openstack/project-config
Code Issues Proposed changes
Files
7e896b57eb6e6f1be97df0841c897765d8c1f11d
project-config/zuul.d/pipelines.yaml
Thierry Carrez 7e896b57eb Add release-approval pipeline 
Define a release-approval pipeline to run the check-release-approval
job on every comment added to a release request, and set a
PTL-Approved label accordingly.

This may be considered a bit resource-intensive, however the
check-release-approval job is a fast python script that runs on
the executor, and only release requests shall go in this pipeline.
If this generates too much load, we could configure it to only run
when the comment posted contains a magic "signoff" keyword.

Another concern is that jobs other than check-release-approval would
be added to this pipeline. There does not seem to be a way in Zuul to
limit a pipeline to a specific job name or project.

Change-Id: Ieab04a4d6c02b216a59c12ec8599e7d91f4fffb1
2020-02-05 16:46:24 +01:00

373 lines
10 KiB
YAML
Raw Blame History

# Shared zuul config specific to the OpenStack Project
# Contains definitions of pipelines
- pipeline:
name: check
description: |
Newly uploaded patchsets enter this pipeline to receive an
initial +/-1 Verified vote.
success-message: Build succeeded (check pipeline).
failure-message: |
Build failed (check pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing
manager: independent
precedence: low
require:
gerrit:
open: True
current-patchset: True
trigger:
gerrit:
- event: patchset-created
- event: change-restored
- event: comment-added
comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*recheck
- event: comment-added
require-approval:
- Verified: [-1, -2]
username: zuul
approval:
- Workflow: 1
github:
- event: pull_request
action:
- opened
- changed
- reopened
- event: pull_request
action: comment
comment: (?i)^\s*recheck\s*$
start:
github:
status: pending
comment: false
success:
gerrit:
# Note that gerrit keywords are case-sensitive.
Verified: 1
github:
status: 'success'
mysql:
failure:
gerrit:
Verified: -1
github:
status: 'failure'
mysql:
- pipeline:
name: gate
description: |
Changes that have been approved by core reviewers are enqueued
in order in this pipeline, and if they pass tests, will be
merged. For documentation on how gating with Zuul works, please see
https://zuul-ci.org/docs/zuul/user/gating.html
success-message: Build succeeded (gate pipeline).
failure-message: |
Build failed (gate pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing
manager: dependent
precedence: normal
post-review: True
require:
gerrit:
open: True
current-patchset: True
approval:
- Verified: [1, 2]
username: zuul
- Workflow: 1
trigger:
gerrit:
- event: comment-added
approval:
- Workflow: 1
- event: comment-added
approval:
- Verified: 1
username: zuul
start:
gerrit:
Verified: 0
success:
gerrit:
Verified: 2
submit: true
mysql:
failure:
gerrit:
Verified: -2
mysql:
window-floor: 20
window-increase-factor: 2
- pipeline:
name: post
description: |
This pipeline runs jobs that operate after each change is
merged. Queue items are identified by the abbreviated hash (git
log --format=%h) of the merge commit.
manager: supercedent
precedence: high
post-review: True
trigger:
gerrit:
- event: ref-updated
ref: ^refs/heads/.*$
success:
mysql:
failure:
mysql:
- pipeline:
name: promote
description: |
This pipeline runs jobs that operate after each change is merged
in order to promote artifacts generated in the gate
pipeline.
success-message: Build succeeded (promote pipeline).
failure-message: |
Build failed (promote pipeline). For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing
manager: supercedent
precedence: high
post-review: True
trigger:
gerrit:
- event: change-merged
success:
gerrit: {}
mysql:
failure:
gerrit: {}
mysql:
- pipeline:
name: pre-release
description: When a commit is tagged with a pre-release tag, this pipeline runs jobs that publish archives and documentation.
manager: independent
precedence: high
post-review: True
trigger:
gerrit:
- event: ref-updated
ref: ^refs/tags/[0-9]+(\.[0-9]+)*(a|b|rc)[0-9]+$
success:
mysql:
failure:
smtp:
from: zuul@openstack.org
to: release-job-failures@lists.openstack.org
subject: 'Pre-release of {change.project} for ref {change.ref} failed'
mysql:
- pipeline:
name: release
description: When a commit is tagged as a release, this pipeline runs jobs that publish archives and documentation.
manager: independent
precedence: high
post-review: True
trigger:
gerrit:
- event: ref-updated
ref: ^refs/tags/[0-9]+(\.[0-9]+)*$
success:
mysql:
failure:
smtp:
from: zuul@openstack.org
to: release-job-failures@lists.openstack.org
subject: 'Release of {change.project} for ref {change.ref} failed'
mysql:
- pipeline:
name: periodic
post-review: true
description: Jobs in this queue are triggered on a timer.
manager: independent
precedence: low
trigger:
timer:
- time: '0 6 * * *'
success:
mysql:
failure:
mysql:
- pipeline:
name: release-approval
description: |
Newly-reviewed release requests enter this pipeline to check if the
current state can represent PTL or release liaison approval.
manager: independent
precedence: low
require:
gerrit:
open: True
current-patchset: True
trigger:
gerrit:
- event: comment-added
success:
gerrit:
PTL-Approved: 1
mysql:
failure:
gerrit:
PTL-Approved: 0
mysql:
- pipeline:
name: release-post
# NOTE(mordred): release-post needs access to credentials (eg: pypi).
post-review: true
description: This pipeline runs release-process-critical jobs that operate after specific changes are merged.
manager: independent
precedence: high
trigger:
gerrit:
- event: ref-updated
ref: ^refs/heads/.*$
success:
mysql:
failure:
mysql:
smtp:
from: zuul@openstack.org
to: release-job-failures@lists.openstack.org
subject: 'release-post job for {change.project} for ref {change.ref} failed'
- pipeline:
name: tag
post-review: true
description: This pipeline runs jobs in response to any tag event.
manager: independent
precedence: high
trigger:
gerrit:
- event: ref-updated
ref: ^refs/tags/.*$
success:
mysql:
failure:
mysql:
smtp:
from: zuul@openstack.org
to: release-job-failures@lists.openstack.org
subject: 'Tag of {change.project} for ref {change.ref} failed'
- pipeline:
name: periodic-stable
post-review: true
description: Periodic checks of the stable branches.
manager: independent
precedence: low
trigger:
timer:
- time: '1 6 * * *'
success:
mysql:
failure:
mysql:
smtp:
from: zuul@openstack.org
to: openstack-stable-maint@lists.openstack.org
subject: 'Stable check of {change.project} for ref {change.ref} failed'
- pipeline:
name: experimental
description: On-demand pipeline for requesting a run against a set of jobs that are not yet gating. Leave review comment of "check experimental" to run jobs in this pipeline.
success-message: Build succeeded (experimental pipeline).
failure-message: Build failed (experimental pipeline).
manager: independent
precedence: low
trigger:
gerrit:
- event: comment-added
comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*check experimental\s*$
success:
gerrit: {}
mysql:
failure:
gerrit: {}
mysql:
- pipeline:
name: merge-check
description: >
Each time a change merges, this pipeline verifies that all open changes
on the same project are still mergeable.
failure-message: Build failed (merge-check pipeline).
manager: independent
ignore-dependencies: true
precedence: low
trigger: {}
- pipeline:
name: third-party-check
description: |
Newly uploaded patchsets to projects that are external to OpenStack
enter this pipeline to receive an initial +/-1 Verified vote.
success-message: Build succeeded (third-party-check pipeline).
# TODO(mordred) We should write a document for non-OpenStack developers
failure-message: |
Build failed (third-party-check pipeline) integration testing with
OpenStack. For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing
manager: independent
precedence: low
trigger:
github:
- event: pull_request
action:
- opened
- changed
- reopened
- event: pull_request
action: comment
comment: (?i)^\s*recheck\s*$
start:
github:
status: pending
comment: false
success:
github:
status: 'success'
mysql:
failure:
github:
status: 'failure'
mysql:
# Don't report merge-failures to github
merge-failure:
mysql:
# NOTE(ianw) 2019-12 : since we have very limited ARM64 resources, we
# have a separate pipeline so ARM64 jobs can start and queue gerrit
# changes automatically but don't hold up the main check pipeline. Of
# course, if we have more resources we can remove this and move jobs
# back into the regular check/gate.
- pipeline:
name: check-arm64
description: Pipeline for ARM64 based jobs.
success-message: Build succeeded (ARM64 pipeline).
failure-message: Build failed (ARM64 pipeline).
manager: independent
precedence: low
require:
gerrit:
open: True
current-patchset: True
trigger:
gerrit:
- event: patchset-created
- event: change-restored
- event: comment-added
comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*recheck
success:
gerrit: {}
mysql:
failure:
gerrit: {}
mysql:
View Git Blame Copy Permalink