| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Change-Id: Ie3de887d3cf32d958bf4e686c040133bae796c33
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
This change documents how the kubectl was not working and it adds
a log statement to help debug future issue.
Change-Id: Iaf6ca030365d9e4e768bca716568cb2d4289665d
|
|/
|
|
| |
Change-Id: I8e83d8c40893a395dedb6afcbec3dc86f8be0ac9
|
|
|
|
|
|
|
|
|
|
| |
Zuul currently has a zuul/gated badge that can be linked e.g. in a
readme of a project. This is sufficient for many use cases. However if
a project has periodic jobs that do extended testing which is not
possible in check/gate this is not sufficient. For use cases like
those we can add support for dynamic badges in zuul itself.
Change-Id: I449fa9f38ca251522789b6075fbc876d21bd0200
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
- the default value keep UTC
- the timezone is saved in cookie in zuul_timezone_string
- the render format is YYYY-MM-DD HH:mm:ss
Change-Id: Ib4ac2af4194ac2722c5574577661f4ddda8cc398
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Ansible 2.6 has been unmaintained since several months now so remove
support for it.
Change-Id: Ifb604eb5cb86fd0210c1dfd8418f069273e302b6
|
|\ \ \
| |/ /
| | /
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Ansible 2.9 is there since several months now and had numerous bugfix
releases. Thus we should default to it since it is the newest and best
maintained release.
Change-Id: If6687514a6237bb9816b54745aac5ec24383c8bf
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch provides the general functionality to allow reporting of
dequeued items and makes use of that in the Github checks API.
This reporting will only apply if the item wasn't a success or failure.
Change-Id: I1297da4d1708908c6b179110479fe0450e5550fe
|
|\ \ \
| |_|/
|/| | |
|
| |/
| |
| |
| | |
Change-Id: Ida7b84795d922b85ec9cc6161ab1203fb82da825
|
| |
| |
| |
| |
| |
| |
| |
| | |
Ansible 2.7 only gets security fixes and no bugfixes anymore. Further
it will be end of live as soon as Ansible 2.10 has been released. Thus
deprecate it.
Change-Id: If6fdabac4ed13be77699ec2a5f9626cdf426ceba
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Although commit checks and statuses can only be retrieved via their
respective APIs, Github does not differentiate between both in terms of
branch protection and in the status section (below the comments of a
PR).
To mimic this behaviour in Zuul, one can now configure a check run as
required status in the pipeline config.
Change-Id: Ia5757c476bcee6082991928ab7c1743d0200d04a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is designed to handle the case where we want:
* The pipeline to be triggered by changes so results report back to
the change.
* Triggered on change merged.
* Jobs with file matchers so that if a subsystem is changed, only the
deployment job for that subsystem is run.
* Every change is processed in strict sequence.
This is designed to accomodate a deployment pipeline with the above
constraints.
The pipeline manager hierarchy is getting complicated; mark the base
class as abstract, and also move the shared-queue methods into an
intermediate abstract class. These are shared by both serial and
dependent managers.
Change-Id: I3c5f3b2f6298292c5c25665923e3a10b07be5419
|
|\ |
|
| |
| |
| |
| | |
Change-Id: I4c8df21399240fe32760f8af1d183ba3a237eede
|
|\ \
| |/
|/| |
|
| |
| |
| |
| | |
Change-Id: Id10722d9072f3e4561cc4ace38a4bc9eb7e2211e
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Trailing whitespace (newlines) in secrets is almost
never what people want, but it's easy to leave them in
and then wind up with hard to debug issues. Switch the
defaut - make a new option "--no-strip" that will disable
the behavior.
Change-Id: I46947e38807b55e5cc3bacc060f5d41a63b564b8
|
|\ \
| |/
|/| |
|
| |
| |
| |
| | |
Change-Id: I4ccc264ce9b05d34e8456821b9cb85a28eaf5ed8
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To try to approach a more intuitive behavior for jobs which apply
to tags but are defined in-repo (or even for centrally defined
jobs which should behave differently on tags from different branches),
look up which branches contain the commit referenced by a tag and
use that list in branch matchers.
If a tag item is enqueued, we look up the branches which contain
the commit referenced by the tag. If any of those branches match a
branch matcher, the matcher is considered to have matched.
This means that if a release job is defined on multiple branches,
the branch variant from each branch the tagged commit is on will be
used.
A typical case is for a tagged commit to appear in exactly one branch.
In that case, the most intuitive behavior (the version of the job
defined on that branch) occurs.
A less typical but perfectly reasonable case is that there are two
identical branches (ie, stable has just branched from master but not
diverged). In this case, if an identical commit is merged to both
branches, then both variants of a release job will run. However, it's
likely that these variants are identical anyway, so the result is
apparently the same as the previous case. However if the variants
are defined centrally, then they may differ while the branch contents
are the same, causing unexpected behavior when both variants are
applied.
If two branches have diverged, it will not be possible for the same
commit to be added to both branches, so in that case, only one of
the variants will apply. However, tags can be created retroactively,
so that even if a branch has diverged, if a commit in the history of
both branches is tagged, then both variants will apply, possibly
producing unexpected behavior.
Considering that the current behavior is to apply all variants of
jobs on tags all the time, the partial reduction of scope in the most
typical circumstances is probably a useful change.
Change-Id: I5734ed8aeab90c1754e27dc792d39690f16ac70c
Co-Authored-By: Tobias Henkel <tobias.henkel@bmw.de>
|
|\ \ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently it is hard to test changes on trusted repositories. The
currently most common way is to duplicate jobs and roles and have base
jobs that use the test variants of the roles under test. This however
still imposes a risk of breaking things when trying to move the tested
changes to the productive roles and jobs. Further as a downstream
deployer it can be hard to follow e.g. zuul-jobs because those are not
tested in every downstream deployment. There is no easy way of
updating upstream repos like zuul-jobs. Thus most deployers either
just follow zuul-jobs and deal with eventual fall out from
incompatibilities or don't update it on a regularly basis.
This change aims to support an easier and risk free method of updating
repos like zuul-jobs. This can be done by defining branch filters for
a repo in the tenant config. This way one can have a test tenant using
the latest is greatest master branch while keeping a stable branch for
productuve tenants. This way updates can be tested in the test tenant
and if everything works one can merge this to the stable branch to
take the updates into production.
Change-Id: Id4b5e80c0b59e4075774e6ed0049b229173e8426
|
|\ \ \
| |_|/
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently an executor still executes merge jobs even when it's
paused. This is surprising to the user and an operational problem when
having a misbehaving executor for some reason. Further the merger now
also can be paused explicitly.
Change-Id: I7ebf2df9d6648789e6bb2d797edd5b67a0925cfc
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We should tell folks to make sure that start-zuul-console is included
in their base jobs.
Change-Id: I29a0d902c2c7b7bce3fe9daf89ba8802ea819a63
|
| | |
| | |
| | |
| | |
| | |
| | | |
This change lifts the host-vars blacklist for trusted context.
Change-Id: I59c2829adf2a641dc6761aed930ab28471432a9a
|
|\ \ \ |
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Until the -f switch was introduced the only way of running in
foreground was the -d switch which also implied debug logging. We now
have the -f switch so we can decouple that in future. Thus depreciate
the -d switch for the sake of running in forground.
Change-Id: Ic66ba1a28b8e2837309df49fc0ff28d2495fc229
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When we get a pod from nodepool, this starts a kubectl port-forward
on the pod so that zuul-console and the normal method of streaming
command output will work.
Change-Id: Iae85347c3d8e0a74e330a7b62b513c7b41641383
Story: 2007321
Task: 38832
Depends-On: https://review.opendev.org/709259
|
|\ \ \ \ |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Zuul is already providing these file comments via the zuul_return value.
So far, the Github reporter wasn't able to use those, but with the help
of the checks API we can add so called "annotations" to each check run.
Change-Id: Iff10172f95dc0430bec8e4dafb9a6c09bbe06077
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change prevents malicious user to use dangerous ansible
variable through host vars by using extra vars to force the
default with highest variables precedence .
Change-Id: Iaf5679bbfa43ff05d1d466106aa32d17c23c1f51
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Utilizing the checks API to report the build state to Github provides
some additional functionality that is not supported by the status API.
Those are:
- Defining custom actions to e.g. cancel a running build
- Report line-based file annotations
This change implements the basic checks API workflow. Once this is in
place, the additional features could simply be added on top.
Change-Id: I7e790783ee35971085863b5487ff094fa0b23d65
Story: 2007268
Task: 38672
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This breaks the anonymous fallback in GitHub when app authentication
is used on repos not having installed the zuul app.
This reverts commit 037f2ce53737426a907fda0c7dbe22d51bc062da.
Change-Id: Ie601f8412fd5a646284364d0d0ea08ba32e02c26
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace the RS256withJWKS driver with the simplified OpenIDConnect
driver. The new driver doesn't require the 'keys_url' parameter,
all needed parameters are fetched from the well-known config
endpoint inferred from the issuer_id.
Add a simple workflow test of the OpenIDConnect driver.
Change-Id: I4b0936a587918d6051a4206e20cad68577617e3d
|
|/
|
|
|
|
|
|
|
|
| |
To allow a tenant to use any labels *except* some pattern, add the
disallowed-labels tenant option. Both this and the allowed-labels
option use re2, and therefore lookahead assertions are not supported.
A complimentary option to allowed-labels is the only way to support
this use case.
Change-Id: Ic722b1d2b0b609ec7de583dab159094159f00630
|
|
|
|
|
|
|
|
|
|
| |
The current default HTTP authentication method for Zuul's Gerrit
driver is Digest, but that has not been supported by Gerrit since
version 2.15. Change the default to Basic which matches the
current default and should be the value for most Gerrit
installations.
Change-Id: I4b034311dba53d959b4e1dfd2e9319ade45b1438
|
|
|
|
|
|
|
|
|
|
| |
The store-build-time-in-utc note used an invalid section 'upgrades', it
should be in singular form: 'upgrade'.
Was introduced by Ie0cfce385854caa5adbd27f7f13042e7bfd41f1b and the note
is intended for 3.0.2.
Change-Id: I27db5552857d85b1c66397a8df3bdf5fac352bb5
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds exceptions that were already applied
to the irrelevant files matcher.
It implements some version of option D discussed in [1].
Added comments to both matchers implementations.
The FileMatcher is now a stub holding relevant regex only.
[1] https://review.opendev.org/660856
Change-Id: Icf5df145e4cd351ffd04b1e417e9f7ab8c5ccd12
Story: 2005040
Task: 29531
Signed-off-by: Radosław Piliszek <radoslaw.piliszek@gmail.com>
|
|\ \ |
|