Add trigger-readthedocs-webhook job

This job is to trigger readthedocs via their new API

The old API was quite simple in that anyone could hit the end-point
and trigger a new build.  The v2 API now requires authentication and a
unique id for each project we wish to update.

If projects wish, they can directly use the new "trigger-readthedocs"
role (from the dependent change) and create their own jobs, providing
their username/password or webhook authentication token directly from
a secret in their project playbook.

This job, however, uses the infra secret for the "openstackci" user to
update the docs.  Projects that wish to take this route require some
minor setup, but don't have to worry about managing new jobs or their
secrets and gain some benefits in having the openstackci user as a
backup admin.

To use the trigger-readthedocs-webhook job, projects will need to do
the following:

1) add openstackci user as an admin of their RTD project

2) generate an webhook via the "Integrations" dashboard page on the
   RTD project

3) provide the id from that webhook URL in job or project variables.
   This webhook id is not private; it is useless without
   authentication (it appears to be a global monotonically increasing
   integer for each webhook generated).

4) include the job. gerrit-dash-creator is populated with the new job
   for initial testing.  Other projects are currently using the
   "docs-on-readthedocs" template.  Change
   I3b65813671961d07c0a743685c537ad1df4bf68 proposes switching the
   template to use this new job.

Change-Id: Ic34ea5ead26a477a1cc5f8b25fd2ce1949c1dc13
Depends-On: https://review.openstack.org/579434
Depends-On: https://review.openstack.org/584230
This commit is contained in:
Ian Wienand 2018-07-18 13:38:25 +10:00
parent d15e622e7e
commit 425b091a1e
4 changed files with 60 additions and 0 deletions

View File

@ -0,0 +1,3 @@
- hosts: localhost
roles:
- name: trigger-readthedocs

View File

@ -1171,6 +1171,28 @@
secret: release_ssh_key
- gpg_key
- job:
name: trigger-readthedocs-webhook
description: |
Trigger readthedocs to rebuild documentation
Note this job requires some external setup.
#. add the ``openstackci`` user as an admin to your RTD project
#. generate a webhook URL via the "Integrations" dashboard page
#. provide the ``id`` from that URL in a ``rtd_webhook_id`` variable
You probably do not want to use this job directly, but rather
include the `docs-on-readthedocs template
<https://docs.openstack.org/infra/openstack-zuul-jobs/project-templates.html#project_template-docs-on-readthedocs>`__
run: playbooks/publish/trigger-rtd.yaml
post-review: true
final: true
secrets:
- rtd_credentials
- job:
name: project-config-check-main-yaml
description: |

View File

@ -5941,12 +5941,30 @@
name: openstack/gerrit-dash-creator
templates:
- publish-to-pypi
vars:
# for trigger-readthedocs-webhook
# NOTE(ianw): For initial testing.
# Revert to docs-on-readthedocs template when
# https://review.openstack.org/583834
# merges.
rtd_webhook_id: '43048'
check:
jobs:
- openstack-tox-pep8
- build-openstack-sphinx-docs
gate:
jobs:
- openstack-tox-pep8
- build-openstack-sphinx-docs
post:
jobs:
- trigger-readthedocs-webhook
pre-release:
jobs:
- trigger-readthedocs-webhook
release:
jobs:
- trigger-readthedocs-webhook
- project:
name: openstack/gertty

View File

@ -541,6 +541,22 @@
ThQJ8JC5z8vhzSNuU0agdpPJJuO6sSmcDG7N1SIq/qIZg4198hhvnqC89sOHkI+6xFSfy
V/PoMvnBDA+g9Qaz8dqNWB6N6AjjtLQV4ES5/jew3BCPFHfFueUfHzTzc+8TRE=
- secret:
name: rtd_credentials
data:
rtd_username: openstackci
rtd_password: !encrypted/pkcs1-oaep
- jmecsVW/fOuRCzAXMxJfv6n3Q0LHoEZIqTxB6eObCLWEvcpTTT6ybAMr9uWVnT0LsEIMw
PAbh9BLzOOz3xrI8u+23zAv2zU05vUG3KrbDfSC7PkLi6iUrxVNS6o9Av2qif+3RwIFsX
BX7SwiCd72VcHgYgZYe507BuXJ9nKRjcABn2gIpJdsIxNWHI0eOrU9MpcDyJzqGJN/Ett
7G9p6KvShA1E2ambl9LQkpjchTdgx6pbBZkxG01VWU3CQghbj5CxlVsGvO9mC7zSuukhB
cKEq+zd/Tq2ogsYdhZ9W5shn+vPcOqSIRaK6I0FKaDfkdMPzW1S1VeCjtMojya0w6Op/c
t+mQ++EkrL61qabxNgp1XpmJQeRfXLWO/qcvUEYo8bmPoRtxcQolhOZTIqmUBz7KJKvO9
U1Rs72vFkTcT2tCyjV9EuhwEr73IZdH4ZHYZXKusnh1h/YwEjiYV2pDbyakhxJZlWlFnk
bTN5pQKQFKIUpJP2yhPvjefGXGrpzk46cvPPA/9+Wl12K04HcRVeCSJCKA3DL2T38c7lv
s64C61Vx6Yntum+ptyY1I/fFzVdxlNOynMk4SDthBtV2f3LqfOyKLakxzZK4NI468K4tY
srbw9QBbmpl8T7xd6gn2HfKCFeqngOFDV7QGq0F95BZ3HamgDYpXhhOmEDdp3g=
- secret:
name: openstackinfra_vexxhost
data:
@ -565,3 +581,4 @@
project_domain_id: default
user_domain_id: default
region_name: ca-ymq-1