51e501abc4
In order to start using jobs with secrets before gating it required to have a special post review pipeline. This pipeline can be triggered by setting Allow-Post-Review gerrit flag. To address potential races for Verified flag this pipeline does not set it. For the proper setup jobs of the post-review pipeline should also appear in gate pipeline. Change-Id: Ib633a621fbf004f2a34b8826014e3625c093c21f
418 lines
12 KiB
YAML
418 lines
12 KiB
YAML
# Shared zuul config specific to the OpenStack Project
|
|
# Contains definitions of pipelines
|
|
|
|
- pipeline:
|
|
name: check
|
|
description: |
|
|
Newly uploaded patchsets enter this pipeline to receive an
|
|
initial +/-1 Verified vote.
|
|
success-message: Build succeeded (check pipeline).
|
|
failure-message: |
|
|
Build failed (check pipeline). For information on how to proceed, see
|
|
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
|
|
manager: independent
|
|
precedence: low
|
|
require:
|
|
gerrit:
|
|
open: True
|
|
current-patchset: True
|
|
trigger:
|
|
gerrit:
|
|
- event: patchset-created
|
|
- event: change-restored
|
|
- event: comment-added
|
|
comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*recheck
|
|
- event: comment-added
|
|
require-approval:
|
|
- Verified: [-1, -2]
|
|
username: zuul
|
|
approval:
|
|
- Workflow: 1
|
|
github:
|
|
- event: pull_request
|
|
action:
|
|
- opened
|
|
- changed
|
|
- reopened
|
|
- event: pull_request
|
|
action: comment
|
|
comment: (?i)^\s*recheck\s*$
|
|
- event: check_run
|
|
start:
|
|
github:
|
|
check: 'in_progress'
|
|
comment: false
|
|
success:
|
|
gerrit:
|
|
# Note that gerrit keywords are case-sensitive.
|
|
Verified: 1
|
|
github:
|
|
check: 'success'
|
|
comment: false
|
|
failure:
|
|
gerrit:
|
|
Verified: -1
|
|
github:
|
|
check: 'failure'
|
|
comment: false
|
|
|
|
- pipeline:
|
|
name: post-review
|
|
description: |
|
|
Patches received initial review by project trusted members enter this
|
|
pipeline to execute additional jobs. This pipeline can be used to access
|
|
secrets before gating.
|
|
success-message: Build succeeded (post-review pipeline).
|
|
failure-message: |
|
|
Build failed (post-review pipeline). For information on how to proceed, see
|
|
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
|
|
manager: independent
|
|
post-review: True
|
|
precedence: low
|
|
require:
|
|
gerrit:
|
|
open: True
|
|
current-patchset: True
|
|
approval:
|
|
- Allow-Post-Review: [1]
|
|
trigger:
|
|
gerrit:
|
|
- event: comment-added
|
|
require-approval:
|
|
- Allow-Post-Review: [1]
|
|
|
|
- pipeline:
|
|
name: gate
|
|
description: |
|
|
Changes that have been approved by core reviewers are enqueued
|
|
in order in this pipeline, and if they pass tests, will be
|
|
merged. For documentation on how gating with Zuul works, please see
|
|
https://zuul-ci.org/docs/zuul/latest/gating.html
|
|
success-message: Build succeeded (gate pipeline).
|
|
failure-message: |
|
|
Build failed (gate pipeline). For information on how to proceed, see
|
|
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
|
|
manager: dependent
|
|
precedence: normal
|
|
post-review: True
|
|
require:
|
|
gerrit:
|
|
open: True
|
|
current-patchset: True
|
|
approval:
|
|
- Verified: [1, 2]
|
|
username: zuul
|
|
- Workflow: 1
|
|
trigger:
|
|
gerrit:
|
|
- event: comment-added
|
|
approval:
|
|
- Workflow: 1
|
|
- event: comment-added
|
|
approval:
|
|
- Verified: 1
|
|
username: zuul
|
|
start:
|
|
gerrit:
|
|
Verified: 0
|
|
success:
|
|
gerrit:
|
|
Verified: 2
|
|
submit: true
|
|
failure:
|
|
gerrit:
|
|
Verified: -2
|
|
window-floor: 20
|
|
window-increase-factor: 2
|
|
|
|
- pipeline:
|
|
name: post
|
|
description: |
|
|
This pipeline runs jobs that operate after each change is
|
|
merged. Queue items are identified by the abbreviated hash (git
|
|
log --format=%h) of the merge commit.
|
|
manager: supercedent
|
|
precedence: high
|
|
post-review: True
|
|
trigger:
|
|
gerrit:
|
|
- event: ref-updated
|
|
ref: ^refs/heads/.*$
|
|
|
|
- pipeline:
|
|
name: promote
|
|
description: |
|
|
This pipeline runs jobs that operate after each change is merged
|
|
in order to promote artifacts generated in the gate
|
|
pipeline.
|
|
success-message: Build succeeded (promote pipeline).
|
|
failure-message: |
|
|
Build failed (promote pipeline). For information on how to proceed, see
|
|
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
|
|
manager: supercedent
|
|
precedence: high
|
|
post-review: True
|
|
trigger:
|
|
gerrit:
|
|
- event: change-merged
|
|
success:
|
|
gerrit: {}
|
|
failure:
|
|
gerrit: {}
|
|
|
|
- pipeline:
|
|
name: pre-release
|
|
description: When a commit is tagged with a pre-release tag, this pipeline runs jobs that publish archives and documentation.
|
|
manager: independent
|
|
precedence: high
|
|
post-review: True
|
|
trigger:
|
|
gerrit:
|
|
- event: ref-updated
|
|
ref: ^refs/tags/[0-9]+(\.[0-9]+)*(a|b|rc)[0-9]+$
|
|
failure:
|
|
smtp:
|
|
from: zuul@openstack.org
|
|
to: release-job-failures@lists.openstack.org
|
|
subject: 'Pre-release of {change.project} for ref {change.ref} failed'
|
|
|
|
- pipeline:
|
|
name: release
|
|
description: When a commit is tagged as a release, this pipeline runs jobs that publish archives and documentation.
|
|
manager: independent
|
|
precedence: high
|
|
post-review: True
|
|
trigger:
|
|
gerrit:
|
|
- event: ref-updated
|
|
ref: ^refs/tags/[0-9]+(\.[0-9]+)*$
|
|
failure:
|
|
smtp:
|
|
from: zuul@openstack.org
|
|
to: release-job-failures@lists.openstack.org
|
|
subject: 'Release of {change.project} for ref {change.ref} failed'
|
|
|
|
- pipeline:
|
|
name: periodic
|
|
post-review: true
|
|
description: Jobs in this queue are triggered on a daily timer.
|
|
manager: independent
|
|
precedence: low
|
|
trigger:
|
|
timer:
|
|
- time: '0 2 * * *'
|
|
|
|
- pipeline:
|
|
name: deploy
|
|
description: |
|
|
This pipeline runs jobs that operate after each change is merged
|
|
in order to run production deployment playbooks.
|
|
success-message: Build succeeded (deploy pipeline).
|
|
failure-message: |
|
|
Build failed (deploy pipeline). For information on how to proceed, see
|
|
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
|
|
manager: serial
|
|
precedence: high
|
|
post-review: True
|
|
trigger:
|
|
gerrit:
|
|
- event: change-merged
|
|
success:
|
|
gerrit: {}
|
|
failure:
|
|
gerrit: {}
|
|
|
|
- pipeline:
|
|
name: opendev-prod-hourly
|
|
post-review: true
|
|
description: |
|
|
Temporary home for some OpenDev prod jobs that need to be
|
|
triggered frequently. Should not be used by anyone other than
|
|
OpenDev admins.
|
|
manager: independent
|
|
precedence: low
|
|
trigger:
|
|
timer:
|
|
# Run with a 2 minute jitter
|
|
- time: '0 * * * * * 120'
|
|
|
|
- pipeline:
|
|
name: periodic-weekly
|
|
post-review: true
|
|
description: Jobs in this queue are triggered on a weekly timer.
|
|
manager: independent
|
|
precedence: low
|
|
trigger:
|
|
timer:
|
|
# Saturday 8am UTC is a better time to start weekend jobs, as Sunday
|
|
# is a working day in some geographies.
|
|
# 5 is Saturday in apscheduler
|
|
- time: '0 8 * * 5'
|
|
|
|
- pipeline:
|
|
name: release-approval
|
|
description: |
|
|
Newly-reviewed release requests enter this pipeline to check if the
|
|
current state can represent PTL or release liaison approval.
|
|
manager: independent
|
|
precedence: low
|
|
require:
|
|
gerrit:
|
|
open: True
|
|
current-patchset: True
|
|
trigger:
|
|
gerrit:
|
|
- event: patchset-created
|
|
- event: comment-added
|
|
username: ^(?!^zuul$)\S+$
|
|
success:
|
|
gerrit:
|
|
PTL-Approved: 1
|
|
comment: false
|
|
failure:
|
|
gerrit:
|
|
PTL-Approved: 0
|
|
comment: false
|
|
|
|
- pipeline:
|
|
name: release-post
|
|
# NOTE(mordred): release-post needs access to credentials (eg: pypi).
|
|
post-review: true
|
|
description: This pipeline runs release-process-critical jobs that operate after specific changes are merged.
|
|
manager: independent
|
|
precedence: high
|
|
trigger:
|
|
gerrit:
|
|
- event: ref-updated
|
|
ref: ^refs/heads/.*$
|
|
failure:
|
|
smtp:
|
|
from: zuul@openstack.org
|
|
to: release-job-failures@lists.openstack.org
|
|
subject: 'release-post job for {change.project} for ref {change.ref} failed'
|
|
|
|
- pipeline:
|
|
name: tag
|
|
post-review: true
|
|
description: This pipeline runs jobs in response to any tag event.
|
|
manager: independent
|
|
precedence: high
|
|
trigger:
|
|
gerrit:
|
|
- event: ref-updated
|
|
ref: ^refs/tags/.*$
|
|
failure:
|
|
smtp:
|
|
from: zuul@openstack.org
|
|
to: release-job-failures@lists.openstack.org
|
|
subject: 'Tag of {change.project} for ref {change.ref} failed'
|
|
|
|
- pipeline:
|
|
name: periodic-stable
|
|
post-review: true
|
|
description: Periodic checks of the stable branches.
|
|
manager: independent
|
|
precedence: low
|
|
trigger:
|
|
timer:
|
|
- time: '1 2 * * *'
|
|
failure:
|
|
smtp:
|
|
from: zuul@openstack.org
|
|
to: openstack-stable-maint@lists.openstack.org
|
|
subject: 'Stable check of {change.project} for ref {change.ref} failed'
|
|
|
|
- pipeline:
|
|
name: experimental
|
|
description: On-demand pipeline for requesting a run against a set of jobs that are not yet gating. Leave review comment of "check experimental" to run jobs in this pipeline.
|
|
success-message: Build succeeded (experimental pipeline).
|
|
failure-message: Build failed (experimental pipeline).
|
|
manager: independent
|
|
precedence: low
|
|
trigger:
|
|
gerrit:
|
|
- event: comment-added
|
|
comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*check experimental\s*$
|
|
success:
|
|
gerrit: {}
|
|
failure:
|
|
gerrit: {}
|
|
|
|
- pipeline:
|
|
name: merge-check
|
|
description: >
|
|
Each time a change merges, this pipeline verifies that all open changes
|
|
on the same project are still mergeable.
|
|
failure-message: Build failed (merge-check pipeline).
|
|
manager: independent
|
|
ignore-dependencies: true
|
|
precedence: low
|
|
trigger: {}
|
|
|
|
- pipeline:
|
|
name: third-party-check
|
|
description: |
|
|
Newly uploaded patchsets to projects that are not hosted on OpenDev
|
|
enter this pipeline to receive an initial +/-1 Verified vote.
|
|
success-message: Build succeeded (third-party-check pipeline).
|
|
# TODO(mordred) We should write a document for non-OpenDev developers
|
|
failure-message: |
|
|
Build failed (third-party-check pipeline) integration testing on
|
|
OpenDev. For information on how to proceed, see
|
|
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
|
|
manager: independent
|
|
precedence: low
|
|
trigger:
|
|
github:
|
|
- event: pull_request
|
|
action:
|
|
- opened
|
|
- changed
|
|
- reopened
|
|
- event: pull_request
|
|
action: comment
|
|
comment: (?i)^\s*recheck\s*$
|
|
- event: check_run
|
|
start:
|
|
github:
|
|
check: 'in_progress'
|
|
comment: false
|
|
success:
|
|
github:
|
|
check: 'success'
|
|
comment: false
|
|
failure:
|
|
github:
|
|
check: 'failure'
|
|
comment: false
|
|
# Don't report merge-conflicts to github
|
|
merge-conflict: {}
|
|
|
|
# NOTE(ianw) 2019-12 : since we have very limited ARM64 resources, we
|
|
# have a separate pipeline so ARM64 jobs can start and queue gerrit
|
|
# changes automatically but don't hold up the main check pipeline. Of
|
|
# course, if we have more resources we can remove this and move jobs
|
|
# back into the regular check/gate.
|
|
- pipeline:
|
|
name: check-arm64
|
|
description: Pipeline for ARM64 based jobs.
|
|
success-message: Build succeeded (ARM64 pipeline).
|
|
failure-message: Build failed (ARM64 pipeline).
|
|
manager: independent
|
|
precedence: low
|
|
require:
|
|
gerrit:
|
|
open: True
|
|
current-patchset: True
|
|
trigger:
|
|
gerrit:
|
|
- event: patchset-created
|
|
- event: change-restored
|
|
- event: comment-added
|
|
comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*(recheck|check arm64)
|
|
|
|
success:
|
|
gerrit: {}
|
|
failure:
|
|
gerrit: {}
|