From 7e896b57eb6e6f1be97df0841c897765d8c1f11d Mon Sep 17 00:00:00 2001 From: Thierry Carrez Date: Wed, 5 Feb 2020 16:25:29 +0100 Subject: [PATCH] Add release-approval pipeline Define a release-approval pipeline to run the check-release-approval job on every comment added to a release request, and set a PTL-Approved label accordingly. This may be considered a bit resource-intensive, however the check-release-approval job is a fast python script that runs on the executor, and only release requests shall go in this pipeline. If this generates too much load, we could configure it to only run when the comment posted contains a magic "signoff" keyword. Another concern is that jobs other than check-release-approval would be added to this pipeline. There does not seem to be a way in Zuul to limit a pipeline to a specific job name or project. Change-Id: Ieab04a4d6c02b216a59c12ec8599e7d91f4fffb1 --- gerrit/acls/openstack/releases.config | 1 + tools/normalize_acl.py | 1 + zuul.d/pipelines.yaml | 23 +++++++++++++++++++++++ 3 files changed, 25 insertions(+) diff --git a/gerrit/acls/openstack/releases.config b/gerrit/acls/openstack/releases.config index 228c4c1f91..591d1ed6f9 100644 --- a/gerrit/acls/openstack/releases.config +++ b/gerrit/acls/openstack/releases.config @@ -1,6 +1,7 @@ [access "refs/heads/*"] abandon = group releases-core label-Code-Review = -2..+2 group releases-core +label-PTL-Approved = +0..+1 group Continuous Integration Tools label-Workflow = -1..+1 group releases-core [receive] diff --git a/tools/normalize_acl.py b/tools/normalize_acl.py index 3c524d5f4c..fcfbcfab03 100755 --- a/tools/normalize_acl.py +++ b/tools/normalize_acl.py @@ -70,6 +70,7 @@ valid_keys = {'abandon', 'function', 'label-Backport-Candidate', 'label-Code-Review', + 'label-PTL-Approved', 'label-Review-Priority', 'label-Rollcall-Vote', 'label-Workflow', diff --git a/zuul.d/pipelines.yaml b/zuul.d/pipelines.yaml index efd9832df4..a592498523 100644 --- a/zuul.d/pipelines.yaml +++ b/zuul.d/pipelines.yaml @@ -194,6 +194,29 @@ failure: mysql: +- pipeline: + name: release-approval + description: | + Newly-reviewed release requests enter this pipeline to check if the + current state can represent PTL or release liaison approval. + manager: independent + precedence: low + require: + gerrit: + open: True + current-patchset: True + trigger: + gerrit: + - event: comment-added + success: + gerrit: + PTL-Approved: 1 + mysql: + failure: + gerrit: + PTL-Approved: 0 + mysql: + - pipeline: name: release-post # NOTE(mordred): release-post needs access to credentials (eg: pypi).