Browse Source

Add release-approval pipeline

Define a release-approval pipeline to run the check-release-approval
job on every comment added to a release request, and set a
PTL-Approved label accordingly.

This may be considered a bit resource-intensive, however the
check-release-approval job is a fast python script that runs on
the executor, and only release requests shall go in this pipeline.
If this generates too much load, we could configure it to only run
when the comment posted contains a magic "signoff" keyword.

Another concern is that jobs other than check-release-approval would
be added to this pipeline. There does not seem to be a way in Zuul to
limit a pipeline to a specific job name or project.

Change-Id: Ieab04a4d6c02b216a59c12ec8599e7d91f4fffb1
changes/90/705990/1
Thierry Carrez 3 years ago
parent
commit
7e896b57eb
  1. 1
      gerrit/acls/openstack/releases.config
  2. 1
      tools/normalize_acl.py
  3. 23
      zuul.d/pipelines.yaml

1
gerrit/acls/openstack/releases.config

@ -1,6 +1,7 @@
[access "refs/heads/*"]
abandon = group releases-core
label-Code-Review = -2..+2 group releases-core
label-PTL-Approved = +0..+1 group Continuous Integration Tools
label-Workflow = -1..+1 group releases-core
[receive]

1
tools/normalize_acl.py

@ -70,6 +70,7 @@ valid_keys = {'abandon',
'function',
'label-Backport-Candidate',
'label-Code-Review',
'label-PTL-Approved',
'label-Review-Priority',
'label-Rollcall-Vote',
'label-Workflow',

23
zuul.d/pipelines.yaml

@ -194,6 +194,29 @@
failure:
mysql:
- pipeline:
name: release-approval
description: |
Newly-reviewed release requests enter this pipeline to check if the
current state can represent PTL or release liaison approval.
manager: independent
precedence: low
require:
gerrit:
open: True
current-patchset: True
trigger:
gerrit:
- event: comment-added
success:
gerrit:
PTL-Approved: 1
mysql:
failure:
gerrit:
PTL-Approved: 0
mysql:
- pipeline:
name: release-post
# NOTE(mordred): release-post needs access to credentials (eg: pypi).

Loading…
Cancel
Save