-
Notifications
You must be signed in to change notification settings - Fork 47
CI Setup
While the setup of the Travis CI is straightforward and public documentation available is the CI setup at CSCS a bit more complicated since the CI is not public (to access the CI server a port forward through CSCS is needed, yikes).
-
Jenkins@CSCS ... polls the repository via the GitHub Pull Request Builder Plugin, has special access to the DBCSR Repository via the
jenkins-cscsuser. Access to the Jenkins itself is limited to CSCS users (the associated project isg90). - the Jenkins pipeline configuration in the repository itself in
.ci/daint.cscs.ch/ - the CSCS Object Storage to exfiltrate the build logs
Classic Job Page | Pipeline View
Please refer to the CSCS Continuous Integration documentation on how to obtain access and the basic setup of a job (we are using a Pipeline, not a classic job).
Additional setup steps:
- change the
Trigger Setupto usecontinuous-integration/CSCS/Daint/PRas theCommit Status Contextand theCommit Status URLto point to the object storage at https://object.cscs.ch/v1/AUTH_40b5d92b316940098ceb15cf46fb815e/dbcsr-artifacts/logs/build-${BUILD_NUMBER}/ - for the Pipeline use
Pipeline script from SCMand make sure that inAdvanced sub-modules behavioursthe optionRecursively update submodulesoption is enabled. - since we have multiple CI scripts, change the
Script Pathto.ci/daint.cscs.ch/Jenkinsfile - ensure that
Lightweight checkoutis disabled - add folder-global secret text credentials under the names
swift-s3-access-keyandswift-s3-secret-keycontaining the generated AWS S3 credentials (see below)
Again, management access is only granted to CSCS users, the bucket we use is in the g90 project, corresponding to the ID 40b5d92b316940098ceb15cf46fb815e, hence the URL https://object.cscs.ch/v1/AUTH_40b5d92b316940098ceb15cf46fb815e/dbcsr-artifacts for accessing it.
Use the CSCS Documentation to get the swift command working (for example using the provided git repository and a Python virtualenv).
- generate AWS S3 tokens (since the OpenStack tokens are ephemeral) using
openstack ec2 credentials create --project 40b5d92b316940098ceb15cf46fb815e. Those are the tokens needed in the Jenkins configuration and the script below and are linked to a specific user. If the user account gets removed, they have to be regenerated! - create a bucket named
dbcsr-artifactseither in the interface, using theswiftcommand or thes3cmdif you already have generated the AWS S3 tokens (see below) - using the
swiftcommand, set the following:
$ swift post -r '.r:*,.rlistings' dbcsr-artifacts # enable anonymous (directory listings) access
$ swift post -m 'Web-Directory-Type:application/directory' dbcsr-artifacts # if a "directory" has the mime-type application/directory, show the directory listing
$ swift post -m 'web-listings-css:listings.css' dbcsr-artifacts # use the file `listings.css` to style the listing (currently empty)
$ swift post -m 'web-listings: true' dbcsr-artifacts # enable directory listings- create the base
logs/"directory (script based on https://www.burgundywall.com/post/upload-minio-curl):
bucket=dbcsr-artifacts
file=logs/
host=object.cscs.ch
resource="/${bucket}/${file}"
content_type="application/directory"
date=`date -R`
_signature="PUT\n\n${content_type}\n${date}\n${resource}"
signature=`echo -en ${_signature} | openssl sha1 -hmac ${AWS_SECRET_KEY} -binary | base64`
curl -v -X PUT \
-H "Host: $host" \
-H "Date: ${date}" \
-H "Content-Length: 0" \
-H "Content-Type: ${content_type}" \
-H "Authorization: AWS ${AWS_ACCESS_KEY}:${signature}" \
https://$host${resource}- We can have only one status URL from the CI on GitHub, meaning that we can't link to both the Pipeline view (live status) and the log output. One way to remedy this is to setup a (single-page) webapp in the object store (see the OpenStack Static Web documentation) which generates the listing AND provides a link to the Pipeline view.
- The listing is ugly. Update the
listings.cssto make it nicer.