ceph-source-dist: Support for ceph-release-pipeline

Again, the changes needed here are:
 - For a Release Build, we are building a tarball based off a
   version commit that has been created by the ceph-tag job
   then pushed to ceph-releases.git.  So instead of taking
   the BRANCH from an upstream Jenkins job, we're reading
   the version commit SHA1 from the sha1.txt file that ceph-tag
   wrote then checking /that/ out and building the tarball from it.
   So some var writing and reading was shuffled around.
 - We do not want this job to support checking out from ceph-private.git
   or ceph-releases.git directly.  Instead, if ceph-release-pipeline
   passed RELEASE_BUILD=true, only then can you clone from those private
   repos.  So we override CEPH_REPO and set chacra_url to the chacra
   instance that doesn't automatically prune repos (chacra.ceph.com).

Signed-off-by: David Galloway <david.galloway@ibm.com>

diff --git a/ceph-source-dist/build/Jenkinsfile b/ceph-source-dist/build/Jenkinsfile
index 6928918dbff02c557cdde7965438b4f234d1caf0..d31a33e0de2291bcc51318e307fa8c538b68a144 100644 (file)
--- a/ceph-source-dist/build/Jenkinsfile
+++ b/ceph-source-dist/build/Jenkinsfile
@@ -14,25 +14,35 @@ pipeline {
             } else {
               checkout_ref = env.BRANCH
             }
-          }
-          checkout scmGit(
-            branches: [[name: checkout_ref]],
-            userRemoteConfigs: [[
-              url: env.CEPH_REPO,
-              credentialsId: 'jenkins-build'
-            ]],
-            extensions: [
-              [$class: 'CleanBeforeCheckout'],
-              [
-                $class: 'CloneOption',
-                shallow: true,
-                depth:   100,
-                timeout: 90
-              ],
-            ],
-          )
-          script {
-            sh 'git fetch --tags https://github.com/ceph/ceph.git'
+
+            // Rewrite repo + ref if RELEASE_BUILD=true.
+            // RELEASE_BUILD is intentionally undefinable as a ceph-source-dist parameter but instead
+            // defined by ceph-release-pipeline so that only that job may clone from ceph-releases.git.
+            def repoUrl = params.RELEASE_BUILD ? 'git@github.com:ceph/ceph-releases.git' : env.CEPH_REPO
+            env.checkout_ref = params.RELEASE_BUILD ? "v${params.VERSION}" : env.BRANCH
+            env.CEPH_REPO = repoUrl
+
+            checkout scmGit(
+              branches: [[name: checkout_ref]],
+              userRemoteConfigs: [[
+                url: env.CEPH_REPO,
+                credentialsId: 'jenkins-build'
+              ]],
+              extensions: [
+                [$class: 'CleanBeforeCheckout'],
+                [
+                  $class: 'CloneOption',
+                  shallow: true,
+                  depth: 100,
+                  timeout: 90
+                ]
+              ]
+            )
+
+            // No need to fetch tags if this is a release build
+            if (!params.RELEASE_BUILD?.toBoolean()) {
+              sh 'git fetch --tags https://github.com/ceph/ceph.git'
+            }
           }
         }
       }
@@ -69,7 +79,24 @@ pipeline {
               ln ceph-$ceph_version_tarball.$extension dist/
 
               echo "SHA1=$(git rev-parse HEAD)" > dist/sha1
-              echo "BRANCH=${BRANCH}" > dist/branch
+
+              if [ "${RELEASE_BUILD:-}" = "true" ]; then
+                # For security, the following vars are written to dist/other_envvars to be passed
+                # to ceph-dev-pipeline instead of via parameters.
+                # ceph-dev-pipeline does not offer ceph-releases.git as an option for CEPH_REPO,
+                # and we don't want RELEASE_BUILD to be settable by the user to avoid being able
+                # clone from ceph-releases.git.
+                if [ "${RELEASE_TYPE}" = "PRIVATE" ]; then
+                  echo "CEPH_REPO=https://github.com/ceph/ceph-private" > dist/other_envvars
+                else
+                  echo "CEPH_REPO=https://github.com/ceph/ceph-releases" > dist/other_envvars
+                fi
+                echo "RELEASE_BUILD=true" >> dist/other_envvars
+                echo "chacra_url=https://chacra.ceph.com/" >> dist/other_envvars
+                echo "BRANCH=${BRANCH}-release" > dist/branch
+              else
+                echo "BRANCH=${BRANCH}" > dist/branch
+              fi
 
               mv dist ..
             '''