.KRB5_DOMAIN,
|
||||
admin_password: env.KRB5_ADMIN_PASSWORD)
|
||||
// Wait for the KDC to become available, to allow creation of
|
||||
// principals and keytabs for subsequent deployments.
|
||||
c3i.waitForDeployment(script: this, objs: deployed)
|
||||
def ports = openshift.selector('service', "kerberos-${TEST_ID}").object().spec.ports
|
||||
def kdcPort = ports.find { it.name == 'kdc-udp' }.nodePort
|
||||
def adminPort = ports.find { it.name == 'admin' }.nodePort
|
||||
def kpasswdPort = ports.find { it.name == 'kpasswd-udp' }.nodePort
|
||||
def krb5Host = "krb5-${TEST_ID}-${env.ROUTE_SUFFIX}"
|
||||
env.KRB5_KDC_HOST = "${krb5Host}:${kdcPort}"
|
||||
env.KRB5_ADMIN_HOST = "${krb5Host}:${adminPort}"
|
||||
env.KRB5_KPASSWD_HOST = "${krb5Host}:${kpasswdPort}"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
post {
|
||||
success {
|
||||
echo "KDC deployed: REALM: ${env.KRB5_REALM} KDC: ${env.KRB5_KDC_HOST}"
|
||||
}
|
||||
failure {
|
||||
echo "KDC deployment FAILED"
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Deploy UMB') {
|
||||
stage('Deploy test environment') {
|
||||
steps {
|
||||
script {
|
||||
openshift.withCluster() {
|
||||
openshift.withProject(params.TEST_NAMESPACE) {
|
||||
// The extact hostname doesn't matter, (as long as it resolves to the cluster) because traffic will
|
||||
// be routed to the pod via the NodePort.
|
||||
// However, the hostname we use to access the service must be a subjectAltName of the certificate
|
||||
// being served by the service.
|
||||
env.UMB_HOST = "umb-${TEST_ID}-${env.ROUTE_SUFFIX}"
|
||||
ca.gen_ssl_cert("umb-${TEST_ID}-broker", env.UMB_HOST)
|
||||
def keystore = ca.get_keystore("umb-${TEST_ID}-broker", 'mbskeys')
|
||||
def truststore = ca.get_truststore('mbstrust')
|
||||
deployments = umb.deploy(script: this, test_id: env.TEST_ID,
|
||||
keystore_data: keystore, keystore_password: 'mbskeys',
|
||||
truststore_data: truststore, truststore_password: 'mbstrust',
|
||||
broker_image: params.UMB_IMAGE)
|
||||
def ports = openshift.selector('service', "umb-${TEST_ID}-broker").object().spec.ports
|
||||
env.UMB_AMQPS_PORT = ports.find { it.name == 'amqps' }.nodePort
|
||||
env.UMB_STOMP_SSL_PORT = ports.find { it.name == 'stomp-ssl' }.nodePort
|
||||
openshift.withProject(params.PIPELINE_AS_A_SERVICE_BUILD_NAMESPACE) {
|
||||
c3i.buildAndWait(script: this, objs: "bc/pipeline-as-a-service",
|
||||
'-e', "DEFAULT_IMAGE_TAG=${env.ENVIRONMENT}",
|
||||
'-e', "PIPELINE_ID=${env.PIPELINE_ID}",
|
||||
'-e', "WAIVERDB_IMAGE=",
|
||||
'-e', "C3IAAS_PROJECT=",
|
||||
'-e', "RESULTSDB_IMAGE=",
|
||||
'-e', "RESULTSDB_UPDATER_IMAGE=",
|
||||
'-e', "GREENWAVE_IMAGE=",
|
||||
'-e', "DATAGREPPER_IMAGE=",
|
||||
'-e', "DATANOMMER_IMAGE=",
|
||||
'-e', "MBS_BACKEND_IMAGE=${env.MBS_BACKEND_IMAGE}",
|
||||
'-e', "MBS_FRONTEND_IMAGE=${env.MBS_FRONTEND_IMAGE}",
|
||||
'-e', "PAAS_DOMAIN=${env.PAAS_DOMAIN}"
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
post {
|
||||
success {
|
||||
echo "UMB deployed: amqps: ${env.UMB_HOST}:${env.UMB_AMQPS_PORT} stomp-ssl: ${env.UMB_HOST}:${env.UMB_STOMP_SSL_PORT}"
|
||||
}
|
||||
failure {
|
||||
echo "UMB deployment FAILED"
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Deploy Koji') {
|
||||
steps {
|
||||
script {
|
||||
openshift.withCluster() {
|
||||
openshift.withProject(params.TEST_NAMESPACE) {
|
||||
env.KOJI_SSL_HOST = "koji-${TEST_ID}-hub-${env.ROUTE_SUFFIX}"
|
||||
def hubcert = ca.get_ssl_cert("koji-${TEST_ID}-hub", env.KOJI_SSL_HOST)
|
||||
env.KOJI_ADMIN = "mbs-${TEST_ID}-koji-admin"
|
||||
env.KOJI_MSG_CERT = "koji-${TEST_ID}-msg"
|
||||
def deployed = koji.deploy(script: this, test_id: env.TEST_ID,
|
||||
hubca: ca.get_ca_cert(), hubcert: hubcert,
|
||||
brokerurl: "amqps://${env.UMB_HOST}:${env.UMB_AMQPS_PORT}",
|
||||
brokercert: ca.get_ssl_cert(env.KOJI_MSG_CERT),
|
||||
admin_user: env.KOJI_ADMIN,
|
||||
hub_image: params.KOJI_IMAGE)
|
||||
deployments = deployments.union(deployed)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
post {
|
||||
success {
|
||||
echo "Koji deployed: hub: https://${env.KOJI_SSL_HOST}/"
|
||||
}
|
||||
failure {
|
||||
echo "Koji deployment FAILED"
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Deploy MBS') {
|
||||
steps {
|
||||
script {
|
||||
env.MBS_SSL_HOST = "mbs-${TEST_ID}-frontend-${env.ROUTE_SUFFIX}"
|
||||
def frontendcert = ca.get_ssl_cert("mbs-${TEST_ID}-frontend", env.MBS_SSL_HOST)
|
||||
// Required for accessing src.fedoraproject.org
|
||||
def digicertca = readFile file: 'openshift/integration/koji/resources/certs/DigiCertHighAssuranceEVRootCA.pem'
|
||||
def cabundle = ca.get_ca_cert().cert + digicertca
|
||||
def msgcert = ca.get_ssl_cert("mbs-${TEST_ID}-msg")
|
||||
def kojicert = ca.get_ssl_cert(env.KOJI_ADMIN)
|
||||
if (params.USE_KRB5 == 'true') {
|
||||
def krbAdmin = krb5.adminClient()
|
||||
def krbsvc = "HTTP/${env.MBS_SSL_HOST}"
|
||||
krbAdmin.addService(krbsvc)
|
||||
env.MBS_FRONTEND_KEYTAB = krbAdmin.getKeytab(krbsvc)
|
||||
// Usernames between MBS and Koji need to be consistent,
|
||||
// so use the Koji admin as the MBS user.
|
||||
env.KRB5_PRINCIPAL = env.KOJI_ADMIN
|
||||
env.KRB5_PASSWORD = UUID.randomUUID().toString().take(12)
|
||||
krbAdmin.addPrincipal(env.KRB5_PRINCIPAL, env.KRB5_PASSWORD)
|
||||
}
|
||||
openshift.withCluster() {
|
||||
openshift.withProject(params.TEST_NAMESPACE) {
|
||||
def deployed = mbs.deploy(script: this, test_id: env.TEST_ID,
|
||||
kojicert: kojicert, kojica: ca.get_ca_cert(),
|
||||
brokercert: msgcert,
|
||||
frontendcert: frontendcert, frontendca: ca.get_ca_cert(),
|
||||
cacerts: cabundle,
|
||||
frontend_keytab: params.USE_KRB5 == 'true' ? env.MBS_FRONTEND_KEYTAB : '',
|
||||
krb5_conf_configmap: params.USE_KRB5 == 'true' ? "krb5-${TEST_ID}-config" : '',
|
||||
krb5_user: params.USE_KRB5 == 'true' ? env.KRB5_PRINCIPAL : '',
|
||||
kojiurl: "https://${env.KOJI_SSL_HOST}",
|
||||
stompuri: "${env.UMB_HOST}:${env.UMB_STOMP_SSL_PORT}",
|
||||
backend_image: params.MBS_BACKEND_IMAGE,
|
||||
frontend_image: params.MBS_FRONTEND_IMAGE)
|
||||
deployments = deployments.union(deployed)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
post {
|
||||
success {
|
||||
echo "MBS deployed: frontend: https://${env.MBS_SSL_HOST}/"
|
||||
}
|
||||
failure {
|
||||
echo "MBS deployment FAILED"
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Wait for deployments') {
|
||||
steps {
|
||||
script {
|
||||
openshift.withCluster() {
|
||||
openshift.withProject(params.TEST_NAMESPACE) {
|
||||
c3i.waitForDeployment(script: this, objs: deployments)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
post {
|
||||
success {
|
||||
echo "Deployments complete"
|
||||
}
|
||||
failure {
|
||||
echo 'Deployments FAILED'
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Run tests') {
|
||||
steps {
|
||||
@@ -334,10 +180,8 @@ pipeline {
|
||||
}
|
||||
openshift.withCluster() {
|
||||
openshift.withProject(params.TEST_NAMESPACE) {
|
||||
if (deployments) {
|
||||
echo 'Getting logs from all deployments...'
|
||||
deployments.logs('--tail=100')
|
||||
}
|
||||
echo 'Getting logs from all deployments...'
|
||||
openshift.selector('pods', ['c3i.redhat.com/pipeline': env.PIPELINE_ID]).logs('--tail 100')
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -349,7 +193,7 @@ pipeline {
|
||||
/* Tear down everything we just created */
|
||||
echo 'Tearing down test resources...'
|
||||
openshift.selector('all,pvc,configmap,secret',
|
||||
['environment': env.ENVIRONMENT_LABEL]).delete('--ignore-not-found=true')
|
||||
['c3i.redhat.com/pipeline': env.PIPELINE_ID]).delete('--ignore-not-found=true')
|
||||
}
|
||||
} else {
|
||||
echo 'Skipping cleanup'
|
||||
@@ -359,6 +203,10 @@ pipeline {
|
||||
}
|
||||
}
|
||||
def sendToResultsDB(imageRef, status) {
|
||||
if (!params.MESSAGING_PROVIDER) {
|
||||
echo "Message bus is not set. Skipping send of:\nimageRef: ${imageRef}\nstatus: ${status}"
|
||||
return
|
||||
}
|
||||
def (repourl, digest) = imageRef.tokenize('@')
|
||||
def (registry, reponame) = repourl.split('/', 2)
|
||||
def image = reponame.split('/').last()
|
||||
|
||||
@@ -210,7 +210,8 @@ objects:
|
||||
echo 'Starting a MBS build run...'
|
||||
def devBuild = c3i.build(script: this,
|
||||
objs: "bc/${env.PAGURE_POLLING_FOR_PR == 'true' ? env.PREMERGE_JOB_NAME : env.POSTMERGE_JOB_NAME}",
|
||||
'-e', "MBS_GIT_REF=${env.MBS_GIT_BRANCH}"
|
||||
'-e', "MBS_GIT_REF=${env.MBS_GIT_BRANCH}", '-e', "PAGURE_REPO_IS_FORK=${env.PAGURE_REPO_IS_FORK}",
|
||||
'-e', "PAGURE_REPO_NAME=${env.PAGURE_REPO_NAME}"
|
||||
)
|
||||
c3i.waitForBuildStart(script: this, build: devBuild)
|
||||
def devBuildInfo = devBuild.object()
|
||||
|
||||
Reference in New Issue
Block a user