Add release-approval pipeline

Define a release-approval pipeline to run the check-release-approval job on every comment added to a release request, and set a PTL-Approved label accordingly. This may be considered a bit resource-intensive, however the check-release-approval job is a fast python script that runs on the executor, and only release requests shall go in this pipeline. If this generates too much load, we could configure it to only run when the comment posted contains a magic "signoff" keyword. Another concern is that jobs other than check-release-approval would be added to this pipeline. There does not seem to be a way in Zuul to limit a pipeline to a specific job name or project. Change-Id: Ieab04a4d6c02b216a59c12ec8599e7d91f4fffb1
2020-02-05 16:25:29 +01:00 · 2020-02-05 16:25:29 +01:00 · 7e896b57eb
parent 2a6570399c
commit 7e896b57eb
3 changed files with 25 additions and 0 deletions
--- a/gerrit/acls/openstack/releases.config
+++ b/gerrit/acls/openstack/releases.config
@ -1,6 +1,7 @@
 [access "refs/heads/*"]
 abandon = group releases-core
 label-Code-Review = -2..+2 group releases-core
+label-PTL-Approved = +0..+1 group Continuous Integration Tools
 label-Workflow = -1..+1 group releases-core

 [receive]
--- a/tools/normalize_acl.py
+++ b/tools/normalize_acl.py
@ -70,6 +70,7 @@ valid_keys = {'abandon',
              'function',
              'label-Backport-Candidate',
              'label-Code-Review',
+              'label-PTL-Approved',
              'label-Review-Priority',
              'label-Rollcall-Vote',
              'label-Workflow',
--- a/zuul.d/pipelines.yaml
+++ b/zuul.d/pipelines.yaml
@ -194,6 +194,29 @@
    failure:
      mysql:

+- pipeline:
+    name: release-approval
+    description: |
+      Newly-reviewed release requests enter this pipeline to check if the
+      current state can represent PTL or release liaison approval.
+    manager: independent
+    precedence: low
+    require:
+      gerrit:
+        open: True
+        current-patchset: True
+    trigger:
+      gerrit:
+        - event: comment-added
+    success:
+      gerrit:
+        PTL-Approved: 1
+      mysql:
+    failure:
+      gerrit:
+        PTL-Approved: 0
+      mysql:
+
 - pipeline:
    name: release-post
    # NOTE(mordred): release-post needs access to credentials (eg: pypi).