airship
/
berth
Code Issues Proposed changes

Update Dockerfile to allow override of FROM variable 

Change-Id: I8c4d4402c22e7c68982207ff1216b8f9b1d0dd06
This commit is contained in:
Jerome Brette 2018-06-25 22:46:03 -05:00 committed by Jerome Brette
parent 683d757995
commit 14989ed7c2
10 changed files with 413 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

155
.zuul.yaml Normal file
View File

@ -0,0 +1,155 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- project:
check:
jobs:
- airship-berth-linter
- airship-berth-doc-build
- airship-berth-lint-pep8
- airship-berth-unit-py35
- airship-berth-security-bandit
- airship-berth-docker-build-gate
gate:
jobs:
- airship-berth-linter
- airship-berth-doc-build
- airship-berth-lint-pep8
- airship-berth-unit-py35
- airship-berth-security-bandit
- airship-berth-docker-build-gate
post:
jobs:
- airship-berth-docker-publish
- nodeset:
name: airship-berth-single-node
nodes:
- name: primary
label: ubuntu-xenial
- job:
name: airship-berth-linter
description: |
Lints all files by checking them for whitespace.
run: tools/gate/playbooks/zuul-linter.yaml
nodeset: airship-berth-single-node
- job:
name: airship-berth-lint-pep8
description: |
Lints Python files against the PEP8 standard
run: tools/gate/playbooks/pep8-linter.yaml
timeout: 300
nodeset: airship-berth-single-node
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- ^etc/.*$
- ^releasenotes/.*$
- ^setup.cfg$
- job:
name: airship-berth-unit-py35
description: |
Executes unit tests under Python 3.5
run: tools/gate/playbooks/unit-py35.yaml
timeout: 300
nodeset: airship-berth-single-node
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- ^etc/.*$
- ^releasenotes/.*$
- ^setup.cfg$
- job:
name: airship-berth-security-bandit
description: |
Executes the Bandit security scanner against Python files
run: tools/gate/playbooks/security-bandit.yaml
timeout: 300
nodeset: airship-berth-single-node
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- ^etc/.*$
- ^releasenotes/.*$
- ^setup.cfg$
- job:
name: airship-berth-doc-build
description: |
Locally build the documentation to check for errors
run: tools/gate/playbooks/doc-build.yaml
timeout: 300
nodeset: airship-berth-single-node
irrelevant-files:
- ^src/bin/berth/tests/.*$
- ^setup.cfg$
- job:
name: airship-berth-docker-build-gate
timeout: 1800
run: tools/gate/playbooks/docker-image-build.yaml
nodeset: airship-berth-single-node
irrelevant-files:
- '^docs/.*'
vars:
publish: false
tags:
dynamic:
patch_set: true
- job:
name: airship-berth-docker-publish
timeout: 1800
run: tools/gate/playbooks/docker-image-build.yaml
nodeset: airship-berth-single-node
secrets:
- airship_berth_quay_creds
irrelevant-files:
- '^docs/.*'
vars:
publish: true
tags:
dynamic:
branch: true
commit: true
static:
- latest
- secret:
name: airship_berth_quay_creds
data:
username: !encrypted/pkcs1-oaep
- BI1sCnCyps8RaXf/BQ2ZtobrXn4MfnimRr5wE5Rv3U95NCCK5EoUwBEvnz7yNmQ8m99D7
9Gx4qA0N1ry7QL+o2Ll0D/ahb/HsaVBNU3CeVfe+3shpEVEuSi2xrA8K9LQPfIK1237vr
wVvN/R+y/uYm7mpPr/aEPjQwJf3wgEK8xV/ZTvqYSVCpGylbfV0tWxm6uEVdBc1kMPLJN
8uItJPaAaYMkFEasnVlI/DV8suiK13BLT7bNpNZBQsQ3AlcBCoq9mt50C3slV1wIneaz9
qK+O++z7r8OTWUDMQqWE5d1m6jz1WIp5DROmnOvb9dfS73XsTcgmXwilrQt3VSvFCToga
gAVHcoWbIKfxgrbOhoLFr+68id3VwVKN+NXgkoxTAJSzFCWwrs0X4n4W6D4O9buQyFTiZ
s9o5rB1f2bdF5iI8Npqg6YchPtWn2eR78w1hRyge2HJk2RQgN1CqjpbiQ0uiEy0QA/Ksu
VTtuONyV3T7FUYXaK3cHYrCwhV/idquSNRCWnKQAbs8mU8w298UbpOq4lZk1Njeg9StIs
0DYyG1SX2k4mBS4//9i488qBSss2CBMhZWHbesSDi/OW4fNzz/2wm2FaW1uaJJSOTXEyJ
E3p4+eejcYknXR+XD6BWfSvSwabsCezGSCg7wg7CRFsuTYXx5a4y/+P8Jh+Y7Y=
password: !encrypted/pkcs1-oaep
- x/0RHX1OlOfFgyb5ed0sknZQi8waSQLzWv+Aog0CziVMf9r3MtZ29LAcrqp9VUdFRYGCk
Hf71TJb1Zb8b+WNcUJH2JjVo//Z1smU5F5xEqzhz0gTm1HYQjMAlqd1VNDYv0IpWl2dLE
sGnEOT/Uq0RfH3rRt+33GagmXBUNuOIMdx41ubrMaF6ddg8IbjISRaCdfPOlNIrj24gCj
a16UNiSyAhvqkod2G2HO7JE7Nv2//5hI1MD1o7sip8/eub12XtHMjpDRKR+KymX81LGAS
PeCAn+Hw41uUKnxI/OTW47YtNvQVZZ4gRTOKTumsSNSceFfbf5ljm/JHTWx0SO6Z/kvzH
RAJwBmLPHg7leD2wF9vWXwcmlyWJFyeEW/K/+6gYycQ2H0OnRuRxzYaNpSa96zPWUfNsA
3TEKJcXjFXJSr00KnWmUZw8ZmPYAziu+pZoBXpkIhYoP1MAtggv/pvVsODDHmokP9nVE6
s6YbtUXzthM/TgsE5KMZ2QP4udetj11RGDC+7fz/edtLcrpL3Nrq2rkJ2tRV+yR1ElKGx
b2YX7cwM/vx3DPhWRBPJJfOoSRl+ZJByDM1KKWmAB91LT9vB3oVk/vq2XUsbTH2w20LcK
xBXFJMtVHOavHIIWM7qHvkvZzWSBON7ydspje9MbYtTS5/97ccdLxDHA0MX0wM=

3
Dockerfile
View File

@ -1,4 +1,5 @@
FROM ubuntu:16.04
ARG FROM=ubuntu:16.04
FROM ${FROM}
RUN apt-get update && apt-get install -y qemu-kvm dnsmasq bridge-utils mkisofs curl jq wget iptables
RUN apt-get clean

20
tools/gate/playbooks/doc-build.yaml Normal file
View File

@ -0,0 +1,20 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
tasks:
- name: Build documents locally
make:
chdir: "{{ zuul.project.src_dir }}"
target: docs
register: result
failed_when: result.failed

129
tools/gate/playbooks/docker-image-build.yaml Normal file
View File

@ -0,0 +1,129 @@
# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
tasks:
- include_vars: vars.yaml
- name: Debug tag generation inputs
block:
- debug:
var: publish
- debug:
var: tags
- debug:
var: zuul
- debug:
msg: "{{ tags | to_json }}"
- name: Determine tags
shell: echo '{{ tags | to_json }}' | python {{ zuul.project.src_dir }}/tools/image_tags.py
environment:
BRANCH: "{{ zuul.branch }}"
CHANGE: "{{ zuul.change }}"
COMMIT: "{{ zuul.newrev }}"
PATCHSET: "{{ zuul.patchset }}"
register: image_tags
- name: Debug computed tags
debug:
var: image_tags
- name: Install Docker (Debian)
when: ansible_os_family == 'Debian'
block:
- file:
path: "{{ item }}"
state: directory
with_items:
- /etc/docker/
- /etc/systemd/system/docker.service.d/
- /var/lib/docker/
- mount:
path: /var/lib/docker/
src: tmpfs
fstype: tmpfs
opts: size=25g
state: mounted
- copy: "{{ item }}"
with_items:
- content: "{{ docker_daemon | to_json }}"
dest: /etc/docker/daemon.json
- src: files/docker-systemd.conf
dest: /etc/systemd/system/docker.service.d/
- apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
- apt_repository:
repo: deb http://{{ zuul_site_mirror_fqdn }}/deb-docker xenial stable
- apt:
name: "{{ item }}"
allow_unauthenticated: True
with_items:
- docker-ce
- python-pip
- pip:
name: docker
version: 2.7.0
# NOTE(SamYaple): Allow all connections from containers to host so the
# containers can access the http server for git and wheels
- iptables:
action: insert
chain: INPUT
in_interface: docker0
jump: ACCEPT
become: True
- name: Make images
when: not publish
block:
- make:
chdir: "{{ zuul.project.src_dir }}"
target: images
params:
IMAGE_TAG: "{{ item }}"
with_items: "{{ image_tags.stdout_lines }}"
- shell: "docker images"
register: docker_images
- debug:
var: docker_images
become: True
- name: Publish images
block:
- docker_login:
username: "{{ airship_berth_quay_creds.username }}"
password: "{{ airship_berth_quay_creds.password }}"
registry_url: "https://quay.io/api/v1/"
- make:
chdir: "{{ zuul.project.src_dir }}"
target: images
params:
DOCKER_REGISTRY: "quay.io"
IMAGE_PREFIX: "airshipit"
IMAGE_TAG: "{{ item }}"
PUSH_IMAGE: "true"
with_items: "{{ image_tags.stdout_lines }}"
- shell: "docker images"
register: docker_images
- debug:
var: docker_images
when: publish
become: True

8
tools/gate/playbooks/files/docker-systemd.conf Normal file
View File

@ -0,0 +1,8 @@
# NOTE(SamYaple): CentOS cannot be build with userns-remap enabled. httpd uses
# cap_set_file capability and there is no way to pass that in at build as of
# docker 17.06.
# TODO(SamYaple): Periodically check to see if this is possible in newer
# versions of Docker
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd

20
tools/gate/playbooks/pep8-linter.yaml Normal file
View File

@ -0,0 +1,20 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
tasks:
- name: Execute the make target for PEP8 linting
make:
chdir: "{{ zuul.project.src_dir }}"
target: py_lint
register: result
failed_when: result.failed

20
tools/gate/playbooks/security-bandit.yaml Normal file
View File

@ -0,0 +1,20 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
tasks:
- name: Execute the make target for security scanning
make:
chdir: "{{ zuul.project.src_dir }}"
target: security
register: result
failed_when: result.failed

20
tools/gate/playbooks/unit-py35.yaml Normal file
View File

@ -0,0 +1,20 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
tasks:
- name: Execute the make target for unit testing
make:
chdir: "{{ zuul.project.src_dir }}"
target: tests
register: result
failed_when: result.failed

19
tools/gate/playbooks/vars.yaml Normal file
View File

@ -0,0 +1,19 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
docker_daemon:
group: zuul
registry-mirrors:
- "http://{{ zuul_site_mirror_fqdn }}:8082/"
storage-driver: overlay2

20
tools/gate/playbooks/zuul-linter.yaml Normal file
View File

@ -0,0 +1,20 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
tasks:
- name: Execute a Whitespace Linter check
command: find . -not -path "*/\.*" -not -path "*/doc/build/*" -not -name "*.tgz" -type f -exec egrep -l " +$" {} \;
register: result
failed_when: result.stdout != ""