From 917ed4c3525261d477b66ba8c511abfc8b1c4bdc Mon Sep 17 00:00:00 2001 From: Radoslav Pitonak Date: Thu, 4 Jul 2019 09:18:00 +0200 Subject: [PATCH 1/5] add Jenkinsfile --- Jenkinsfile | 68 ++++++++++++++++++++++++++++++++++++ files/install-openshift.yaml | 59 +++++++++++++++++++++++++++++++ 2 files changed, 127 insertions(+) create mode 100644 Jenkinsfile create mode 100644 files/install-openshift.yaml diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..d73b81a --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,68 @@ +def onmyduffynode(script){ + ansiColor('xterm'){ + timestamps{ + sh 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -l root ${DUFFY_NODE}.ci.centos.org -t \"export REPO=${REPO}; export BRANCH=${BRANCH};\" "' + script + '"' + } + } +} + +def synctoduffynode(source) +{ + sh 'scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -r ' + source + " " + "root@" + "${DUFFY_NODE}.ci.centos.org:~/" +} + +node('userspace-containerization'){ + + stage('Checkout'){ + checkout scm + } + + stage('Build'){ + try{ + stage ("Allocate node"){ + env.CICO_API_KEY = readFile("${env.HOME}/duffy.key").trim() + duffy_rtn=sh( + script: "cico --debug node get --arch x86_64 -f value -c hostname -c comment", + returnStdout: true + ).trim().tokenize(' ') + env.DUFFY_NODE=duffy_rtn[0] + env.DUFFY_SSID=duffy_rtn[1] + } + + stage ("Setup"){ + onmyduffynode "yum -y install epel-release" + onmyduffynode "yum -y install python36-pip rpmdevtools docker ansible" + onmyduffynode "yum -y remove git" + onmyduffynode "curl -o /etc/yum.repos.d/git-epel-7.repo https://copr.fedorainfracloud.org/coprs/g/git-maint/git/repo/epel-7/group_git-maint-git-epel-7.repo" + onmyduffynode "yum -y install git-core" + onmyduffynode "pip3 install pre-commit" + synctoduffynode "./." // copy all source files (hidden too, we need .git/) + } + + def tasks = [:] + tasks["OpenShift"] = { + stage ("Setup Openshift Cluster"){ + onmyduffynode "ansible-playbook -v ./files/install-openshift" + } + } + tasks["Build test image"] = { + stage ("Linters"){ + onmyduffynode "make test-image-build" + } + } + tasks["Tests"] = { + stage ("Linters"){ + onmyduffynode "make check" + } + } + parallel tasks + } catch (e) { + currentBuild.result = "FAILURE" + throw e + } finally { + stage("Cleanup"){ + sh 'cico node done ${DUFFY_SSID}' + } + } + } +} diff --git a/files/install-openshift.yaml b/files/install-openshift.yaml new file mode 100644 index 0000000..35a3a89 --- /dev/null +++ b/files/install-openshift.yaml @@ -0,0 +1,59 @@ +--- +- name: Install dependencies for sandcastle. + hosts: all + tasks: + - name: Install basic utilities which should be in a sandbox. + yum: + name: + - git + - rpmdevtools + - docker + state: present + - name: + pip: + executable: /usr/local/bin/pip3.7 + requirements: "{{ lookup('env','PWD') }}/tests/requirements.txt" + - name: Install packit + pip: + name: + - packitos + - kubernetes + - pytest + - flexmock + executable: /usr/local/bin/pip3.7 + - name: Disable SELinux + command: setenforce 0 + - name: Disable firewall + command: systemctl stop firewalld # firewall on CentOS does not allow docker login into OpenShift registry + - name: Start docker deamon + command: systemctl start docker + - name: Create docker deamon config + file: + path: /etc/docker/daemon.json + state: touch + - name: Add OpenShift insecure registry into docker deamon config + copy: + content: | + {"insecure-registries" : [ "172.30.0.0/16" ]} + dest: /etc/docker/daemon.json + - name: Restart docker because config has changed + command: systemctl restart docker + - name: Install OpenShift server + yum: + name: + - centos-release-openshift-origin310 + state: present + - name: Install OpenShift client + yum: + name: + - origin-clients + state: present + - name: Start Openshift cluster + command: oc cluster up --base-dir=/tmp + environment: + PATH: "{{ ansible_env.PATH}}:/usr/local/bin" + DOCKER_CONFIG: "/etc/docker/daemon.json" + + # https://github.com/packit-service/sandcastle#developing-sandcastle + - name: Add permissions for service account + command: oc adm policy add-role-to-user edit system:serviceaccount:myproject:default From a16be627144bc67e89a49df1def1d7ecba1a51f3 Mon Sep 17 00:00:00 2001 From: Radoslav Pitonak Date: Thu, 4 Jul 2019 09:50:06 +0200 Subject: [PATCH 2/5] change executable to pip3 --- Jenkinsfile | 23 +++++++++-------------- files/install-openshift.yaml | 4 ++-- 2 files changed, 11 insertions(+), 16 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index d73b81a..33731bc 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -39,23 +39,18 @@ node('userspace-containerization'){ synctoduffynode "./." // copy all source files (hidden too, we need .git/) } - def tasks = [:] - tasks["OpenShift"] = { - stage ("Setup Openshift Cluster"){ - onmyduffynode "ansible-playbook -v ./files/install-openshift" - } + stage ("Setup Openshift Cluster"){ + onmyduffynode "ansible-playbook -v -i localhost, --connection=local ./files/install-openshift.yaml" } - tasks["Build test image"] = { - stage ("Linters"){ - onmyduffynode "make test-image-build" - } + + stage ("Image build"){ + onmyduffynode "make test-image-build" } - tasks["Tests"] = { - stage ("Linters"){ - onmyduffynode "make check" - } + + stage ("Tests"){ + onmyduffynode "make check" } - parallel tasks + } catch (e) { currentBuild.result = "FAILURE" throw e diff --git a/files/install-openshift.yaml b/files/install-openshift.yaml index 35a3a89..d0d95d6 100644 --- a/files/install-openshift.yaml +++ b/files/install-openshift.yaml @@ -11,7 +11,7 @@ state: present - name: pip: - executable: /usr/local/bin/pip3.7 + executable: pip3 requirements: "{{ lookup('env','PWD') }}/tests/requirements.txt" - name: Install packit pip: @@ -20,7 +20,7 @@ - kubernetes - pytest - flexmock - executable: /usr/local/bin/pip3.7 + executable: pip3 - name: Disable SELinux command: setenforce 0 - name: Disable firewall From 225907a1b33977ad50cdfafa73b8c947ce3bcd02 Mon Sep 17 00:00:00 2001 From: Radoslav Pitonak Date: Thu, 4 Jul 2019 13:02:31 +0200 Subject: [PATCH 3/5] kubernetes == 8.0.0 --- files/install-openshift.yaml | 2 +- tests/requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/files/install-openshift.yaml b/files/install-openshift.yaml index d0d95d6..613b237 100644 --- a/files/install-openshift.yaml +++ b/files/install-openshift.yaml @@ -17,7 +17,7 @@ pip: name: - packitos - - kubernetes + - kubernetes==8.0.0 - pytest - flexmock executable: pip3 diff --git a/tests/requirements.txt b/tests/requirements.txt index 3c3eba2..6146db2 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,3 +1,3 @@ -kubernetes +kubernetes==8.0.0 flexmock pytest From 4394672a942a53b0d882d087b6634322b5de833b Mon Sep 17 00:00:00 2001 From: Radoslav Pitonak Date: Thu, 4 Jul 2019 14:52:43 +0200 Subject: [PATCH 4/5] add linters --- Jenkinsfile | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 33731bc..0bc62c6 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -31,11 +31,14 @@ node('userspace-containerization'){ stage ("Setup"){ onmyduffynode "yum -y install epel-release" - onmyduffynode "yum -y install python36-pip rpmdevtools docker ansible" + onmyduffynode "yum -y install python36-pip python36-devel rpmdevtools docker ansible" onmyduffynode "yum -y remove git" onmyduffynode "curl -o /etc/yum.repos.d/git-epel-7.repo https://copr.fedorainfracloud.org/coprs/g/git-maint/git/repo/epel-7/group_git-maint-git-epel-7.repo" onmyduffynode "yum -y install git-core" onmyduffynode "pip3 install pre-commit" + onmyduffynode "pip3 install --upgrade pip" + onmyduffynode "export RPM_PY_SYS=true" + onmyduffynode "yum install -y rebase-helper krb5-libs krb5-devel krb5-workstation" synctoduffynode "./." // copy all source files (hidden too, we need .git/) } @@ -48,7 +51,11 @@ node('userspace-containerization'){ } stage ("Tests"){ - onmyduffynode "make check" + onmyduffynode "pytest --color=yes --verbose --showlocals ./tests" + } + + stage ("Linters"){ + onmyduffynode "pre-commit run --all-files" } } catch (e) { From 05bc922ac4e42599aef7c3b8404725717401ccdc Mon Sep 17 00:00:00 2001 From: Radoslav Pitonak Date: Thu, 4 Jul 2019 16:16:24 +0200 Subject: [PATCH 5/5] add CI badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dcd2e10..fff44e7 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Sandcastle +# Sandcastle [![Build Status](https://ci.centos.org/job/sandcastle-master/badge/icon)](https://ci.centos.org/job/sandcastle-master/) Run untrusted code in a castle (OpenShift pod), which stands in a sandbox.