project-config/zuul.d/pipelines.yaml
Artem Goncharov 51e501abc4 Add post-review pipeline
In order to start using jobs with secrets before gating it required to
have a special post review pipeline. This pipeline can be triggered by
setting Allow-Post-Review gerrit flag.

To address potential races for Verified flag this pipeline does not set
it.

For the proper setup jobs of the post-review pipeline should also appear
in gate pipeline.

Change-Id: Ib633a621fbf004f2a34b8826014e3625c093c21f
2022-10-24 17:02:21 +00:00

418 lines
12 KiB
YAML

# Shared zuul config specific to the OpenStack Project
# Contains definitions of pipelines
- pipeline:
name: check
description: |
Newly uploaded patchsets enter this pipeline to receive an
initial +/-1 Verified vote.
success-message: Build succeeded (check pipeline).
failure-message: |
Build failed (check pipeline). For information on how to proceed, see
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
manager: independent
precedence: low
require:
gerrit:
open: True
current-patchset: True
trigger:
gerrit:
- event: patchset-created
- event: change-restored
- event: comment-added
comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*recheck
- event: comment-added
require-approval:
- Verified: [-1, -2]
username: zuul
approval:
- Workflow: 1
github:
- event: pull_request
action:
- opened
- changed
- reopened
- event: pull_request
action: comment
comment: (?i)^\s*recheck\s*$
- event: check_run
start:
github:
check: 'in_progress'
comment: false
success:
gerrit:
# Note that gerrit keywords are case-sensitive.
Verified: 1
github:
check: 'success'
comment: false
failure:
gerrit:
Verified: -1
github:
check: 'failure'
comment: false
- pipeline:
name: post-review
description: |
Patches received initial review by project trusted members enter this
pipeline to execute additional jobs. This pipeline can be used to access
secrets before gating.
success-message: Build succeeded (post-review pipeline).
failure-message: |
Build failed (post-review pipeline). For information on how to proceed, see
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
manager: independent
post-review: True
precedence: low
require:
gerrit:
open: True
current-patchset: True
approval:
- Allow-Post-Review: [1]
trigger:
gerrit:
- event: comment-added
require-approval:
- Allow-Post-Review: [1]
- pipeline:
name: gate
description: |
Changes that have been approved by core reviewers are enqueued
in order in this pipeline, and if they pass tests, will be
merged. For documentation on how gating with Zuul works, please see
https://zuul-ci.org/docs/zuul/latest/gating.html
success-message: Build succeeded (gate pipeline).
failure-message: |
Build failed (gate pipeline). For information on how to proceed, see
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
manager: dependent
precedence: normal
post-review: True
require:
gerrit:
open: True
current-patchset: True
approval:
- Verified: [1, 2]
username: zuul
- Workflow: 1
trigger:
gerrit:
- event: comment-added
approval:
- Workflow: 1
- event: comment-added
approval:
- Verified: 1
username: zuul
start:
gerrit:
Verified: 0
success:
gerrit:
Verified: 2
submit: true
failure:
gerrit:
Verified: -2
window-floor: 20
window-increase-factor: 2
- pipeline:
name: post
description: |
This pipeline runs jobs that operate after each change is
merged. Queue items are identified by the abbreviated hash (git
log --format=%h) of the merge commit.
manager: supercedent
precedence: high
post-review: True
trigger:
gerrit:
- event: ref-updated
ref: ^refs/heads/.*$
- pipeline:
name: promote
description: |
This pipeline runs jobs that operate after each change is merged
in order to promote artifacts generated in the gate
pipeline.
success-message: Build succeeded (promote pipeline).
failure-message: |
Build failed (promote pipeline). For information on how to proceed, see
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
manager: supercedent
precedence: high
post-review: True
trigger:
gerrit:
- event: change-merged
success:
gerrit: {}
failure:
gerrit: {}
- pipeline:
name: pre-release
description: When a commit is tagged with a pre-release tag, this pipeline runs jobs that publish archives and documentation.
manager: independent
precedence: high
post-review: True
trigger:
gerrit:
- event: ref-updated
ref: ^refs/tags/[0-9]+(\.[0-9]+)*(a|b|rc)[0-9]+$
failure:
smtp:
from: zuul@openstack.org
to: release-job-failures@lists.openstack.org
subject: 'Pre-release of {change.project} for ref {change.ref} failed'
- pipeline:
name: release
description: When a commit is tagged as a release, this pipeline runs jobs that publish archives and documentation.
manager: independent
precedence: high
post-review: True
trigger:
gerrit:
- event: ref-updated
ref: ^refs/tags/[0-9]+(\.[0-9]+)*$
failure:
smtp:
from: zuul@openstack.org
to: release-job-failures@lists.openstack.org
subject: 'Release of {change.project} for ref {change.ref} failed'
- pipeline:
name: periodic
post-review: true
description: Jobs in this queue are triggered on a daily timer.
manager: independent
precedence: low
trigger:
timer:
- time: '0 2 * * *'
- pipeline:
name: deploy
description: |
This pipeline runs jobs that operate after each change is merged
in order to run production deployment playbooks.
success-message: Build succeeded (deploy pipeline).
failure-message: |
Build failed (deploy pipeline). For information on how to proceed, see
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
manager: serial
precedence: high
post-review: True
trigger:
gerrit:
- event: change-merged
success:
gerrit: {}
failure:
gerrit: {}
- pipeline:
name: opendev-prod-hourly
post-review: true
description: |
Temporary home for some OpenDev prod jobs that need to be
triggered frequently. Should not be used by anyone other than
OpenDev admins.
manager: independent
precedence: low
trigger:
timer:
# Run with a 2 minute jitter
- time: '0 * * * * * 120'
- pipeline:
name: periodic-weekly
post-review: true
description: Jobs in this queue are triggered on a weekly timer.
manager: independent
precedence: low
trigger:
timer:
# Saturday 8am UTC is a better time to start weekend jobs, as Sunday
# is a working day in some geographies.
# 5 is Saturday in apscheduler
- time: '0 8 * * 5'
- pipeline:
name: release-approval
description: |
Newly-reviewed release requests enter this pipeline to check if the
current state can represent PTL or release liaison approval.
manager: independent
precedence: low
require:
gerrit:
open: True
current-patchset: True
trigger:
gerrit:
- event: patchset-created
- event: comment-added
username: ^(?!^zuul$)\S+$
success:
gerrit:
PTL-Approved: 1
comment: false
failure:
gerrit:
PTL-Approved: 0
comment: false
- pipeline:
name: release-post
# NOTE(mordred): release-post needs access to credentials (eg: pypi).
post-review: true
description: This pipeline runs release-process-critical jobs that operate after specific changes are merged.
manager: independent
precedence: high
trigger:
gerrit:
- event: ref-updated
ref: ^refs/heads/.*$
failure:
smtp:
from: zuul@openstack.org
to: release-job-failures@lists.openstack.org
subject: 'release-post job for {change.project} for ref {change.ref} failed'
- pipeline:
name: tag
post-review: true
description: This pipeline runs jobs in response to any tag event.
manager: independent
precedence: high
trigger:
gerrit:
- event: ref-updated
ref: ^refs/tags/.*$
failure:
smtp:
from: zuul@openstack.org
to: release-job-failures@lists.openstack.org
subject: 'Tag of {change.project} for ref {change.ref} failed'
- pipeline:
name: periodic-stable
post-review: true
description: Periodic checks of the stable branches.
manager: independent
precedence: low
trigger:
timer:
- time: '1 2 * * *'
failure:
smtp:
from: zuul@openstack.org
to: openstack-stable-maint@lists.openstack.org
subject: 'Stable check of {change.project} for ref {change.ref} failed'
- pipeline:
name: experimental
description: On-demand pipeline for requesting a run against a set of jobs that are not yet gating. Leave review comment of "check experimental" to run jobs in this pipeline.
success-message: Build succeeded (experimental pipeline).
failure-message: Build failed (experimental pipeline).
manager: independent
precedence: low
trigger:
gerrit:
- event: comment-added
comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*check experimental\s*$
success:
gerrit: {}
failure:
gerrit: {}
- pipeline:
name: merge-check
description: >
Each time a change merges, this pipeline verifies that all open changes
on the same project are still mergeable.
failure-message: Build failed (merge-check pipeline).
manager: independent
ignore-dependencies: true
precedence: low
trigger: {}
- pipeline:
name: third-party-check
description: |
Newly uploaded patchsets to projects that are not hosted on OpenDev
enter this pipeline to receive an initial +/-1 Verified vote.
success-message: Build succeeded (third-party-check pipeline).
# TODO(mordred) We should write a document for non-OpenDev developers
failure-message: |
Build failed (third-party-check pipeline) integration testing on
OpenDev. For information on how to proceed, see
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
manager: independent
precedence: low
trigger:
github:
- event: pull_request
action:
- opened
- changed
- reopened
- event: pull_request
action: comment
comment: (?i)^\s*recheck\s*$
- event: check_run
start:
github:
check: 'in_progress'
comment: false
success:
github:
check: 'success'
comment: false
failure:
github:
check: 'failure'
comment: false
# Don't report merge-conflicts to github
merge-conflict: {}
# NOTE(ianw) 2019-12 : since we have very limited ARM64 resources, we
# have a separate pipeline so ARM64 jobs can start and queue gerrit
# changes automatically but don't hold up the main check pipeline. Of
# course, if we have more resources we can remove this and move jobs
# back into the regular check/gate.
- pipeline:
name: check-arm64
description: Pipeline for ARM64 based jobs.
success-message: Build succeeded (ARM64 pipeline).
failure-message: Build failed (ARM64 pipeline).
manager: independent
precedence: low
require:
gerrit:
open: True
current-patchset: True
trigger:
gerrit:
- event: patchset-created
- event: change-restored
- event: comment-added
comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*(recheck|check arm64)
success:
gerrit: {}
failure:
gerrit: {}