project-config/zuul.d/jobs.yaml
Ade Lee 1df18b2fd6 Add FIPS job for ubuntu
A multinode-fips job is added, which inherits from multinode.
This job provides a subscription key to enable a Ubuntu Advantage
subscription to allow us to test FIPS.

This secret is passed through to the multinode (parent job) through
the pass-to-parent boolean.

Change-Id: I470d7b7b0773d0be1e3971bc02d23ea61f80f162
2023-01-05 11:55:30 +01:00

1277 lines
38 KiB
YAML

# Shared zuul config specific to the OpenStack Project
# Contains definitions of trusted jobs
# Overrides jobs from:
# https://opendev.org/zuul/zuul-jobs
- job:
name: publish-openstack-artifacts
nodeset: ubuntu-focal
description: |
Publish job to upload artifacts to tarballs.openstack.org
post-review: true
post-run: playbooks/publish/openstack-artifacts.yaml
secrets:
- secret: afs_tarballs_opendev_org
name: afs
- job:
name: release-openstack-puppet
parent: publish-openstack-artifacts
description: |
Sign and release puppet tarballs to tarballs.o.o.
pre-run: playbooks/puppet-tarball/pre.yaml
run: playbooks/puppet-tarball/run.yaml
post-run:
- playbooks/puppet-tarball/post.yaml
- playbooks/publish/puppetforge.yaml
secrets:
- gpg_key
- name: puppetforge
secret: openstack_puppetforge_credentials
- job:
name: release-openstack-python
parent: publish-openstack-artifacts
description: |
Release python tarballs / wheels to pypi.
pre-run: playbooks/pti-python-tarball/pre.yaml
run: playbooks/pti-python-tarball/run.yaml
post-run:
- playbooks/pti-python-tarball/post.yaml
- playbooks/publish/pypi.yaml
secrets:
- secret: pypi_secret
name: pypi_info
- gpg_key
vars:
release_python: python3
- job:
name: test-release-openstack
nodeset: ubuntu-focal
parent: base
description: |
Test building python tarballs / wheels and the packaging metadata.
pre-run: playbooks/pti-python-tarball/pre.yaml
run: playbooks/pti-python-tarball/check.yaml
vars:
release_python: python3
files:
- setup.cfg
- setup.py
- README.rst
- job:
name: publish-openstack-python-tarball
parent: publish-openstack-artifacts
description: |
Release and sign OpenStack python tarballs to tarballs.o.o.
It is similar to release-openstack-python but
omits PyPI publication.
pre-run: playbooks/pti-python-tarball/pre.yaml
run: playbooks/pti-python-tarball/run.yaml
post-run:
- playbooks/pti-python-tarball/post.yaml
secrets:
- gpg_key
vars:
release_python: python3
- job:
name: publish-openstack-sphinx-docs-base
nodeset: ubuntu-xenial
description: |
Base job for publishing sphinx documentation to
/afs/.openstack.org/docs/.
This job is obsolete, use ``publish-openstack-tox-docs-base`` instead.
abstract: true
protected: true
pre-run:
- playbooks/sphinx/pre.yaml
run: playbooks/sphinx/run.yaml
post-run:
- playbooks/publish/openstack-afs.yaml
required-projects:
- name: openstack/requirements
roles:
- zuul: zuul/zuul-jobs
- zuul: openstack/openstack-zuul-jobs
secrets:
- secret: afsdocs_secret
name: afs
vars:
constraints_file: '{{ ansible_user_dir }}/src/opendev.org/openstack/requirements/upper-constraints.txt'
- job:
name: publish-openstack-sphinx-docs
parent: publish-openstack-sphinx-docs-base
description: |
Publish the results of the build-openstack-sphinx-docs job to
/afs/.openstack.org/docs/{{ zuul.project.short_name }}.
Publishes depending on branch to latest/ (for master), or the
basename of the branch like pike (for stable/pike).
This is the publication job for ``build-openstack-sphinx-docs``.
This job is obsolete and should not be used anymore since rocky,
use ``promote-openstack-docs`` instead.
final: true
pre-run:
# TODO(mordred) REMOVE THIS HACK
- playbooks/sphinx/neutron-horizon-hack.yaml
post-run:
- playbooks/sphinx/post.yaml
required-projects:
# TODO(mordred) REMOVE THIS HACK ONCE neutron-horizon-hack is removed
- name: openstack/neutron
- name: openstack/horizon
- job:
name: promote-openstack-tox-docs
parent: opendev-promote-docs-base
description: |
Promote content from openstack-tox-docs job for projects that
run tox using the docs environment following OpenStack PTI.
Publish the results of the docs tox job to
/afs/.openstack.org/docs/{{ zuul.project.short_name }}.
Publishes depending on branch to latest/ (for master), or the
basename of the branch like pike (for stable/pike).
This is the promote job for ``openstack-tox-docs``.
final: true
vars:
download_artifact_job: openstack-tox-docs
secrets:
- secret: afsdocs_secret-tox-docs
name: afs
pass-to-parent: true
- job:
name: promote-openstack-tox-docs-direct
parent: opendev-promote-docs-base
description: |
Promote content from openstack-tox-docs job for projects that
run tox using the docs environment following OpenStack PTI.
Publish the results of the docs tox job to
/afs/.openstack.org/docs/{{ zuul.project.short_name }}.
Publishing is done from master branch directly without using /latest.
This is a promote job for ``openstack-tox-docs``.
final: true
branches: master
vars:
download_artifact_job: openstack-tox-docs
secrets:
- secret: afsdocs_secret-tox-docs-direct
name: afs
pass-to-parent: true
- job:
name: promote-tox-docs-special-base
parent: opendev-promote-docs-base
description: |
Promote content from openstack-tox-docs job for some projects
that need a special location.
Publish the results of the tox-docs job to
/afs/.openstack.org/docs/{special_publish_directory}.
This is a promote job for ``openstack-tox-docs``.
A job needs to set the variable `special_publish_directory`.
abstract: true
protected: true
vars:
download_artifact_job: openstack-tox-docs
secrets:
- secret: afsdocs_secret-tox-docs-special
name: afs
pass-to-parent: true
- job:
name: promote-openstack-contributor-guide
parent: promote-tox-docs-special-base
description: |
Publish contributor-guide documents to
https://docs.openstack.org/contributors
final: true
allowed-projects:
- openstack/contributor-guide
branches: master
vars:
special_publish_directory: "contributors"
# AFS sync issues happen when multiple publish jobs run at the same time
# so we make it synchronous to avoid job failures
- semaphore:
name: publish-releasenotes
max: 1
- job:
name: publish-openstack-releasenotes-python3
description: |
Publish the results of build-openstack-releasenotes to
/afs/.openstack.org/docs/releasenotes/{{ zuul.project.short_name }}
Uses python3.
# This job is final because its sets the afs_subpath
# variable; it is not safe to let that be overridden in an
# untrusted job because it would allow writing outside of the
# project's directory on the production doc site.
final: true
pre-run: playbooks/releasenotes/pre.yaml
run: playbooks/releasenotes/run.yaml
post-run:
- playbooks/publish/releasenotes.yaml
- playbooks/publish/openstack-afs.yaml
semaphores: publish-releasenotes
override-branch: master
# Building translated releasenotes can take long for large repositories
timeout: 3600
required-projects:
- name: openstack/requirements
roles:
- zuul: openstack/openstack-zuul-jobs
- zuul: zuul/zuul-jobs
vars:
sphinx_python: python3
afs_subpath: "/releasenotes/{{ zuul.project.short_name }}"
constraints_file: '{{ ansible_user_dir }}/src/opendev.org/openstack/requirements/upper-constraints.txt'
sphinx_build_dir: releasenotes/build
secrets:
- secret: afsdocs_secret
name: afs
- job:
name: promote-openstack-releasenotes
parent: opendev-promote-docs-base
description: |
Promote the results of build-openstack-releasenotes to
/afs/.openstack.org/docs/releasenotes/{{ zuul.project.short_name }}
final: true
vars:
download_artifact_job: build-openstack-releasenotes
secrets:
- secret: afsdocs_secret-releasenotes
name: afs
pass-to-parent: true
# Same file list as for job build-reno-releasenotes that is
# defined in zuul/zuul-jobs repo, file zuul.d/python-jobs.yaml.
# Keep those lists in sync.
files:
- ^releasenotes/.*
- bindep.txt
- doc/requirements.txt
- test-requirements.txt
- tox.ini
- job:
name: promote-openstack-specs-site
parent: promote-tox-docs-site-base
final: true
description: |
Publish OpenStack specs index.
Publish specs index to
/afs/.openstack.org/project/specs.openstack.org/
This is a promote job for ``build-openstack-specs-site``.
allowed-projects:
- openstack/project-config
vars:
download_artifact_job: build-openstack-specs-site
publish_site: "specs.openstack.org"
- job:
name: promote-openstack-specs
parent: promote-tox-docs-site-base
final: true
description: |
Publish OpenStack specs project.
Publish specs index to
/afs/.openstack.org/project/specs.openstack.org/{zuul[project][name]}.
This is a promote job for ``openstack-tox-docs``.
vars:
download_artifact_job: openstack-tox-docs
publish_site: "specs.openstack.org/{zuul[project][name]}"
- job:
name: promote-tox-docs-infra
parent: opendev-promote-docs-base
description: |
Promote content from tox-docs job for Infra projects.
Publish the results of the tox-docs job to
/afs/.openstack.org/docs/infra/{{ zuul.project.short_name }}.
This is a promote job for ``opendev-tox-docs``.
final: true
vars:
download_artifact_job: opendev-tox-docs
secrets:
- secret: afsdocs_secret-tox-docs-infra
name: afs
pass-to-parent: true
branches: master
- job:
name: promote-service-types-authority
parent: promote-tox-docs-site-base
description: |
Publish OpenStack Service Types Authority to
/afs/.openstack.org/project/service-typs.openstack.org/.
This is a promote job for ``service-types-authority-tox-publish``.
final: true
run: playbooks/service-types/promote.yaml
allowed-projects:
- openstack/service-types-authority
vars:
download_artifact_job: service-types-authority-tox-publish
publish_site: "service-types.openstack.org"
secrets:
- secret: afsdocs_secret-tox-docs-site
name: afs
pass-to-parent: true
- job:
name: promote-irc-meetings-ical
parent: promote-tox-docs-site-base
description: |
Publish OpenDev Meetings site/ical to
/afs/.openstack.org/project/meetings.opendev.org/.
This is a promote job for ``irc-meetings-ical-tox-publish``.
final: true
run: playbooks/service-types/promote.yaml
allowed-projects:
- opendev/irc-meetings
vars:
download_artifact_job: irc-meetings-ical-tox-publish
publish_site: "meetings.opendev.org"
secrets:
- secret: afsdocs_secret-tox-docs-site
name: afs
pass-to-parent: true
- job:
name: promote-infra-index
parent: promote-tox-docs-special-base
description: |
Promote infra index.html to
https://docs.openstack.org/infra/
allowed-projects:
- openstack/project-config
final: true
branches: master
vars:
download_artifact_job: project-config-infra-docs-index
special_publish_directory: "infra"
- job:
name: publish-infra-publications-index
description: |
Publish the publication index
final: true
run: playbooks/publications-index/run.yaml
post-run:
- playbooks/publish/publications-index.yaml
- playbooks/publish/openstack-afs.yaml
# Index is always published from master
override-branch: master
allowed-projects:
- opendev/publications
roles:
- zuul: zuul/zuul-jobs
- zuul: openstack/openstack-zuul-jobs
vars:
afs_subpath: "/infra/publications/"
tox_envlist: infra-docs
secrets:
- secret: afsdocs_secret
name: afs
- job:
name: publish-infra-publications
description: |
Publish one publication from opendev/publications
final: true
run: playbooks/publications/run.yaml
post-run:
- playbooks/publish/publications.yaml
- playbooks/publish/openstack-afs.yaml
allowed-projects:
- opendev/publications
roles:
- zuul: zuul/zuul-jobs
- zuul: openstack/openstack-zuul-jobs
vars:
afs_subpath: "/infra/publications/"
tox_envlist: infra-docs
secrets:
- secret: afsdocs_secret
name: afs
- job:
name: publish-openstack-python-branch-tarball
parent: publish-openstack-artifacts
description: |
Publish the results of the tox-tarball job to tarballs.openstack.org.
pre-run: playbooks/pti-python-tarball/pre.yaml
run: playbooks/pti-python-tarball/run.yaml
post-run: playbooks/python-branch-tarball/post.yaml
vars:
release_python: python3
# AFS sync issues happen when multiple publish jobs run at the same time
# so we make it synchronous to avoid job failures
- semaphore:
name: publish-release-docs
max: 1
- job:
name: publish-tox-docs-releases
description: |
Publish content of openstack/releases to
/afs/.openstack.org/project/releases.openstack.org/.
Builds the docs using ``tox -e docs``.
final: true
roles:
- zuul: openstack/openstack-zuul-jobs
pre-run: playbooks/project-config/pre-tox.yaml
run: playbooks/project-config/run-tox.yaml
post-run:
- playbooks/project-config/post-tox.yaml
- playbooks/sphinx/post-infra.yaml
- playbooks/publish/releases-afs.yaml
semaphores: publish-release-docs
allowed-projects:
- openstack/releases
required-projects:
- openstack/requirements
secrets:
- secret: afsdocs_secret
name: afs
vars:
tox_envlist: docs
afs_subpath: "/{{ zuul.project.short_name }}"
- job:
name: promote-tox-docs-site-base
parent: opendev-promote-docs-base
description: |
Promote content from openstack-tox-docs job for some projects
that need a special location.
Publish the results of the tox-docs job to
/afs/.openstack.org/project/{publish_site}.
This is a promote job for ``openstack-tox-docs``.
A job needs to set the variables `publish_site`.
abstract: true
protected: true
vars:
download_artifact_job: openstack-tox-docs
secrets:
- secret: afsdocs_secret-tox-docs-site
name: afs
pass-to-parent: true
- job:
name: promote-airship-docs-website
parent: promote-tox-docs-site-base
description: |
Promote root site content for docs.airshipit.org to airshipit.org/docs.
final: true
allowed-projects:
- airship/docs
vars:
publish_site: "airshipit.org/docs"
- job:
name: promote-airship-project-docs
parent: promote-tox-docs-site-base
description: |
Promote subproject doc content for docs.airshipit.org site.
final: true
allowed-projects:
- airship/airshipctl
- airship/airshipui
- airship/armada
- airship/charts
- airship/deckhand
- airship/divingbell
- airship/drydock
- airship/election
- airship/governance
- airship/pegleg
- airship/porthole
- airship/promenade
- airship/shipyard
- airship/specs
- airship/spyglass
- airship/spyglass-plugin-xls
- airship/treasuremap
vars:
publish_site: "airshipit.org/docs/{zuul[project][short_name]}"
- job:
name: promote-governance-election
parent: promote-tox-docs-site-base
description:
Promote content to governance.openstack.org/election.
final: true
allowed-projects:
- openstack/election
vars:
publish_site: "governance.openstack.org/election"
- job:
name: promote-governance-ideas
parent: promote-tox-docs-site-base
description:
Promote content to governance.openstack.org/ideas.
final: true
allowed-projects:
- openstack/ideas
vars:
publish_site: "governance.openstack.org/ideas"
- job:
name: promote-governance-sigs
parent: promote-tox-docs-site-base
description: |
Promote content to governance.openstack.org/sigs.
final: true
allowed-projects:
- openstack/governance-sigs
vars:
publish_site: "governance.openstack.org/sigs"
- job:
name: promote-governance-tc
parent: promote-tox-docs-site-base
description: |
Promote content to governance.openstack.org/sigs.
final: true
allowed-projects:
- openstack/governance
vars:
publish_site: "governance.openstack.org/tc"
- job:
name: promote-governance-website
parent: promote-tox-docs-site-base
description: |
Promote content to governance.openstack.org.
final: true
allowed-projects:
- openstack/governance-website
vars:
publish_site: "governance.openstack.org/governance"
- job:
name: promote-security
parent: promote-tox-docs-site-base
description: |
Promote content to security.openstack.org.
final: true
allowed-projects:
- openstack/ossa
vars:
publish_site: "security.openstack.org"
- job:
name: promote-openstack-manuals
description: |
Promote content fron build-openstack-manuals job and
publishes it on docs.openstack.org website.
parent: opendev-promote-docs-base
final: true
timeout: 2700
allowed-projects:
- openstack/openstack-manuals
- openstack/security-doc
- openstack/training-guides
vars:
write_root_marker: false
download_artifact_job: build-tox-manuals-publishdocs
secrets:
- secret: afsdocs_secret-openstack-manuals
name: afs
pass-to-parent: true
- job:
name: promote-openstack-manuals-lang
description: |
Promote content fron build-openstack-manuals-lang job and
publishes it on docs.openstack.org website.
parent: opendev-promote-docs-base
final: true
allowed-projects:
- openstack/openstack-manuals
- openstack/security-doc
- openstack/training-guides
vars:
write_root_marker: false
download_artifact_job: build-tox-manuals-publishlang
secrets:
- secret: afsdocs_secret-openstack-manuals
name: afs
pass-to-parent: true
- job:
name: promote-openstack-manuals-developer
description: |
Promote content fron build-openstack-manuals job and
publishes it on developer.openstack.org website.
parent: opendev-promote-docs-base
final: true
allowed-projects:
- openstack/api-site
vars:
write_root_marker: false
download_artifact_job: build-tox-manuals-publishdocs
secrets:
- secret: afsdeveloper_secret-openstack-manuals
name: afs
pass-to-parent: true
- job:
name: promote-api-guide
parent: opendev-promote-docs-base
description: |
Publish api-guide document to
https://docs.openstack.org/api-guide.
This job is run in a promote pipeline to publish documents built
in the gate pipeline.
# We only publish the master branch, so no need to run
# for changes on other branches.
branches: master
final: true
run: playbooks/api-jobs/promote.yaml
vars:
api_path: api-guide
download_artifact_job: build-openstack-api-guide
roles:
- zuul: zuul/zuul-jobs
- zuul: openstack/openstack-zuul-jobs
secrets:
- secret: afsdocs_secret
name: afs
- job:
name: promote-api-ref
parent: opendev-promote-docs-base
description: |
Publish api-ref document to
https://docs.openstack.org/api-ref.
This job is run in a promote pipeline to publish documents built
in the gate pipeline.
# We only publish the master branch, so no need to run
# for changes on other branches.
branches: master
final: true
run: playbooks/api-jobs/promote.yaml
vars:
api_path: api-ref
download_artifact_job: build-openstack-api-ref
roles:
- zuul: zuul/zuul-jobs
- zuul: openstack/openstack-zuul-jobs
secrets:
- secret: afsdocs_secret
name: afs
- job:
name: publish-install-guide
description: |
Publish install-guide document to
https://docs.openstack.org/project-install-guide/
pre-run: playbooks/sphinx/pre.yaml
run: playbooks/sphinx/run.yaml
post-run: playbooks/publish/install-guide.yaml
roles:
- zuul: zuul/zuul-jobs
- zuul: openstack/openstack-zuul-jobs
# This job runs only pre-pike, with pike the documents have been
# integrated into normal builds.
branches:
- stable/ocata
vars:
sphinx_build_dir: install-guide/build
sphinx_source_dir: install-guide/source
secrets:
- secret: afsdocs_secret
name: afs
- job:
name: promote-deploy-guide
parent: opendev-promote-docs-base
description: |
Promote content from build-openstack-deploy-guide.
Publish the results of the build-openstack-deploy-guide job to
/afs/.openstack.org/docs/deploy-guide/{{ zuul.project.short_name }}.
Publishes depending on branch to latest/ (for master), or the
basename of the branch like pike (for stable/pike).
final: true
vars:
download_artifact_job: build-openstack-deploy-guide
secrets:
- secret: afsdocs_secret-deploy-guide
name: afs
pass-to-parent: true
- job:
name: publish-openstack-javascript-content
parent: publish-openstack-artifacts
description: |
Publish javascript content tarballs to tarballs.openstack.org.
Content tarballs contain the built javascript/css/html artifacts. They
are different from source tarballs, which are handled by the
publish-openstack-javascript-tarball job.
pre-run: playbooks/javascript/pre.yaml
run: playbooks/javascript/content.yaml
post-run: playbooks/javascript/publish.yaml
vars:
npm_command: build
- job:
name: publish-openstack-stackviz-element
parent: publish-openstack-artifacts
description: |
Publish javascript content tarballs to tarballs.opendev.org.
Content tarballs contain the built javascript/css/html artifacts. They
are different from source tarballs, which are handled by the
publish-openstack-javascript-tarball job.
This job publishes the tar ball as
https://tarballs.opendev.org/{{ zuul.project.name }}/dist/{{ zuul.project.short_name }}-latest.tar.gz.
This is specific to openstack/stackviz.
allowed-projects:
- openstack/stackviz
pre-run: playbooks/javascript/pre.yaml
run: playbooks/javascript/content.yaml
post-run: playbooks/javascript/post-stackviz.yaml
branches:
- master
vars:
node_version: 10
npm_command: prod
- job:
name: release-openstack-javascript
parent: publish-openstack-artifacts
description: |
Release javascript tarballs to npm.
pre-run: playbooks/javascript/pre.yaml
run: playbooks/javascript/tarball.yaml
post-run: playbooks/javascript/release.yaml
secrets:
- npm_credentials
- gpg_key
- job:
name: openstack-upload-github-mirror
parent: opendev-upload-git-mirror
description: |
Mirrors official projects to github's openstack org
final: true
protected: true
secrets:
- name: git_mirror_credentials
secret: openstack-github-mirroring
pass-to-parent: true
- job:
name: maintain-github-openstack-mirror
description: |
Runs maintenance scripts for the OpenStack GitHub mirror. The script
updates the descriptions, creates new repositories, archives retired
ones, and closes any open PR. It is meant to be run periodically.
final: true
protected: true
run: playbooks/maintain-github-mirror/run.yaml
required-projects:
- name: openstack/governance
secrets:
- name: github_credentials
secret: openstack-github-mirroring
vars:
project_config: "{{ zuul.projects['opendev.org/openstack/project-config'].src_dir }}"
governance: "{{ zuul.projects['opendev.org/openstack/governance'].src_dir }}"
- job:
name: propose-updates
pre-run: playbooks/proposal/pre.yaml
description: |
Sync content to other projects as a proposed change.
run: playbooks/proposal/propose-updates.yaml
protected: true
# Note(frickler): The nodeset is pinned to Focal because we
# require both python 3.8 and 3.9 to be available. This is setup
# in the pre.yaml playbook above; so if this nodeset changes we
# need to carefully consider the python versions any change
# distribution provides and modify the playbook/job accordingly.
nodeset: ubuntu-focal
secrets:
- secret: proposal_ssh_key
name: ssh_key
- job:
name: propose-update-constraints
parent: propose-updates
description: |
Update constraint files for requirements project with a
proposed change.
run: playbooks/proposal/propose-update-constraints.yaml
protected: true
dependencies:
- release-openstack-python
- job:
name: propose-project-config-update
parent: propose-updates
description: |
Update project-config files with a proposed change.
run: playbooks/proposal/propose-project-config-update.yaml
protected: true
- job:
name: publish-wheel-cache-centos-7
description: |
Publish CentOS 7 wheels for OpenStack CI mirrors.
parent: build-wheel-cache-centos-7
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-centos-8-stream
description: |
Publish CentOS Stream 8 wheels for OpenStack CI mirrors.
parent: build-wheel-cache-centos-8-stream
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-centos-8-stream-arm64
description: |
Publish CentOS Stream 8 wheels for OpenStack CI mirrors.
parent: build-wheel-cache-centos-8-stream-arm64
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-centos-9-stream
description: |
Publish CentOS Stream 9 wheels for OpenStack CI mirrors.
parent: build-wheel-cache-centos-9-stream
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-centos-9-stream-arm64
description: |
Publish CentOS Stream 9 wheels for OpenStack CI mirrors.
parent: build-wheel-cache-centos-9-stream-arm64
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-debian-bullseye
description: |
Publish Debian bullseye wheels for OpenStack CI mirrors.
parent: build-wheel-cache-debian-bullseye
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-debian-bullseye-arm64
description: |
Publish Debian bullseye wheels for OpenStack CI mirrors.
parent: build-wheel-cache-debian-bullseye-arm64
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-debian-buster
description: |
Publish Debian buster wheels for OpenStack CI mirrors.
parent: build-wheel-cache-debian-buster
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-debian-buster-arm64
description: |
Publish Debian buster wheels for OpenStack CI mirrors.
parent: build-wheel-cache-debian-buster-arm64
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-ubuntu-jammy
parent: build-wheel-cache-ubuntu-jammy
description: |
Publish Ubuntu Jammy wheels for OpenStack CI mirrors.
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-ubuntu-jammy-arm64
parent: build-wheel-cache-ubuntu-jammy-arm64
description: |
Publish Ubuntu Jammy wheels for OpenStack CI mirrors.
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-ubuntu-focal
parent: build-wheel-cache-ubuntu-focal
description: |
Publish Ubuntu Focal wheels for OpenStack CI mirrors.
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-ubuntu-focal-arm64
parent: build-wheel-cache-ubuntu-focal-arm64
description: |
Publish Ubuntu Focal wheels for OpenStack CI mirrors.
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-ubuntu-bionic
parent: build-wheel-cache-ubuntu-bionic
description: |
Publish Ubuntu Bionic wheels for OpenStack CI mirrors.
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-ubuntu-bionic-arm64
parent: build-wheel-cache-ubuntu-bionic-arm64
description: |
Publish Ubuntu Bionic wheels for OpenStack CI mirrors.
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: publish-wheel-cache-ubuntu-xenial
parent: build-wheel-cache-ubuntu-xenial
description: |
Publish Ubuntu Xenial wheels for OpenStack CI mirrors.
pre-run: playbooks/openafs-client/setup.yaml
post-run: playbooks/publish/wheel-mirror.yaml
allowed-projects:
- openstack/requirements
final: true
secrets:
- name: afs
secret: wheel_keytab
- job:
name: release-wheel-cache
description: |
Release published wheels to OpenStack CI mirrors.
run: playbooks/wheel/release.yaml
nodeset:
nodes: []
# Build and publish jobs for the wheel mirror only run against
# master. Restrict the release job to master as well to avoid zuul
# config errors due to stable branches not being able to run their
# job depenendencies.
branches: master
secrets:
- name: afs
secret: afsadmin_keytab
- job:
name: check-release-approval
description: |
Checks that release requests were approved by PTL or release liaison.
This job is specific to the openstack/releases repository.
files:
- ^deliverables/.*$
allowed-projects:
- openstack/releases
required-projects:
- name: openstack/governance
run: playbooks/check-release-approval/run.yaml
final: true
timeout: 120
nodeset:
nodes: []
- job:
name: tag-releases
description: |
Tag projects for a release.
nodeset: ubuntu-focal
pre-run: playbooks/release/pre.yaml
run: playbooks/release/tag.yaml
post-run: playbooks/release/post.yaml
final: true
timeout: 7200
secrets:
- name: lp_creds
secret: lp_creds
- name: ssh_key
secret: release_ssh_key
- gpg_key
- job:
name: trigger-readthedocs-webhook
description: |
Trigger readthedocs to rebuild documentation
Note this job requires some external setup.
#. add the ``openstackci`` user as an admin to your RTD project
#. generate a webhook URL via the "Integrations" dashboard page
#. provide the ``id`` from that URL in a ``rtd_webhook_id`` variable
You probably do not want to use this job directly, but rather
include the `docs-on-readthedocs template
<https://docs.openstack.org/infra/openstack-zuul-jobs/project-templates.html#project_template-docs-on-readthedocs>`__
run: playbooks/publish/trigger-rtd.yaml
post-review: true
final: true
secrets:
- rtd_credentials
- job:
name: project-config-check-main-yaml
description: |
Check file zuul.d/main.yaml in project-config.
pre-run: playbooks/check-main-yaml/pre.yaml
run: playbooks/project-config/run-tox.yaml
post-run: playbooks/check-main-yaml/post.yaml
allowed-projects:
- openstack/project-config
final: true
vars:
tox_envlist: add-projects-to-main
files:
- zuul/main.yaml
- gerrit/projects.yaml
# Limit number of translation jobs accessing translation server since
# Zanata has problems with too many concurrent accesses.
- semaphore:
name: translations
max: 10
- job:
name: upstream-translation-update
parent: propose-updates
description: |
Push strings for translation to translation server.
roles:
- zuul: openstack/openstack-zuul-jobs
pre-run: playbooks/translation/pre.yaml
run: playbooks/translation/upstream-translation-update.yaml
post-run:
- playbooks/translation/post.yaml
- playbooks/translation/openstack-translation-artifacts.yaml
semaphores: translations
protected: true
vars:
constraints_file: '{{ ansible_user_dir }}/src/opendev.org/openstack/requirements/upper-constraints.txt'
required-projects:
- openstack/horizon
- openstack/requirements
# Zanata-cli needs Java 8 and will fail with newer Java, Bionic has Java 8
# This was tested with Zanata up to version 4.6.2 (current release in March 2019).
nodeset: ubuntu-bionic
secrets:
- zanata_api_credentials
- secret: afs_tarballs_opendev_org
name: afs
- job:
name: propose-translation-update
parent: propose-updates
description: |
Import translations from translation server to projects as
proposed change.
roles:
- zuul: openstack/openstack-zuul-jobs
pre-run: playbooks/translation/pre.yaml
run: playbooks/translation/propose-translation-update.yaml
post-run: playbooks/translation/post.yaml
vars:
constraints_file: '{{ ansible_user_dir }}/src/opendev.org/openstack/requirements/upper-constraints.txt'
semaphores: translations
protected: true
required-projects:
- openstack/horizon
- openstack/requirements
# Zanata-cli needs Java 8 and will fail with newer Java, Bionic has Java 8.
# This was tested with Zanata up to version 4.6.2 (current release in March 2019).
nodeset: ubuntu-bionic
secrets:
- zanata_api_credentials
- job:
name: project-config-bindep-fallback
abstract: true
description: |
Check installation of binary packages for file
nodepool/elements/bindep-fallback.txt.
run: playbooks/bindep-fallback/run.yaml
files:
- nodepool/elements/bindep-fallback.txt
- playbooks/bindep-fallback/run.yaml
- job:
name: project-config-bindep-fallback-centos-7
parent: project-config-bindep-fallback
description: |
Check installation of binary packages for file
nodepool/elements/bindep-fallback.txt.
The testing is done for CentOS 7.
nodeset: centos-7
- job:
name: project-config-bindep-fallback-opensuse-15
parent: project-config-bindep-fallback
description: |
Check installation of binary packages for file
nodepool/elements/bindep-fallback.txt.
The testing is done for openSUSE Leap 15.
nodeset: opensuse-15
- job:
name: project-config-bindep-fallback-ubuntu-xenial
parent: project-config-bindep-fallback
description: |
Check installation of binary packages for file
nodepool/elements/bindep-fallback.txt.
The testing is done for Ubuntu Xenial.
nodeset: ubuntu-xenial
- job:
name: openstack-multinode-fips
parent: multinode-fips
description: |
Multinode job with fips enabled and passing
the ubuntu_fips_token needed for UA subscription.
secrets:
- secret: openstack_ubuntu_fips
name: ubuntu_fips_token
pass-to-parent: true