Skip to content

Commit

Permalink
jobs: add bump-lockfile
Browse files Browse the repository at this point in the history
This job will implement lockfile bumping for testing-devel and
next-devel: coreos/fedora-coreos-tracker#293.

The original plan for this functionality was to have it in config-bot:
coreos/fedora-coreos-releng-automation#48

But in the end, I think it's more natural to have it as a Jenkins job
given that it does a lot of the same things as the pipeline/upstream CI
jobs. So that way it looks and feels just like another job that runs
cosa, and we get kola artifacts, we can re-use the shared library,
it's easily inspectable, we can hook it to Slack, etc...
  • Loading branch information
jlebon committed May 1, 2020
1 parent 9bd5ec7 commit 1d35ea1
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 0 deletions.
15 changes: 15 additions & 0 deletions jenkins/config/github-coreosbot.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
credentials:
system:
domainCredentials:
- credentials:
- usernamePassword:
scope: GLOBAL
id: github-coreosbot-token
username: coreosbot
password: ${github-coreosbot-token/token}
description: GitHub coreosbot token
- string:
scope: GLOBAL
id: github-coreosbot-token-string
secret: ${github-coreosbot-token/token}
description: GitHub coreosbot token as a string
61 changes: 61 additions & 0 deletions jobs/bump-lockfile.Jenkinsfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
@Library('github.com/coreos/coreos-ci-lib@master') _

repo = "coreos/fedora-coreos-config"
branches = [
"testing-devel",
"next-devel"
]
botCreds = "github-coreosbot-token"

properties([
pipelineTriggers([
// we don't need to bump lockfiles any more often than daily
cron("H H * * *")
])
])

cosaPod {
parallel branches.collectEntries { branch -> [branch, {
shwrap("mkdir ${branch}")
dir(branch) {
stage("Fetch") {
shwrap("cosa init --branch ${branch} https://github.com/${repo}")
shwrap("cosa fetch --update-lockfile")
}

if (shwrapRc("git diff --exit-code") == 0) {
println("No changes")
return
}

// sanity-check only base lockfiles were changed
shwrap("""
for f in \$(git ls-files --modified --deleted); do
if [[ \${f} =~ ^manifest-lock\\.[0-9a-z_]+\\.json ]]; then
echo "Unexpected modified file \${f}"
exit 1
fi
done
""")

stage("Build") {
shwrap("cosa build --strict")
}

fcosKola(cosaDir: ".")

// OK, it passed kola: just push to the branch. In the future, we might be
// fancier here; e.g. if tests fail, just open a PR, or if tests passed but a
// package was added or removed.
stage("Push") {
shwrap("git commit -am 'lockfiles: bump to latest'")
withCredentials([usernamePassword(credentialsId: botCreds,
usernameVariable: 'GHUSER',
passwordVariable: 'GHTOKEN')]) {
// should gracefully handle race conditions here
sh("git push https://${GHUSER}:${GHTOKEN}@github.com/${repo} ${branch}")
}
}
}
}] }
}

0 comments on commit 1d35ea1

Please sign in to comment.