ci: Add Jenkins pipeline #1899
ci: Add Jenkins pipeline #1899
Conversation
|
Split out the prep patches in #1900! |
|
Hmm, OK it's hitting permissions issues:
Which I'm not sure why. I made it an admin and the token should have the proper scopes. Will have to debug next week. |
Woohoo! |
|
Let's use |
|
(I just created the |
.cci.jenkinsfile
Outdated
| } | ||
| }, | ||
| codestyle: { | ||
| coreos.pod(image: 'registry.fedoraproject.org/fedora:30', privileged: true) { |
There was a problem hiding this comment.
Yeah, can probably use e.g. coreos-assembler for this one. It just needs git.
.cci.jenkinsfile
Outdated
| } | ||
| }, | ||
| msrv: { | ||
| coreos.pod(image: 'registry.fedoraproject.org/fedora:30', privileged: true) { |
There was a problem hiding this comment.
We do a full rpm-ostree build here too though, so we need to install packages... privileged: true here translates to runAsUser: 0.
We could use cosa-buildroot:latest, but then dependency changes would have to be done in two separate PRs, right? Which I guess isn't a big deal, though it'd be nice to keep with the atomic changes theme.
There was a problem hiding this comment.
privileged: true here translates to runAsUser: 0.
Oh. So in this article - I made an argument that we shouldn't call the default docker/podman model where containers run as uid 0 "privileged".
Let's literally call the option runAsUser: 0 ?
There was a problem hiding this comment.
Yup, WFM! Changed to runAsUser: 0. ⬇️
There was a problem hiding this comment.
We could use cosa-buildroot:latest, but then dependency changes would have to be done in two separate PRs, right?
Another approach here is to use cosa-buildroot:latest, but still run installdeps.sh. That way, the majority of deps are no-ops, but it still closes the gap to keep changes atomic.
.cci.jenkinsfile
Outdated
|
|
||
| stage("Test") { | ||
| parallel vmcheck: { | ||
| coreos.pod(image: 'quay.io/coreos-assembler/coreos-assembler:latest', privileged: true, kvm: true) { |
There was a problem hiding this comment.
Do we really need privileged instead of just kvm?
There was a problem hiding this comment.
Implementation TBD, though I think we could get away with just kvm. I commented out the whole section for now.
| } | ||
| } | ||
|
|
||
| stage("Test") { |
There was a problem hiding this comment.
This is a no-op right now right? Maybe best to comment out the whole section?
| cd packaging | ||
| make -f Makefile.dist-packaging rpm | ||
| """ | ||
| stash includes: 'packaging/**/*.rpm', name: 'rpms' |
There was a problem hiding this comment.
This is an interesting approach. Worth contrasting with e.g. #1893 where what I was trying to do was get closer to a model where we build a derived container. You could imagine e.g. that we generate a FROM coreos-assembler container and then test that potentially multiple ways.
That said, we need RPMs for composes, so I'm OK with this approach too.
There was a problem hiding this comment.
Hmm, I think if we want to drop privs even more, we'll need a mix of the two. E.g. an initial derived container build which builds the RPMs and installs them on top of cosa-buildroot:latest, and then using that as part of Jenkins pipeline. I'm not sure if there's an easy way to do this though. We could use the OpenShift Jenkins pipeline plugin and use the openshiftBuild() step, though that'd require creating a buildconfig first, which really wants e.g. a throwaway namespace like Prow gives us.
Or we could mix Prow and Jenkins. E.g. have the pipeline wait until the Prow build is done? Prow can natively trigger Jenkins jobs, though I'm not sure if we'd still be able to leverage the native integration into GitHub like we do now.
Edit: this isn't a direct reply to your specific comment here really, just some brainstorming.
|
Updated! ⬆️ |
jlebon
force-pushed
the
jenkins
branch
2 times, most recently
from
9c1709c to
e80e058
Compare
|
bot, retest this pelase |
|
bot, retest this please |
1 similar comment
|
bot, retest this please |
This is an experiment in using Jenkins pipelines for our CI. See similar initiatives in coreos-assembler[1] and fedora-coreos-config[2]. For now, this only does the following testing: - checks commit for unintended submodule bumps - checks the minimum Rust version - builds RPMs - builds FCOS (with the new RPMs both for executing the build itself, as well as included in the built OS) There are dummy placeholders for where we'd actually run the vmcheck and the compose testsuites. Let's address those trickier parts as follow-ups. [1] coreos/coreos-assembler#667 [2] coreos/fedora-coreos-config#131
This is an experiment in using Jenkins pipelines for our CI. See similar initiatives in coreos-assembler[1] and fedora-coreos-config[2]. For now, this only does the following testing: - checks commit for unintended submodule bumps - checks the minimum Rust version - builds RPMs - builds FCOS (with the new RPMs both for executing the build itself, as well as included in the built OS) There are dummy placeholders for where we'd actually run the vmcheck and the compose testsuites. Let's address those trickier parts as follow-ups. [1] coreos/coreos-assembler#667 [2] coreos/fedora-coreos-config#131 Closes: #1899 Approved by: cgwalters
|
💔 Test failed - status-papr |
|
@rh-atomic-bot retry |
This is an experiment in using Jenkins pipelines for our CI. See similar initiatives in coreos-assembler[1] and fedora-coreos-config[2]. For now, this only does the following testing: - checks commit for unintended submodule bumps - checks the minimum Rust version - builds RPMs - builds FCOS (with the new RPMs both for executing the build itself, as well as included in the built OS) There are dummy placeholders for where we'd actually run the vmcheck and the compose testsuites. Let's address those trickier parts as follow-ups. [1] coreos/coreos-assembler#667 [2] coreos/fedora-coreos-config#131 Closes: #1899 Approved by: cgwalters
|
💔 Test failed - status-papr |
|
@rh-atomic-bot retry |
This is an experiment in using Jenkins pipelines for our CI. See similar initiatives in coreos-assembler[1] and fedora-coreos-config[2]. For now, this only does the following testing: - checks commit for unintended submodule bumps - checks the minimum Rust version - builds RPMs - builds FCOS (with the new RPMs both for executing the build itself, as well as included in the built OS) There are dummy placeholders for where we'd actually run the vmcheck and the compose testsuites. Let's address those trickier parts as follow-ups. [1] coreos/coreos-assembler#667 [2] coreos/fedora-coreos-config#131 Closes: #1899 Approved by: cgwalters
|
☀️ Test successful - status-papr |
Hmm, looks like rh-atomic-bot lost permissions with the move? Looking |
|
Or alternatively...let's stop using Homu now? |
|
I think it was just missing from the branch protection whitelist. I added it now. Let's confirm that:
Yup, WFM too. (Will be sad to see it go, though I suppose we must move with the times.) |
This is an experiment in using Jenkins pipelines for our CI. See similar initiatives in coreos-assembler[1] and fedora-coreos-config[2]. For now, this only does the following testing: - checks commit for unintended submodule bumps - checks the minimum Rust version - builds RPMs - builds FCOS (with the new RPMs both for executing the build itself, as well as included in the built OS) There are dummy placeholders for where we'd actually run the vmcheck and the compose testsuites. Let's address those trickier parts as follow-ups. [1] coreos/coreos-assembler#667 [2] coreos/fedora-coreos-config#131 Closes: #1899 Approved by: cgwalters
|
@rh-atomic-bot retry |
This is an experiment in using Jenkins pipelines for our CI. See similar initiatives in coreos-assembler[1] and fedora-coreos-config[2]. For now, this only does the following testing: - checks commit for unintended submodule bumps - checks the minimum Rust version - builds RPMs - builds FCOS (with the new RPMs both for executing the build itself, as well as included in the built OS) There are dummy placeholders for where we'd actually run the vmcheck and the compose testsuites. Let's address those trickier parts as follow-ups. [1] coreos/coreos-assembler#667 [2] coreos/fedora-coreos-config#131 Closes: #1899 Approved by: cgwalters
|
@rh-atomic-bot retry |
This is an experiment in using Jenkins pipelines for our CI. See similar initiatives in coreos-assembler[1] and fedora-coreos-config[2]. For now, this only does the following testing: - checks commit for unintended submodule bumps - checks the minimum Rust version - builds RPMs - builds FCOS (with the new RPMs both for executing the build itself, as well as included in the built OS) There are dummy placeholders for where we'd actually run the vmcheck and the compose testsuites. Let's address those trickier parts as follow-ups. [1] coreos/coreos-assembler#667 [2] coreos/fedora-coreos-config#131 Closes: #1899 Approved by: cgwalters
|
💥 Test timed out |
|
@rh-atomic-bot retry |
This is an experiment in using Jenkins pipelines for our CI. See similar initiatives in coreos-assembler[1] and fedora-coreos-config[2]. For now, this only does the following testing: - checks commit for unintended submodule bumps - checks the minimum Rust version - builds RPMs - builds FCOS (with the new RPMs both for executing the build itself, as well as included in the built OS) There are dummy placeholders for where we'd actually run the vmcheck and the compose testsuites. Let's address those trickier parts as follow-ups. [1] coreos/coreos-assembler#667 [2] coreos/fedora-coreos-config#131 Closes: #1899 Approved by: cgwalters
|
💔 Test failed - status-papr |
|
@rh-atomic-bot retry |
This is an experiment in using Jenkins pipelines for our CI. See similar initiatives in coreos-assembler[1] and fedora-coreos-config[2]. For now, this only does the following testing: - checks commit for unintended submodule bumps - checks the minimum Rust version - builds RPMs - builds FCOS (with the new RPMs both for executing the build itself, as well as included in the built OS) There are dummy placeholders for where we'd actually run the vmcheck and the compose testsuites. Let's address those trickier parts as follow-ups. [1] coreos/coreos-assembler#667 [2] coreos/fedora-coreos-config#131 Closes: #1899 Approved by: cgwalters
|
💥 Test timed out |
|
@rh-atomic-bot retry |
|
☀️ Test successful - status-papr |
This is an experiment in using Jenkins pipelines for our CI. See similar
initiatives in coreos-assembler[1] and fedora-coreos-config[2].
For now, this only does the following testing:
itself, as well as included in the built OS)
There are dummy placeholders for where we'd actually run the vmcheck
and the compose testsuites. Let's address those trickier parts as
follow-ups.
[1] coreos/coreos-assembler#667
[2] coreos/fedora-coreos-config#131