summaryrefslogtreecommitdiff
path: root/releasenotes
Commit message (Collapse)AuthorAgeFilesLines
* Add 3.19.1 release notes3.19.1stable/3.xJames E. Blair2020-07-221-0/+42
| | | | Change-Id: Ie3de887d3cf32d958bf4e686c040133bae796c33
* Merge "executor: add extra kubectl port-forward debug and releasenotes"Zuul2020-05-271-0/+8
|\
| * executor: add extra kubectl port-forward debug and releasenotesTristan Cacqueray2020-05-271-0/+8
| | | | | | | | | | | | | | This change documents how the kubectl was not working and it adds a log statement to help debug future issue. Change-Id: Iaf6ca030365d9e4e768bca716568cb2d4289665d
* | Add release note about the final 3.x releaseJames E. Blair2020-05-271-0/+26
|/ | | | Change-Id: I8e83d8c40893a395dedb6afcbec3dc86f8be0ac9
* Support dynamic badgesTobias Henkel2020-05-211-0/+4
| | | | | | | | | | Zuul currently has a zuul/gated badge that can be linked e.g. in a readme of a project. This is sufficient for many use cases. However if a project has periodic jobs that do extended testing which is not possible in check/gate this is not sufficient. For use cases like those we can add support for dynamic badges in zuul itself. Change-Id: I449fa9f38ca251522789b6075fbc876d21bd0200
* Merge "Add new timezone selector in web interface"Zuul2020-05-211-0/+3
|\
| * Add new timezone selector in web interfaceAndy Ladjadj2020-05-201-0/+3
| | | | | | | | | | | | | | | | - the default value keep UTC - the timezone is saved in cookie in zuul_timezone_string - the render format is YYYY-MM-DD HH:mm:ss Change-Id: Ib4ac2af4194ac2722c5574577661f4ddda8cc398
* | Merge "Drop support for ansible 2.6"Zuul2020-05-181-0/+4
|\ \
| * | Drop support for ansible 2.6Tobias Henkel2020-05-151-0/+4
| | | | | | | | | | | | | | | | | | | | | Ansible 2.6 has been unmaintained since several months now so remove support for it. Change-Id: Ifb604eb5cb86fd0210c1dfd8418f069273e302b6
* | | Merge "Default to Ansible 2.9"Zuul2020-05-181-0/+4
|\ \ \ | |/ / | | / | |/ |/|
| * Default to Ansible 2.9Tobias Henkel2020-05-151-0/+4
| | | | | | | | | | | | | | | | Ansible 2.9 is there since several months now and had numerous bugfix releases. Thus we should default to it since it is the newest and best maintained release. Change-Id: If6687514a6237bb9816b54745aac5ec24383c8bf
* | Merge "Report dequeued changes via Github checks API"Zuul2020-05-161-0/+6
|\ \
| * | Report dequeued changes via Github checks APIFelix Edel2020-05-141-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | This patch provides the general functionality to allow reporting of dequeued items and makes use of that in the Github checks API. This reporting will only apply if the item wasn't a success or failure. Change-Id: I1297da4d1708908c6b179110479fe0450e5550fe
* | | Merge "Enables whitelisting and configuring callbacks"Zuul2020-05-161-0/+5
|\ \ \ | |_|/ |/| |
| * | Enables whitelisting and configuring callbacksAlbin Vass2020-05-121-0/+5
| |/ | | | | | | Change-Id: Ida7b84795d922b85ec9cc6161ab1203fb82da825
* | Deprecate ansible 2.7Tobias Henkel2020-05-131-0/+5
| | | | | | | | | | | | | | | | Ansible 2.7 only gets security fixes and no bugfixes anymore. Further it will be end of live as soon as Ansible 2.10 has been released. Thus deprecate it. Change-Id: If6fdabac4ed13be77699ec2a5f9626cdf426ceba
* | Allow check runs to be configured as required status in pipeline configFelix Edel2020-05-121-0/+6
|/ | | | | | | | | | | | Although commit checks and statuses can only be retrieved via their respective APIs, Github does not differentiate between both in terms of branch protection and in the status section (below the comments of a PR). To mimic this behaviour in Zuul, one can now configure a check run as required status in the pipeline config. Change-Id: Ia5757c476bcee6082991928ab7c1743d0200d04a
* Add serial pipeline managerJames E. Blair2020-04-291-0/+6
| | | | | | | | | | | | | | | | | | | | | This is designed to handle the case where we want: * The pipeline to be triggered by changes so results report back to the change. * Triggered on change merged. * Jobs with file matchers so that if a subsystem is changed, only the deployment job for that subsystem is run. * Every change is processed in strict sequence. This is designed to accomodate a deployment pipeline with the above constraints. The pipeline manager hierarchy is getting complicated; mark the base class as abstract, and also move the shared-queue methods into an intermediate abstract class. These are shared by both serial and dependent managers. Change-Id: I3c5f3b2f6298292c5c25665923e3a10b07be5419
* Merge "Filter secret ZUUL_ env variables from ansible env"Zuul2020-04-161-0/+5
|\
| * Filter secret ZUUL_ env variables from ansible envvass2020-04-151-0/+5
| | | | | | | | Change-Id: I4c8df21399240fe32760f8af1d183ba3a237eede
* | Merge "Add release note for zookeeper tls support"Zuul2020-04-141-0/+10
|\ \ | |/ |/|
| * Add release note for zookeeper tls supportTobias Henkel2020-04-031-0/+10
| | | | | | | | Change-Id: Id10722d9072f3e4561cc4ace38a4bc9eb7e2211e
* | Merge "Strip by default in tools/encrypt_secret"Zuul2020-04-061-0/+8
|\ \
| * | Strip by default in tools/encrypt_secretMonty Taylor2020-03-301-0/+8
| |/ | | | | | | | | | | | | | | | | | | Trailing whitespace (newlines) in secrets is almost never what people want, but it's easy to leave them in and then wind up with hard to debug issues. Switch the defaut - make a new option "--no-strip" that will disable the behavior. Change-Id: I46947e38807b55e5cc3bacc060f5d41a63b564b8
* | Merge "Make github file annotation levels configurable via zuul return"Zuul2020-04-061-0/+10
|\ \ | |/ |/|
| * Make github file annotation levels configurable via zuul returnFelix Edel2020-03-061-0/+10
| | | | | | | | Change-Id: I4ccc264ce9b05d34e8456821b9cb85a28eaf5ed8
* | Merge "Match tag items against containing branches"Zuul2020-03-071-0/+6
|\ \
| * | Match tag items against containing branchesJames E. Blair2020-03-061-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To try to approach a more intuitive behavior for jobs which apply to tags but are defined in-repo (or even for centrally defined jobs which should behave differently on tags from different branches), look up which branches contain the commit referenced by a tag and use that list in branch matchers. If a tag item is enqueued, we look up the branches which contain the commit referenced by the tag. If any of those branches match a branch matcher, the matcher is considered to have matched. This means that if a release job is defined on multiple branches, the branch variant from each branch the tagged commit is on will be used. A typical case is for a tagged commit to appear in exactly one branch. In that case, the most intuitive behavior (the version of the job defined on that branch) occurs. A less typical but perfectly reasonable case is that there are two identical branches (ie, stable has just branched from master but not diverged). In this case, if an identical commit is merged to both branches, then both variants of a release job will run. However, it's likely that these variants are identical anyway, so the result is apparently the same as the previous case. However if the variants are defined centrally, then they may differ while the branch contents are the same, causing unexpected behavior when both variants are applied. If two branches have diverged, it will not be possible for the same commit to be added to both branches, so in that case, only one of the variants will apply. However, tags can be created retroactively, so that even if a branch has diverged, if a commit in the history of both branches is tagged, then both variants will apply, possibly producing unexpected behavior. Considering that the current behavior is to apply all variants of jobs on tags all the time, the partial reduction of scope in the most typical circumstances is probably a useful change. Change-Id: I5734ed8aeab90c1754e27dc792d39690f16ac70c Co-Authored-By: Tobias Henkel <tobias.henkel@bmw.de>
* | | Merge "Add load-branch to tenant configuration"Zuul2020-03-061-0/+6
|\ \ \ | |/ / |/| |
| * | Add load-branch to tenant configurationTobias Henkel2020-02-131-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently it is hard to test changes on trusted repositories. The currently most common way is to duplicate jobs and roles and have base jobs that use the test variants of the roles under test. This however still imposes a risk of breaking things when trying to move the tested changes to the productive roles and jobs. Further as a downstream deployer it can be hard to follow e.g. zuul-jobs because those are not tested in every downstream deployment. There is no easy way of updating upstream repos like zuul-jobs. Thus most deployers either just follow zuul-jobs and deal with eventual fall out from incompatibilities or don't update it on a regularly basis. This change aims to support an easier and risk free method of updating repos like zuul-jobs. This can be done by defining branch filters for a repo in the tenant config. This way one can have a test tenant using the latest is greatest master branch while keeping a stable branch for productuve tenants. This way updates can be tested in the test tenant and if everything works one can merge this to the stable branch to take the updates into production. Change-Id: Id4b5e80c0b59e4075774e6ed0049b229173e8426
* | | Merge "Support pausing merge jobs"Zuul2020-03-061-0/+5
|\ \ \ | |_|/ |/| |
| * | Support pausing merge jobsTobias Henkel2020-02-141-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently an executor still executes merge jobs even when it's paused. This is surprising to the user and an operational problem when having a misbehaving executor for some reason. Further the merger now also can be paused explicitly. Change-Id: I7ebf2df9d6648789e6bb2d797edd5b67a0925cfc
* | | Update k8s log streaming release noteJames E. Blair2020-03-031-1/+3
| | | | | | | | | | | | | | | | | | | | | We should tell folks to make sure that start-zuul-console is included in their base jobs. Change-Id: I29a0d902c2c7b7bce3fe9daf89ba8802ea819a63
* | | executor: do not blacklist host-vars for trusted context3.18.0Tristan Cacqueray2020-03-021-0/+5
| | | | | | | | | | | | | | | | | | This change lifts the host-vars blacklist for trusted context. Change-Id: I59c2829adf2a641dc6761aed930ab28471432a9a
* | | Merge "Deprecate -d switch for running in foreground"Zuul2020-03-021-0/+6
|\ \ \
| * | | Deprecate -d switch for running in foregroundTobias Henkel2020-02-221-0/+6
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Until the -f switch was introduced the only way of running in foreground was the -d switch which also implied debug logging. We now have the -f switch so we can decouple that in future. Thus depreciate the -d switch for the sake of running in forground. Change-Id: Ic66ba1a28b8e2837309df49fc0ff28d2495fc229
* | | Merge "Stream output from kubectl pods"Zuul2020-02-281-0/+11
|\ \ \
| * | | Stream output from kubectl podsJames E. Blair2020-02-271-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we get a pod from nodepool, this starts a kubectl port-forward on the pod so that zuul-console and the normal method of streaming command output will work. Change-Id: Iae85347c3d8e0a74e330a7b62b513c7b41641383 Story: 2007321 Task: 38832 Depends-On: https://review.opendev.org/709259
* | | | Merge "Support file comments via Github checks API"Zuul2020-02-281-0/+10
|\ \ \ \
| * | | | Support file comments via Github checks APIFelix Edel2020-02-191-0/+10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Zuul is already providing these file comments via the zuul_return value. So far, the Github reporter wasn't able to use those, but with the help of the checks API we can add so called "annotations" to each check run. Change-Id: Iff10172f95dc0430bec8e4dafb9a6c09bbe06077
* | | | executor: blacklist dangerous ansible host vars3.17.0Tristan Cacqueray2020-02-271-0/+6
|/ / / | | | | | | | | | | | | | | | | | | | | | This change prevents malicious user to use dangerous ansible variable through host vars by using extra vars to force the default with highest variables precedence . Change-Id: Iaf5679bbfa43ff05d1d466106aa32d17c23c1f51
* | | Implement basic github checks API workflowFelix Edel2020-02-191-0/+12
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Utilizing the checks API to report the build state to Github provides some additional functionality that is not supported by the status API. Those are: - Defining custom actions to e.g. cancel a running build - Report line-based file annotations This change implements the basic checks API workflow. Once this is in place, the additional features could simply be added on top. Change-Id: I7e790783ee35971085863b5487ff094fa0b23d65 Story: 2007268 Task: 38672
* | Revert "Fix github app authentication to work with checks API endpoints"Tobias Henkel2020-02-111-0/+5
| | | | | | | | | | | | | | | | | | This breaks the anonymous fallback in GitHub when app authentication is used on repos not having installed the zuul app. This reverts commit 037f2ce53737426a907fda0c7dbe22d51bc062da. Change-Id: Ie601f8412fd5a646284364d0d0ea08ba32e02c26
* | JWT drivers: Deprecate RS256withJWKS, introduce OpenIDConnectMatthieu Huin2020-02-111-0/+7
| | | | | | | | | | | | | | | | | | | | | | Replace the RS256withJWKS driver with the simplified OpenIDConnect driver. The new driver doesn't require the 'keys_url' parameter, all needed parameters are fetched from the well-known config endpoint inferred from the issuer_id. Add a simple workflow test of the OpenIDConnect driver. Change-Id: I4b0936a587918d6051a4206e20cad68577617e3d
* | Add disallowed-labels tenant optionJames E. Blair2020-02-051-0/+6
|/ | | | | | | | | | To allow a tenant to use any labels *except* some pattern, add the disallowed-labels tenant option. Both this and the allowed-labels option use re2, and therefore lookahead assertions are not supported. A complimentary option to allowed-labels is the only way to support this use case. Change-Id: Ic722b1d2b0b609ec7de583dab159094159f00630
* Change default Gerrit HTTP auth methodJames E. Blair2020-01-241-0/+8
| | | | | | | | | | The current default HTTP authentication method for Zuul's Gerrit driver is Digest, but that has not been supported by Gerrit since version 2.15. Change the default to Basic which matches the current default and should be the value for most Gerrit installations. Change-Id: I4b034311dba53d959b4e1dfd2e9319ade45b1438
* Fix release note for a 3.0.2 featureAntoine Musso2020-01-171-1/+1
| | | | | | | | | | The store-build-time-in-utc note used an invalid section 'upgrades', it should be in singular form: 'upgrade'. Was introduced by Ie0cfce385854caa5adbd27f7f13042e7bfd41f1b and the note is intended for 3.0.2. Change-Id: I27db5552857d85b1c66397a8df3bdf5fac352bb5
* Merge "Make files matcher match changes with no files"Zuul2020-01-101-0/+6
|\
| * Make files matcher match changes with no filesRadosław Piliszek2019-08-231-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds exceptions that were already applied to the irrelevant files matcher. It implements some version of option D discussed in [1]. Added comments to both matchers implementations. The FileMatcher is now a stub holding relevant regex only. [1] https://review.opendev.org/660856 Change-Id: Icf5df145e4cd351ffd04b1e417e9f7ab8c5ccd12 Story: 2005040 Task: 29531 Signed-off-by: Radosław Piliszek <radoslaw.piliszek@gmail.com>
* | Merge "Remove support for ansible 2.5"3.14.0Zuul2019-12-171-0/+4
|\ \
View Lorry Controller Status