github.com/verrazzano/verrazzano@v1.7.1/release/builds/JenkinsfileReleaseExistingCandidate (about) 1 // Copyright (c) 2021, 2024, Oracle and/or its affiliates. 2 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 def DOCKER_IMAGE_TAG 5 def releaseBuild 6 def RELEASE_JOB_NAME 7 def RELEASE_BRANCH_COMMIT 8 def IS_PATCH_RELEASE = false 9 def VERRAZZANO_DEV_VERSION 10 def IMAGES_TO_PUBLISH_OBJECT_STORE_FILE 11 def COMMIT_TO_USE 12 13 14 pipeline { 15 options { 16 skipDefaultCheckout true 17 timestamps () 18 } 19 20 agent { 21 docker { 22 image "${RELEASE_RUNNER_IMAGE}" 23 args "${RELEASE_RUNNER_DOCKER_ARGS}" 24 registryUrl "${RUNNER_DOCKER_REGISTRY_URL}" 25 registryCredentialsId 'ocir-pull-and-push-account' 26 label "internal" 27 } 28 } 29 30 parameters { 31 booleanParam (description: 'Indicate whether this is a test run', name: 'TEST_RUN', defaultValue: true) 32 booleanParam (description: 'Ignore pre-release validation failures', name: 'IGNORE_PRE_RELEASE_VALIDATION_FAILURES', defaultValue: false) 33 } 34 35 environment { 36 OCR_CREDS = credentials('ocr-pull-and-push-account') 37 NETRC_FILE = credentials('netrc') 38 DOCKER_CREDS = credentials('github-packages-credentials-rw') 39 DOCKER_REPO = 'ghcr.io' 40 GITHUB_CREDENTIALS = credentials('github_rw') 41 OCI_OS_NAMESPACE = credentials('oci-os-namespace') 42 OCI_CLI_AUTH="api_key" 43 OCI_CLI_TENANCY = credentials('oci-tenancy') 44 OCI_CLI_USER = credentials('oci-user-ocid') 45 OCI_CLI_FINGERPRINT = credentials('oci-api-key-fingerprint') 46 OCI_CLI_KEY_FILE = credentials('oci-api-key') 47 OCI_CLI_REGION = "us-phoenix-1" 48 TIMESTAMP = sh(returnStdout: true, script: "date +%Y%m%d%H%M%S").trim() 49 CLEAN_BRANCH_NAME = "${env.BRANCH_NAME.replace("/", "%2F")}" 50 OCI_OS_SHARED_BUCKET="build-shared-files" 51 52 PERIODIC_JOB_OBJECT_PREFIX = "${CLEAN_BRANCH_NAME}-last-clean-periodic-test" 53 } 54 55 stages { 56 stage('Find Last Releasable Commit') { 57 steps { 58 script { 59 dir ("${WORKSPACE}") { 60 sh """ 61 oci --region ${OCI_CLI_REGION} os object get --namespace ${OCI_OS_NAMESPACE} -bn ${OCI_OS_BUCKET} --name ${CLEAN_BRANCH_NAME}/current-dev-version.txt --file ${WORKSPACE}/current_dev_version.txt 62 """ 63 def propsDevVersion = readProperties file: "current_dev_version.txt" 64 VERRAZZANO_DEV_VERSION = propsDevVersion['verrazzano-development-version'] 65 println("Current dev version is ${VERRAZZANO_DEV_VERSION}") 66 sh """ 67 oci --region ${OCI_CLI_REGION} os object get --namespace ${OCI_OS_NAMESPACE} -bn ${OCI_OS_BUCKET} --name ${CLEAN_BRANCH_NAME}/last-${VERRAZZANO_DEV_VERSION}-releasable-candidate-commit.txt --file ${WORKSPACE}/last_releasable_candidate_commit.txt 68 """ 69 def props = readProperties file: "last_releasable_candidate_commit.txt" 70 COMMIT_TO_USE = props['git-commit'] 71 if (!COMMIT_TO_USE) { 72 println("ERROR: No releasable commit found for dev version ${VERRAZZANO_DEV_VERSION}") 73 sh "exit 1" 74 } 75 SHORT_COMMIT_HASH = sh(returnStdout: true, script: "echo ${COMMIT_TO_USE} | head -c 8") 76 IMAGES_TO_PUBLISH_OBJECT_STORE_FILE="${CLEAN_BRANCH_NAME}/verrazzano_${VERRAZZANO_DEV_VERSION}-images.txt" 77 sh """ 78 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} -bn ${OCI_OS_COMMIT_BUCKET} --destination-bucket ${OCI_OS_BUCKET} --source-object-name ephemeral/${BRANCH_NAME}/${SHORT_COMMIT_HASH}/verrazzano_${VERRAZZANO_DEV_VERSION}-images.txt --destination-object-name ${IMAGES_TO_PUBLISH_OBJECT_STORE_FILE} 79 """ 80 } 81 } 82 } 83 } 84 85 stage('Clean workspace and checkout') { 86 steps { 87 sh """ 88 echo "${NODE_LABELS}" 89 """ 90 script { 91 if (COMMIT_TO_USE == "NONE") { 92 echo "Specific GIT commit was not specified, use current head" 93 def scmInfo = checkout scm 94 env.GIT_COMMIT = scmInfo.GIT_COMMIT 95 env.GIT_BRANCH = scmInfo.GIT_BRANCH 96 } else { 97 echo "SCM checkout of ${COMMIT_TO_USE}" 98 def scmInfo = checkout([ 99 $class: 'GitSCM', 100 branches: [[name: COMMIT_TO_USE]], 101 doGenerateSubmoduleConfigurations: false, 102 extensions: [], 103 submoduleCfg: [], 104 userRemoteConfigs: [[url: env.SCM_VERRAZZANO_GIT_URL]]]) 105 env.GIT_COMMIT = scmInfo.GIT_COMMIT 106 env.GIT_BRANCH = scmInfo.GIT_BRANCH 107 // If the commit we were handed is not what the SCM says we are using, fail 108 if (!env.GIT_COMMIT.equals(COMMIT_TO_USE)) { 109 echo "SCM didn't checkout the commit we expected. Expected: ${COMMIT_TO_USE}, Found: ${env.GIT_COMMIT}" 110 sh "exit 1" 111 } 112 } 113 // setup credential retrieval for possible release branch push 114 sh """ 115 git config credential.https://github.com.username ${GITHUB_CREDENTIALS_USR} 116 git config credential.helper '/bin/bash ${WORKSPACE}/release/scripts/credential_helper.sh' 117 """ 118 echo "SCM checkout of ${env.GIT_BRANCH} at ${env.GIT_COMMIT}" 119 RELEASE_BRANCH_COMMIT = env.GIT_COMMIT 120 } 121 122 script { 123 def props = readProperties file: '.verrazzano-development-version' 124 VERRAZZANO_DEV_VERSION = props['verrazzano-development-version'] 125 TIMESTAMP = sh(returnStdout: true, script: "date +%Y%m%d%H%M%S").trim() 126 SHORT_COMMIT_HASH = sh(returnStdout: true, script: "git rev-parse --short=8 HEAD").trim() 127 // update the description with some meaningful info 128 currentBuild.description = SHORT_COMMIT_HASH + " : " + env.GIT_COMMIT + " : " + COMMIT_TO_USE 129 } 130 script { 131 sh """ 132 echo "Downloading verrazzano-helper from object storage" 133 if [[${env.BRANCH_NAME} =~ "release-*"]]; then 134 oci --region us-phoenix-1 os object get --namespace ${OCI_OS_NAMESPACE} -bn ${OCI_OS_SHARED_BUCKET} --name ${env.BRANCH_NAME}/verrazzano-helper --file ${WORKSPACE}/verrazzano-helper 135 else 136 oci --region us-phoenix-1 os object get --namespace ${OCI_OS_NAMESPACE} -bn ${OCI_OS_SHARED_BUCKET} --name master/verrazzano-helper --file ${WORKSPACE}/verrazzano-helper 137 fi 138 chmod uog+x ${WORKSPACE}/verrazzano-helper 139 """ 140 } 141 } 142 } 143 144 stage('Pipeline inputs validation') { 145 steps { 146 script { 147 // major or minor release has a target version that ends in 0 148 if (VERRAZZANO_DEV_VERSION =~ /^\d+\.\d+\.0$/) { 149 echo "major/minor release detected. test=${params.TEST_RUN}" 150 IS_PATCH_RELEASE = 'false' 151 // patch should be using a "release-#.#" branch and have a version ending in a digit other than 0 152 } else if (env.BRANCH_NAME =~ /release-\d+\.\d+$/ && VERRAZZANO_DEV_VERSION =~ /^\d+\.\d+\.[1-9][0-9]*$/){ 153 echo "patch release detected" 154 IS_PATCH_RELEASE = 'true' 155 } else if (env.BRANCH_NAME =~ /release-\d+\.\d+\.\d$/ && VERRAZZANO_DEV_VERSION =~ /^\d+\.\d+\.\d+\-[1-9]+$/){ 156 echo "patch update release detected treat as a patch release" 157 IS_PATCH_RELEASE = 'true' 158 } else if (params.TEST_RUN && env.BRANCH_NAME =~ /mock-release-\d+\.\d+$/ && VERRAZZANO_DEV_VERSION =~ /^\d+\.\d+\.[1-9]+$/){ 159 echo "test patch release detected" 160 IS_PATCH_RELEASE = 'true' 161 } else { 162 error "Invalid source branch ${env.GIT_BRANCH} or a mismatch between source branch and the specified target version ${VERRAZZANO_DEV_VERSION}" 163 } 164 165 echo "Patch release? ${IS_PATCH_RELEASE}" 166 } 167 } 168 } 169 170 stage('Pre-release validation') { 171 172 environment { 173 IGNORE_FAILURES = "${params.IGNORE_PRE_RELEASE_VALIDATION_FAILURES}" 174 TICKET_SERVICE_USERNAME = credentials('ticket-service-username') 175 TICKET_SERVICE_PASSWORD = credentials('ticket-service-password') 176 } 177 steps { 178 script { 179 sh """ 180 cd ${WORKSPACE} 181 ./release/scripts/prerelease_validation.sh ${VERRAZZANO_DEV_VERSION} 182 """ 183 } 184 } 185 } 186 187 stage('Copy Product Zip to Release') { 188 environment { 189 PERIODIC_PRODUCT_LITE_OBJECT_NAME = "verrazzano-${VERRAZZANO_DEV_VERSION}-lite.zip" 190 PERIODIC_PRODUCT_FULL_OBJECT_NAME = "verrazzano-${VERRAZZANO_DEV_VERSION}.zip" 191 } 192 193 // When the Verrazzano builds are not run as part of this release job, the GENERATE_TARBALL which 194 // creates the product zip in the release location is not run. This is usually the case when we are using 195 // an existing release candidate, for which periodic tests have already run and identified a release 196 // candidate. In this case, we should copy the product zip generated by the periodic tests, into the 197 // release location so that stage 2 release job has access to it. Also copy the commit file similarly. 198 199 steps { 200 script { 201 // NOTE - this copy operation is asynchronous. The assumption here is that it will complete 202 // by the time the images are pushed to OCR (next build stage), and the release stage2, which uses 203 // these objects, is run. 204 sh """ 205 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 206 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 207 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/${PERIODIC_PRODUCT_LITE_OBJECT_NAME} \ 208 --destination-object-name ${CLEAN_BRANCH_NAME}/${PERIODIC_PRODUCT_LITE_OBJECT_NAME} 209 210 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 211 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 212 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/${PERIODIC_PRODUCT_LITE_OBJECT_NAME}.sha256 \ 213 --destination-object-name ${CLEAN_BRANCH_NAME}/${PERIODIC_PRODUCT_LITE_OBJECT_NAME}.sha256 214 215 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 216 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 217 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/${PERIODIC_PRODUCT_FULL_OBJECT_NAME} \ 218 --destination-object-name ${CLEAN_BRANCH_NAME}/${PERIODIC_PRODUCT_FULL_OBJECT_NAME} 219 220 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 221 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 222 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/${PERIODIC_PRODUCT_FULL_OBJECT_NAME}.sha256 \ 223 --destination-object-name ${CLEAN_BRANCH_NAME}/${PERIODIC_PRODUCT_FULL_OBJECT_NAME}.sha256 224 225 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 226 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 227 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/verrazzano_periodic-commit.txt \ 228 --destination-object-name ${CLEAN_BRANCH_NAME}/verrazzano_${VERRAZZANO_DEV_VERSION}-commit.txt 229 230 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 231 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 232 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/generated-verrazzano-bom.json \ 233 --destination-object-name ${CLEAN_BRANCH_NAME}/verrazzano_${VERRAZZANO_DEV_VERSION}-bom.json 234 235 oci --region ${OCI_CLI_REGION} os object copy --namespace ${OCI_OS_NAMESPACE} \ 236 -bn ${OCI_OS_BUCKET} --destination-bucket ${OCI_OS_BUCKET} \ 237 --source-object-name ${PERIODIC_JOB_OBJECT_PREFIX}/operator.yaml \ 238 --destination-object-name ${CLEAN_BRANCH_NAME}/verrazzano_${VERRAZZANO_DEV_VERSION}-platform-operator.yaml 239 """ 240 } 241 } 242 } 243 244 stage('Push images to OCR') { 245 when { 246 allOf { 247 expression { !params.TEST_RUN } 248 } 249 } 250 steps { 251 retry(count: env.BUILD_RETRIES) { 252 script { 253 if (IMAGES_TO_PUBLISH_OBJECT_STORE_FILE.equals("NONE")) { 254 echo "Triggering OCR Image push build" 255 build job: "publish-release-images-to-ocr", 256 parameters: [ 257 string(name: 'IMAGES_TO_PUBLISH_JOB_NAME', value: "${RELEASE_JOB_NAME}"), 258 ], wait: true 259 } else { 260 echo "Triggering OCR Image push build supplying existing candidate" 261 build job: "publish-release-images-to-ocr", 262 parameters: [ 263 string(name: 'IMAGES_TO_PUBLISH_OBJECT_STORE_FILE', value: "${IMAGES_TO_PUBLISH_OBJECT_STORE_FILE}"), 264 ], wait: true 265 } 266 } 267 } 268 } 269 } 270 } 271 }