From 281f85941f8986f86bc717a4fde8bde3d8812be5 Mon Sep 17 00:00:00 2001 From: Nick Owens Date: Wed, 11 May 2016 20:31:47 -0700 Subject: [PATCH] initial import of public jenkins jobs --- contrib/jenkins/README.md | 72 ++++++ contrib/jenkins/install.sh | 24 ++ .../jenkins/jobs/os-board-image/config.xml | 179 +++++++++++++++ .../jenkins/jobs/os-board-packages/config.xml | 156 +++++++++++++ .../jobs/os-board-vm-matrix/config.xml | 132 +++++++++++ contrib/jenkins/jobs/os-board-vm/config.xml | 209 +++++++++++++++++ contrib/jenkins/jobs/os-kola-qemu/config.xml | 152 +++++++++++++ contrib/jenkins/jobs/os-manifest/config.xml | 214 ++++++++++++++++++ contrib/jenkins/jobs/os-mantle/config.xml | 75 ++++++ contrib/jenkins/jobs/os-sdk/config.xml | 134 +++++++++++ contrib/jenkins/jobs/os-toolchains/config.xml | 162 +++++++++++++ .../jobs/os-watch-coreos-overlay/config.xml | 125 ++++++++++ .../jobs/os-watch-portage-stable/config.xml | 125 ++++++++++ .../jenkins/jobs/os-watch-scripts/config.xml | 125 ++++++++++ 14 files changed, 1884 insertions(+) create mode 100644 contrib/jenkins/README.md create mode 100755 contrib/jenkins/install.sh create mode 100644 contrib/jenkins/jobs/os-board-image/config.xml create mode 100644 contrib/jenkins/jobs/os-board-packages/config.xml create mode 100644 contrib/jenkins/jobs/os-board-vm-matrix/config.xml create mode 100644 contrib/jenkins/jobs/os-board-vm/config.xml create mode 100644 contrib/jenkins/jobs/os-kola-qemu/config.xml create mode 100644 contrib/jenkins/jobs/os-manifest/config.xml create mode 100644 contrib/jenkins/jobs/os-mantle/config.xml create mode 100644 contrib/jenkins/jobs/os-sdk/config.xml create mode 100644 contrib/jenkins/jobs/os-toolchains/config.xml create mode 100644 contrib/jenkins/jobs/os-watch-coreos-overlay/config.xml create mode 100644 contrib/jenkins/jobs/os-watch-portage-stable/config.xml create mode 100644 contrib/jenkins/jobs/os-watch-scripts/config.xml diff --git a/contrib/jenkins/README.md b/contrib/jenkins/README.md new file mode 100644 index 0000000000..04d87c077a --- /dev/null +++ b/contrib/jenkins/README.md @@ -0,0 +1,72 @@ +# CoreOS Jenkins build system + +## Requirements + +### Storage Requirements + +CoreOS manifests are managed using git and repo, so a git server must be available to host these. An additional git repo is used by the `os-manifest` job to store a temporary manifest commit that is passed through to downstream jobs. + +The jobs also require google storage buckets for storing build artifacts such as binary packages and CoreOS images. + +### Jenkins Requirements + +The jobs use a number of Jenkins plugins during jobs. These are: + +- [Git](https://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin) +- [Rebuilder](https://wiki.jenkins-ci.org/display/JENKINS/Rebuild+Plugin) +- [Parameterized Trigger](https://wiki.jenkins-ci.org/display/JENKINS/Parameterized+Trigger+Plugin) +- [Copy Artifact](https://wiki.jenkins-ci.org/display/JENKINS/Copy+Artifact+Plugin) +- [SSH Agent](https://wiki.jenkins-ci.org/display/JENKINS/SSH+Agent+Plugin) +- [Job Restrictions](https://wiki.jenkins-ci.org/display/JENKINS/Job+Restrictions+Plugin) +- [Credentials Binding](https://wiki.jenkins-ci.org/display/JENKINS/Credentials+Binding+Plugin) +- [TAP](https://wiki.jenkins-ci.org/display/JENKINS/TAP+Plugin) - for collecting test results from kola +- [Matrix Project](https://wiki.jenkins-ci.org/display/JENKINS/Matrix+Project+Plugin) + +### Slave Requirements + +The Jenkins jobs assume that each build slave is running CoreOS. The scripts that execute as part of the jobs use a number of tools present in CoreOS. Different host operating systems are untested. + +All jobs assume that the Jenkins user on the slaves have `sudo` access, which is used by the `cork` tool. + +The Jenkins slave used to execute the `os-kola-qemu` job must be run on a host that has KVM, so this slave cannot be in a VM unless it is using nested KVM, which is untested. + +Most jobs use the slave label `coreos` to execute on a CoreOS system, so at least one slave (or the master) is required with this label. The `os-kola-qemu` job requires a slave with the `coreos` *and* `kvm` label. + +### Secret Requirements + +Some secrets are required for the various things done during the build: + +- Slave SSH keys (if Jenkins slaves are used) +- git ssh key for manifest-build pushes from `os-manifest` +- google storage api key for artifact uploads and downloads + +## Setup + +### Running Jenkins + +If you have no Jenkins instance, you can run one in a [Docker container](https://hub.docker.com/_/jenkins/) on CoreOS: + +```sh +docker run -p 8080:8080 -p 50000:50000 jenkins +``` + +To create a slave, you will need to run CoreOS and either give Jenkins Oracle.com credentials to automatically install the JDK, or copy a JDK tarball to the CoreOS system and set `$JAVA_HOME` in the slave settings. + +### Install plugins and jobs + +Jenkins jobs in XML format are available in the [`jobs`](jobs) directory. A script called [`install.sh`](install.sh) is provided to copy jobs and install Jenkins plugins. The script will restart Jenkins as required by some plugins. + +For example, if the Jenkins instance is at `http://127.0.0.1:8080`: + +```sh +./install.sh http://127.0.0.1:8080 +``` + +### Configuring CoreOS jobs + +Some jobs will require modification to work correctly in any setup outside CoreOS. + +- `os-manifest` will need the git url for the `manifest-builds` repo. You will also need to configure the correct SSH secret for git pushes. +- Any job using google storage will need `GOOGLE_APPLICATION_CREDENTIALS` configured, which points to a [JSON Service Account key](https://cloud.google.com/storage/docs/authentication). Additionally, these jobs will need to point to your specific google storage buckets. +- Any job signing artifacts will need `GPG_SECRET_KEY_FILE`, which is a GPG private key used to sign built artifacts. + diff --git a/contrib/jenkins/install.sh b/contrib/jenkins/install.sh new file mode 100755 index 0000000000..e02c3acf8c --- /dev/null +++ b/contrib/jenkins/install.sh @@ -0,0 +1,24 @@ +#!/bin/sh -e + +if [ -z $1 ]; then + echo "Pass Jenkins URL" + exit 1 +fi + +JENKINS_URL=$1 + +for PLUGIN in git github rebuild parameterized-trigger copyartifact ssh-agent job-restrictions credentials-binding tap matrix-project; do + echo "Installing $PLUGIN..." + curl --silent --header "Content-Type: application/xml" -XPOST "$JENKINS_URL/pluginManager/installNecessaryPlugins" --data "" >/dev/null +done + +for JOB in $(find jobs/ -mindepth 1 -maxdepth 1 -type d); do + J=$(basename $JOB) + echo "Creating job $J..." + curl --silent --header "Content-Type: application/xml" -XPOST "$JENKINS_URL/createItem?name=$J" --data-binary "@$JOB/config.xml" >/dev/null +done + +curl -XPOST $JENKINS_URL/updateCenter/safeRestart + +echo "Visit $JENKINS_URL/updateCenter and wait for Jenkins to restart." + diff --git a/contrib/jenkins/jobs/os-board-image/config.xml b/contrib/jenkins/jobs/os-board-image/config.xml new file mode 100644 index 0000000000..2f3642cc23 --- /dev/null +++ b/contrib/jenkins/jobs/os-board-image/config.xml @@ -0,0 +1,179 @@ + + + + + + 30 + 50 + -1 + -1 + + false + + + + + BOARD + Target board to build + + + amd64-usr + arm64-usr + + + + + MANIFEST_URL + + https://github.com/coreos/manifest-builds.git + + + MANIFEST_REF + + refs/tags/ + + + MANIFEST_NAME + + release.xml + + + COREOS_OFFICIAL + + + + 0 + 1 + + + + + + + false + false + + + + coreos + false + false + false + false + + true + + + os-mantle + + + + + false + + + #!/bin/bash -ex + +# build may not be started without a ref value +[[ -n "${MANIFEST_REF#refs/tags/}" ]] + +# first thing, clear out old images +sudo rm -rf src/build + +script() { + local script="/mnt/host/source/src/scripts/${1}"; shift + ./bin/cork enter --experimental -- "${script}" "$@" +} + +./bin/cork update --create --downgrade-replace --verify --verbose \ + --manifest-url "${MANIFEST_URL}" \ + --manifest-branch "${MANIFEST_REF}" \ + --manifest-name "${MANIFEST_NAME}" + +source .repo/manifests/version.txt +export COREOS_BUILD_ID + +# Set up GPG for signing images +export GNUPGHOME="${PWD}/.gnupg" +rm -rf "${GNUPGHOME}" +trap "rm -rf '${GNUPGHOME}'" EXIT +mkdir --mode=0700 "${GNUPGHOME}" +gpg --import "${GPG_SECRET_KEY_FILE}" + +script setup_board --board=${BOARD} \ + --getbinpkgver="${COREOS_VERSION}" \ + --regen_configs_only + +if [[ "${COREOS_OFFICIAL}" -eq 1 ]]; then + GROUP=stable + UPLOAD=gs://builds.release.core-os.net/stable + script set_official --board=${BOARD} --official +else + GROUP=developer + UPLOAD=gs://builds.developer.core-os.net + script set_official --board=${BOARD} --noofficial +fi + +script build_image --board=${BOARD} \ + --group=${GROUP} \ + --getbinpkg \ + --getbinpkgver="${COREOS_VERSION}" \ + --sign=buildbot@coreos.com \ + --sign_digests=buildbot@coreos.com \ + --upload_root=${UPLOAD} \ + --upload prod container + +if [[ "${COREOS_OFFICIAL}" -eq 1 ]]; then + script image_set_group --board=${BOARD} \ + --group=alpha \ + --sign=buildbot@coreos.com \ + --sign_digests=buildbot@coreos.com \ + --upload_root=gs://builds.release.core-os.net/alpha \ + --upload + script image_set_group --board=${BOARD} \ + --group=beta \ + --sign=buildbot@coreos.com \ + --sign_digests=buildbot@coreos.com \ + --upload_root=gs://builds.release.core-os.net/beta \ + --upload +fi + + + + + false + + + chroot/build/${BOARD}/var/lib/portage/pkgs/*/*.tbz2,chroot/var/lib/portage/pkgs/*/*.tbz2,src/build/images/${BOARD}/latest/* + + + + + + + + BOARD=="${BOARD}" + + + os-board-vm-matrix,os-kola-qemu + UNSTABLE_OR_BETTER + false + + + + + + + + + 9de82aed-ae50-4233-989f-d454b0449b96 + GOOGLE_APPLICATION_CREDENTIALS + + + 12e071a3-694f-40e8-8595-489236d943cc + GPG_SECRET_KEY_FILE + + + + + diff --git a/contrib/jenkins/jobs/os-board-packages/config.xml b/contrib/jenkins/jobs/os-board-packages/config.xml new file mode 100644 index 0000000000..98c72718b5 --- /dev/null +++ b/contrib/jenkins/jobs/os-board-packages/config.xml @@ -0,0 +1,156 @@ + + + + Build binary packages for a target board. + + 30 + 50 + -1 + -1 + + false + + + + + BOARD + Target board to build + + + amd64-usr + arm64-usr + + + + + MANIFEST_URL + + https://github.com/coreos/manifest-builds.git + + + MANIFEST_REF + + refs/tags/ + + + MANIFEST_NAME + + release.xml + + + COREOS_OFFICIAL + + + + 0 + 1 + + + + + + + false + false + + + + coreos + false + false + false + false + + true + + + os-mantle + + + + + true + UseGlobalSetting + true + + false + + + #!/bin/bash -ex + +# build may not be started without a ref value +[[ -n "${MANIFEST_REF#refs/tags/}" ]] + +# use a ccache dir that persists across sdk recreations +# XXX: alternatively use a ccache dir that is usable by all jobs on a given node. +mkdir -p .cache/ccache + +enter() { + ./bin/cork enter --experimental -- env \ + CCACHE_DIR="/mnt/host/source/.cache/ccache" \ + CCACHE_MAXSIZE="5G" "$@" +} + +script() { + local script="/mnt/host/source/src/scripts/${1}"; shift + enter "${script}" "$@" +} + +./bin/cork update --create --downgrade-replace --verify --verbose \ + --manifest-url "${MANIFEST_URL}" \ + --manifest-branch "${MANIFEST_REF}" \ + --manifest-name "${MANIFEST_NAME}" + +source .repo/manifests/version.txt +export COREOS_BUILD_ID + +# figure out if ccache is doing us any good in this scheme +enter ccache --zero-stats + +script update_chroot --toolchain_boards=${BOARD} +if [[ "${COREOS_OFFICIAL:-0}" -eq 1 ]]; then + script setup_board --board=${BOARD} \ + --skip_chroot_upgrade \ + --toolchainpkgonly \ + --force +fi +script build_packages --board=${BOARD} \ + --skip_chroot_upgrade \ + --getbinpkgver=${COREOS_VERSION} \ + --toolchainpkgonly \ + --upload --upload_root gs://builds.developer.core-os.net + +enter ccache --show-stats + + + + + false + + + chroot/build/${BOARD}/var/lib/portage/pkgs/*/*.tbz2,chroot/var/lib/portage/pkgs/*/*.tbz2 + + + + + + + + os-board-image + UNSTABLE_OR_BETTER + false + + + + + + + + + 9de82aed-ae50-4233-989f-d454b0449b96 + GOOGLE_APPLICATION_CREDENTIALS + + + + + diff --git a/contrib/jenkins/jobs/os-board-vm-matrix/config.xml b/contrib/jenkins/jobs/os-board-vm-matrix/config.xml new file mode 100644 index 0000000000..8d50222502 --- /dev/null +++ b/contrib/jenkins/jobs/os-board-vm-matrix/config.xml @@ -0,0 +1,132 @@ + + + + Shim of a job to build all production VM variants. This is independent from os-board-vm because I'm still figuring this stuff out + + 30 + 50 + -1 + -1 + + false + + + + + MANIFEST_URL + + https://github.com/coreos/manifest-builds.git + + + MANIFEST_REF + + refs/tags/ + + + MANIFEST_NAME + + release.xml + + + COREOS_OFFICIAL + + + + 0 + 1 + + + + + + + false + false + + + + true + false + false + false + + true + + + FORMAT + + qemu + qemu_uefi + ami + ami_vmdk + pxe + iso + openstack + rackspace + rackspace_onmetal + rackspace_vhd + vagrant + vagrant_vmware_fusion + virtualbox + vmware + vmware_ova + vmware_insecure + xen + gce + brightbox + cloudstack + cloudstack_vhd + digitalocean + exoscale + azure + hyperv + niftycloud + cloudsigma + packet + interoute + + + + GROUP + + developer + alpha + beta + stable + + + + BOARD + + amd64-usr + arm64-usr + + + + (BOARD == "amd64-usr" || ( BOARD == "arm64-usr" && (FORMAT == "qemu_uefi" || FORMAT == "pxe") )) && ((COREOS_OFFICIAL == "0" && GROUP == "developer") || (COREOS_OFFICIAL == "1" && GROUP != "developer")) + + + + + + + + FORMAT=${FORMAT} +GROUP=${GROUP} +BOARD=${BOARD} + + + os-board-vm + ALWAYS + false + false + + + + + + + + false + + diff --git a/contrib/jenkins/jobs/os-board-vm/config.xml b/contrib/jenkins/jobs/os-board-vm/config.xml new file mode 100644 index 0000000000..2ccc1d5e7f --- /dev/null +++ b/contrib/jenkins/jobs/os-board-vm/config.xml @@ -0,0 +1,209 @@ + + + + + + 30 + 50 + -1 + -1 + + false + + + + + BOARD + Target board to build + + + amd64-usr + arm64-usr + + + + + GROUP + Update group the image should use + + + developer + alpha + beta + stable + + + + + FORMAT + VM platform or image type to generate. + + + qemu + qemu_uefi + ami + ami_vmdk + pxe + iso + openstack + qemu_uefi + rackspace + rackspace_onmetal + rackspace_vhd + vagrant + vagrant_vmware_fusion + virtualbox + vmware + vmware_ova + vmware_insecure + xen + gce + brightbox + cloudstack + cloudstack_vhd + digitalocean + exoscale + azure + hyperv + niftycloud + cloudsigma + packet + interoute + + + + + MANIFEST_URL + + https://github.com/coreos/manifest-builds.git + + + MANIFEST_REF + + refs/tags/ + + + MANIFEST_NAME + + release.xml + + + COREOS_OFFICIAL + + + + 0 + 1 + + + + + + + false + false + + + + + coreos + false + false + false + false + + true + + + os-mantle + + + + + false + + + #!/bin/bash -ex + +# build may not be started without a ref value +[[ -n "${MANIFEST_REF#refs/tags/}" ]] + +# check that the matrix didn't go bananas +if [[ "${COREOS_OFFICIAL}" -eq 1 ]]; then + [[ "${GROUP}" != developer ]] +else + [[ "${GROUP}" == developer ]] +fi + +script() { + local script="/mnt/host/source/src/scripts/${1}"; shift + ./bin/cork enter --experimental -- "${script}" "$@" +} + +enter() { + ./bin/cork enter --experimental -- "$@" +} + +./bin/cork update --create --downgrade-replace --verify --verbose \ + --manifest-url "${MANIFEST_URL}" \ + --manifest-branch "${MANIFEST_REF}" \ + --manifest-name "${MANIFEST_NAME}" + +source .repo/manifests/version.txt +export COREOS_BUILD_ID + +# Set up GPG for signing images +export GNUPGHOME="${PWD}/.gnupg" +rm -rf "${GNUPGHOME}" +trap "rm -rf '${GNUPGHOME}'" EXIT +mkdir --mode=0700 "${GNUPGHOME}" +gpg --import "${GPG_SECRET_KEY_FILE}" + +if [[ "${GROUP}" == developer ]]; then + root="gs://builds.developer.core-os.net" + dlroot="" +else + root="gs://builds.release.core-os.net/${GROUP}" + dlroot="--download_root https://${GROUP}.release.core-os.net" +fi + +mkdir -p tmp +./bin/cork download-image --root="${root}/boards/${BOARD}/${COREOS_VERSION}" \ + --json-key="${GOOGLE_APPLICATION_CREDENTIALS}" \ + --cache-dir=./tmp \ + --platform=qemu +enter lbunzip2 -k -f /mnt/host/source/tmp/coreos_production_image.bin.bz2 + +script image_to_vm.sh --board=${BOARD} \ + --format=${FORMAT} \ + --prod_image \ + --getbinpkg \ + --getbinpkgver=${COREOS_VERSION} \ + --from=/mnt/host/source/tmp/ \ + --to=/mnt/host/source/tmp/ \ + --sign=buildbot@coreos.com \ + --sign_digests=buildbot@coreos.com \ + --upload_root="${root}" \ + --upload ${dlroot} + + + + + chroot/build/${BOARD}/var/lib/portage/pkgs/*/*.tbz2,chroot/var/lib/portage/pkgs/*/*.tbz2,tmp/* + + + + + + + 9de82aed-ae50-4233-989f-d454b0449b96 + GOOGLE_APPLICATION_CREDENTIALS + + + 12e071a3-694f-40e8-8595-489236d943cc + GPG_SECRET_KEY_FILE + + + + + diff --git a/contrib/jenkins/jobs/os-kola-qemu/config.xml b/contrib/jenkins/jobs/os-kola-qemu/config.xml new file mode 100644 index 0000000000..8044d7b35e --- /dev/null +++ b/contrib/jenkins/jobs/os-kola-qemu/config.xml @@ -0,0 +1,152 @@ + + + + + + 30 + 50 + -1 + -1 + + false + + + os-kola-qemu/ + + + + + BOARD + Target board to build + + + amd64-usr + arm64-usr + + + + + MANIFEST_URL + + https://github.com/coreos/manifest-builds.git + + + MANIFEST_REF + + refs/tags/ + + + MANIFEST_NAME + + release.xml + + + COREOS_OFFICIAL + + + + 0 + 1 + + + + + + + false + false + + + + coreos && kvm + false + false + false + false + + true + + + os-mantle + + + + + false + + + #!/bin/bash -ex + +# build may not be started without a ref value +[[ -n "${MANIFEST_REF#refs/tags/}" ]] + +enter() { + ./bin/cork enter --experimental -- "$@" +} + +script() { + local script="/mnt/host/source/src/scripts/${1}"; shift + enter "${script}" "$@" +} + +./bin/cork update --create --downgrade-replace --verify --verbose \ + --manifest-url "${MANIFEST_URL}" \ + --manifest-branch "${MANIFEST_REF}" \ + --manifest-name "${MANIFEST_NAME}" +source .repo/manifests/version.txt + +if [[ "${COREOS_OFFICIAL}" -eq 1 ]]; then + root="gs://builds.release.core-os.net/stable" +else + root="gs://builds.developer.core-os.net" +fi + +mkdir -p tmp +./bin/cork download-image --root="${root}/boards/${BOARD}/${COREOS_VERSION}" \ + --json-key="${GOOGLE_APPLICATION_CREDENTIALS}" \ + --cache-dir=./tmp \ + --platform=qemu +enter lbunzip2 -k -f /mnt/host/source/tmp/coreos_production_image.bin.bz2 + +if [[ "${BOARD}" == arm64* ]]; then + script setup_board --board=${BOARD} \ + --getbinpkgver="${COREOS_VERSION}" \ + --regen_configs_only + enter emerge-arm64-usr --nodeps -qugKN sys-firmware/edk2-armvirt +fi + +enter sudo kola run --board="${BOARD}" \ + --parallel=2 \ + --qemu-image="/mnt/host/source/tmp/coreos_production_image.bin" \ + --tapfile="/mnt/host/source/tmp/${JOB_NAME##*/}.tap" + + + + + tmp/*.tap + true + true + true + true + false + false + true + true + true + true + + + tmp/*,chroot/var/lib/portage/pkgs/*/*.tbz2 + + + + + + + 9de82aed-ae50-4233-989f-d454b0449b96 + GOOGLE_APPLICATION_CREDENTIALS + + + + + diff --git a/contrib/jenkins/jobs/os-manifest/config.xml b/contrib/jenkins/jobs/os-manifest/config.xml new file mode 100644 index 0000000000..31bf819014 --- /dev/null +++ b/contrib/jenkins/jobs/os-manifest/config.xml @@ -0,0 +1,214 @@ + + + + + + 30 + 50 + -1 + -1 + + false + + + https://github.com/coreos/manifest/ + + + + + MANIFEST_REF + Branch or tag to build + master + + + LOCAL_MANIFEST + Amend the checked in manifest + +https://wiki.cyanogenmod.org/w/Doc:_Using_manifests#The_local_manifest + + + + + + + os-* + + + + false + false + + + + + 2 + + + origin + https://github.com/coreos/manifest.git + + + + + ${MANIFEST_REF} + + + false + + https://github.com/coreos/manifest + + + + + manifest + + + + + coreos + false + false + false + false + + false + + + os-mantle + + + + + true + UseGlobalSetting + true + + false + + + #!/bin/bash -ex + +COREOS_OFFICIAL=0 + +finish() { + local tag="$1" + git -C "${WORKSPACE}/manifest" push \ + "ssh://git@github.com/coreos/manifest-builds.git" \ + "refs/tags/${tag}:refs/tags/${tag}" + tee "${WORKSPACE}/manifest.properties" <<EOF +MANIFEST_URL = https://github.com/coreos/manifest-builds.git +MANIFEST_REF = refs/tags/${tag} +MANIFEST_NAME = release.xml +COREOS_OFFICIAL = ${COREOS_OFFICIAL:-0} +EOF +} + +# Branches are of the form remote-name/branch-name. Tags are just tag-name. +# If we have a release tag use it, for branches we need to make a tag. +if [[ "${GIT_BRANCH}" != */* ]]; then + COREOS_OFFICIAL=1 + finish "${GIT_BRANCH}" + exit +fi + +MANIFEST_BRANCH="${GIT_BRANCH##*/}" +MANIFEST_NAME="${MANIFEST_BRANCH}.xml" +[[ -f "manifest/${MANIFEST_NAME}" ]] + +source manifest/version.txt +export COREOS_BUILD_ID="${MANIFEST_BRANCH}-${BUILD_NUMBER}" + +# hack to get repo to set things up using the manifest repo we already have +# (amazing that it tolerates this considering it usually is so intolerant) +mkdir -p .repo +ln -sfT ../manifest .repo/manifests +ln -sfT ../manifest/.git .repo/manifests.git + +# Cleanup/setup local manifests +rm -rf .repo/local_manifests +if [[ -n "${LOCAL_MANIFEST}" ]]; then + mkdir -p .repo/local_manifests + cat >.repo/local_manifests/local.xml <<<"${LOCAL_MANIFEST}" +fi + +./bin/cork update --create --downgrade-replace --verbose \ + --manifest-url "${GIT_URL}" \ + --manifest-branch "${GIT_COMMIT}" \ + --manifest-name "${MANIFEST_NAME}" \ + --new-version "${COREOS_VERSION}" \ + --sdk-version "${COREOS_SDK_VERSION}" + +./bin/cork enter --experimental -- sh -c \ + "pwd; repo manifest -r > '/mnt/host/source/manifest/${COREOS_BUILD_ID}.xml'" + +cd manifest +git add "${COREOS_BUILD_ID}.xml" + +ln -sf "${COREOS_BUILD_ID}.xml" default.xml +ln -sf "${COREOS_BUILD_ID}.xml" release.xml +git add default.xml release.xml + +tee version.txt <<EOF +COREOS_VERSION=${COREOS_VERSION_ID}+${COREOS_BUILD_ID} +COREOS_VERSION_ID=${COREOS_VERSION_ID} +COREOS_BUILD_ID=${COREOS_BUILD_ID} +COREOS_SDK_VERSION=${COREOS_SDK_VERSION} +EOF +git add version.txt + +EMAIL="jenkins@jenkins.coreos.systems" +GIT_AUTHOR_NAME="CoreOS Jenkins" +GIT_COMMITTER_NAME="${GIT_AUTHOR_NAME}" +export EMAIL GIT_AUTHOR_NAME GIT_COMMITTER_NAME +git commit \ + -m "${COREOS_BUILD_ID}: add build manifest" \ + -m "Based on ${GIT_URL} branch ${MANIFEST_BRANCH}" \ + -m "${BUILD_URL}" +git tag -m "${COREOS_BUILD_ID}" "${COREOS_BUILD_ID}" HEAD + +# assert that what we just did will work, update symlink because verify doesn't have a --manifest-name option yet +cd "${WORKSPACE}" +ln -sf "manifests/${COREOS_BUILD_ID}.xml" .repo/manifest.xml +./bin/cork verify + +finish "${COREOS_BUILD_ID}" + + + + + true + + + manifest.properties + false + false + false + true + + + + + + + manifest.properties + true + false + false + + + os-toolchains,os-sdk + UNSTABLE_OR_BETTER + false + + + + + + + + 8b41f1e0-1ea9-4dc5-b64f-9b3b883b78c2 + + false + + + diff --git a/contrib/jenkins/jobs/os-mantle/config.xml b/contrib/jenkins/jobs/os-mantle/config.xml new file mode 100644 index 0000000000..5c44d8b329 --- /dev/null +++ b/contrib/jenkins/jobs/os-mantle/config.xml @@ -0,0 +1,75 @@ + + + + Build mantle binaries from master to be consumed as artifacts. + + 20 + 30 + -1 + -1 + + false + + + https://github.com/coreos/mantle/ + + + + * + + + + false + false + + + + 2 + + + origin + https://github.com/coreos/mantle/ + + + + + refs/remotes/origin/master + + + false + + + + coreos + false + false + false + false + + + H/15 * * * * + false + + + false + + + docker run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp -e GOMAXPROCS=4 golang:1.6.2 ./build + + + + docker run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp -e GOMAXPROCS=4 golang:1.6.2 ./test + + + + + + bin/* + false + true + true + true + + + + diff --git a/contrib/jenkins/jobs/os-sdk/config.xml b/contrib/jenkins/jobs/os-sdk/config.xml new file mode 100644 index 0000000000..451c816a1b --- /dev/null +++ b/contrib/jenkins/jobs/os-sdk/config.xml @@ -0,0 +1,134 @@ + + + + Build SDK tarball and binary packages. + + 30 + 50 + 3 + 3 + + false + + + + + USE_CACHE + Enable use of any binary packages cached locally from previous builds. + true + + + MANIFEST_URL + + https://github.com/coreos/manifest-builds.git + + + MANIFEST_REF + + refs/tags/ + + + MANIFEST_NAME + + release.xml + + + COREOS_OFFICIAL + + + + 0 + 1 + + + + + + + false + false + + + + coreos + false + false + false + false + + false + + + os-mantle + + + + + true + UseGlobalSetting + true + + false + + + #!/bin/bash -ex + +# build may not be started without a ref value +[[ -n "${MANIFEST_REF#refs/tags/}" ]] + +enter() { + ./bin/cork enter --experimental -- "$@" +} + +# hack because catalyst leaves things chowned as root +[[ -d .cache/sdks ]] && sudo chown -R $USER .cache/sdks + +./bin/cork update --create --downgrade-replace --verify --verbose \ + --manifest-url "${MANIFEST_URL}" \ + --manifest-branch "${MANIFEST_REF}" \ + --manifest-name "${MANIFEST_NAME}" + +source .repo/manifests/version.txt +export COREOS_BUILD_ID + +# Set up GPG for signing images +export GNUPGHOME="${PWD}/.gnupg" +rm -rf "${GNUPGHOME}" +trap "rm -rf '${GNUPGHOME}'" EXIT +mkdir --mode=0700 "${GNUPGHOME}" +gpg --import "${GPG_SECRET_KEY_FILE}" + +# Wipe all of catalyst or just clear out old tarballs taking up space +if [ "$USE_CACHE" = false ]; then + sudo rm -rf src/build/catalyst +fi +sudo rm -rf src/build/catalyst/builds + +S=/mnt/host/source/src/scripts +enter ${S}/update_chroot +enter sudo emerge -uv --jobs=2 catalyst +enter sudo ${S}/bootstrap_sdk \ + --sign buildbot@coreos.com --sign_digests buildbot@coreos.com \ + --upload --upload_root gs://builds.developer.core-os.net + + + + + src/build/catalyst/packages/coreos-sdk/**/*.tbz2,chroot/var/lib/portage/pkgs/*/*.tbz2 + + + + + + + 12e071a3-694f-40e8-8595-489236d943cc + GPG_SECRET_KEY_FILE + + + 9de82aed-ae50-4233-989f-d454b0449b96 + GOOGLE_APPLICATION_CREDENTIALS + + + + + diff --git a/contrib/jenkins/jobs/os-toolchains/config.xml b/contrib/jenkins/jobs/os-toolchains/config.xml new file mode 100644 index 0000000000..1f83b867db --- /dev/null +++ b/contrib/jenkins/jobs/os-toolchains/config.xml @@ -0,0 +1,162 @@ + + + + Build cross compilers for all target boards. + + 30 + 50 + 3 + 3 + + false + + + + + USE_CACHE + Enable use of any binary packages cached locally from previous builds. + true + + + MANIFEST_URL + + https://github.com/coreos/manifest-builds.git + + + MANIFEST_REF + + refs/tags/ + + + MANIFEST_NAME + + release.xml + + + COREOS_OFFICIAL + + + + 0 + 1 + + + + + + + false + false + + + + coreos + false + false + false + false + + false + + + os-mantle + + + + + true + UseGlobalSetting + true + + false + + + #!/bin/bash -ex + +# build may not be started without a ref value +[[ -n "${MANIFEST_REF#refs/tags/}" ]] + +enter() { + ./bin/cork enter --experimental -- "$@" +} + +# hack because catalyst leaves things chowned as root +[[ -d .cache/sdks ]] && sudo chown -R $USER .cache/sdks + +./bin/cork update --create --downgrade-replace --verify --verbose \ + --manifest-url "${MANIFEST_URL}" \ + --manifest-branch "${MANIFEST_REF}" \ + --manifest-name "${MANIFEST_NAME}" + +source .repo/manifests/version.txt +export COREOS_BUILD_ID + +# Set up GPG for signing images +export GNUPGHOME="${PWD}/.gnupg" +rm -rf "${GNUPGHOME}" +trap "rm -rf '${GNUPGHOME}'" EXIT +mkdir --mode=0700 "${GNUPGHOME}" +gpg --import "${GPG_SECRET_KEY_FILE}" + +# Wipe all of catalyst or just clear out old tarballs taking up space +if [ "$USE_CACHE" = false ]; then + sudo rm -rf src/build/catalyst +fi +sudo rm -rf src/build/catalyst/builds + +S=/mnt/host/source/src/scripts +enter sudo emerge -uv --jobs=2 catalyst +enter sudo ${S}/build_toolchains \ + --sign buildbot@coreos.com --sign_digests buildbot@coreos.com \ + --upload --upload_root gs://builds.developer.core-os.net + + + + + false + + + src/build/catalyst/packages/coreos-toolchains/**/*.tbz2,chroot/var/lib/portage/pkgs/*/*.tbz2 + + + + + + + + BOARD=amd64-usr + + + os-board-packages + UNSTABLE_OR_BETTER + false + + + + + + BOARD=arm64-usr + + + os-board-packages + UNSTABLE_OR_BETTER + false + + + + + + + + + 12e071a3-694f-40e8-8595-489236d943cc + GPG_SECRET_KEY_FILE + + + 9de82aed-ae50-4233-989f-d454b0449b96 + GOOGLE_APPLICATION_CREDENTIALS + + + + + diff --git a/contrib/jenkins/jobs/os-watch-coreos-overlay/config.xml b/contrib/jenkins/jobs/os-watch-coreos-overlay/config.xml new file mode 100644 index 0000000000..cf54f6773d --- /dev/null +++ b/contrib/jenkins/jobs/os-watch-coreos-overlay/config.xml @@ -0,0 +1,125 @@ + + + + + + 5 + 5 + -1 + -1 + + false + + + https://github.com/coreos/coreos-overlay/ + + + + os-* + + + + false + true + + + + + true + + + + + + 2 + + + origin + https://github.com/coreos/coreos-overlay.git + + + + + origin/master + + + origin/build-* + + + false + + https://github.com/coreos/coreos-overlay + + + + + coreos-overlay + + + + + coreos + false + false + false + false + + + H/15 * * * * + false + + + false + + + #!/bin/bash -ex + +# This all assumes the manifest branch is the same as the +# scripts branch, e.g. "master" or "build-123" and so on. +UPSTREAM_REF="refs/heads/${GIT_BRANCH#origin/}" +MANIFEST_REF="${UPSTREAM_REF}" + +cat >coreos-overlay.properties <<EOF +MANIFEST_REF = ${MANIFEST_REF} +LOCAL_MANIFEST = <?xml version="1.0" encoding="UTF-8"?>\ + <manifest>\ + <remove-project name="coreos/coreos-overlay" />\ + <project name="coreos/coreos-overlay" \ + path="src/third_party/coreos-overlay" \ + revision="${GIT_COMMIT}" \ + upstream="${UPSTREAM_REF}" />\ + </manifest> +EOF + + + + + true + + + coreos-overlay.properties + false + false + false + true + + + + + + + coreos-overlay.properties + true + false + false + + + os-manifest, + UNSTABLE_OR_BETTER + false + + + + + + diff --git a/contrib/jenkins/jobs/os-watch-portage-stable/config.xml b/contrib/jenkins/jobs/os-watch-portage-stable/config.xml new file mode 100644 index 0000000000..89245bb027 --- /dev/null +++ b/contrib/jenkins/jobs/os-watch-portage-stable/config.xml @@ -0,0 +1,125 @@ + + + + + + 5 + 5 + -1 + -1 + + false + + + https://github.com/coreos/portage-stable/ + + + + os-* + + + + false + true + + + + + true + + + + + + 2 + + + origin + https://github.com/coreos/portage-stable.git + + + + + origin/master + + + origin/build-* + + + false + + https://github.com/coreos/portage-stable + + + + + portage-stable + + + + + coreos + false + false + false + false + + + H/15 * * * * + false + + + false + + + #!/bin/bash -ex + +# This all assumes the manifest branch is the same as the +# scripts branch, e.g. "master" or "build-123" and so on. +UPSTREAM_REF="refs/heads/${GIT_BRANCH#origin/}" +MANIFEST_REF="${UPSTREAM_REF}" + +cat >portage-stable.properties <<EOF +MANIFEST_REF = ${MANIFEST_REF} +LOCAL_MANIFEST = <?xml version="1.0" encoding="UTF-8"?>\ + <manifest>\ + <remove-project name="coreos/portage-stable" />\ + <project name="coreos/portage-stable" \ + path="src/third_party/portage-stable" \ + revision="${GIT_COMMIT}" \ + upstream="${UPSTREAM_REF}" />\ + </manifest> +EOF + + + + + true + + + portage-stable.properties + false + false + false + true + + + + + + + portage-stable.properties + true + false + false + + + os-manifest, + UNSTABLE_OR_BETTER + false + + + + + + diff --git a/contrib/jenkins/jobs/os-watch-scripts/config.xml b/contrib/jenkins/jobs/os-watch-scripts/config.xml new file mode 100644 index 0000000000..53f039be3b --- /dev/null +++ b/contrib/jenkins/jobs/os-watch-scripts/config.xml @@ -0,0 +1,125 @@ + + + + + + 5 + 5 + -1 + -1 + + false + + + https://github.com/coreos/scripts/ + + + + os-* + + + + false + true + + + + + true + + + + + + 2 + + + origin + https://github.com/coreos/scripts.git + + + + + origin/master + + + origin/build-* + + + false + + https://github.com/coreos/scripts + + + + + scripts + + + + + coreos + false + false + false + false + + + H/15 * * * * + false + + + false + + + #!/bin/bash -ex + +# This all assumes the manifest branch is the same as the +# scripts branch, e.g. "master" or "build-123" and so on. +UPSTREAM_REF="refs/heads/${GIT_BRANCH#origin/}" +MANIFEST_REF="${UPSTREAM_REF}" + +cat >scripts.properties <<EOF +MANIFEST_REF = ${MANIFEST_REF} +LOCAL_MANIFEST = <?xml version="1.0" encoding="UTF-8"?>\ + <manifest>\ + <remove-project name="coreos/scripts" />\ + <project name="coreos/scripts" \ + path="src/scripts" \ + revision="${GIT_COMMIT}" \ + upstream="${UPSTREAM_REF}" />\ + </manifest> +EOF + + + + + true + + + scripts.properties + false + false + false + true + + + + + + + scripts.properties + true + false + false + + + os-manifest, + UNSTABLE_OR_BETTER + false + + + + + +