github.com/verrazzano/verrazzano@v1.7.0/release/builds/JenkinsfileReleaseExistingCandidate (about) 1 // Copyright (c) 2021, 2023, Oracle and/or its affiliates. 2 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 def DOCKER_IMAGE_TAG 5 def releaseBuild 6 def RELEASE_JOB_NAME 7 def RELEASE_BRANCH_COMMIT 8 def IS_PATCH_RELEASE = false 9 def VERRAZZANO_DEV_VERSION 10 def IMAGES_TO_PUBLISH_OBJECT_STORE_FILE 11 def COMMIT_TO_USE 12 13 14 pipeline { 15 options { 16 skipDefaultCheckout true 17 timestamps () 18 } 19 20 agent { 21 docker { 22 image "${RELEASE_RUNNER_IMAGE}" 23 args "${RELEASE_RUNNER_DOCKER_ARGS}" 24 registryUrl "${RUNNER_DOCKER_REGISTRY_URL}" 25 registryCredentialsId 'ocir-pull-and-push-account' 26 label "internal" 27 } 28 } 29 30 parameters { 31 booleanParam (description: 'Indicate whether this is a test run', name: 'TEST_RUN', defaultValue: true) 32 booleanParam (description: 'Ignore pre-release validation failures', name: 'IGNORE_PRE_RELEASE_VALIDATION_FAILURES', defaultValue: false) 33 } 34 35 environment { 36 OCR_CREDS = credentials('ocr-pull-and-push-account') 37 NETRC_FILE = credentials('netrc') 38 DOCKER_CREDS = credentials('github-packages-credentials-rw') 39 DOCKER_REPO = 'ghcr.io' 40 GITHUB_CREDENTIALS = credentials('github_rw') 41 OCI_OS_NAMESPACE = credentials('oci-os-namespace') 42 OCI_OS_BUCKET="verrazzano-builds" 43 OCI_OS_COMMIT_BUCKET="verrazzano-builds-by-commit" 44 OCI_CLI_AUTH="api_key" 45 OCI_CLI_TENANCY = credentials('oci-tenancy') 46 OCI_CLI_USER = credentials('oci-user-ocid') 47 OCI_CLI_FINGERPRINT = credentials('oci-api-key-fingerprint') 48 OCI_CLI_KEY_FILE = credentials('oci-api-key') 49 OCI_CLI_REGION = "us-phoenix-1" 50 TIMESTAMP = sh(returnStdout: true, script: "date +%Y%m%d%H%M%S").trim() 51 CLEAN_BRANCH_NAME = "${env.BRANCH_NAME.replace("/", "%2F")}" 52 OCI_OS_SHARED_BUCKET="build-shared-files" 53 54 PERIODIC_JOB_OBJECT_PREFIX = "${CLEAN_BRANCH_NAME}-last-clean-periodic-test" 55 } 56 57 stages { 58 stage('Find Last Releasable Commit') { 59 steps { 60 script { 61 dir ("${WORKSPACE}") { 62 sh """ 63 oci --region ${OCI_CLI_REGION} os object get --namespace ${OCI_OS_NAMESPACE} -bn ${OCI_OS_BUCKET} --name ${CLEAN_BRANCH_NAME}/current-dev-version.txt --file ${WORKSPACE}/current_dev_version.txt 64 """ 65 def propsDevVersion = readProperties file: "current_dev_version.txt" 66 VERRAZZANO_DEV_VERSION = propsDevVersion['verrazzano-development-version'] 67 println("Current dev version is ${VERRAZZANO_DEV_VERSION}") 68 sh """ 69 oci --region ${OCI_CLI_REGION} os object get --namespace ${OCI_OS_NAMESPACE} -bn ${OCI_OS_BUCKET} --name ${CLEAN_BRANCH_NAME}/last-${VERRAZZANO_DEV_VERSION}-releasable-candidate-commit.txt --file ${WORKSPACE}/last_releasable_candidate_commit.txt 70 """ 71 def props = readProperties file: "last_releasable_candidate_commit.txt" 72 COMMIT_TO_USE = props['git-commit'] 73 if (!COMMIT_TO_USE) { 74 println("ERROR: No releasable commit found for dev version ${VERRAZZANO_DEV_VERSION}") 75 sh "exit 1" 76 } 77 SHORT_COMMIT_HASH = sh(returnStdout: true, script: "echo ${COMMIT_TO_USE} | head -c 8") 78 IMAGES_TO_PUBLISH_OBJECT_STORE_FILE="${CLEAN_BRANCH_NAME}/verrazzano_${VERRAZZANO_DEV_VERSION}-images.txt" 79 sh """ 80 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} -bn ${OCI_OS_COMMIT_BUCKET} --destination-bucket ${OCI_OS_BUCKET} --source-object-name ephemeral/${BRANCH_NAME}/${SHORT_COMMIT_HASH}/verrazzano_${VERRAZZANO_DEV_VERSION}-images.txt --destination-object-name ${IMAGES_TO_PUBLISH_OBJECT_STORE_FILE} 81 """ 82 } 83 } 84 } 85 } 86 87 stage('Clean workspace and checkout') { 88 steps { 89 sh """ 90 echo "${NODE_LABELS}" 91 """ 92 script { 93 if (COMMIT_TO_USE == "NONE") { 94 echo "Specific GIT commit was not specified, use current head" 95 def scmInfo = checkout scm 96 env.GIT_COMMIT = scmInfo.GIT_COMMIT 97 env.GIT_BRANCH = scmInfo.GIT_BRANCH 98 } else { 99 echo "SCM checkout of ${COMMIT_TO_USE}" 100 def scmInfo = checkout([ 101 $class: 'GitSCM', 102 branches: [[name: COMMIT_TO_USE]], 103 doGenerateSubmoduleConfigurations: false, 104 extensions: [], 105 submoduleCfg: [], 106 userRemoteConfigs: [[url: env.SCM_VERRAZZANO_GIT_URL]]]) 107 env.GIT_COMMIT = scmInfo.GIT_COMMIT 108 env.GIT_BRANCH = scmInfo.GIT_BRANCH 109 // If the commit we were handed is not what the SCM says we are using, fail 110 if (!env.GIT_COMMIT.equals(COMMIT_TO_USE)) { 111 echo "SCM didn't checkout the commit we expected. Expected: ${COMMIT_TO_USE}, Found: ${env.GIT_COMMIT}" 112 sh "exit 1" 113 } 114 } 115 // setup credential retrieval for possible release branch push 116 sh """ 117 git config credential.https://github.com.username ${GITHUB_CREDENTIALS_USR} 118 git config credential.helper '/bin/bash ${WORKSPACE}/release/scripts/credential_helper.sh' 119 """ 120 echo "SCM checkout of ${env.GIT_BRANCH} at ${env.GIT_COMMIT}" 121 RELEASE_BRANCH_COMMIT = env.GIT_COMMIT 122 } 123 124 script { 125 def props = readProperties file: '.verrazzano-development-version' 126 VERRAZZANO_DEV_VERSION = props['verrazzano-development-version'] 127 TIMESTAMP = sh(returnStdout: true, script: "date +%Y%m%d%H%M%S").trim() 128 SHORT_COMMIT_HASH = sh(returnStdout: true, script: "git rev-parse --short=8 HEAD").trim() 129 // update the description with some meaningful info 130 currentBuild.description = SHORT_COMMIT_HASH + " : " + env.GIT_COMMIT + " : " + COMMIT_TO_USE 131 } 132 script { 133 sh """ 134 echo "Downloading verrazzano-helper from object storage" 135 if [[${env.BRANCH_NAME} =~ "release-*"]]; then 136 oci --region us-phoenix-1 os object get --namespace ${OCI_OS_NAMESPACE} -bn ${OCI_OS_SHARED_BUCKET} --name ${env.BRANCH_NAME}/verrazzano-helper --file ${WORKSPACE}/verrazzano-helper 137 else 138 oci --region us-phoenix-1 os object get --namespace ${OCI_OS_NAMESPACE} -bn ${OCI_OS_SHARED_BUCKET} --name master/verrazzano-helper --file ${WORKSPACE}/verrazzano-helper 139 fi 140 chmod uog+x ${WORKSPACE}/verrazzano-helper 141 """ 142 } 143 } 144 } 145 146 stage('Pipeline inputs validation') { 147 steps { 148 script { 149 // major or minor release has a target version that ends in 0 150 if (VERRAZZANO_DEV_VERSION =~ /^\d+\.\d+\.0$/) { 151 echo "major/minor release detected. test=${params.TEST_RUN}" 152 IS_PATCH_RELEASE = 'false' 153 // patch should be using a "release-#.#" branch and have a version ending in a digit other than 0 154 } else if (env.BRANCH_NAME =~ /release-\d+\.\d+$/ && VERRAZZANO_DEV_VERSION =~ /^\d+\.\d+\.[1-9]+$/){ 155 echo "patch release detected" 156 IS_PATCH_RELEASE = 'true' 157 } else if (params.TEST_RUN && env.BRANCH_NAME =~ /mock-release-\d+\.\d+$/ && VERRAZZANO_DEV_VERSION =~ /^\d+\.\d+\.[1-9]+$/){ 158 echo "test patch release detected" 159 IS_PATCH_RELEASE = 'true' 160 } else { 161 error "Invalid source branch ${env.GIT_BRANCH} or a mismatch between source branch and the specified target version ${VERRAZZANO_DEV_VERSION}" 162 } 163 164 echo "Patch release? ${IS_PATCH_RELEASE}" 165 } 166 } 167 } 168 169 stage('Pre-release validation') { 170 171 environment { 172 IGNORE_FAILURES = "${params.IGNORE_PRE_RELEASE_VALIDATION_FAILURES}" 173 TICKET_SERVICE_USERNAME = credentials('ticket-service-username') 174 TICKET_SERVICE_PASSWORD = credentials('ticket-service-password') 175 } 176 steps { 177 script { 178 sh """ 179 cd ${WORKSPACE} 180 ./release/scripts/prerelease_validation.sh ${VERRAZZANO_DEV_VERSION} 181 """ 182 } 183 } 184 } 185 186 stage('Copy Product Zip to Release') { 187 environment { 188 PERIODIC_PRODUCT_LITE_OBJECT_NAME = "verrazzano-${VERRAZZANO_DEV_VERSION}-lite.zip" 189 PERIODIC_PRODUCT_FULL_OBJECT_NAME = "verrazzano-${VERRAZZANO_DEV_VERSION}.zip" 190 } 191 192 // When the Verrazzano builds are not run as part of this release job, the GENERATE_TARBALL which 193 // creates the product zip in the release location is not run. This is usually the case when we are using 194 // an existing release candidate, for which periodic tests have already run and identified a release 195 // candidate. In this case, we should copy the product zip generated by the periodic tests, into the 196 // release location so that stage 2 release job has access to it. Also copy the commit file similarly. 197 198 steps { 199 script { 200 // NOTE - this copy operation is asynchronous. The assumption here is that it will complete 201 // by the time the images are pushed to OCR (next build stage), and the release stage2, which uses 202 // these objects, is run. 203 sh """ 204 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 205 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 206 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/${PERIODIC_PRODUCT_LITE_OBJECT_NAME} \ 207 --destination-object-name ${CLEAN_BRANCH_NAME}/${PERIODIC_PRODUCT_LITE_OBJECT_NAME} 208 209 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 210 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 211 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/${PERIODIC_PRODUCT_LITE_OBJECT_NAME}.sha256 \ 212 --destination-object-name ${CLEAN_BRANCH_NAME}/${PERIODIC_PRODUCT_LITE_OBJECT_NAME}.sha256 213 214 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 215 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 216 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/${PERIODIC_PRODUCT_FULL_OBJECT_NAME} \ 217 --destination-object-name ${CLEAN_BRANCH_NAME}/${PERIODIC_PRODUCT_FULL_OBJECT_NAME} 218 219 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 220 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 221 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/${PERIODIC_PRODUCT_FULL_OBJECT_NAME}.sha256 \ 222 --destination-object-name ${CLEAN_BRANCH_NAME}/${PERIODIC_PRODUCT_FULL_OBJECT_NAME}.sha256 223 224 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 225 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 226 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/verrazzano_periodic-commit.txt \ 227 --destination-object-name ${CLEAN_BRANCH_NAME}/verrazzano_${VERRAZZANO_DEV_VERSION}-commit.txt 228 229 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 230 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 231 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/generated-verrazzano-bom.json \ 232 --destination-object-name ${CLEAN_BRANCH_NAME}/verrazzano_${VERRAZZANO_DEV_VERSION}-bom.json 233 234 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 235 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 236 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/operator.yaml \ 237 --destination-object-name ${CLEAN_BRANCH_NAME}/verrazzano_${VERRAZZANO_DEV_VERSION}-platform-operator.yaml 238 """ 239 } 240 } 241 } 242 243 stage('Push images to OCR') { 244 when { 245 allOf { 246 expression { !params.TEST_RUN } 247 } 248 } 249 steps { 250 retry(count: env.BUILD_RETRIES) { 251 script { 252 if (IMAGES_TO_PUBLISH_OBJECT_STORE_FILE.equals("NONE")) { 253 echo "Triggering OCR Image push build" 254 build job: "publish-release-images-to-ocr", 255 parameters: [ 256 string(name: 'IMAGES_TO_PUBLISH_JOB_NAME', value: "${RELEASE_JOB_NAME}"), 257 ], wait: true 258 } else { 259 echo "Triggering OCR Image push build supplying existing candidate" 260 build job: "publish-release-images-to-ocr", 261 parameters: [ 262 string(name: 'IMAGES_TO_PUBLISH_OBJECT_STORE_FILE', value: "${IMAGES_TO_PUBLISH_OBJECT_STORE_FILE}"), 263 ], wait: true 264 } 265 } 266 } 267 } 268 } 269 } 270 }