Add pyca 3rd-party CI tenant

This is a separate tenant for pyca 3rd party CI testing/wheel building/etc. pyca want to keep their configuration in their project, but are not gated by Zuul. This opens a small window for job name conflicts or other config errors that may affect more than just the project making the mistake. Keeping things in a separate tenant means our main projects will not be affected. It also gives us a place to have a separate trusted repository so we have a home for things like uploading with API keys should we need to. Change-Id: I99759f107aaa99e87ddbe83eea462ff725d949ee
2020-07-27 10:55:49 +10:00 · 2020-07-27 10:55:49 +10:00 · 05014b6b3d
commit 05014b6b3d
parent 2079fa61cd
1 changed files with 23 additions and 0 deletions
--- a/zuul/main.yaml
+++ b/zuul/main.yaml
@ -1642,3 +1642,26 @@
        untrusted-projects:
          - include: []
            projects: *googlesource_projects
+
+# 3rd party CI for Python Cryptographic Authority
+# https://github.com/pyca
+- tenant:
+    name: pyca
+    max-nodes-per-job: 1
+    report-build-page: true
+    source:
+      gerrit:
+        config-projects:
+          - pyca/project-config
+          # Only use jobs and secrets from this repo, we do not want
+          # the project definition.
+          - opendev/base-jobs:
+              include:
+                - job
+                - secret
+                - nodeset
+        untrusted-projects:
+          - zuul/zuul-jobs
+      github:
+        untrusted-projects:
+          - pyca/cryptography