/
pipelines.yaml
429 lines (409 loc) · 12.4 KB
/
pipelines.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
# Shared zuul config specific to the OpenStack Project
# Contains definitions of pipelines
- pipeline:
name: check
description: |
Newly uploaded patchsets enter this pipeline to receive an
initial +/-1 Verified vote.
success-message: Build succeeded (check pipeline).
failure-message: |
Build failed (check pipeline). For information on how to proceed, see
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
and https://docs.openstack.org/project-team-guide/testing.html#how-to-handle-test-failures
manager: independent
precedence: low
require:
gerrit:
open: True
current-patchset: True
trigger:
gerrit:
- event: patchset-created
- event: change-restored
- event: comment-added
comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*recheck
- event: comment-added
approval:
- Workflow: 1
require:
approval:
- Verified: [-1, -2]
username: zuul
github:
- event: pull_request
action:
- opened
- changed
- reopened
- event: pull_request
action: comment
comment: (?i)^\s*recheck\s*$
- event: check_run
start:
github:
check: 'in_progress'
comment: false
success:
gerrit:
# Note that gerrit keywords are case-sensitive.
Verified: 1
github:
check: 'success'
comment: false
failure:
gerrit:
Verified: -1
github:
check: 'failure'
comment: false
- pipeline:
name: gate
description: |
Changes that have been approved by core reviewers are enqueued
in order in this pipeline, and if they pass tests, will be
merged. For documentation on how gating with Zuul works, please see
https://zuul-ci.org/docs/zuul/latest/gating.html
success-message: Build succeeded (gate pipeline).
failure-message: |
Build failed (gate pipeline). For information on how to proceed, see
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
manager: dependent
precedence: normal
post-review: True
require:
gerrit:
open: True
current-patchset: True
approval:
- Verified: [1, 2]
username: zuul
- Workflow: 1
trigger:
gerrit:
- event: comment-added
approval:
- Workflow: 1
- event: comment-added
approval:
- Verified: 1
username: zuul
start:
gerrit:
Verified: 0
success:
gerrit:
Verified: 2
submit: true
failure:
gerrit:
Verified: -2
window-floor: 20
window-increase-factor: 2
- pipeline:
name: post-review
description: |
Patches received initial review by project trusted members enter this
pipeline to execute additional jobs. This pipeline can be used to access
secrets before gating.
success-message: Build succeeded (post-review pipeline).
failure-message: |
Build failed (post-review pipeline). For information on how to proceed, see
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
manager: independent
post-review: True
precedence: low
require:
gerrit:
open: True
current-patchset: True
approval:
- Allow-Post-Review: [1]
trigger:
gerrit:
- event: comment-added
approval:
- Allow-Post-Review: 1
failure:
gerrit: {}
success:
gerrit: {}
# Require all changes enqueued to this pipeline originate from Gerrit
# including those used as depends on. This ensures the requirement defined
# above is always set.
allow-other-connections: false
- pipeline:
name: post
description: |
This pipeline runs jobs that operate after each change is
merged. Queue items are identified by the abbreviated hash (git
log --format=%h) of the merge commit.
manager: supercedent
precedence: high
post-review: True
trigger:
gerrit:
- event: ref-updated
ref: ^refs/heads/.*$
- pipeline:
name: promote
description: |
This pipeline runs jobs that operate after each change is merged
in order to promote artifacts generated in the gate
pipeline.
success-message: Build succeeded (promote pipeline).
failure-message: |
Build failed (promote pipeline). For information on how to proceed, see
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
manager: supercedent
precedence: high
post-review: True
trigger:
gerrit:
- event: change-merged
success:
gerrit: {}
failure:
gerrit: {}
- pipeline:
name: pre-release
description: When a commit is tagged with a pre-release tag, this pipeline runs jobs that publish archives and documentation.
manager: independent
precedence: high
post-review: True
trigger:
gerrit:
- event: ref-updated
ref: ^refs/tags/[0-9]+(\.[0-9]+)*(a|b|rc)[0-9]+$
failure:
smtp:
from: zuul@openstack.org
to: release-job-failures@lists.openstack.org
subject: 'Pre-release of {change.project} for ref {change.ref} failed'
- pipeline:
name: release
description: When a commit is tagged as a release, this pipeline runs jobs that publish archives and documentation.
manager: independent
precedence: high
post-review: True
trigger:
gerrit:
- event: ref-updated
ref: ^refs/tags/[0-9]+(\.[0-9]+)*$
failure:
smtp:
from: zuul@openstack.org
to: release-job-failures@lists.openstack.org
subject: 'Release of {change.project} for ref {change.ref} failed'
- pipeline:
name: periodic
post-review: true
description: Jobs in this queue are triggered on a daily timer.
manager: independent
precedence: low
trigger:
timer:
- time: '0 2 * * *'
- pipeline:
name: deploy
description: |
This pipeline runs jobs that operate after each change is merged
in order to run production deployment playbooks.
success-message: Build succeeded (deploy pipeline).
failure-message: |
Build failed (deploy pipeline). For information on how to proceed, see
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
manager: serial
precedence: high
post-review: True
trigger:
gerrit:
- event: change-merged
success:
gerrit: {}
failure:
gerrit: {}
- pipeline:
name: opendev-prod-hourly
post-review: true
description: |
Temporary home for some OpenDev prod jobs that need to be
triggered frequently. Should not be used by anyone other than
OpenDev admins.
manager: independent
precedence: low
trigger:
timer:
# Run with a 2 minute jitter
- time: '0 * * * * * 120'
- pipeline:
name: periodic-weekly
post-review: true
description: Jobs in this queue are triggered on a weekly timer.
manager: independent
precedence: low
trigger:
timer:
# Saturday 8am UTC is a better time to start weekend jobs, as Sunday
# is a working day in some geographies.
# 5 is Saturday in apscheduler
- time: '0 8 * * 5'
- pipeline:
name: release-approval
description: |
Newly-reviewed release requests enter this pipeline to check if the
current state can represent PTL or release liaison approval.
manager: independent
precedence: low
require:
gerrit:
open: True
current-patchset: True
trigger:
gerrit:
- event: patchset-created
- event: comment-added
username:
regex: ^zuul$
negate: true
success:
gerrit:
PTL-Approved: 1
comment: false
failure:
gerrit:
PTL-Approved: 0
comment: false
- pipeline:
name: release-post
# NOTE(mordred): release-post needs access to credentials (eg: pypi).
post-review: true
description: This pipeline runs release-process-critical jobs that operate after specific changes are merged.
manager: independent
precedence: high
trigger:
gerrit:
- event: ref-updated
ref: ^refs/heads/.*$
failure:
smtp:
from: zuul@openstack.org
to: release-job-failures@lists.openstack.org
subject: 'release-post job for {change.project} for ref {change.ref} failed'
- pipeline:
name: tag
post-review: true
description: This pipeline runs jobs in response to any tag event.
manager: independent
precedence: high
trigger:
gerrit:
- event: ref-updated
ref: ^refs/tags/.*$
failure:
smtp:
from: zuul@openstack.org
to: release-job-failures@lists.openstack.org
subject: 'Tag of {change.project} for ref {change.ref} failed'
- pipeline:
name: periodic-stable
post-review: true
description: Periodic checks of the stable branches.
manager: independent
precedence: low
trigger:
timer:
- time: '1 2 * * *'
failure:
smtp:
from: zuul@openstack.org
to: openstack-stable-maint@lists.openstack.org
subject: 'Stable check of {change.project} for ref {change.ref} failed'
- pipeline:
name: experimental
description: On-demand pipeline for requesting a run against a set of jobs that are not yet gating. Leave review comment of "check experimental" to run jobs in this pipeline.
success-message: Build succeeded (experimental pipeline).
failure-message: Build failed (experimental pipeline).
manager: independent
precedence: low
trigger:
gerrit:
- event: comment-added
comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*check experimental\s*$
success:
gerrit: {}
failure:
gerrit: {}
- pipeline:
name: merge-check
description: >
Each time a change merges, this pipeline verifies that all open changes
on the same project are still mergeable.
failure-message: Build failed (merge-check pipeline).
manager: independent
ignore-dependencies: true
precedence: low
trigger: {}
- pipeline:
name: third-party-check
description: |
Newly uploaded patchsets to projects that are not hosted on OpenDev
enter this pipeline to receive an initial +/-1 Verified vote.
success-message: Build succeeded (third-party-check pipeline).
# TODO(mordred) We should write a document for non-OpenDev developers
failure-message: |
Build failed (third-party-check pipeline) integration testing on
OpenDev. For information on how to proceed, see
https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing
manager: independent
precedence: low
trigger:
github:
- event: pull_request
action:
- opened
- changed
- reopened
- event: pull_request
action: comment
comment: (?i)^\s*recheck\s*$
- event: check_run
start:
github:
check: 'in_progress'
comment: false
success:
github:
check: 'success'
comment: false
failure:
github:
check: 'failure'
comment: false
# Don't report merge-conflicts to github
merge-conflict: {}
# NOTE(ianw) 2019-12 : since we have very limited ARM64 resources, we
# have a separate pipeline so ARM64 jobs can start and queue gerrit
# changes automatically but don't hold up the main check pipeline. Of
# course, if we have more resources we can remove this and move jobs
# back into the regular check/gate.
- pipeline:
name: check-arm64
description: Pipeline for ARM64 based jobs.
success-message: Build succeeded (ARM64 pipeline).
failure-message: Build failed (ARM64 pipeline).
manager: independent
precedence: low
require:
gerrit:
open: True
current-patchset: True
trigger:
gerrit:
- event: patchset-created
- event: change-restored
- event: comment-added
comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*(recheck|check arm64)
success:
gerrit: {}
failure:
gerrit: {}