# Shared zuul config specific to the OpenStack Project # Contains definitions of trusted jobs # Overrides jobs from: # https://git.openstack.org/cgit/openstack-infra/zuul-jobs # Changes to this job require a special procedure, because they can # not be tested before landing, and if they are faulty, they will # break all jobs, meaning subsequent corrections will not be able to # land. To make a change: # # 1) Ensure that base-test and its playbooks are identical to base. # 2) Make the change to base-test and/or its playbooks. # 3) Merge the change from step 2. No jobs normally use base-test, so # this is safe. # 4) Propose a change to a job to reparent it to base-test. Choose a # job which will exercise whatever you are changing. The # "unittests" job in zuul-jobs is a good choice. Use [DNM] in the # commit subject so that people know not to merge the change. Set # it to "Work in progress" so people don't review it. # 5) Once test results arrive for the change in step 2, make a change # which copies the job and/or playbooks of base-test to base. In # the commit message, link to (without using Depends-On:) the # change from step 4 so reviewers can see the test results. # 6) Once the change in step 5 merges, abandon the change from step 4. - job: name: base parent: null abstract: true description: | The base job for OpenStack's installation of Zuul. All jobs ultimately inherit from this. It runs a pre-playbook which copies all of the job's prepared git repos on to all of the nodes in the nodeset. It runs a post-playbook which copies all of the files in the logs/ subdirectory of the executor work directory to the logserver. It also sets default timeout and nodeset values (which may be overidden). Responds to these variables: .. zuul:jobvar:: base_serial :default: Omitted This sets the serial keyword in the pre and post playbooks which can be an integer or percentage. See ansible documentation for more information: http://docs.ansible.com/ansible/latest/playbooks_delegation.html pre-run: playbooks/base/pre.yaml post-run: - playbooks/base/post-ssh.yaml - playbooks/base/post-logs.yaml roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs vars: ara_report_type: database ara_report_path: ara-report timeout: 1800 post-timeout: 1800 nodeset: nodes: - name: ubuntu-xenial label: ubuntu-xenial secrets: - site_logs - job: name: base-minimal parent: null abstract: true description: | A subset of what the 'base' job provides: the absolute minimum considered required to run for any one job. It doesn't set up cached git repositories, will not set up mirrors, doesn't validate the node, etc. It is meant to be used, amongst other things, to test roles and playbooks that would otherwise be included by default as part of the 'base' job. These tasks, if required, can be included by the dependant jobs themselves on a need basis. pre-run: playbooks/base-minimal/pre.yaml post-run: - playbooks/base-minimal/post-ssh.yaml - playbooks/base-minimal/post-logs.yaml roles: - zuul: openstack-infra/zuul-jobs vars: ara_report_type: database ara_report_path: ara-report timeout: 1800 post-timeout: 1800 nodeset: nodes: - name: ubuntu-xenial label: ubuntu-xenial secrets: - site_logs # See the procedure described above "base" before making changes to # this job. - job: name: base-test parent: null description: | A job to test changes to the base job without disturbing the main job in production. Not for general use. pre-run: playbooks/base-test/pre.yaml post-run: - playbooks/base-test/post-ssh.yaml - playbooks/base-test/post-logs.yaml roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs timeout: 1800 post-timeout: 1800 vars: ara_report_type: database ara_report_path: ara-report nodeset: nodes: - name: ubuntu-xenial label: ubuntu-xenial secrets: - site_logs # NOTE(corvus): A short-term test job - job: name: base-test-swift parent: null description: | A job to test storing logs in swift. Not for general use. pre-run: playbooks/base/pre.yaml post-run: - playbooks/base/post-ssh.yaml - playbooks/base-test/post-logs-swift.yaml roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs timeout: 1800 post-timeout: 1800 vars: ara_report_type: html ara_report_path: ara-report ara_compress_html: false nodeset: nodes: - name: ubuntu-xenial label: ubuntu-xenial secrets: - name: log_cloud_config secret: openstackinfra_vexxhost - job: name: publish-openstack-artifacts description: | Publish job to upload artifacts to tarballs.openstack.org post-review: true post-run: playbooks/publish/openstack-artifacts.yaml secrets: - secret: site_tarballs name: fileserver - job: name: release-openstack-puppet parent: publish-openstack-artifacts description: | Sign and release puppet tarballs to tarballs.o.o. pre-run: playbooks/puppet-tarball/pre.yaml run: playbooks/puppet-tarball/run.yaml post-run: playbooks/puppet-tarball/post.yaml secrets: - gpg_key - job: name: release-openstack-python-without-pypi parent: publish-openstack-artifacts description: | Sign and release python tarballs to tarballs.openstack.org, but do not upload to PyPI. pre-run: playbooks/python-tarball/pre.yaml run: playbooks/python-tarball/run.yaml post-run: - playbooks/python-tarball/post.yaml required-projects: - name: openstack/requirements secrets: - gpg_key vars: # NOTE(dhellmann): Library projects using a custom installation # script need to be told where the constraints file is. We can # remove this when tox is no longer part of the CTI for building # sdists. tox_constraints_file: '{{ ansible_user_dir }}/src/git.openstack.org/openstack/requirements/upper-constraints.txt' - job: name: release-openstack-python parent: publish-openstack-artifacts description: | Release python tarballs / wheels to pypi. pre-run: playbooks/python-tarball/pre.yaml run: playbooks/python-tarball/run.yaml post-run: - playbooks/python-tarball/post.yaml - playbooks/publish/pypi.yaml required-projects: # NOTE(dhellmann): Several projects that depend on neutron or # horizon for their testing use a special install script run via # tox that tries to use zuul-cloner to make the dependency # available before installing it from source. All libraries # require openstack/requirements for the custom install scripts # they run via tox. Until we change the PTI for building sdists # and wheels from Python projects so that it does not use tox, # we need to ensure those repos are present for zuul-cloner to # copy. The openstack/neutron, openstack/horizon, and # openstack/requirements repos can be removed from the list of # required-projects for this job when the job is modified to not # use tox. - name: openstack/neutron - name: openstack/horizon - name: openstack/requirements secrets: - secret: pypi_secret name: pypi_info - gpg_key vars: # NOTE(dhellmann): Library projects using a custom installation # script need to be told where the constraints file is. We can # remove this when tox is no longer part of the CTI for building # sdists. tox_constraints_file: '{{ ansible_user_dir }}/src/git.openstack.org/openstack/requirements/upper-constraints.txt' - job: name: release-openstack-python3 parent: publish-openstack-artifacts description: | Release python tarballs / wheels to pypi using python3. pre-run: playbooks/pti-python-tarball/pre.yaml run: playbooks/pti-python-tarball/run.yaml post-run: - playbooks/pti-python-tarball/post.yaml - playbooks/publish/pypi.yaml secrets: - secret: pypi_secret name: pypi_info - gpg_key vars: release_python: python3 - job: name: test-release-openstack-python3 parent: base description: | Test building python tarballs / wheels and the packaging metadata. pre-run: playbooks/pti-python-tarball/pre.yaml run: playbooks/pti-python-tarball/check.yaml vars: release_python: python3 files: - setup.cfg - setup.py - README.rst - job: name: publish-openstack-sphinx-docs-base description: | Base job for publishing sphinx documentation to /afs/.openstack.org/docs/. This job is obsolete, use ``publish-openstack-tox-docs-base`` instead. abstract: true protected: true pre-run: - playbooks/sphinx/pre.yaml run: playbooks/sphinx/run.yaml post-run: - playbooks/publish/openstack-afs.yaml required-projects: - name: openstack/requirements roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs secrets: - secret: afsdocs_secret name: afs vars: constraints_file: '{{ ansible_user_dir }}/src/git.openstack.org/openstack/requirements/upper-constraints.txt' - job: name: publish-openstack-sphinx-docs parent: publish-openstack-sphinx-docs-base description: | Publish the results of the build-openstack-sphinx-docs job to /afs/.openstack.org/docs/{{ zuul.project.short_name }}. Publishes depending on branch to latest/ (for master), or the basename of the branch like pike (for stable/pike). final: true pre-run: # TODO(mordred) REMOVE THIS HACK - playbooks/sphinx/neutron-horizon-hack.yaml post-run: - playbooks/sphinx/post.yaml required-projects: # TODO(mordred) REMOVE THIS HACK ONCE neutron-horizon-hack is removed - name: openstack/neutron - name: openstack/horizon - job: name: publish-openstack-sphinx-docs-direct parent: publish-openstack-sphinx-docs-base description: | Publish the results of the build-openstack-sphinx-docs job to /afs/.openstack.org/docs/{{ zuul.project.short_name }} Publishing is done from master branch directly without using /latest. This job is obsolete, use ``publish-openstack-tox-docs-direct`` instead. final: true post-run: - playbooks/sphinx/post-direct.yaml branches: - master - job: name: publish-openstack-tox-docs-base description: | Base job for publishing docs tox job. Publish the results of the docs tox job to /afs/.openstack.org/docs/{{ zuul.project.short_name }}. abstract: true protected: true pre-run: playbooks/project-config/pre-tox.yaml run: playbooks/project-config/run-tox.yaml post-run: - playbooks/project-config/post-tox.yaml - playbooks/publish/openstack-afs.yaml required-projects: - name: openstack/requirements roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs vars: tox_envlist: docs bindep_profile: compile doc secrets: - secret: afsdocs_secret name: afs - job: name: publish-openstack-tox-docs parent: publish-openstack-tox-docs-base description: | Publication job for projects that run tox using the docs environment following OpenStack PTI. Publish the results of the docs tox job to /afs/.openstack.org/docs/{{ zuul.project.short_name }}. Publishes depending on branch to latest/ (for master), or the basename of the branch like pike (for stable/pike). final: true post-run: - playbooks/sphinx/post.yaml required-projects: - name: openstack/requirements vars: tox_constraints_file: '{{ ansible_user_dir }}/src/git.openstack.org/openstack/requirements/upper-constraints.txt' - job: name: publish-openstack-tox-docs-direct parent: publish-openstack-tox-docs-base description: | Publish the results of the openstack-tox-docs job to /afs/.openstack.org/docs/{{ zuul.project.short_name }} Publishing is done from master branch directly without using /latest. final: true post-run: - playbooks/sphinx/post-direct.yaml branches: - master - job: name: publish-openstack-contributor-guide parent: publish-openstack-tox-docs-base description: | Publish contributor-guide documents to https://docs.openstack.org/contributors final: true post-run: - playbooks/publish/contributor-guide-afs.yaml branches: master vars: afs_subpath: "/contributors" - job: name: publish-openstack-releasenotes-base description: | Abstract base job to publish the results of build-openstack-releasenotes to /afs/.openstack.org/docs/releasenotes/{{ zuul.project.short_name }} # This job is protected-abstract because it sets the afs_subpath # variable; it is not safe to let that be overridden in an # untrusted job because it would allow writing outside of the # project's directory on the production doc site. protected: true abstract: true pre-run: playbooks/releasenotes/pre.yaml run: playbooks/releasenotes/run.yaml post-run: - playbooks/publish/releasenotes.yaml - playbooks/publish/openstack-afs.yaml override-branch: master # Building translated releasenotes can take long for large repositories timeout: 3600 required-projects: - name: openstack/requirements roles: - zuul: openstack-infra/zuul-jobs vars: afs_subpath: "/releasenotes/{{ zuul.project.short_name }}" constraints_file: '{{ ansible_user_dir }}/src/git.openstack.org/openstack/requirements/upper-constraints.txt' sphinx_build_dir: releasenotes/build secrets: - secret: afsdocs_secret name: afs - job: name: publish-openstack-releasenotes parent: publish-openstack-releasenotes-base description: | Publish the results of build-openstack-releasenotes to /afs/.openstack.org/docs/releasenotes/{{ zuul.project.short_name }} # This job is final because its parent sets the afs_subpath # variable; it is not safe to let that be overridden in an # untrusted job because it would allow writing outside of the # project's directory on the production doc site. final: true - job: name: publish-openstack-releasenotes-python3 parent: publish-openstack-releasenotes-base description: | Publish the results of build-openstack-releasenotes to /afs/.openstack.org/docs/releasenotes/{{ zuul.project.short_name }} Uses python3. # This job is final because its parent sets the afs_subpath # variable; it is not safe to let that be overridden in an # untrusted job because it would allow writing outside of the # project's directory on the production doc site. final: true vars: sphinx_python: python3 - job: name: publish-openstack-specs parent: publish-openstack-tox-docs-base description: | Publish OpenStack specs to static.openstack.org specs/{{ zuul.project.short_name }} final: true post-run: playbooks/publish/openstack-specs.yaml required-projects: - name: openstack/requirements roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs vars: tox_constraints_file: '{{ ansible_user_dir }}/src/git.openstack.org/openstack/requirements/upper-constraints.txt' secrets: - site_logs - job: name: publish-openstack-specs-site description: | Publish OpenStack specs site to static.openstack.org specs/ final: true pre-run: playbooks/project-config/pre-tox.yaml run: playbooks/project-config/run-tox.yaml post-run: playbooks/publish/openstack-specs-site.yaml allowed-projects: - openstack-infra/project-config roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs vars: tox_envlist: specs secrets: - site_logs - job: name: publish-tox-docs-infra parent: publish-openstack-tox-docs-base description: | Publish the results of the tox docs job to /afs/.openstack.org/infra/{{ zuul.project.short_name }} final: true post-run: - playbooks/sphinx/post-infra.yaml vars: afs_subpath: "/infra/{{ zuul.project.short_name }}" bindep_profile: compile doc - job: name: publish-infra-manual parent: publish-openstack-tox-docs-base description: | Publish the Infra Manual to /afs/.openstack.org/docs/infra/manual final: true post-run: - playbooks/sphinx/post-infra.yaml allowed-projects: - openstack-infra/infra-manual vars: afs_subpath: "/infra/manual" - job: name: publish-service-types-authority description: | Publish OpenStack Service Types Authority to https://service-types.openstack.org final: true pre-run: playbooks/project-config/pre-tox.yaml run: playbooks/project-config/run-tox.yaml post-run: playbooks/publish/service-types.yaml allowed-projects: - openstack/service-types-authority roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs vars: tox_envlist: publish secrets: - site_logs - job: name: publish-infra-index description: | Publish the infrastructure documentation index final: true pre-run: playbooks/project-config/pre-tox.yaml run: playbooks/project-config/run-tox.yaml post-run: - playbooks/publish/infra-index.yaml - playbooks/publish/openstack-afs.yaml allowed-projects: - openstack-infra/project-config roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs vars: tox_envlist: infra-docs afs_path: "/infra" secrets: - secret: afsdocs_secret name: afs - job: name: publish-infra-publications-index description: | Publish the publication index final: true run: playbooks/publications-index/run.yaml post-run: - playbooks/publish/publications-index.yaml - playbooks/publish/openstack-afs.yaml # Index is always published from master override-branch: master allowed-projects: - openstack-infra/publications roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs vars: afs_subpath: "/infra/publications/" tox_envlist: infra-docs secrets: - secret: afsdocs_secret name: afs - job: name: publish-infra-publications description: | Publish one publication from openstack-infra/publications final: true run: playbooks/publications/run.yaml post-run: - playbooks/publish/publications.yaml - playbooks/publish/openstack-afs.yaml allowed-projects: - openstack-infra/publications roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs vars: afs_subpath: "/infra/publications/" tox_envlist: infra-docs secrets: - secret: afsdocs_secret name: afs - job: name: publish-openstack-python-branch-tarball parent: publish-openstack-artifacts description: | Publish the results of the tox-tarball job to tarballs.openstack.org. pre-run: playbooks/python-tarball/pre.yaml run: playbooks/python-tarball/run.yaml post-run: playbooks/python-branch-tarball/post.yaml required-projects: # See job release-openstack-python for details - name: openstack/neutron - name: openstack/horizon - name: openstack/requirements - job: name: publish-irc-meetings description: | Publish the IRC meeting calendars to eavesdrop.openstack.org. final: true pre-run: playbooks/yaml2ical/pre.yaml run: playbooks/project-config/run-tox.yaml post-run: playbooks/yaml2ical/post.yaml allowed-projects: - openstack-infra/irc-meetings vars: tox_envlist: ical secrets: - name: fileserver secret: eavesdrop_ssh_key - job: name: base-publish-static abstract: true protected: true description: | Base job for jobs that publish content to static.openstack.org. Jobs need to set the variable ``static_target`` for site to publish to. pre-run: playbooks/sphinx/pre.yaml run: playbooks/sphinx/run.yaml post-run: playbooks/publish/static.yaml secrets: - name: fileserver secret: static_ssh_key - job: name: publish-static parent: base-publish-static description: | Publish content to static.openstack.org to /srv/static/{{ zuul.project.short_name }} final: true vars: static_target: "{{ zuul.project.short_name }}" sphinx_python: python3 - job: name: publish-governance-sigs parent: base-publish-static description: | Publish content to static.openstack.org to /srv/static/sigs final: true allowed-projects: - openstack/governance-sigs vars: static_target: sigs - job: name: publish-governance-tc parent: base-publish-static description: | Publish content to static.openstack.org to /srv/static/tc final: true allowed-projects: - openstack/governance vars: static_target: tc sphinx_python: python3 - job: name: publish-governance-uc parent: base-publish-static description: | Publish content to static.openstack.org to /srv/static/uc final: true allowed-projects: - openstack/governance-uc vars: static_target: uc - job: name: publish-governance-website parent: base-publish-static description: | Publish content to static.openstack.org to /srv/static/governance final: true allowed-projects: - openstack/governance-website vars: static_target: governance - job: name: publish-security parent: base-publish-static description: | Publish content to static.openstack.org to /srv/static/security final: true allowed-projects: - openstack/ossa vars: static_target: security - job: name: publish-openstack-manuals-base description: | Base job to publish manual related documents. These build jobs invoke a tox command and expect the published content to be in publish-docs directory. This content is published on the root of the website. Note that this build job does not create a root-marker file, this has to be done by scripts called from tox. pre-run: playbooks/project-config/pre-tox.yaml run: playbooks/project-config/run-tox.yaml roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs # Syncing to AFS can take longer than default 30 mins post-timeout: 3600 vars: tox_envlist: publishdocs tox_environment: # The tox job writes the root-marker file directly and thus # needs the following variables set: ZUUL_PROJECT: '{{ zuul.project.name }}' ZUUL_BRANCH: '{{ zuul.branch }}' ZUUL_UUID: '{{ zuul.build }}' ZUUL_NEWREF: '{{ zuul.ref }}' - job: name: publish-openstack-manuals parent: publish-openstack-manuals-base final: true post-run: - playbooks/publish/manuals.yaml - playbooks/publish/openstack-afs.yaml allowed-projects: - openstack/openstack-manuals - openstack/security-doc - openstack/training-guides vars: afs_subpath: "" secrets: - secret: afsdocs_secret name: afs - job: name: publish-openstack-manuals-developer parent: publish-openstack-manuals-base post-run: - playbooks/publish/manuals.yaml - playbooks/publish/openstack-afs.yaml final: true allowed-projects: - openstack/api-site vars: afs_subpath: "" secrets: - secret: afsdeveloper_secret name: afs - job: name: publish-openstack-manuals-lang parent: publish-openstack-manuals-base post-run: - playbooks/publish/manuals.yaml - playbooks/publish/openstack-afs.yaml final: true allowed-projects: - openstack/openstack-manuals - openstack/security-doc vars: tox_envlist: publishlang afs_subpath: "" secrets: - secret: afsdocs_secret name: afs - job: name: publish-openstack-manuals-developer-lang parent: publish-openstack-manuals-base post-run: - playbooks/publish/manuals.yaml - playbooks/publish/openstack-afs.yaml final: true allowed-projects: - openstack/api-site vars: tox_envlist: publishlang afs_subpath: "" secrets: - secret: afsdeveloper_secret name: afs - job: name: publish-api-guide description: | Publish api-guide document to https://developer.openstack.org/api-guide. pre-run: playbooks/sphinx/pre.yaml run: playbooks/sphinx/run.yaml post-run: playbooks/publish/api-guide.yaml roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs # We only publish the master branch, so no need to run # for changes on other branches. branches: master vars: sphinx_source_dir: api-guide/source sphinx_build_dir: api-guide/build secrets: - secret: afsdeveloper_secret name: afs - job: name: publish-api-ref description: | Publish api-ref document to https://developer.openstack.org/api-ref. pre-run: playbooks/sphinx/pre.yaml run: playbooks/sphinx/run.yaml post-run: playbooks/publish/api-ref.yaml roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs # We only publish the master branch, so no need to run # for changes on other branches. branches: master vars: sphinx_build_dir: api-ref/build sphinx_source_dir: api-ref/source secrets: - secret: afsdeveloper_secret name: afs - job: name: publish-placement-api-ref description: | Publish placement-api-ref document to https://developer.openstack.org/api-ref/placement. allowed-projects: - openstack/nova pre-run: playbooks/sphinx/pre.yaml run: playbooks/sphinx/run.yaml post-run: - playbooks/publish/placement-api-ref.yaml - playbooks/publish/openstack-afs.yaml roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs # We only publish the master branch, so no need to run # for changes on other branches. branches: master vars: afs_subpath: "/api-ref/placement" sphinx_build_dir: placement-api-ref/build sphinx_source_dir: placement-api-ref/source secrets: - secret: afsdeveloper_secret name: afs - job: name: publish-install-guide description: | Publish install-guide document to https://docs.openstack.org/project-install-guide/ pre-run: playbooks/sphinx/pre.yaml run: playbooks/sphinx/run.yaml post-run: playbooks/publish/install-guide.yaml roles: - zuul: openstack-infra/zuul-jobs - zuul: openstack-infra/openstack-zuul-jobs # This job runs only pre-pike, with pike the documents have been # integrated into normal builds. branches: - stable/ocata vars: sphinx_build_dir: install-guide/build sphinx_source_dir: install-guide/source secrets: - secret: afsdocs_secret name: afs - job: name: publish-deploy-guide parent: publish-openstack-sphinx-docs-base description: | Publish deploy-guide document to https://docs.openstack.org/project-deploy-guide/ post-run: - playbooks/publish/deploy-guide.yaml vars: afs_subpath: "/project-deploy-guide/{{ zuul.project.short_name }}" sphinx_build_dir: deploy-guide/build sphinx_source_dir: deploy-guide/source - job: name: publish-training-labs-scripts parent: publish-openstack-artifacts description: | Publish training-labs tarball to tarballs.openstack.org. pre-run: playbooks/training-labs/pre.yaml run: playbooks/training-labs/run.yaml post-run: playbooks/training-labs/post.yaml secrets: - secret: site_tarballs name: fileserver allowed-projects: - openstack/training-labs - job: name: publish-openstack-javascript-content parent: publish-openstack-artifacts description: | Publish javascript content tarballs to tarballs.openstack.org. Content tarballs contain the built javascript/css/html artifacts. They are different from source tarballs, which are handled by the publish-openstack-javascript-tarball job. pre-run: playbooks/javascript/pre.yaml run: playbooks/javascript/content.yaml post-run: playbooks/javascript/publish.yaml - job: name: release-openstack-javascript parent: publish-openstack-artifacts description: | Release javascript tarballs to npm. pre-run: playbooks/javascript/pre.yaml run: playbooks/javascript/tarball.yaml post-run: playbooks/javascript/release.yaml secrets: - npm_credentials - gpg_key - job: name: propose-updates pre-run: playbooks/proposal/pre.yaml description: | Sync content to other projects as a proposed change. run: playbooks/proposal/propose-updates.yaml secrets: - secret: proposal_ssh_key name: ssh_key - job: name: propose-update-constraints parent: propose-updates description: | Update constraint files for requirements project with a proposed change. run: playbooks/proposal/propose-update-constraints.yaml dependencies: - release-openstack-python - job: name: propose-project-config-update parent: propose-updates description: | Update project-config files with a proposed change. run: playbooks/proposal/propose-project-config-update.yaml - job: name: build-wheel-mirror-base abstract: true description: | Base job for building wheels published in OpenStack CI mirrors. pre-run: - playbooks/wheel/pre.yaml run: playbooks/wheel/build.yaml post-run: playbooks/wheel/post-base.yaml # 2.5 hours timeout: 9000 # The job iterates over all branches, so we only need to run it on # master. branches: master roles: - zuul: openstack-infra/system-config allowed-projects: - openstack/requirements - job: name: build-wheel-mirror-centos-7 parent: build-wheel-mirror-base description: | Build CentOS 7 wheels for OpenStack CI mirrors. nodeset: nodes: - name: wheel-mirror-centos-7-python2 label: centos-7 host-vars: wheel-mirror-centos-7-python2: wheel_python: python2 - job: name: publish-wheel-mirror-centos-7 description: | Publish CentOS 7 wheels for OpenStack CI mirrors. parent: build-wheel-mirror-centos-7 pre-run: playbooks/openafs-client/setup.yaml post-run: playbooks/publish/wheel-mirror.yaml final: true secrets: - name: afs secret: wheel_keytab - job: name: build-wheel-mirror-ubuntu-bionic parent: build-wheel-mirror-base description: | Build Ubuntu Bionic wheels for OpenStack CI mirrors. nodeset: nodes: - name: wheel-mirror-ubuntu-bionic-python2 label: ubuntu-bionic - name: wheel-mirror-ubuntu-bionic-python3 label: ubuntu-bionic host-vars: wheel-mirror-ubuntu-bionic-python2: wheel_python: python2 wheel-mirror-ubuntu-bionic-python3: wheel_python: python3 - job: name: publish-wheel-mirror-ubuntu-bionic parent: build-wheel-mirror-ubuntu-bionic description: | Publish Ubuntu Bionic wheels for OpenStack CI mirrors. pre-run: playbooks/openafs-client/setup.yaml post-run: playbooks/publish/wheel-mirror.yaml final: true secrets: - name: afs secret: wheel_keytab - job: name: build-wheel-mirror-ubuntu-trusty parent: build-wheel-mirror-base description: | Build Ubuntu Trusty wheels for OpenStack CI mirrors. nodeset: nodes: - name: wheel-mirror-ubuntu-trusty-python2 label: ubuntu-trusty - name: wheel-mirror-ubuntu-trusty-python3 label: ubuntu-trusty host-vars: wheel-mirror-ubuntu-trusty-python2: wheel_python: python2 wheel-mirror-ubuntu-trusty-python3: wheel_python: python3 - job: name: publish-wheel-mirror-ubuntu-trusty parent: build-wheel-mirror-ubuntu-trusty description: | Publish Ubuntu Trusty wheels for OpenStack CI mirrors. pre-run: playbooks/openafs-client/setup.yaml post-run: playbooks/publish/wheel-mirror.yaml final: true secrets: - name: afs secret: wheel_keytab - job: name: build-wheel-mirror-ubuntu-xenial parent: build-wheel-mirror-base description: | Build Ubuntu Xenial wheels for OpenStack CI mirrors. nodeset: nodes: - name: wheel-mirror-ubuntu-xenial-python2 label: ubuntu-xenial - name: wheel-mirror-ubuntu-xenial-python3 label: ubuntu-xenial host-vars: wheel-mirror-ubuntu-xenial-python2: wheel_python: python2 wheel-mirror-ubuntu-xenial-python3: wheel_python: python3 - job: name: publish-wheel-mirror-ubuntu-xenial parent: build-wheel-mirror-ubuntu-xenial description: | Publish Ubuntu Xenial wheels for OpenStack CI mirrors. pre-run: playbooks/openafs-client/setup.yaml post-run: playbooks/publish/wheel-mirror.yaml final: true secrets: - name: afs secret: wheel_keytab - job: name: build-wheel-mirror-ubuntu-xenial-arm64 parent: build-wheel-mirror-base description: | Build Ubuntu Xenial ARM64 wheels for OpenStack CI mirrors. nodeset: nodes: - name: wheel-mirror-ubuntu-xenial-arm64-python2 label: ubuntu-xenial-arm64 - name: wheel-mirror-ubuntu-xenial-arm64-python3 label: ubuntu-xenial-arm64 host-vars: wheel-mirror-ubuntu-xenial-arm64-python2: wheel_python: python2 wheel-mirror-ubuntu-xenial-arm64-python3: wheel_python: python3 - job: name: publish-wheel-mirror-ubuntu-xenial-arm64 parent: build-wheel-mirror-ubuntu-xenial-arm64 description: | Publish Ubuntu Xenial ARM64 wheels for OpenStack CI mirrors. pre-run: playbooks/openafs-client/setup.yaml post-run: playbooks/publish/wheel-mirror.yaml final: true secrets: - name: afs secret: wheel_keytab - job: name: release-wheel-mirror description: | Release published wheels to OpenStack CI mirrors. run: playbooks/wheel/release.yaml nodeset: nodes: [] secrets: - name: afs secret: afsadmin_keytab - job: name: tag-releases description: | Tag projects for a release. pre-run: playbooks/release/pre.yaml run: playbooks/release/tag.yaml post-run: playbooks/release/post.yaml final: true secrets: - name: lp_creds secret: lp_creds - name: ssh_key secret: release_ssh_key - gpg_key - job: name: trigger-readthedocs-webhook description: | Trigger readthedocs to rebuild documentation Note this job requires some external setup. #. add the ``openstackci`` user as an admin to your RTD project #. generate a webhook URL via the "Integrations" dashboard page #. provide the ``id`` from that URL in a ``rtd_webhook_id`` variable You probably do not want to use this job directly, but rather include the `docs-on-readthedocs template `__ run: playbooks/publish/trigger-rtd.yaml post-review: true final: true secrets: - rtd_credentials - job: name: project-config-check-main-yaml description: | Check file zuul.d/main.yaml in project-config. pre-run: playbooks/check-main-yaml/pre.yaml run: playbooks/project-config/run-tox.yaml post-run: playbooks/check-main-yaml/post.yaml allowed-projects: - openstack-infra/project-config final: true vars: tox_envlist: add-projects-to-main files: - zuul/main.yaml - gerrit/projects.yaml # Limit number of translation jobs accessing translation server since # Zanata has problems with too many concurrent accesses. - semaphore: name: translations max: 10 - job: name: upstream-translation-update parent: propose-updates description: | Push strings for translation to translation server. pre-run: playbooks/translation/pre.yaml run: playbooks/translation/upstream-translation-update.yaml post-run: - playbooks/translation/post.yaml - playbooks/publish/openstack-artifacts.yaml semaphore: translations vars: fileserver_leading_path: translation-source constraints_file: '{{ ansible_user_dir }}/src/git.openstack.org/openstack/requirements/upper-constraints.txt' required-projects: - openstack/requirements secrets: - secret: site_tarballs name: fileserver - zanata_api_credentials - job: name: propose-translation-update parent: propose-updates description: | Import translations from translation server to projects as proposed change. pre-run: playbooks/translation/pre.yaml run: playbooks/translation/propose-translation-update.yaml post-run: playbooks/translation/post.yaml vars: constraints_file: '{{ ansible_user_dir }}/src/git.openstack.org/openstack/requirements/upper-constraints.txt' semaphore: translations required-projects: - openstack/requirements secrets: - zanata_api_credentials - job: name: project-config-bindep-fallback abstract: true description: | Check installation of binary packages for file nodepool/elements/bindep-fallback.txt. run: playbooks/bindep-fallback/run.yaml files: - nodepool/elements/bindep-fallback.txt - playbooks/bindep-fallback/run.yaml - job: name: project-config-bindep-fallback-centos-7 parent: project-config-bindep-fallback description: | Check installation of binary packages for file nodepool/elements/bindep-fallback.txt. The testing is done for CentOS 7. nodeset: centos-7 - job: name: project-config-bindep-fallback-opensuse-423 parent: project-config-bindep-fallback description: | Check installation of binary packages for file nodepool/elements/bindep-fallback.txt. The testing is done for openSUSE Leap 42.3. nodeset: opensuse-423 - job: name: project-config-bindep-fallback-ubuntu-trusty parent: project-config-bindep-fallback description: | Check installation of binary packages for file nodepool/elements/bindep-fallback.txt. The testing is done for Ubuntu Trusty. nodeset: ubuntu-trusty - job: name: project-config-bindep-fallback-ubuntu-xenial parent: project-config-bindep-fallback description: | Check installation of binary packages for file nodepool/elements/bindep-fallback.txt. The testing is done for Ubuntu Xenial. nodeset: ubuntu-xenial - job: name: openstackzuul-pbrx-push-container-images parent: pbrx-build-container-images description: | Publish images built by pbrx to openstackzuul Docker Hub account. A value must be supplied for the pbrx_prefix variable. allowed-projects: - openstack-infra/nodepool - openstack-infra/zuul post-run: playbooks/pbrx-push/post.yaml secrets: - openstackzuul_docker_login