CVE pipeline#2614
Conversation
This enables us to build packages and containers from ceph-private.git privately. This includes Jenkins build logs, artifacts, packages, and containers. Packages will be pushed to the internal-only pulp instance and containers to the internal-only quay instance. To avoid job duplication, each job pulls in the respective Jenkinsfiles e.g., - cve-pipelinen -> ceph-dev-pipeline - cve-source-dist -> ceph-source-dist The only difference is the parameters we pass to the job. The key differences there are CEPH_REPO points to ceph-private.git whereas ceph-dev-pipeline is not capable of doing so. We also tell the pipeline not to use a public chacra instance. Signed-off-by: David Galloway <david.galloway@ibm.com>
This logic was chosen to preserve logic the THROWAWAY parameter provides regardless of package repository repository choice. Signed-off-by: David Galloway <david.galloway@ibm.com>
Signed-off-by: David Galloway <david.galloway@ibm.com>
Signed-off-by: David Galloway <david.galloway@ibm.com>
Unsure if anything even uses chacra_url. Containerfile uses `jq -r .[0].url`. Signed-off-by: David Galloway <david.galloway@ibm.com>
Signed-off-by: David Galloway <david.galloway@ibm.com>
|
|
Requires a minimal change to the Containerfile as well ceph/ceph#69555 |
| PACKAGE_MANAGER_VERSION="" | ||
| if [ -r "$WORKSPACE/pulp_repo_info" ]; then | ||
| source "$WORKSPACE/pulp_repo_info" | ||
| fi |
There was a problem hiding this comment.
is it an error not to have a PACKAGE_MANAGER_VERSION? How does this synchronize?
There was a problem hiding this comment.
It gets written here: https://github.com/ceph/ceph-build/pull/2614/changes/BASE..045d140e7cc55c72739aef8c6fbf3af18d7ac860#diff-e43616de828404d15446d65b52a9351b6042eefe915702c04074e6b674e46d71R424-R425.
pulp_upload.sh runs immediately before notify_shaman_pulp_repo.sh in the same step:
ceph-build/ceph-dev-pipeline/build/Jenkinsfile
Lines 621 to 622 in 49b2430
There was a problem hiding this comment.
OK. So maybe mention in a comment "PACKAGE_MANAGER_VERSION is set in this file I'm about to source" and have an error condition in case it doesn't arrive for whatever reason, just to harden it a bit. Two scripts changing independently are easier to break in future
| PACKAGE_MANAGER_VERSION="" | ||
| if [ -r "$WORKSPACE/pulp_repo_info" ]; then | ||
| source "$WORKSPACE/pulp_repo_info" | ||
| fi |
There was a problem hiding this comment.
OK. So maybe mention in a comment "PACKAGE_MANAGER_VERSION is set in this file I'm about to source" and have an error condition in case it doesn't arrive for whatever reason, just to harden it a bit. Two scripts changing independently are easier to break in future
zmc
left a comment
zmc
left a comment
There was a problem hiding this comment.
I very much appreciate the approach here. Just a couple very minor questions / suggestions
| repo_base_url = pulp_repo_base | ||
| } else { | ||
| spec_project_url = "${chacra_url}r/ceph/${env.BRANCH}/${env.SHA1}/${os.name}/${os.version_name}/flavors/${env.FLAVOR}/" | ||
| repo_base_url = "${chacra_url}/r/ceph/${env.BRANCH}/${env.SHA1}/${os.name}/${os.version_name}/flavors/${env.FLAVOR}" |
There was a problem hiding this comment.
there might be a typo here. I see the trailing / and assume it's desired, but the ${chacra_url}r/ceph vs ${chacra_url}/r/ceph feels less intentional. I'd rather see something like:
def string_a = "foo/bar"
def string_b = "${string_a}/"
| export FLAVOR="${env.FLAVOR}" | ||
|
|
||
| ./scripts/pulp_upload.sh | ||
| ./scripts/notify_shaman_pulp_repo.sh ready ceph ${os.name} ${os.version_name} $ARCH https://pulp.front.sepia.ceph.com/pulp/content/repos/ceph/${env.BRANCH}/${env.SHA1}/${os.name}/${os.version_name}/flavors/${env.FLAVOR}/ |
There was a problem hiding this comment.
can we find a way to just use spec_project_url ?
3 participants
Packages get pushed to pulp.front (internal only). Containers get pushed to an internal-only quay registry.