1df18b2fd6
A multinode-fips job is added, which inherits from multinode. This job provides a subscription key to enable a Ubuntu Advantage subscription to allow us to test FIPS. This secret is passed through to the multinode (parent job) through the pass-to-parent boolean. Change-Id: I470d7b7b0773d0be1e3971bc02d23ea61f80f162
1277 lines
38 KiB
YAML
1277 lines
38 KiB
YAML
# Shared zuul config specific to the OpenStack Project
|
|
# Contains definitions of trusted jobs
|
|
# Overrides jobs from:
|
|
# https://opendev.org/zuul/zuul-jobs
|
|
|
|
- job:
|
|
name: publish-openstack-artifacts
|
|
nodeset: ubuntu-focal
|
|
description: |
|
|
Publish job to upload artifacts to tarballs.openstack.org
|
|
post-review: true
|
|
post-run: playbooks/publish/openstack-artifacts.yaml
|
|
secrets:
|
|
- secret: afs_tarballs_opendev_org
|
|
name: afs
|
|
|
|
- job:
|
|
name: release-openstack-puppet
|
|
parent: publish-openstack-artifacts
|
|
description: |
|
|
Sign and release puppet tarballs to tarballs.o.o.
|
|
pre-run: playbooks/puppet-tarball/pre.yaml
|
|
run: playbooks/puppet-tarball/run.yaml
|
|
post-run:
|
|
- playbooks/puppet-tarball/post.yaml
|
|
- playbooks/publish/puppetforge.yaml
|
|
secrets:
|
|
- gpg_key
|
|
- name: puppetforge
|
|
secret: openstack_puppetforge_credentials
|
|
|
|
- job:
|
|
name: release-openstack-python
|
|
parent: publish-openstack-artifacts
|
|
description: |
|
|
Release python tarballs / wheels to pypi.
|
|
pre-run: playbooks/pti-python-tarball/pre.yaml
|
|
run: playbooks/pti-python-tarball/run.yaml
|
|
post-run:
|
|
- playbooks/pti-python-tarball/post.yaml
|
|
- playbooks/publish/pypi.yaml
|
|
secrets:
|
|
- secret: pypi_secret
|
|
name: pypi_info
|
|
- gpg_key
|
|
vars:
|
|
release_python: python3
|
|
|
|
- job:
|
|
name: test-release-openstack
|
|
nodeset: ubuntu-focal
|
|
parent: base
|
|
description: |
|
|
Test building python tarballs / wheels and the packaging metadata.
|
|
pre-run: playbooks/pti-python-tarball/pre.yaml
|
|
run: playbooks/pti-python-tarball/check.yaml
|
|
vars:
|
|
release_python: python3
|
|
files:
|
|
- setup.cfg
|
|
- setup.py
|
|
- README.rst
|
|
|
|
- job:
|
|
name: publish-openstack-python-tarball
|
|
parent: publish-openstack-artifacts
|
|
description: |
|
|
Release and sign OpenStack python tarballs to tarballs.o.o.
|
|
It is similar to release-openstack-python but
|
|
omits PyPI publication.
|
|
pre-run: playbooks/pti-python-tarball/pre.yaml
|
|
run: playbooks/pti-python-tarball/run.yaml
|
|
post-run:
|
|
- playbooks/pti-python-tarball/post.yaml
|
|
secrets:
|
|
- gpg_key
|
|
vars:
|
|
release_python: python3
|
|
|
|
- job:
|
|
name: publish-openstack-sphinx-docs-base
|
|
nodeset: ubuntu-xenial
|
|
description: |
|
|
Base job for publishing sphinx documentation to
|
|
/afs/.openstack.org/docs/.
|
|
|
|
This job is obsolete, use ``publish-openstack-tox-docs-base`` instead.
|
|
abstract: true
|
|
protected: true
|
|
pre-run:
|
|
- playbooks/sphinx/pre.yaml
|
|
run: playbooks/sphinx/run.yaml
|
|
post-run:
|
|
- playbooks/publish/openstack-afs.yaml
|
|
required-projects:
|
|
- name: openstack/requirements
|
|
roles:
|
|
- zuul: zuul/zuul-jobs
|
|
- zuul: openstack/openstack-zuul-jobs
|
|
secrets:
|
|
- secret: afsdocs_secret
|
|
name: afs
|
|
vars:
|
|
constraints_file: '{{ ansible_user_dir }}/src/opendev.org/openstack/requirements/upper-constraints.txt'
|
|
|
|
- job:
|
|
name: publish-openstack-sphinx-docs
|
|
parent: publish-openstack-sphinx-docs-base
|
|
description: |
|
|
Publish the results of the build-openstack-sphinx-docs job to
|
|
/afs/.openstack.org/docs/{{ zuul.project.short_name }}.
|
|
|
|
Publishes depending on branch to latest/ (for master), or the
|
|
basename of the branch like pike (for stable/pike).
|
|
|
|
This is the publication job for ``build-openstack-sphinx-docs``.
|
|
This job is obsolete and should not be used anymore since rocky,
|
|
use ``promote-openstack-docs`` instead.
|
|
|
|
final: true
|
|
pre-run:
|
|
# TODO(mordred) REMOVE THIS HACK
|
|
- playbooks/sphinx/neutron-horizon-hack.yaml
|
|
post-run:
|
|
- playbooks/sphinx/post.yaml
|
|
required-projects:
|
|
# TODO(mordred) REMOVE THIS HACK ONCE neutron-horizon-hack is removed
|
|
- name: openstack/neutron
|
|
- name: openstack/horizon
|
|
|
|
- job:
|
|
name: promote-openstack-tox-docs
|
|
parent: opendev-promote-docs-base
|
|
description: |
|
|
Promote content from openstack-tox-docs job for projects that
|
|
run tox using the docs environment following OpenStack PTI.
|
|
|
|
Publish the results of the docs tox job to
|
|
/afs/.openstack.org/docs/{{ zuul.project.short_name }}.
|
|
|
|
Publishes depending on branch to latest/ (for master), or the
|
|
basename of the branch like pike (for stable/pike).
|
|
|
|
This is the promote job for ``openstack-tox-docs``.
|
|
final: true
|
|
vars:
|
|
download_artifact_job: openstack-tox-docs
|
|
secrets:
|
|
- secret: afsdocs_secret-tox-docs
|
|
name: afs
|
|
pass-to-parent: true
|
|
|
|
- job:
|
|
name: promote-openstack-tox-docs-direct
|
|
parent: opendev-promote-docs-base
|
|
description: |
|
|
Promote content from openstack-tox-docs job for projects that
|
|
run tox using the docs environment following OpenStack PTI.
|
|
|
|
Publish the results of the docs tox job to
|
|
/afs/.openstack.org/docs/{{ zuul.project.short_name }}.
|
|
|
|
Publishing is done from master branch directly without using /latest.
|
|
|
|
This is a promote job for ``openstack-tox-docs``.
|
|
final: true
|
|
branches: master
|
|
vars:
|
|
download_artifact_job: openstack-tox-docs
|
|
secrets:
|
|
- secret: afsdocs_secret-tox-docs-direct
|
|
name: afs
|
|
pass-to-parent: true
|
|
|
|
- job:
|
|
name: promote-tox-docs-special-base
|
|
parent: opendev-promote-docs-base
|
|
description: |
|
|
Promote content from openstack-tox-docs job for some projects
|
|
that need a special location.
|
|
|
|
Publish the results of the tox-docs job to
|
|
/afs/.openstack.org/docs/{special_publish_directory}.
|
|
|
|
This is a promote job for ``openstack-tox-docs``.
|
|
|
|
A job needs to set the variable `special_publish_directory`.
|
|
abstract: true
|
|
protected: true
|
|
vars:
|
|
download_artifact_job: openstack-tox-docs
|
|
secrets:
|
|
- secret: afsdocs_secret-tox-docs-special
|
|
name: afs
|
|
pass-to-parent: true
|
|
|
|
- job:
|
|
name: promote-openstack-contributor-guide
|
|
parent: promote-tox-docs-special-base
|
|
description: |
|
|
Publish contributor-guide documents to
|
|
https://docs.openstack.org/contributors
|
|
final: true
|
|
allowed-projects:
|
|
- openstack/contributor-guide
|
|
branches: master
|
|
vars:
|
|
special_publish_directory: "contributors"
|
|
|
|
# AFS sync issues happen when multiple publish jobs run at the same time
|
|
# so we make it synchronous to avoid job failures
|
|
- semaphore:
|
|
name: publish-releasenotes
|
|
max: 1
|
|
|
|
- job:
|
|
name: publish-openstack-releasenotes-python3
|
|
description: |
|
|
Publish the results of build-openstack-releasenotes to
|
|
/afs/.openstack.org/docs/releasenotes/{{ zuul.project.short_name }}
|
|
Uses python3.
|
|
# This job is final because its sets the afs_subpath
|
|
# variable; it is not safe to let that be overridden in an
|
|
# untrusted job because it would allow writing outside of the
|
|
# project's directory on the production doc site.
|
|
final: true
|
|
pre-run: playbooks/releasenotes/pre.yaml
|
|
run: playbooks/releasenotes/run.yaml
|
|
post-run:
|
|
- playbooks/publish/releasenotes.yaml
|
|
- playbooks/publish/openstack-afs.yaml
|
|
semaphores: publish-releasenotes
|
|
override-branch: master
|
|
# Building translated releasenotes can take long for large repositories
|
|
timeout: 3600
|
|
required-projects:
|
|
- name: openstack/requirements
|
|
roles:
|
|
- zuul: openstack/openstack-zuul-jobs
|
|
- zuul: zuul/zuul-jobs
|
|
vars:
|
|
sphinx_python: python3
|
|
afs_subpath: "/releasenotes/{{ zuul.project.short_name }}"
|
|
constraints_file: '{{ ansible_user_dir }}/src/opendev.org/openstack/requirements/upper-constraints.txt'
|
|
sphinx_build_dir: releasenotes/build
|
|
secrets:
|
|
- secret: afsdocs_secret
|
|
name: afs
|
|
|
|
- job:
|
|
name: promote-openstack-releasenotes
|
|
parent: opendev-promote-docs-base
|
|
description: |
|
|
Promote the results of build-openstack-releasenotes to
|
|
/afs/.openstack.org/docs/releasenotes/{{ zuul.project.short_name }}
|
|
final: true
|
|
vars:
|
|
download_artifact_job: build-openstack-releasenotes
|
|
secrets:
|
|
- secret: afsdocs_secret-releasenotes
|
|
name: afs
|
|
pass-to-parent: true
|
|
# Same file list as for job build-reno-releasenotes that is
|
|
# defined in zuul/zuul-jobs repo, file zuul.d/python-jobs.yaml.
|
|
# Keep those lists in sync.
|
|
files:
|
|
- ^releasenotes/.*
|
|
- bindep.txt
|
|
- doc/requirements.txt
|
|
- test-requirements.txt
|
|
- tox.ini
|
|
|
|
- job:
|
|
name: promote-openstack-specs-site
|
|
parent: promote-tox-docs-site-base
|
|
final: true
|
|
description: |
|
|
Publish OpenStack specs index.
|
|
|
|
Publish specs index to
|
|
/afs/.openstack.org/project/specs.openstack.org/
|
|
|
|
This is a promote job for ``build-openstack-specs-site``.
|
|
allowed-projects:
|
|
- openstack/project-config
|
|
vars:
|
|
download_artifact_job: build-openstack-specs-site
|
|
publish_site: "specs.openstack.org"
|
|
|
|
- job:
|
|
name: promote-openstack-specs
|
|
parent: promote-tox-docs-site-base
|
|
final: true
|
|
description: |
|
|
Publish OpenStack specs project.
|
|
|
|
Publish specs index to
|
|
/afs/.openstack.org/project/specs.openstack.org/{zuul[project][name]}.
|
|
|
|
This is a promote job for ``openstack-tox-docs``.
|
|
vars:
|
|
download_artifact_job: openstack-tox-docs
|
|
publish_site: "specs.openstack.org/{zuul[project][name]}"
|
|
|
|
- job:
|
|
name: promote-tox-docs-infra
|
|
parent: opendev-promote-docs-base
|
|
description: |
|
|
Promote content from tox-docs job for Infra projects.
|
|
|
|
Publish the results of the tox-docs job to
|
|
/afs/.openstack.org/docs/infra/{{ zuul.project.short_name }}.
|
|
|
|
This is a promote job for ``opendev-tox-docs``.
|
|
final: true
|
|
vars:
|
|
download_artifact_job: opendev-tox-docs
|
|
secrets:
|
|
- secret: afsdocs_secret-tox-docs-infra
|
|
name: afs
|
|
pass-to-parent: true
|
|
branches: master
|
|
|
|
- job:
|
|
name: promote-service-types-authority
|
|
parent: promote-tox-docs-site-base
|
|
description: |
|
|
Publish OpenStack Service Types Authority to
|
|
/afs/.openstack.org/project/service-typs.openstack.org/.
|
|
|
|
This is a promote job for ``service-types-authority-tox-publish``.
|
|
final: true
|
|
run: playbooks/service-types/promote.yaml
|
|
allowed-projects:
|
|
- openstack/service-types-authority
|
|
vars:
|
|
download_artifact_job: service-types-authority-tox-publish
|
|
publish_site: "service-types.openstack.org"
|
|
secrets:
|
|
- secret: afsdocs_secret-tox-docs-site
|
|
name: afs
|
|
pass-to-parent: true
|
|
|
|
- job:
|
|
name: promote-irc-meetings-ical
|
|
parent: promote-tox-docs-site-base
|
|
description: |
|
|
Publish OpenDev Meetings site/ical to
|
|
/afs/.openstack.org/project/meetings.opendev.org/.
|
|
|
|
This is a promote job for ``irc-meetings-ical-tox-publish``.
|
|
final: true
|
|
run: playbooks/service-types/promote.yaml
|
|
allowed-projects:
|
|
- opendev/irc-meetings
|
|
vars:
|
|
download_artifact_job: irc-meetings-ical-tox-publish
|
|
publish_site: "meetings.opendev.org"
|
|
secrets:
|
|
- secret: afsdocs_secret-tox-docs-site
|
|
name: afs
|
|
pass-to-parent: true
|
|
|
|
- job:
|
|
name: promote-infra-index
|
|
parent: promote-tox-docs-special-base
|
|
description: |
|
|
Promote infra index.html to
|
|
https://docs.openstack.org/infra/
|
|
allowed-projects:
|
|
- openstack/project-config
|
|
final: true
|
|
branches: master
|
|
vars:
|
|
download_artifact_job: project-config-infra-docs-index
|
|
special_publish_directory: "infra"
|
|
|
|
- job:
|
|
name: publish-infra-publications-index
|
|
description: |
|
|
Publish the publication index
|
|
final: true
|
|
run: playbooks/publications-index/run.yaml
|
|
post-run:
|
|
- playbooks/publish/publications-index.yaml
|
|
- playbooks/publish/openstack-afs.yaml
|
|
# Index is always published from master
|
|
override-branch: master
|
|
allowed-projects:
|
|
- opendev/publications
|
|
roles:
|
|
- zuul: zuul/zuul-jobs
|
|
- zuul: openstack/openstack-zuul-jobs
|
|
vars:
|
|
afs_subpath: "/infra/publications/"
|
|
tox_envlist: infra-docs
|
|
secrets:
|
|
- secret: afsdocs_secret
|
|
name: afs
|
|
|
|
- job:
|
|
name: publish-infra-publications
|
|
description: |
|
|
Publish one publication from opendev/publications
|
|
final: true
|
|
run: playbooks/publications/run.yaml
|
|
post-run:
|
|
- playbooks/publish/publications.yaml
|
|
- playbooks/publish/openstack-afs.yaml
|
|
allowed-projects:
|
|
- opendev/publications
|
|
roles:
|
|
- zuul: zuul/zuul-jobs
|
|
- zuul: openstack/openstack-zuul-jobs
|
|
vars:
|
|
afs_subpath: "/infra/publications/"
|
|
tox_envlist: infra-docs
|
|
secrets:
|
|
- secret: afsdocs_secret
|
|
name: afs
|
|
|
|
- job:
|
|
name: publish-openstack-python-branch-tarball
|
|
parent: publish-openstack-artifacts
|
|
description: |
|
|
Publish the results of the tox-tarball job to tarballs.openstack.org.
|
|
pre-run: playbooks/pti-python-tarball/pre.yaml
|
|
run: playbooks/pti-python-tarball/run.yaml
|
|
post-run: playbooks/python-branch-tarball/post.yaml
|
|
vars:
|
|
release_python: python3
|
|
|
|
# AFS sync issues happen when multiple publish jobs run at the same time
|
|
# so we make it synchronous to avoid job failures
|
|
- semaphore:
|
|
name: publish-release-docs
|
|
max: 1
|
|
|
|
- job:
|
|
name: publish-tox-docs-releases
|
|
description: |
|
|
Publish content of openstack/releases to
|
|
/afs/.openstack.org/project/releases.openstack.org/.
|
|
|
|
Builds the docs using ``tox -e docs``.
|
|
final: true
|
|
roles:
|
|
- zuul: openstack/openstack-zuul-jobs
|
|
pre-run: playbooks/project-config/pre-tox.yaml
|
|
run: playbooks/project-config/run-tox.yaml
|
|
post-run:
|
|
- playbooks/project-config/post-tox.yaml
|
|
- playbooks/sphinx/post-infra.yaml
|
|
- playbooks/publish/releases-afs.yaml
|
|
semaphores: publish-release-docs
|
|
allowed-projects:
|
|
- openstack/releases
|
|
required-projects:
|
|
- openstack/requirements
|
|
secrets:
|
|
- secret: afsdocs_secret
|
|
name: afs
|
|
vars:
|
|
tox_envlist: docs
|
|
afs_subpath: "/{{ zuul.project.short_name }}"
|
|
|
|
- job:
|
|
name: promote-tox-docs-site-base
|
|
parent: opendev-promote-docs-base
|
|
description: |
|
|
Promote content from openstack-tox-docs job for some projects
|
|
that need a special location.
|
|
|
|
Publish the results of the tox-docs job to
|
|
/afs/.openstack.org/project/{publish_site}.
|
|
|
|
This is a promote job for ``openstack-tox-docs``.
|
|
|
|
A job needs to set the variables `publish_site`.
|
|
abstract: true
|
|
protected: true
|
|
vars:
|
|
download_artifact_job: openstack-tox-docs
|
|
secrets:
|
|
- secret: afsdocs_secret-tox-docs-site
|
|
name: afs
|
|
pass-to-parent: true
|
|
|
|
- job:
|
|
name: promote-airship-docs-website
|
|
parent: promote-tox-docs-site-base
|
|
description: |
|
|
Promote root site content for docs.airshipit.org to airshipit.org/docs.
|
|
final: true
|
|
allowed-projects:
|
|
- airship/docs
|
|
vars:
|
|
publish_site: "airshipit.org/docs"
|
|
|
|
- job:
|
|
name: promote-airship-project-docs
|
|
parent: promote-tox-docs-site-base
|
|
description: |
|
|
Promote subproject doc content for docs.airshipit.org site.
|
|
final: true
|
|
allowed-projects:
|
|
- airship/airshipctl
|
|
- airship/airshipui
|
|
- airship/armada
|
|
- airship/charts
|
|
- airship/deckhand
|
|
- airship/divingbell
|
|
- airship/drydock
|
|
- airship/election
|
|
- airship/governance
|
|
- airship/pegleg
|
|
- airship/porthole
|
|
- airship/promenade
|
|
- airship/shipyard
|
|
- airship/specs
|
|
- airship/spyglass
|
|
- airship/spyglass-plugin-xls
|
|
- airship/treasuremap
|
|
vars:
|
|
publish_site: "airshipit.org/docs/{zuul[project][short_name]}"
|
|
|
|
- job:
|
|
name: promote-governance-election
|
|
parent: promote-tox-docs-site-base
|
|
description:
|
|
Promote content to governance.openstack.org/election.
|
|
final: true
|
|
allowed-projects:
|
|
- openstack/election
|
|
vars:
|
|
publish_site: "governance.openstack.org/election"
|
|
|
|
- job:
|
|
name: promote-governance-ideas
|
|
parent: promote-tox-docs-site-base
|
|
description:
|
|
Promote content to governance.openstack.org/ideas.
|
|
final: true
|
|
allowed-projects:
|
|
- openstack/ideas
|
|
vars:
|
|
publish_site: "governance.openstack.org/ideas"
|
|
|
|
- job:
|
|
name: promote-governance-sigs
|
|
parent: promote-tox-docs-site-base
|
|
description: |
|
|
Promote content to governance.openstack.org/sigs.
|
|
final: true
|
|
allowed-projects:
|
|
- openstack/governance-sigs
|
|
vars:
|
|
publish_site: "governance.openstack.org/sigs"
|
|
|
|
- job:
|
|
name: promote-governance-tc
|
|
parent: promote-tox-docs-site-base
|
|
description: |
|
|
Promote content to governance.openstack.org/sigs.
|
|
final: true
|
|
allowed-projects:
|
|
- openstack/governance
|
|
vars:
|
|
publish_site: "governance.openstack.org/tc"
|
|
|
|
- job:
|
|
name: promote-governance-website
|
|
parent: promote-tox-docs-site-base
|
|
description: |
|
|
Promote content to governance.openstack.org.
|
|
final: true
|
|
allowed-projects:
|
|
- openstack/governance-website
|
|
vars:
|
|
publish_site: "governance.openstack.org/governance"
|
|
|
|
- job:
|
|
name: promote-security
|
|
parent: promote-tox-docs-site-base
|
|
description: |
|
|
Promote content to security.openstack.org.
|
|
final: true
|
|
allowed-projects:
|
|
- openstack/ossa
|
|
vars:
|
|
publish_site: "security.openstack.org"
|
|
|
|
- job:
|
|
name: promote-openstack-manuals
|
|
description: |
|
|
Promote content fron build-openstack-manuals job and
|
|
publishes it on docs.openstack.org website.
|
|
parent: opendev-promote-docs-base
|
|
final: true
|
|
timeout: 2700
|
|
allowed-projects:
|
|
- openstack/openstack-manuals
|
|
- openstack/security-doc
|
|
- openstack/training-guides
|
|
vars:
|
|
write_root_marker: false
|
|
download_artifact_job: build-tox-manuals-publishdocs
|
|
secrets:
|
|
- secret: afsdocs_secret-openstack-manuals
|
|
name: afs
|
|
pass-to-parent: true
|
|
|
|
- job:
|
|
name: promote-openstack-manuals-lang
|
|
description: |
|
|
Promote content fron build-openstack-manuals-lang job and
|
|
publishes it on docs.openstack.org website.
|
|
parent: opendev-promote-docs-base
|
|
final: true
|
|
allowed-projects:
|
|
- openstack/openstack-manuals
|
|
- openstack/security-doc
|
|
- openstack/training-guides
|
|
vars:
|
|
write_root_marker: false
|
|
download_artifact_job: build-tox-manuals-publishlang
|
|
secrets:
|
|
- secret: afsdocs_secret-openstack-manuals
|
|
name: afs
|
|
pass-to-parent: true
|
|
|
|
- job:
|
|
name: promote-openstack-manuals-developer
|
|
description: |
|
|
Promote content fron build-openstack-manuals job and
|
|
publishes it on developer.openstack.org website.
|
|
parent: opendev-promote-docs-base
|
|
final: true
|
|
allowed-projects:
|
|
- openstack/api-site
|
|
vars:
|
|
write_root_marker: false
|
|
download_artifact_job: build-tox-manuals-publishdocs
|
|
secrets:
|
|
- secret: afsdeveloper_secret-openstack-manuals
|
|
name: afs
|
|
pass-to-parent: true
|
|
|
|
- job:
|
|
name: promote-api-guide
|
|
parent: opendev-promote-docs-base
|
|
description: |
|
|
Publish api-guide document to
|
|
https://docs.openstack.org/api-guide.
|
|
|
|
This job is run in a promote pipeline to publish documents built
|
|
in the gate pipeline.
|
|
# We only publish the master branch, so no need to run
|
|
# for changes on other branches.
|
|
branches: master
|
|
final: true
|
|
run: playbooks/api-jobs/promote.yaml
|
|
vars:
|
|
api_path: api-guide
|
|
download_artifact_job: build-openstack-api-guide
|
|
roles:
|
|
- zuul: zuul/zuul-jobs
|
|
- zuul: openstack/openstack-zuul-jobs
|
|
secrets:
|
|
- secret: afsdocs_secret
|
|
name: afs
|
|
|
|
- job:
|
|
name: promote-api-ref
|
|
parent: opendev-promote-docs-base
|
|
description: |
|
|
Publish api-ref document to
|
|
https://docs.openstack.org/api-ref.
|
|
|
|
This job is run in a promote pipeline to publish documents built
|
|
in the gate pipeline.
|
|
# We only publish the master branch, so no need to run
|
|
# for changes on other branches.
|
|
branches: master
|
|
final: true
|
|
run: playbooks/api-jobs/promote.yaml
|
|
vars:
|
|
api_path: api-ref
|
|
download_artifact_job: build-openstack-api-ref
|
|
roles:
|
|
- zuul: zuul/zuul-jobs
|
|
- zuul: openstack/openstack-zuul-jobs
|
|
secrets:
|
|
- secret: afsdocs_secret
|
|
name: afs
|
|
|
|
- job:
|
|
name: publish-install-guide
|
|
description: |
|
|
Publish install-guide document to
|
|
https://docs.openstack.org/project-install-guide/
|
|
pre-run: playbooks/sphinx/pre.yaml
|
|
run: playbooks/sphinx/run.yaml
|
|
post-run: playbooks/publish/install-guide.yaml
|
|
roles:
|
|
- zuul: zuul/zuul-jobs
|
|
- zuul: openstack/openstack-zuul-jobs
|
|
# This job runs only pre-pike, with pike the documents have been
|
|
# integrated into normal builds.
|
|
branches:
|
|
- stable/ocata
|
|
vars:
|
|
sphinx_build_dir: install-guide/build
|
|
sphinx_source_dir: install-guide/source
|
|
secrets:
|
|
- secret: afsdocs_secret
|
|
name: afs
|
|
|
|
- job:
|
|
name: promote-deploy-guide
|
|
parent: opendev-promote-docs-base
|
|
description: |
|
|
Promote content from build-openstack-deploy-guide.
|
|
|
|
Publish the results of the build-openstack-deploy-guide job to
|
|
/afs/.openstack.org/docs/deploy-guide/{{ zuul.project.short_name }}.
|
|
|
|
Publishes depending on branch to latest/ (for master), or the
|
|
basename of the branch like pike (for stable/pike).
|
|
final: true
|
|
vars:
|
|
download_artifact_job: build-openstack-deploy-guide
|
|
secrets:
|
|
- secret: afsdocs_secret-deploy-guide
|
|
name: afs
|
|
pass-to-parent: true
|
|
|
|
- job:
|
|
name: publish-openstack-javascript-content
|
|
parent: publish-openstack-artifacts
|
|
description: |
|
|
Publish javascript content tarballs to tarballs.openstack.org.
|
|
|
|
Content tarballs contain the built javascript/css/html artifacts. They
|
|
are different from source tarballs, which are handled by the
|
|
publish-openstack-javascript-tarball job.
|
|
pre-run: playbooks/javascript/pre.yaml
|
|
run: playbooks/javascript/content.yaml
|
|
post-run: playbooks/javascript/publish.yaml
|
|
vars:
|
|
npm_command: build
|
|
|
|
- job:
|
|
name: publish-openstack-stackviz-element
|
|
parent: publish-openstack-artifacts
|
|
description: |
|
|
Publish javascript content tarballs to tarballs.opendev.org.
|
|
|
|
Content tarballs contain the built javascript/css/html artifacts. They
|
|
are different from source tarballs, which are handled by the
|
|
publish-openstack-javascript-tarball job.
|
|
|
|
This job publishes the tar ball as
|
|
https://tarballs.opendev.org/{{ zuul.project.name }}/dist/{{ zuul.project.short_name }}-latest.tar.gz.
|
|
This is specific to openstack/stackviz.
|
|
allowed-projects:
|
|
- openstack/stackviz
|
|
pre-run: playbooks/javascript/pre.yaml
|
|
run: playbooks/javascript/content.yaml
|
|
post-run: playbooks/javascript/post-stackviz.yaml
|
|
branches:
|
|
- master
|
|
vars:
|
|
node_version: 10
|
|
npm_command: prod
|
|
|
|
- job:
|
|
name: release-openstack-javascript
|
|
parent: publish-openstack-artifacts
|
|
description: |
|
|
Release javascript tarballs to npm.
|
|
pre-run: playbooks/javascript/pre.yaml
|
|
run: playbooks/javascript/tarball.yaml
|
|
post-run: playbooks/javascript/release.yaml
|
|
secrets:
|
|
- npm_credentials
|
|
- gpg_key
|
|
|
|
- job:
|
|
name: openstack-upload-github-mirror
|
|
parent: opendev-upload-git-mirror
|
|
description: |
|
|
Mirrors official projects to github's openstack org
|
|
final: true
|
|
protected: true
|
|
secrets:
|
|
- name: git_mirror_credentials
|
|
secret: openstack-github-mirroring
|
|
pass-to-parent: true
|
|
|
|
- job:
|
|
name: maintain-github-openstack-mirror
|
|
description: |
|
|
Runs maintenance scripts for the OpenStack GitHub mirror. The script
|
|
updates the descriptions, creates new repositories, archives retired
|
|
ones, and closes any open PR. It is meant to be run periodically.
|
|
final: true
|
|
protected: true
|
|
run: playbooks/maintain-github-mirror/run.yaml
|
|
required-projects:
|
|
- name: openstack/governance
|
|
secrets:
|
|
- name: github_credentials
|
|
secret: openstack-github-mirroring
|
|
vars:
|
|
project_config: "{{ zuul.projects['opendev.org/openstack/project-config'].src_dir }}"
|
|
governance: "{{ zuul.projects['opendev.org/openstack/governance'].src_dir }}"
|
|
|
|
|
|
- job:
|
|
name: propose-updates
|
|
pre-run: playbooks/proposal/pre.yaml
|
|
description: |
|
|
Sync content to other projects as a proposed change.
|
|
run: playbooks/proposal/propose-updates.yaml
|
|
protected: true
|
|
# Note(frickler): The nodeset is pinned to Focal because we
|
|
# require both python 3.8 and 3.9 to be available. This is setup
|
|
# in the pre.yaml playbook above; so if this nodeset changes we
|
|
# need to carefully consider the python versions any change
|
|
# distribution provides and modify the playbook/job accordingly.
|
|
nodeset: ubuntu-focal
|
|
secrets:
|
|
- secret: proposal_ssh_key
|
|
name: ssh_key
|
|
|
|
- job:
|
|
name: propose-update-constraints
|
|
parent: propose-updates
|
|
description: |
|
|
Update constraint files for requirements project with a
|
|
proposed change.
|
|
run: playbooks/proposal/propose-update-constraints.yaml
|
|
protected: true
|
|
dependencies:
|
|
- release-openstack-python
|
|
|
|
- job:
|
|
name: propose-project-config-update
|
|
parent: propose-updates
|
|
description: |
|
|
Update project-config files with a proposed change.
|
|
run: playbooks/proposal/propose-project-config-update.yaml
|
|
protected: true
|
|
|
|
- job:
|
|
name: publish-wheel-cache-centos-7
|
|
description: |
|
|
Publish CentOS 7 wheels for OpenStack CI mirrors.
|
|
parent: build-wheel-cache-centos-7
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-centos-8-stream
|
|
description: |
|
|
Publish CentOS Stream 8 wheels for OpenStack CI mirrors.
|
|
parent: build-wheel-cache-centos-8-stream
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-centos-8-stream-arm64
|
|
description: |
|
|
Publish CentOS Stream 8 wheels for OpenStack CI mirrors.
|
|
parent: build-wheel-cache-centos-8-stream-arm64
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-centos-9-stream
|
|
description: |
|
|
Publish CentOS Stream 9 wheels for OpenStack CI mirrors.
|
|
parent: build-wheel-cache-centos-9-stream
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-centos-9-stream-arm64
|
|
description: |
|
|
Publish CentOS Stream 9 wheels for OpenStack CI mirrors.
|
|
parent: build-wheel-cache-centos-9-stream-arm64
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-debian-bullseye
|
|
description: |
|
|
Publish Debian bullseye wheels for OpenStack CI mirrors.
|
|
parent: build-wheel-cache-debian-bullseye
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-debian-bullseye-arm64
|
|
description: |
|
|
Publish Debian bullseye wheels for OpenStack CI mirrors.
|
|
parent: build-wheel-cache-debian-bullseye-arm64
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-debian-buster
|
|
description: |
|
|
Publish Debian buster wheels for OpenStack CI mirrors.
|
|
parent: build-wheel-cache-debian-buster
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-debian-buster-arm64
|
|
description: |
|
|
Publish Debian buster wheels for OpenStack CI mirrors.
|
|
parent: build-wheel-cache-debian-buster-arm64
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-ubuntu-jammy
|
|
parent: build-wheel-cache-ubuntu-jammy
|
|
description: |
|
|
Publish Ubuntu Jammy wheels for OpenStack CI mirrors.
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-ubuntu-jammy-arm64
|
|
parent: build-wheel-cache-ubuntu-jammy-arm64
|
|
description: |
|
|
Publish Ubuntu Jammy wheels for OpenStack CI mirrors.
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-ubuntu-focal
|
|
parent: build-wheel-cache-ubuntu-focal
|
|
description: |
|
|
Publish Ubuntu Focal wheels for OpenStack CI mirrors.
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-ubuntu-focal-arm64
|
|
parent: build-wheel-cache-ubuntu-focal-arm64
|
|
description: |
|
|
Publish Ubuntu Focal wheels for OpenStack CI mirrors.
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-ubuntu-bionic
|
|
parent: build-wheel-cache-ubuntu-bionic
|
|
description: |
|
|
Publish Ubuntu Bionic wheels for OpenStack CI mirrors.
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-ubuntu-bionic-arm64
|
|
parent: build-wheel-cache-ubuntu-bionic-arm64
|
|
description: |
|
|
Publish Ubuntu Bionic wheels for OpenStack CI mirrors.
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: publish-wheel-cache-ubuntu-xenial
|
|
parent: build-wheel-cache-ubuntu-xenial
|
|
description: |
|
|
Publish Ubuntu Xenial wheels for OpenStack CI mirrors.
|
|
pre-run: playbooks/openafs-client/setup.yaml
|
|
post-run: playbooks/publish/wheel-mirror.yaml
|
|
allowed-projects:
|
|
- openstack/requirements
|
|
final: true
|
|
secrets:
|
|
- name: afs
|
|
secret: wheel_keytab
|
|
|
|
- job:
|
|
name: release-wheel-cache
|
|
description: |
|
|
Release published wheels to OpenStack CI mirrors.
|
|
run: playbooks/wheel/release.yaml
|
|
nodeset:
|
|
nodes: []
|
|
# Build and publish jobs for the wheel mirror only run against
|
|
# master. Restrict the release job to master as well to avoid zuul
|
|
# config errors due to stable branches not being able to run their
|
|
# job depenendencies.
|
|
branches: master
|
|
secrets:
|
|
- name: afs
|
|
secret: afsadmin_keytab
|
|
|
|
- job:
|
|
name: check-release-approval
|
|
description: |
|
|
Checks that release requests were approved by PTL or release liaison.
|
|
|
|
This job is specific to the openstack/releases repository.
|
|
files:
|
|
- ^deliverables/.*$
|
|
allowed-projects:
|
|
- openstack/releases
|
|
required-projects:
|
|
- name: openstack/governance
|
|
run: playbooks/check-release-approval/run.yaml
|
|
final: true
|
|
timeout: 120
|
|
nodeset:
|
|
nodes: []
|
|
|
|
- job:
|
|
name: tag-releases
|
|
description: |
|
|
Tag projects for a release.
|
|
nodeset: ubuntu-focal
|
|
pre-run: playbooks/release/pre.yaml
|
|
run: playbooks/release/tag.yaml
|
|
post-run: playbooks/release/post.yaml
|
|
final: true
|
|
timeout: 7200
|
|
secrets:
|
|
- name: lp_creds
|
|
secret: lp_creds
|
|
- name: ssh_key
|
|
secret: release_ssh_key
|
|
- gpg_key
|
|
|
|
|
|
- job:
|
|
name: trigger-readthedocs-webhook
|
|
description: |
|
|
Trigger readthedocs to rebuild documentation
|
|
|
|
Note this job requires some external setup.
|
|
|
|
#. add the ``openstackci`` user as an admin to your RTD project
|
|
#. generate a webhook URL via the "Integrations" dashboard page
|
|
#. provide the ``id`` from that URL in a ``rtd_webhook_id`` variable
|
|
|
|
You probably do not want to use this job directly, but rather
|
|
include the `docs-on-readthedocs template
|
|
<https://docs.openstack.org/infra/openstack-zuul-jobs/project-templates.html#project_template-docs-on-readthedocs>`__
|
|
|
|
run: playbooks/publish/trigger-rtd.yaml
|
|
post-review: true
|
|
final: true
|
|
secrets:
|
|
- rtd_credentials
|
|
|
|
- job:
|
|
name: project-config-check-main-yaml
|
|
description: |
|
|
Check file zuul.d/main.yaml in project-config.
|
|
pre-run: playbooks/check-main-yaml/pre.yaml
|
|
run: playbooks/project-config/run-tox.yaml
|
|
post-run: playbooks/check-main-yaml/post.yaml
|
|
allowed-projects:
|
|
- openstack/project-config
|
|
final: true
|
|
vars:
|
|
tox_envlist: add-projects-to-main
|
|
files:
|
|
- zuul/main.yaml
|
|
- gerrit/projects.yaml
|
|
|
|
# Limit number of translation jobs accessing translation server since
|
|
# Zanata has problems with too many concurrent accesses.
|
|
- semaphore:
|
|
name: translations
|
|
max: 10
|
|
|
|
- job:
|
|
name: upstream-translation-update
|
|
parent: propose-updates
|
|
description: |
|
|
Push strings for translation to translation server.
|
|
roles:
|
|
- zuul: openstack/openstack-zuul-jobs
|
|
pre-run: playbooks/translation/pre.yaml
|
|
run: playbooks/translation/upstream-translation-update.yaml
|
|
post-run:
|
|
- playbooks/translation/post.yaml
|
|
- playbooks/translation/openstack-translation-artifacts.yaml
|
|
semaphores: translations
|
|
protected: true
|
|
vars:
|
|
constraints_file: '{{ ansible_user_dir }}/src/opendev.org/openstack/requirements/upper-constraints.txt'
|
|
required-projects:
|
|
- openstack/horizon
|
|
- openstack/requirements
|
|
# Zanata-cli needs Java 8 and will fail with newer Java, Bionic has Java 8
|
|
# This was tested with Zanata up to version 4.6.2 (current release in March 2019).
|
|
nodeset: ubuntu-bionic
|
|
secrets:
|
|
- zanata_api_credentials
|
|
- secret: afs_tarballs_opendev_org
|
|
name: afs
|
|
|
|
- job:
|
|
name: propose-translation-update
|
|
parent: propose-updates
|
|
description: |
|
|
Import translations from translation server to projects as
|
|
proposed change.
|
|
roles:
|
|
- zuul: openstack/openstack-zuul-jobs
|
|
pre-run: playbooks/translation/pre.yaml
|
|
run: playbooks/translation/propose-translation-update.yaml
|
|
post-run: playbooks/translation/post.yaml
|
|
vars:
|
|
constraints_file: '{{ ansible_user_dir }}/src/opendev.org/openstack/requirements/upper-constraints.txt'
|
|
semaphores: translations
|
|
protected: true
|
|
required-projects:
|
|
- openstack/horizon
|
|
- openstack/requirements
|
|
# Zanata-cli needs Java 8 and will fail with newer Java, Bionic has Java 8.
|
|
# This was tested with Zanata up to version 4.6.2 (current release in March 2019).
|
|
nodeset: ubuntu-bionic
|
|
secrets:
|
|
- zanata_api_credentials
|
|
|
|
- job:
|
|
name: project-config-bindep-fallback
|
|
abstract: true
|
|
description: |
|
|
Check installation of binary packages for file
|
|
nodepool/elements/bindep-fallback.txt.
|
|
run: playbooks/bindep-fallback/run.yaml
|
|
files:
|
|
- nodepool/elements/bindep-fallback.txt
|
|
- playbooks/bindep-fallback/run.yaml
|
|
|
|
- job:
|
|
name: project-config-bindep-fallback-centos-7
|
|
parent: project-config-bindep-fallback
|
|
description: |
|
|
Check installation of binary packages for file
|
|
nodepool/elements/bindep-fallback.txt.
|
|
|
|
The testing is done for CentOS 7.
|
|
nodeset: centos-7
|
|
|
|
- job:
|
|
name: project-config-bindep-fallback-opensuse-15
|
|
parent: project-config-bindep-fallback
|
|
description: |
|
|
Check installation of binary packages for file
|
|
nodepool/elements/bindep-fallback.txt.
|
|
|
|
The testing is done for openSUSE Leap 15.
|
|
nodeset: opensuse-15
|
|
|
|
- job:
|
|
name: project-config-bindep-fallback-ubuntu-xenial
|
|
parent: project-config-bindep-fallback
|
|
description: |
|
|
Check installation of binary packages for file
|
|
nodepool/elements/bindep-fallback.txt.
|
|
|
|
The testing is done for Ubuntu Xenial.
|
|
nodeset: ubuntu-xenial
|
|
|
|
- job:
|
|
name: openstack-multinode-fips
|
|
parent: multinode-fips
|
|
description: |
|
|
Multinode job with fips enabled and passing
|
|
the ubuntu_fips_token needed for UA subscription.
|
|
secrets:
|
|
- secret: openstack_ubuntu_fips
|
|
name: ubuntu_fips_token
|
|
pass-to-parent: true
|