diff --git a/.zuul.yaml b/.zuul.yaml new file mode 100644 index 0000000..84d5c45 --- /dev/null +++ b/.zuul.yaml @@ -0,0 +1,155 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- project: + check: + jobs: + - airship-berth-linter + - airship-berth-doc-build + - airship-berth-lint-pep8 + - airship-berth-unit-py35 + - airship-berth-security-bandit + - airship-berth-docker-build-gate + gate: + jobs: + - airship-berth-linter + - airship-berth-doc-build + - airship-berth-lint-pep8 + - airship-berth-unit-py35 + - airship-berth-security-bandit + - airship-berth-docker-build-gate + post: + jobs: + - airship-berth-docker-publish + +- nodeset: + name: airship-berth-single-node + nodes: + - name: primary + label: ubuntu-xenial + +- job: + name: airship-berth-linter + description: | + Lints all files by checking them for whitespace. + run: tools/gate/playbooks/zuul-linter.yaml + nodeset: airship-berth-single-node + +- job: + name: airship-berth-lint-pep8 + description: | + Lints Python files against the PEP8 standard + run: tools/gate/playbooks/pep8-linter.yaml + timeout: 300 + nodeset: airship-berth-single-node + irrelevant-files: + - ^.*\.rst$ + - ^doc/.*$ + - ^etc/.*$ + - ^releasenotes/.*$ + - ^setup.cfg$ + +- job: + name: airship-berth-unit-py35 + description: | + Executes unit tests under Python 3.5 + run: tools/gate/playbooks/unit-py35.yaml + timeout: 300 + nodeset: airship-berth-single-node + irrelevant-files: + - ^.*\.rst$ + - ^doc/.*$ + - ^etc/.*$ + - ^releasenotes/.*$ + - ^setup.cfg$ + +- job: + name: airship-berth-security-bandit + description: | + Executes the Bandit security scanner against Python files + run: tools/gate/playbooks/security-bandit.yaml + timeout: 300 + nodeset: airship-berth-single-node + irrelevant-files: + - ^.*\.rst$ + - ^doc/.*$ + - ^etc/.*$ + - ^releasenotes/.*$ + - ^setup.cfg$ + +- job: + name: airship-berth-doc-build + description: | + Locally build the documentation to check for errors + run: tools/gate/playbooks/doc-build.yaml + timeout: 300 + nodeset: airship-berth-single-node + irrelevant-files: + - ^src/bin/berth/tests/.*$ + - ^setup.cfg$ + +- job: + name: airship-berth-docker-build-gate + timeout: 1800 + run: tools/gate/playbooks/docker-image-build.yaml + nodeset: airship-berth-single-node + irrelevant-files: + - '^docs/.*' + vars: + publish: false + tags: + dynamic: + patch_set: true + +- job: + name: airship-berth-docker-publish + timeout: 1800 + run: tools/gate/playbooks/docker-image-build.yaml + nodeset: airship-berth-single-node + secrets: + - airship_berth_quay_creds + irrelevant-files: + - '^docs/.*' + vars: + publish: true + tags: + dynamic: + branch: true + commit: true + static: + - latest + +- secret: + name: airship_berth_quay_creds + data: + username: !encrypted/pkcs1-oaep + - BI1sCnCyps8RaXf/BQ2ZtobrXn4MfnimRr5wE5Rv3U95NCCK5EoUwBEvnz7yNmQ8m99D7 + 9Gx4qA0N1ry7QL+o2Ll0D/ahb/HsaVBNU3CeVfe+3shpEVEuSi2xrA8K9LQPfIK1237vr + wVvN/R+y/uYm7mpPr/aEPjQwJf3wgEK8xV/ZTvqYSVCpGylbfV0tWxm6uEVdBc1kMPLJN + 8uItJPaAaYMkFEasnVlI/DV8suiK13BLT7bNpNZBQsQ3AlcBCoq9mt50C3slV1wIneaz9 + qK+O++z7r8OTWUDMQqWE5d1m6jz1WIp5DROmnOvb9dfS73XsTcgmXwilrQt3VSvFCToga + gAVHcoWbIKfxgrbOhoLFr+68id3VwVKN+NXgkoxTAJSzFCWwrs0X4n4W6D4O9buQyFTiZ + s9o5rB1f2bdF5iI8Npqg6YchPtWn2eR78w1hRyge2HJk2RQgN1CqjpbiQ0uiEy0QA/Ksu + VTtuONyV3T7FUYXaK3cHYrCwhV/idquSNRCWnKQAbs8mU8w298UbpOq4lZk1Njeg9StIs + 0DYyG1SX2k4mBS4//9i488qBSss2CBMhZWHbesSDi/OW4fNzz/2wm2FaW1uaJJSOTXEyJ + E3p4+eejcYknXR+XD6BWfSvSwabsCezGSCg7wg7CRFsuTYXx5a4y/+P8Jh+Y7Y= + password: !encrypted/pkcs1-oaep + - x/0RHX1OlOfFgyb5ed0sknZQi8waSQLzWv+Aog0CziVMf9r3MtZ29LAcrqp9VUdFRYGCk + Hf71TJb1Zb8b+WNcUJH2JjVo//Z1smU5F5xEqzhz0gTm1HYQjMAlqd1VNDYv0IpWl2dLE + sGnEOT/Uq0RfH3rRt+33GagmXBUNuOIMdx41ubrMaF6ddg8IbjISRaCdfPOlNIrj24gCj + a16UNiSyAhvqkod2G2HO7JE7Nv2//5hI1MD1o7sip8/eub12XtHMjpDRKR+KymX81LGAS + PeCAn+Hw41uUKnxI/OTW47YtNvQVZZ4gRTOKTumsSNSceFfbf5ljm/JHTWx0SO6Z/kvzH + RAJwBmLPHg7leD2wF9vWXwcmlyWJFyeEW/K/+6gYycQ2H0OnRuRxzYaNpSa96zPWUfNsA + 3TEKJcXjFXJSr00KnWmUZw8ZmPYAziu+pZoBXpkIhYoP1MAtggv/pvVsODDHmokP9nVE6 + s6YbtUXzthM/TgsE5KMZ2QP4udetj11RGDC+7fz/edtLcrpL3Nrq2rkJ2tRV+yR1ElKGx + b2YX7cwM/vx3DPhWRBPJJfOoSRl+ZJByDM1KKWmAB91LT9vB3oVk/vq2XUsbTH2w20LcK + xBXFJMtVHOavHIIWM7qHvkvZzWSBON7ydspje9MbYtTS5/97ccdLxDHA0MX0wM= diff --git a/Dockerfile b/Dockerfile index 35b6874..35ff9bc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ -FROM ubuntu:16.04 +ARG FROM=ubuntu:16.04 +FROM ${FROM} RUN apt-get update && apt-get install -y qemu-kvm dnsmasq bridge-utils mkisofs curl jq wget iptables RUN apt-get clean diff --git a/tools/gate/playbooks/doc-build.yaml b/tools/gate/playbooks/doc-build.yaml new file mode 100644 index 0000000..b7b2aa1 --- /dev/null +++ b/tools/gate/playbooks/doc-build.yaml @@ -0,0 +1,20 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: primary + tasks: + - name: Build documents locally + make: + chdir: "{{ zuul.project.src_dir }}" + target: docs + register: result + failed_when: result.failed diff --git a/tools/gate/playbooks/docker-image-build.yaml b/tools/gate/playbooks/docker-image-build.yaml new file mode 100644 index 0000000..b5d55c1 --- /dev/null +++ b/tools/gate/playbooks/docker-image-build.yaml @@ -0,0 +1,129 @@ +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: primary + tasks: + - include_vars: vars.yaml + + - name: Debug tag generation inputs + block: + - debug: + var: publish + - debug: + var: tags + - debug: + var: zuul + - debug: + msg: "{{ tags | to_json }}" + + - name: Determine tags + shell: echo '{{ tags | to_json }}' | python {{ zuul.project.src_dir }}/tools/image_tags.py + environment: + BRANCH: "{{ zuul.branch }}" + CHANGE: "{{ zuul.change }}" + COMMIT: "{{ zuul.newrev }}" + PATCHSET: "{{ zuul.patchset }}" + register: image_tags + + - name: Debug computed tags + debug: + var: image_tags + + - name: Install Docker (Debian) + when: ansible_os_family == 'Debian' + block: + - file: + path: "{{ item }}" + state: directory + with_items: + - /etc/docker/ + - /etc/systemd/system/docker.service.d/ + - /var/lib/docker/ + - mount: + path: /var/lib/docker/ + src: tmpfs + fstype: tmpfs + opts: size=25g + state: mounted + - copy: "{{ item }}" + with_items: + - content: "{{ docker_daemon | to_json }}" + dest: /etc/docker/daemon.json + - src: files/docker-systemd.conf + dest: /etc/systemd/system/docker.service.d/ + - apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + - apt_repository: + repo: deb http://{{ zuul_site_mirror_fqdn }}/deb-docker xenial stable + - apt: + name: "{{ item }}" + allow_unauthenticated: True + with_items: + - docker-ce + - python-pip + - pip: + name: docker + version: 2.7.0 + # NOTE(SamYaple): Allow all connections from containers to host so the + # containers can access the http server for git and wheels + - iptables: + action: insert + chain: INPUT + in_interface: docker0 + jump: ACCEPT + become: True + + - name: Make images + when: not publish + block: + - make: + chdir: "{{ zuul.project.src_dir }}" + target: images + params: + IMAGE_TAG: "{{ item }}" + with_items: "{{ image_tags.stdout_lines }}" + + - shell: "docker images" + register: docker_images + + - debug: + var: docker_images + + become: True + + - name: Publish images + block: + - docker_login: + username: "{{ airship_berth_quay_creds.username }}" + password: "{{ airship_berth_quay_creds.password }}" + registry_url: "https://quay.io/api/v1/" + + - make: + chdir: "{{ zuul.project.src_dir }}" + target: images + params: + DOCKER_REGISTRY: "quay.io" + IMAGE_PREFIX: "airshipit" + IMAGE_TAG: "{{ item }}" + PUSH_IMAGE: "true" + with_items: "{{ image_tags.stdout_lines }}" + + - shell: "docker images" + register: docker_images + + - debug: + var: docker_images + + when: publish + become: True diff --git a/tools/gate/playbooks/files/docker-systemd.conf b/tools/gate/playbooks/files/docker-systemd.conf new file mode 100644 index 0000000..6b01af0 --- /dev/null +++ b/tools/gate/playbooks/files/docker-systemd.conf @@ -0,0 +1,8 @@ +# NOTE(SamYaple): CentOS cannot be build with userns-remap enabled. httpd uses +# cap_set_file capability and there is no way to pass that in at build as of +# docker 17.06. +# TODO(SamYaple): Periodically check to see if this is possible in newer +# versions of Docker +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd diff --git a/tools/gate/playbooks/pep8-linter.yaml b/tools/gate/playbooks/pep8-linter.yaml new file mode 100644 index 0000000..43bd785 --- /dev/null +++ b/tools/gate/playbooks/pep8-linter.yaml @@ -0,0 +1,20 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: primary + tasks: + - name: Execute the make target for PEP8 linting + make: + chdir: "{{ zuul.project.src_dir }}" + target: py_lint + register: result + failed_when: result.failed diff --git a/tools/gate/playbooks/security-bandit.yaml b/tools/gate/playbooks/security-bandit.yaml new file mode 100644 index 0000000..927ea05 --- /dev/null +++ b/tools/gate/playbooks/security-bandit.yaml @@ -0,0 +1,20 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: primary + tasks: + - name: Execute the make target for security scanning + make: + chdir: "{{ zuul.project.src_dir }}" + target: security + register: result + failed_when: result.failed diff --git a/tools/gate/playbooks/unit-py35.yaml b/tools/gate/playbooks/unit-py35.yaml new file mode 100644 index 0000000..4d00225 --- /dev/null +++ b/tools/gate/playbooks/unit-py35.yaml @@ -0,0 +1,20 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: primary + tasks: + - name: Execute the make target for unit testing + make: + chdir: "{{ zuul.project.src_dir }}" + target: tests + register: result + failed_when: result.failed diff --git a/tools/gate/playbooks/vars.yaml b/tools/gate/playbooks/vars.yaml new file mode 100644 index 0000000..c89b798 --- /dev/null +++ b/tools/gate/playbooks/vars.yaml @@ -0,0 +1,19 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +docker_daemon: + group: zuul + registry-mirrors: + - "http://{{ zuul_site_mirror_fqdn }}:8082/" + storage-driver: overlay2 diff --git a/tools/gate/playbooks/zuul-linter.yaml b/tools/gate/playbooks/zuul-linter.yaml new file mode 100644 index 0000000..dd37955 --- /dev/null +++ b/tools/gate/playbooks/zuul-linter.yaml @@ -0,0 +1,20 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: primary + tasks: + - name: Execute a Whitespace Linter check + command: find . -not -path "*/\.*" -not -path "*/doc/build/*" -not -name "*.tgz" -type f -exec egrep -l " +$" {} \; + register: result + failed_when: result.stdout != ""