The main goal of this change is to allow us to release from a BRANCH-release branch from ceph.git. This will allow us to continue merging PRs into BRANCH while we build and push releases.
The job also now handles pushing the version commit and tags to ceph.git.
Signed-off-by: David Galloway <dgallowa@redhat.com>
# should be passed in the CLI like `--extra-vars "version=1.23.45 branch=master"`
version: 0-dev # e.g. 0.78
branch: master # any existing branch on Github
- release: stable # stable, development, or rc are valid options
+ release: STABLE # STABLE, RELEASE_CANDIDATE, HOTFIX, and SECURITY are valid options
tag_name: "v{{ version}}"
project: "ceph"
clean: true # if re-doing a deployment this deletes the remote branch in Jenkin's git repo
--- /dev/null
+---
+- name: ensure a clean clone
+ file:
+ path: ceph
+ state: absent
+
+- name: clone the ceph repository
+ git:
+ repo: https://github.com/ceph/ceph
+ dest: ceph
+ remote: upstream
+ accept_hostkey: yes
+ recursive: false
+
+- name: add releases repo
+ command: git remote add -f releases git@github.com:ceph/ceph-releases.git
+ args:
+ chdir: ceph
+ ignore_errors: yes
+
+- name: add security repo
+ command: git remote add -f security git@github.com:ceph/ceph-private.git
+ args:
+ chdir: ceph
+ ignore_errors: yes
+ when: "release == 'SECURITY'"
+
+- name: git fetch --all
+ command: git fetch --all
+ args:
+ chdir: ceph
+
+# REGULAR / RC
+# This assumes {{ branch }} is at the point where release is desired
+- name: "git checkout and reset {{ branch }}-release to {{ branch }} for REGULAR or RC release"
+ command: git checkout -f -B {{ branch }}-release upstream/{{ branch }}
+ args:
+ chdir: ceph
+ when:
+ - "release == 'STABLE' or release == 'RELEASE_CANDIDATE'"
+ - tag|bool is true
+
+- name: "git checkout previously existing tag for re-build"
+ command: git checkout -f v{{ version }}
+ args:
+ chdir: ceph
+ when:
+ - "release == 'STABLE' or release == 'RELEASE_CANDIDATE'"
+ - tag|bool is false
+ - throwaway|bool is false
+
+# HOTFIX
+# This assumes hotfix has already been pushed to {{ branch }}-release branch on github
+- name: "git checkout {{ branch }}-release for HOTFIX release"
+ command: git checkout {{ branch }}-release
+ args:
+ chdir: ceph
+ when: "release == 'HOTFIX'"
+
+# SECURITY
+- name: "git checkout security {{ branch }}-release branch"
+ command: git checkout -f -B {{ branch }}-release security/{{ branch }}-release
+ args:
+ chdir: ceph
+ ignore_errors: yes
+ when: "release == 'SECURITY'"
+
+- name: git submodule update
+ command: git submodule update --init
+ args:
+ chdir: ceph
+
+- name: check if CMakeLists.txt exists
+ stat:
+ path: ceph/CMakeLists.txt
+ register: cmake_lists
+
+- name: replace the version in CMakeLists.txt
+ lineinfile:
+ dest: ceph/CMakeLists.txt
+ regexp: '^ VERSION \d+\.\d+\.\d+$'
+ line: ' VERSION {{ version }}'
+ when:
+ - cmake_lists.stat.exists
+ - tag|bool is true
+
+- set_fact:
+ dch_release_type: rc
+ when: "release == 'RELEASE_CANDIDATE"
+
+- name: set the debian version
+ command: dch -v {{ version }}-1 -D {{ dch_release_type|default('stable') }} "New upstream release"
+ args:
+ chdir: ceph
+ environment:
+ DEBEMAIL: "{{ debemail }}"
+ DEBFULLNAME: "{{ debfullname }}"
+ when: tag|bool is true
+
+- name: commit the version changes
+ command: git commit -a -m "{{ version }}"
+ args:
+ chdir: ceph
+ when: tag|bool is true
+
+- name: tag the version
+ command: git tag -f "v{{ version }}" -m "v{{ version }}"
+ args:
+ chdir: ceph
+ when: tag|bool is true
+
+- name: push the version commit to ceph-releases.git
+ command: git push -f releases {{ branch }}
+ args:
+ chdir: ceph
+ when: tag|bool is true
+
+# the colon appended to the v{{ version }} tag removes the previous tag
+# https://git-scm.com/docs/git-push#Documentation/git-push.txt--d
+- name: clear the previous remote tag
+ command: git push releases :v{{ version }}
+ args:
+ chdir: ceph
+ ignore_errors: yes
+ when: tag|bool is true
+
+- name: push the tag to ceph-releases.git
+ command: git push releases v{{ version }}
+ args:
+ chdir: ceph
+ when: tag|bool is true
---
-
-- name: check if ceph repo exists
- stat: path='./ceph'
- register: 'ceph_repo'
-
-- name: clone the ceph repository
- git:
- repo: https://github.com/ceph/ceph
- remote: upstream
- dest: ceph
- accept_hostkey: yes
- when: ceph_repo.stat.exists is defined and ceph_repo.stat.exists == false
-
-- name: add origin
- command: git remote add origin git@github.com:ceph/ceph-releases.git chdir=ceph
- # because if the repo exists then it probably has the origin already in there
- ignore_errors: yes
-
-- name: reset --hard to upstream
- command: git reset --hard origin/{{ branch }} chdir=ceph
- ignore_errors: yes
- when: clean
-
-- name: force git checkout {{ branch }} branch
- command: git checkout -f {{ branch }} chdir=ceph
-
-- name: fetch upstream
- command: git fetch upstream -v chdir=ceph
-
-- name: git submodule update
- command: git submodule update --init chdir=ceph
-
-- name: check if configure.ac exists (pre-kraken)
- stat: path=ceph/configure.ac
- register: configure_ac
-
-- name: replace the version in configure.ac (pre-kraken)
- lineinfile: dest=ceph/configure.ac
- regexp='^AC_INIT\(\[ceph\],'
- line='AC_INIT([ceph], [{{ version }}], [ceph-devel@vger.kernel.org])'
- when: configure_ac.stat.exists
-
-- name: check if CMakeLists.txt exists
- stat: path=ceph/CMakeLists.txt
- register: cmake_lists
-
-- name: replace the version in CMakeLists.txt
- lineinfile: dest=ceph/CMakeLists.txt
- regexp='^ VERSION \d+\.\d+\.\d+$'
- line=' VERSION {{ version }}'
- when: cmake_lists.stat.exists
-
-- include: release/candidate.yml
- when: "release in ['candidate', 'rc']"
-
-- include: release/development.yml
- when: "release == 'development'"
-
-- include: release/stable.yml
- when: "release == 'stable'"
-
-- name: commit the version changes
- command: git commit -a -m "{{ version }}" chdir=ceph
-
-- name: clear the previous local tag
- command: git tag -d v{{ version }} chdir=ceph
- ignore_errors: yes
- when: clean
-
-- name: clear the previous remote tag
- command: git push origin :v{{ version }} chdir=ceph
- ignore_errors: yes
- when: clean
-
- # from script: /srv/ceph-build/tag_release.sh
-- name: tag the version
- # we used to sign releases like:
- # GNUPGHOME=~/build/gnupg.ceph-release
- # git tag -s "v{{ version }}" -u 17ED316D -m "v{{ version }}" chdir=ceph
- command: git tag "v{{ version }}" -m "v{{ version }}" chdir=ceph
-
- # 'origin' in this case is ceph-releases, since this is our fork/copy of the
- # official ceph repo it is ok to forcefully push "losing" changes. This may
- # come up if we need to re-do a release which means doing a fresh commit to
- # the debian changelog and rpm files and tagging.
-- name: force push changes to ceph-releases git repo
- command: git push -f origin {{ branch }} chdir=ceph
-
-- name: push the newly created tag
- command: git push origin v{{ version }} chdir=ceph
+- import_tasks: create.yml
+ when: "stage == 'create'"
+
+- import_tasks: push.yml
+ when:
+ - "stage == 'push'"
+ - "release != 'SECURITY'"
+ - tag|bool is true
--- /dev/null
+---
+# Note: None of this will get run when "release == 'SECURITY'"
+# We want to make sure packages get pulled, signed, and pushed before publicly
+# pushing the security fix. Pushing tags will be done manually by a human.
+
+# the colon appended to the v{{ version }} tag removes the previous tag
+# https://git-scm.com/docs/git-push#Documentation/git-push.txt--d
+- name: clear the previous remote tag
+ command: git push origin :v{{ version }}
+ args:
+ chdir: ceph
+ ignore_errors: yes
+ when: tag|bool is true
+
+- name: clone the ceph repository
+ git:
+ repo: https://github.com/ceph/ceph
+ dest: ceph
+ remote: upstream
+ accept_hostkey: yes
+ recursive: no
+
+- name: add releases repo
+ command: git remote add -f releases git@github.com:ceph/ceph-releases.git
+ args:
+ chdir: ceph
+ ignore_errors: yes
+
+- name: git fetch --all
+ command: git fetch --all
+ args:
+ chdir: ceph
+
+- name: "git checkout the version commit from ceph-releases"
+ command: git checkout -f -B {{ branch }}-release releases/{{ branch }}-release
+ args:
+ chdir: ceph
+
+- name: push version commit to BRANCH-release branch
+ command: git push upstream {{ branch }}-release
+ args:
+ chdir: ceph
+
+- name: "git checkout {{ branch }}"
+ command: git checkout {{ branch }}
+ args:
+ chdir: ceph
+
+# In case any commits got pushed to {{ branch }} while we were building
+- name: "merge {{ branch }}-release changes back into {{ branch }}"
+ command: git merge {{ branch }}-release
+ args:
+ chdir: ceph
+
+- name: "push version commit to {{ branch }}"
+ command: git push upstream {{ branch }}
+ args:
+ chdir: ceph
+
+- name: push the newly created tag
+ command: git push upstream v{{ version }}
+ args:
+ chdir: ceph
cd $WORKSPACE
+mv ceph-build/ansible/ceph/dist .
+rm -rf ceph-build
+
BPTAG=`get_bptag $DIST`
chacra_ref="$BRANCH"
$SUDO yum install -y redhat-lsb-core
+mv ceph-build/ansible/ceph/dist .
+rm -rf ceph-build
+
# unpack the tar.gz that contains the debian dir
cd dist
tar xzf *.orig.tar.gz
rm -rf release
- copyartifact:
project: ceph-setup
- filter: 'dist/**'
+ filter: 'ceph-build/ansible/ceph/dist/**'
which-build: multijob-build
- inject:
- properties-file: ${WORKSPACE}/dist/sha1
+ properties-file: ${WORKSPACE}/ceph-build/ansible/ceph/dist/sha1
- inject:
- properties-file: ${WORKSPACE}/dist/other_envvars
+ properties-file: ${WORKSPACE}/ceph-build/ansible/ceph/dist/other_envvars
# debian build scripts
- shell:
!include-raw:
#!/bin/bash -ex
+cd $WORKSPACE/ceph-build/ansible/ceph
+
HOST=$(hostname --short)
echo "Building on ${HOST}"
echo " DIST=${DIST}"
echo " WS=$WORKSPACE"
echo " PWD=$(pwd)"
echo " BRANCH=$BRANCH"
-echo " SHA1=$GIT_COMMIT"
+echo " SHA1=$(git rev-parse HEAD)"
if [ -x "$BRANCH" ] ; then
echo "No git branch was supplied"
# which calls `aclocal -I m4 --install` that copies a system version of
# ltsugar.m4 that can be different from the one included in the ceph source
# tree.
-if git diff --quiet ; then
+if git diff --quiet; then
echo repository is clean
else
echo
mv release/version dist/.
cat > dist/sha1 << EOF
-SHA1=${GIT_COMMIT}
+SHA1=$(git rev-parse HEAD)
EOF
# CEPH_EXTRA_{CONFIGURE,RPMBUILD}_ARGS are consumed by ceph-build before
--- /dev/null
+#!/bin/bash
+
+set -ex
+
+# the following two methods exist in scripts/build_utils.sh
+pkgs=( "ansible" )
+TEMPVENV=$(create_venv_dir)
+VENV=${TEMPVENV}/bin
+install_python_packages $TEMPVENV "pkgs[@]"
+
+# remove "-release" from $BRANCH variable in case it was accidentally passed in the Jenkins UI
+BRANCH=${BRANCH//-release/}
+
+# run ansible to do all the tagging and release specifying
+# a local connection and 'localhost' as the host where to execute
+cd "$WORKSPACE/ceph-build/ansible/"
+$VENV/ansible-playbook -i "localhost," -c local release.yml -vvv --extra-vars="stage=create version=$VERSION branch=$BRANCH force_version=$FORCE_VERSION release=$RELEASE_TYPE tag=$TAG throwaway=$THROWAWAY project=ceph"
- job:
name: ceph-setup
- description: "This job step checks out the branch and builds the tarballs, diffs, and dsc that are passed to the ceph-build step.\r\n\r\nNotes:\r\nJob needs to run on a releatively recent debian system. The Restrict where run feature is used to specifiy an appropriate label.\r\nThe clear workspace before checkout box for the git plugin is used."
+ description: "This job:\r\n- Creates the version commit\r\n- Checks out the branch and builds the tarballs, diffs, and dsc that are passed to the ceph-build step.\r\n\r\nNotes:\r\nJob needs to run on a releatively recent debian system. The Restrict where run feature is used to specifiy an appropriate label.\r\nThe clear workspace before checkout box for the git plugin is used."
node: huge && bionic && x86_64
display-name: 'ceph-setup'
block-downstream: false
- github:
url: https://github.com/ceph/ceph
- copyartifact:
- projects: ceph-build
+ projects: ceph-build,ceph-tag,ceph
parameters:
- string:
scm:
- git:
- url: git@github.com:ceph/ceph-releases.git
- # Use the SSH key attached to the ceph-jenkins GitHub account.
+ url: https://github.com/ceph/ceph-build.git
credentials-id: 'jenkins-build'
- # not really a branch, this builds the TAG that was previously
- # created by the ceph-tag job which concatenates 'v' + $VERSION
- branches:
- - v$VERSION
+ browser: auto
+ timeout: 20
skip-tag: true
wipe-workspace: true
+ basedir: "ceph-build"
+ branches:
+ - origin/master
builders:
- shell:
- !include-raw: ../../build/build
-
+ !include-raw:
+ - ../../../scripts/build_utils.sh
+ - ../../build/create_tag
+ - ../../build/build
publishers:
- archive:
- artifacts: 'dist/**'
+ artifacts: 'ceph-build/ansible/ceph/dist/**'
allow-empty: false
latest-only: false
- text:
credential-id: shaman-api-key
variable: SHAMAN_API_KEY
+ - ssh-agent-credentials:
+ # "jenkins-build" SSH key, needed so we can push/pull to/from private repos
+ user: 'jenkins-build'
if [ "$TAG" = false ] ; then
echo "Assuming tagging process has succeeded before because TAG was set to false"
- exit 0
+else
+ # the following two methods exist in scripts/build_utils.sh
+ pkgs=( "ansible" )
+ TEMPVENV=$(create_venv_dir)
+ VENV=${TEMPVENV}/bin
+ install_python_packages $TEMPVENV "pkgs[@]"
+
+ # remove "-release" from $BRANCH variable in case it was accidentally passed in the Jenkins UI
+ BRANCH=${BRANCH//-release/}
+
+ # run ansible to do all the tagging and release specifying
+ # a local connection and 'localhost' as the host where to execute
+ cd "$WORKSPACE/ceph-build/ansible/"
+ $VENV/ansible-playbook -i "localhost," -c local release.yml --extra-vars="stage=push version=$VERSION branch=$BRANCH force_version=$FORCE_VERSION release=$RELEASE_TYPE tag=$TAG project=ceph"
fi
-
-# the following two methods exist in scripts/build_utils.sh
-pkgs=( "ansible" )
-TEMPVENV=$(create_venv_dir)
-VENV=${TEMPVENV}/bin
-install_python_packages $TEMPVENV "pkgs[@]"
-
-# run ansible to do all the tagging and release specifying
-# a local connection and 'localhost' as the host where to execute
-cd "$WORKSPACE/ceph-build/ansible/"
-$VENV/ansible-playbook -i "localhost," -c local release.yml --extra-vars="version=$VERSION branch=$BRANCH force_version=$FORCE_VERSION release=stable clean=true project=ceph"
-- scm:
- name: ceph-build
- scm:
- - git:
- url: https://github.com/ceph/ceph-build.git
- browser: auto
- timeout: 20
- skip-tag: true
- wipe-workspace: true
- basedir: "ceph-build"
- branches:
- - origin/master
-
- job:
name: ceph-tag
- node: trusty
- description: "This job clones from upstream Ceph, sets the right version from the tag and pushes changes to ceph-releases"
+ node: bionic
+ description: "This job checks out the version commit previously pushed to ceph-releases.git and pushes it to ceph.git."
display-name: 'ceph-tag'
block-downstream: false
block-upstream: false
parameters:
- string:
name: BRANCH
- description: "The git branch (or tag) to build"
+ description: "The git BRANCH to build (e.g., pacific)"
+ default: master
+
+ - bool:
+ name: TAG
+ description: "When this is checked, Jenkins will remove the previous private tag and recreate it again, changing the control files and committing again. When this is unchecked, Jenkins will not do any commit or tag operations. If you've already created the private tag separately, then leave this unchecked.
+Defaults to checked."
+ default: true
+
+ - bool:
+ name: THROWAWAY
+ description: "
+Default: False. When True it will not POST binaries to chacra. Artifacts will not be around for long. Useful to test builds."
+ default: false
+
- string:
name: VERSION
description: "The version for release, e.g. 0.94.4"
+
+ - choice:
+ name: RELEASE_TYPE
+ description: "
+STABLE: A normal release. Builds from BRANCH branch and pushed to BRANCH-release branch.
+RELEASE_CANDIDATE: A normal release except the binaries will be pushed to chacra using the $BRANCH-rc name
+HOTFIX: Builds from BRANCH-release branch. BRANCH-release will be git merged back into BRANCH.
+SECURITY: Builds from BRANCH-release branch in ceph-private.git (private repo)."
+ choices:
+ - STABLE
+ - RELEASE_CANDIDATE
+ - HOTFIX
+ - SECURITY
scm:
- - ceph-build
+ - git:
+ url: https://github.com/ceph/ceph-build.git
+ browser: auto
+ timeout: 20
+ skip-tag: true
+ wipe-workspace: true
+ basedir: "ceph-build"
+ branches:
+ - origin/master
+
builders:
- shell:
global: true
mask-password-params: true
- ssh-agent-credentials:
- # "jenkins-build" SSH key, needed so we can push to
- # ceph-deploy.git
+ # "jenkins-build" SSH key, needed so we can push/pull to/from private repos
user: 'jenkins-build'
+ - credentials-binding:
+ - username-password-separated:
+ credential-id: 8cffdeb4-283c-4d96-a190-05d5645bcc2f
+ username: GITHUB_USER
+ password: GITHUB_TOKEN
parameters:
- string:
name: BRANCH
- description: "The git branch (or tag) to build"
+ description: "The git BRANCH to build (e.g., pacific)"
default: master
- bool:
If this is unchecked, then then nothing is built or pushed if they already exist in chacra. This is the default.
If this is checked, then the binaries will be built and pushed to chacra even if they already exist in chacra."
+
- string:
name: VERSION
description: "The version for release, e.g. 0.94.4"
- - bool:
- name: RC
+ - choice:
+ name: RELEASE_TYPE
description: "
-If this is checked, binaries will be pushed to chacra using the $BRANCH-rc name, for release candidate binaries.
-
-Defaults to un-checked"
- default: false
+STABLE: A normal release. Builds from BRANCH branch and pushed to BRANCH-release branch.
+RELEASE_CANDIDATE: A normal release except the binaries will be pushed to chacra using the $BRANCH-rc name
+HOTFIX: Builds from BRANCH-release branch. BRANCH-release will be git merged back into BRANCH.
+SECURITY: Builds from BRANCH-release branch in ceph-private.git (private repo)."
+ choices:
+ - STABLE
+ - RELEASE_CANDIDATE
+ - HOTFIX
+ - SECURITY
- string:
name: CEPH_BUILD_VIRTUALENV
builders:
- multijob:
- name: 'ceph tag phase'
+ name: 'ceph setup phase'
condition: SUCCESSFUL
projects:
- - name: ceph-tag
+ - name: ceph-setup
current-parameters: true
exposed-scm: false
+ - copyartifact:
+ project: ceph-setup
+ filter: ceph-build/ansible/ceph/dist/sha1
+ which-build: multijob-build
+ - inject:
+ properties-file: ${WORKSPACE}/ceph-build/ansible/ceph/dist/sha1
- multijob:
- name: 'ceph setup phase'
+ name: 'ceph build phase'
condition: SUCCESSFUL
projects:
- - name: ceph-setup
+ - name: ceph-build
current-parameters: true
exposed-scm: false
- multijob:
- name: 'ceph build phase'
+ name: 'ceph tag phase'
condition: SUCCESSFUL
projects:
- - name: ceph-build
+ - name: ceph-tag
current-parameters: true
exposed-scm: false
- inject-passwords:
global: true
mask-password-params: true
+ - build-name:
+ name: "#${BUILD_NUMBER} ${BRANCH}, ${SHA1}"
projects / ceph-build.git / commitdiff