CI Jobs

Job Groups

Job groups are a great tool to configure categories of jobs together at the same time. Below the example are some starting point job-groups but we recommend creating your own to ensure that the jobs configured reflect the project’s needs.

An example project:

- job-group:
    name: odl-maven-jobs

    jobs:
      - gerrit-maven-clm
      - gerrit-maven-merge
      - gerrit-maven-release
      - gerrit-maven-verify
      - gerrit-maven-verify-dependencies:
          build-timeout: 180

    mvn-version: mvn35

- project:
    name: aaa
    jobs:
      - odl-maven-jobs

In this example we are using the job-group to assign a list of common jobs to the aaa project. The job-group also hardcodes mvn-version to mvn35 and build-timeout to 180 for all projects using this job-group.

A benefit of this method is for example disabling entire category of jobs by modifying the job-group, insert disable-job: true parameter against the jobs to disable.

Below is a list of CI job groups:

---
- job-group:
    name: "{project-name}-ci-jobs"

    jobs:
      - gerrit-jenkins-cfg-merge
      - gerrit-jenkins-cfg-verify
      - gerrit-jenkins-sandbox-cleanup
      - gerrit-jjb-deploy-job
      - gerrit-jjb-merge
      - gerrit-jjb-verify
      - gerrit-branch-lock

- job-group:
    name: "{project-name}-github-ci-jobs"

    jobs:
      - github-jenkins-cfg-merge
      - github-jenkins-cfg-verify
      - github-jenkins-sandbox-cleanup
      - github-jjb-deploy-job
      - github-jjb-merge
      - github-jjb-verify

- job-group:
    name: "{project-name}-info-yaml-jobs"

    jobs:
      - gerrit-info-yaml-verify

- job-group:
    name: "{project-name}-github-info-yaml-jobs"

    jobs:
      - github-info-yaml-verify

- job-group:
    name: "{project-name}-packer-jobs"

    jobs:
      - gerrit-packer-merge
      - gerrit-packer-verify
      - gerrit-packer-verify-build

- job-group:
    name: "{project-name}-github-packer-jobs"

    jobs:
      - github-packer-merge
      - github-packer-verify
      - github-packer-verify-build

- job-group:
    name: "{project-name}-openstack-jobs"

    jobs:
      - gerrit-openstack-update-cloud-image
      - gerrit-openstack-cron

- job-group:
    name: "{project-name}-github-openstack-jobs"

    jobs:
      - github-openstack-update-cloud-image
      - github-openstack-cron

Macros

lf-infra-jjb-parameters

Required Parameters:
jjb-cache:

Location of Jenkins Job Builder (JJB) cache used for jjb jobs.

jjb-version:

Version of Jenkins Job Builder (JJB) to install and use in the jjb jobs.

lf-jenkins-cfg-clouds

Deploys Jenkins Cloud configuration read from the jenkins-clouds directory in ci-management repositories.

Note

Requires the jjbini file in Jenkins CFP to contain JJB 2.0 style config definitions for “production” and “sandbox” systems.

Required Parameters:
jenkins-silos:

Space-separated list of Jenkins silos to update configuration for as defined in ~/.config/jenkins_jobs/jenkins_jobs.ini

lf-jenkins-cfg-global-vars

Manages the Global Jenkins variables. This macro will clear all exist macros in Jenkins and replaces them with the ones defined by the ci-management/jenkins-config/global-vars-SILO.sh script.

Note

Requires the jjbini file in Jenkins CFP to contain JJB 2.0 style config definitions for “production” and “sandbox” systems.

Required parameters:
jenkins-silos:

Space-separated list of Jenkins silos to update configuration for as defined in ~/.config/jenkins_jobs/jenkins_jobs.ini

lf-infra-jjbini

Provides jenkins_jobs.ini configuration for Jenkins.

lf-packer-common

Common packer configuration.

lf-packer-file-paths

Gerrit file-paths for packer jobs.

lf-packer-parameters

Parameters useful for packer related tasks.

Parameters:
packer-version:

Version of packer to install / use. (shell: PACKER_VERSION)

lf-packer-verify-file-paths

Gerrit file-paths for packer verify jobs.

lf-puppet-parameters

Parameters useful for Puppet related tasks.

Parameters:
puppet-lint-version:

Version of puppet-lint to install / use. (shell: PUPPET_LINT_VERSION)

Job Templates

Gerrit Branch Lock

Job submits a patch to lock or unlock a project’s branch.

This job will process lock/unlock requests for all projects and all branches and does not need to have per-project configuration.

Template Names:
  • {project-name}-gerrit-branch-lock

  • gerrit-branch-lock

Comment Trigger:
  • lock branch

  • unlock branch

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

Optional parameters:
git-url:

URL to clone project from. (default: $GIT_URL/$GERRIT_PROJECT)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

gerrit_merge_triggers:

Override Gerrit Triggers.

Jenkins Configuration Merge

Jenkins job to manage Global Jenkins configuration.

Note

Requires the jjbini file in Jenkins CFP to contain JJB 2.0 style config definitions for “production” and “sandbox” systems.

Template names:
  • {project-name}-jenkins-cfg-merge

  • gerrit-jenkins-cfg-merge

  • github-jenkins-cfg-merge

Optional parameters:
branch:

Git branch to build against. (default: master)

cron:

How often to run the job on a cron schedule. (default: @daily)

git-url:

URL to clone project from. (default: $GIT_URL/$GERRIT_PROJECT)

jenkins-silos:

Space separated list of Jenkins silos to update configuration for as defined in ~/.config/jenkins_jobs/jenkins_jobs.ini (default: production sandbox)

Typically this template is automatically pulled in by the “{project-name}-ci-jobs” job-group and does not need to be explicitly called if you are already using the job group.

Minimal Example:

---
- project:
    name: jenkins-cfg-merge-minimal-test
    jobs:
      - "gerrit-jenkins-cfg-merge"

    project-name: ci-management

Full Example:

---
- project:
    name: jenkins-cfg-merge-full-test
    jobs:
      - "gerrit-jenkins-cfg-merge"

    project-name: builder
    jenkins-silos: releng sandbox

Global Environment Variables

Manage Global Environment Variables via the jenkins-config/global-vars-SILO.sh file in ci-management. Replace SILO with the name of the Jenkins silo the variable configuration is for.

The format for this file is KEY=value for example:

GERRIT_URL=https://git.opendaylight.org/gerrit
GIT_BASE=git://devvexx.opendaylight.org/mirror/$PROJECT
GIT_URL=git://devvexx.opendaylight.org/mirror
JENKINS_HOSTNAME=vex-yul-odl-jenkins-2
LOGS_SERVER=https://logs.opendaylight.org
NEXUS_URL=https://nexus.opendaylight.org
ODLNEXUSPROXY=https://nexus.opendaylight.org
SILO=sandbox
SONAR_URL=https://sonar.opendaylight.org

Cloud Configuration

This configuration requires the OpenStack Cloud plugin in Jenkins.

OpenStack Cloud plugin version supported:

  • 2.30 - 2.34

  • 2.35 - 2.37

Cloud configuration follows a directory structure in ci-management like this:

  • jenkins-config/clouds/openstack/

  • jenkins-config/clouds/openstack/cattle/cloud.cfg

  • jenkins-config/clouds/openstack/cattle/centos7-builder-2c-2g.cfg

  • jenkins-config/clouds/openstack/cattle/centos7-builder-4c-4g.cfg

  • jenkins-config/clouds/openstack/cattle/centos7-docker-4c-4g.cfg

This job uses the directory name of the directory inside of the “openstack” directory as the name of the cloud configuration in Jenkins. This is to support systems that want to use more than one cloud provider. In this example “cattle” is the cloud name.

The cloud.cfg file is a special file used to configure the main cloud configuration in the format KEY=value.

Cloud Parameters:
CLOUD_URL:

API endpoint URL for Keystone. (default: “”)

CLOUD_IGNORE_SSL:

Ignore unverified SSL certificates. (default: false)

CLOUD_ZONE:

OpenStack region to use. (default: “”)

CLOUD_CREDENTIAL_ID:

Credential to use for authentication to OpenStack. (default: “os-cloud”)

INSTANCE_CAP:

Total number of instances the cloud will allow spin up. (default: null)

SANDBOX_CAP:

Total number of instances the cloud will allow to spin up. This applies to “sandbox” systems and overrides the INSTANCE_CAP setting. (default: null)

Template Parameters:

Note

Parameters below that are not defined will inherit the ones defined in the default clouds configuration.

IMAGE_NAME:

The image name to use for this template. (required)

HARDWARE_ID:

OpenStack flavor to use. (required)

LABELS:

Labels to assign to the vm. (default: FILE_NAME)

VOLUME_SIZE:

Volume size to assign to vm. (default: “”)

HARDWARE_ID:

Hardware Id to assign to vm. (default: “”)

NETWORK_ID:

OpenStack network to use. (default: “”)

USER_DATA_ID:

User Data to pass into the instance. (default: jenkins-init-script)

INSTANCE_CAP:

Total number of instances of this type that is available for use at one time. When defined in clouds.cfg it defines the total for the entire cloud. (default: null)

SANDBOX_CAP:

Total number of instances of this type that is available for use at one time. When defined in clouds.cfg it defines the total for the entire cloud. This applies to “sandbox” systems and overrides the INSTANCE_CAP setting. (default: null)

FLOATING_IP_POOL:

Floating ip pool to use. (default: “”)

SECURITY_GROUPS:

Security group to use. (default: “default”)

AVAILABILITY_ZONE:

OpenStack availability zone to use. (default: “”)

START_TIMEOUT:

Number of milliseconds to wait for agent provisioning. (default: 600000)

KEY_PAIR_NAME:

SSH Public Key Pair to use for authentication. (default: jenkins-ssh)

NUM_EXECUTORS:

Number of executors to enable for the instance. (default: 1)

JVM_OPTIONS:

JVM Options to pass to Java. (default: null)

FS_ROOT:

File system root for the workspace. (default: “/w”)

NODE_PROPERTIES:

Node properties. (default: null)

RETENTION_TIME:

Number of minutes to wait for an idle minion before removing it from the system. If set to -1, the minion will stick around forever. (default: 0)

CONNECTION_TYPE:

The connection type for Jenkins to connect to the build minion. Valid options: JNLP, SSH. (default: “SSH”)

CONFIG_TYPE:

Configuration drive. (default: null)

For a live example see the OpenDaylight project jenkins-config directory. https://github.com/opendaylight/releng-builder/tree/master/jenkins-config

Troubleshooting

Cloud Configuration:

The directory groovy-inserts contains the groovy script output used by Jenkins to push the cloud configuration. In the event of a job failure use this file to debug.

Jenkins Configuration Verify

Jenkins job to verify the Global Jenkins configuration.

Requires the clouds-yaml file to be setup on the Jenkins host.

Template names:
  • {project-name}-jenkins-cfg-verify

  • gerrit-jenkins-cfg-verify

  • github-jenkins-cfg-verify

Optional parameters:
branch:

Git branch to build against. (default: master)

git-url:

URL to clone project from. (default: $GIT_URL/$GERRIT_PROJECT)

This job is not part of the “{project-name}-ci-jobs” group and requires separate configuration.

Example:

---
- project:
    name: jenkins-cfg-verify
    jobs:
      - "gerrit-jenkins-cfg-verify"

    project-name: ci-management

Jenkins Sandbox Cleanup

Cleanup Jenkins Sandbox of jobs and views periodically.

Template names:
  • {project-name}-jenkins-sandbox-cleanup

  • gerrit-jenkins-sandbox-cleanup

  • github-jenkins-sandbox-cleanup

Comment Trigger:

NONE

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

Optional parameters:
cron:

Schedule to run job. (default: ‘0 8 * * 6’)

JJB Deploy Job

Deploy jobs to jenkins-sandbox system via code review comment.

This job checks out the current code review patch and then runs a jenkins-jobs update to push a patch defined by the comment.

Template names:
  • {project-name}-jjb-deploy-job

  • gerrit-jjb-deploy-job

  • github-jjb-deploy-job

Comment Trigger:

jjb-deploy JOB_NAME

Note

The JJB Deploy Job is a manual job and triggers via Gerrit comment which starts with the jjb-deploy keyword.

Example of a valid command in Gerrit comment that triggers the job:

jjb-deploy builder-jjb-*

Example of a invalid command in Gerrit comment that would _not_ trigger the job:

Update the job. jjb-deploy builder-jjb-*

JOB_NAME can include the * wildcard character to push jobs matching the pattern. For example jjb-deploy builder-jjb-* will push all builder-jjb-* jobs to the sandbox system.

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

Optional parameters:
git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

gerrit_jjb_deploy_job_triggers:

Override Gerrit Triggers.

JJB Merge

Runs jenkins-jobs update to update production job configuration

Template Names:
  • {project-name}-jjb-merge

  • gerrit-jjb-merge

  • github-jjb-merge

Comment Trigger:

remerge

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

Optional parameters:
branch:

Git branch to fetch for the build. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 10)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

jjb-cache:

JJB cache location. (default: $HOME/.cache/jenkins_jobs)

jjb-workers:

Number of threads to run update with. Set to 0 by default which will use the number of available CPU cores. (default: 0)

jjb-version:

JJB version to install. (default: see job-template)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

gerrit_merge_triggers:

Override Gerrit Triggers.

gerrit_trigger_file_paths:

Override file paths to filter which file modifications will trigger a build. (default defined by lf_jjb_common)

JJB Verify

Runs jenkins-jobs test to verify JJB syntax. Optionally verifies build-node labels used in templates and job definitions.

Template Names:
  • {project-name}-jjb-verify

  • gerrit-jjb-verify

  • github-jjb-verify

Comment Trigger:

recheck|reverify

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

Optional parameters:
branch:

Git branch to fetch for the build. (default: master)

build-concurrent:

Set to true to allow this job to run jobs simultaneously. (default: true)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-node-label-check:

Whether to check build-node labels in jobs against node names in cloud config files (default: false)

build-node-label-list:

Space-separated list of external build-node labels not present in cloud config files (default: “”)

build-timeout:

Timeout in minutes before aborting build. (default: 10)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

jjb-cache:

JJB cache location. (default: $HOME/.cache/jenkins_jobs)

jjb-version:

JJB version to install. (default: see job-template)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Set to true to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

throttle_categories:

List of categories to throttle by.

throttle-enabled:

Set to true to enable throttling on the job. (default: true)

throttle-max-per-node:

Max jobs to run on the same node. (default: 1)

throttle-max-total:

Max jobs to run across the entire project. - 0 means ‘unlimited’ (default: 0)

throttle-option:

Throttle by the project or by list of categories defined in the throttle plugin configuration. (options: ‘project’, ‘category’; default: project)

gerrit_verify_triggers:

Override Gerrit Triggers.

gerrit_trigger_file_paths:

Override file paths to filter which file modifications will trigger a build. (default defined by lf_jjb_common)

JJB Verify Upstream Global JJB

Runs jenkins-jobs test to verify JJB syntax for upstream global-jjb patches. This job is useful to notify upstream that they may be breaking project level jobs.

Template Names:
  • {project-name}-jjb-verify-upstream-gjjb

  • gerrit-jjb-verify-upstream-gjjb

  • github-jjb-verify-upstream-gjjb

Comment Trigger:

recheck|reverify

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

Optional parameters:
branch:

Git branch to fetch for the build. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 10)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

jjb-cache:

JJB cache location. (default: $HOME/.cache/jenkins_jobs)

jjb-version:

JJB version to install. (default: see job-template)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

Info YAML Verify

This job verifies that INFO.yaml file changes follow the schema defined in lfit/releng-global-jjb/schema/info-schema.yaml.

The INFO.yaml file changes must be independent of any other files changes.

Template Names:
  • {project-name}-info-yaml-verify

  • gerrit-info-yaml-verify

  • github-info-yaml-verify

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

Optional parameters:
branch:

Git branch to fetch for the build. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 10)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

gerrit_verify_triggers:

Override Gerrit Triggers.

LF Pipelines Verify

Verify job for the LF RelEng pipeline library.

Requires the Pipelines plugins installed. This job will look for a Gerrit system named “lf-releng” (mapped to https://gerrit.linuxfoundation.org/infra/), and pull in the Jenkinsfile in the root directory of the repo.

Template Names:
  • lf-pipelines-verify

Comment Trigger:

recheck|reverify

License Checker

Job to scan projects for files missing license headers.

Template Names:
  • {project-name}-license-check

  • gerrit-license-check

  • github-license-check

Optional parameters:
build-timeout:

Timeout in minutes before aborting build. (default: 15)

file-patterns:

Space-separated list of file patterns to scan. (default: *.go *.groovy *.java *.py *.sh)

spdx-disable:

Disable the SPDX-Identifier checker. (default: false)

lhc-version:

Version of LHC to use. (default: 0.2.0)

license-exclude-paths:

Comma-separated list of paths to exclude from the license checker. Matches the paths defined here using a contains rule, we recommend you to configure as precisely as possible. For example a path of ‘/src/generated/’ will search as ‘/src/generated/’. Example: org/opendaylight/yang/gen,protobuff/messages (default: ‘’)

licenses-allowed:

Comma-separated list of allowed licenses. (default: Apache-2.0,EPL-1.0,MIT)

project-pattern:

The ANT based pattern for Gerrit Trigger to choose which projects to trigger job against. (default: ‘**’)

OpenStack Cron

Cron job that runs on a schedule to perform periodic tasks against OpenStack.

This job requires a Config File Provider file named clouds-yaml available containing the credentials for the cloud.

Template Names:
  • {project-name}-openstack-cron

  • gerrit-openstack-cron

  • github-openstack-cron

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

jenkins-urls:

URLs to Jenkins systems to check for active builds.

Optional parameters:
branch:

Git branch to fetch for the build. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 90)

cron:

Time when the packer image should be rebuilt (default: @hourly)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

openstack-cloud:

OS_CLOUD setting to pass to openstack client. (default: vex)

openstack-image-cleanup:

Set true to run the image cleanup script. (default: true)

openstack-image-cleanup-age:

Age in days of image before marking it for removal. (default: 30)

openstack-image-protect:

Set true to run the image protect script. (default: true)

openstack-server-cleanup:

Set true to run the server cleanup script. (default: true)

openstack-stack-cleanup:

Set true to run the stack cleanup script. (default: true)

openstack-volume-cleanup:

Set true to run the volume cleanup script. (default: true)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

Minimal Example:

---
- project:
    name: openstack-cron-minimal-test
    jobs:
      - "gerrit-openstack-cron"

    project-name: ci-management

    jenkins-urls: >
      https://jenkins.example.org
      https://jenkins.example.org/sandbox

Full Example:

---
- project:
    name: openstack-cron-full-test
    jobs:
      - "gerrit-openstack-cron"

    project-name: ciman-full

    jenkins-urls: >
      https://jenkins.example.org
      https://jenkins.example.org/sandbox
    openstack-cloud: example-cloud
    openstack-image-cleanup: false
    openstack-image-cleanup-age: 42
    openstack-image-protect: false
    openstack-server-cleanup: false
    openstack-stack-cleanup: false
    openstack-volume-cleanup: false

OpenStack Update Cloud Image

This job finds and updates OpenStack cloud images on the ci-management source repository.

This job functions in 2 ways:

  1. When triggered via packer-merge job, updates the image created by the job.

  2. When triggered manually or via cron, updates all images.

When triggered through an upstream packer merge job, this generates a change request for the new image built.

When triggered manually, this job finds the latest images on OpenStack cloud and compares them with the images in use in the source ci-management source repository. If the compared images have newer time stamps are all updated through a change request.

This job requires a Jenkins configuration merge and verify job setup and working on Jenkins.

Template Names:
  • {project-name}-openstack-update-cloud-image

  • gerrit-openstack-update-cloud-image

  • github-openstack-update-cloud-image

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

new-image-name:

Name of new image name passed from packer merge job or set to ‘all’ to update all images. (default: all)

Optional parameters:
branch:

Git branch to fetch for the build. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 90)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

openstack-cloud:

OS_CLOUD setting to pass to openstack client. (default: vex)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

update-cloud-image:

Submit a change request to update new built cloud image to Jenkins. (default: false)

Minimal Example:

---
- project:
    name: openstack-update-cloud-images-minimal-test
    jobs:
      - "gerrit-openstack-update-cloud-image"

    project-name: ciman-minimal
    gerrit-user: "jenkins-user"
    gerrit-host: "git.example.org"
    gerrit-topic: "update-cloud-image"
    reviewers-email: "jenkins-user@example.org"

Full Example:

---
- project:
    name: openstack-update-cloud-images-full-test
    jobs:
      - "gerrit-openstack-update-cloud-image"

    project: ciman
    project-name: ciman-full
    build-timeout: 10
    branch: master
    archive-artifacts: "**/*.log"
    jenkins-ssh-credential: "jenkins-ssh-credential"
    gerrit-user: "jenkins-user"
    gerrit-host: "git.example.org"
    gerrit-topic: "update-cloud-image"
    reviewers-email: "jenkins-user@example.org"

Packer Merge

Packer Merge job runs packer build to build system images in the cloud.

This job requires a Config File Provider file named ansible-cfg created on Jenkins. The file can include ansible host configuration required for the environment.

Template Names:
  • {project-name}-packer-merge-{platforms}-{templates}

  • gerrit-packer-merge

  • github-packer-merge

Comment Trigger:

remerge

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

platforms:

Platform or distribution to build. Typically json file found in the packer/vars directory. (Example: centos-7)

templates:

System template to build. Typically a yaml file or shell script found in the packer/provision directory. (Example: docker)

Optional parameters:
cron:

Time when the packer image should be rebuilt (default: @monthly)

branch:

Git branch to fetch for the build. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 90)

gerrit_verify_triggers:

Override Gerrit Triggers.

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

openstack:

Packer template uses an OpenStack builder (default: true).

openstack-cloud:

Sets OS_CLOUD variable to the value of this parameter. (default: vex).

packer-cloud-settings:

Name of settings file containing credentials for the cloud that packer will build on. (default: packer-cloud-env)

packer-version:

Version of packer to install / use in build. (default: 1.0.2)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

update-cloud-image:

Submit a change request to update newly built cloud image to Jenkins. (default: false)

Test an in-progress patch

To test an in-progress patch from a GitHub Pull Request, upload this job to the Jenkins Sandbox. Then when manually building the job, replace the GERRIT_REFSPEC parameter with the GitHub Pull Request number of the patch you would like to test.

Example GitHub:

GERRIT_REFSPEC: origin/pr/49/merge

Packer Verify

Packer Verify job runs packer validate to verify packer configuration. The verify job checks superficial syntax of the template and other files. It does not attempt to build an image, and cannot detect all possible build issues.

This job requires a Config File Provider file named ansible-cfg created on Jenkins. The file can include ansible host configuration required for the environment.

Template Names:
  • {project-name}-packer-verify

  • gerrit-packer-verify

  • github-packer-verify

Comment Trigger:

recheck|reverify

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

Optional parameters:
branch:

Git branch to fetch for the build. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 10)

gerrit_trigger_file_paths:

Override file paths to filter which file modifications will trigger a build.

gerrit_verify_triggers:

Override Gerrit Triggers.

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

openstack:

Packer template uses an OpenStack builder (default: true).

openstack-cloud:

Sets OS_CLOUD variable to the value of this parameter. (default: vex).

packer-cloud-settings:

Name of settings file containing credentials for the cloud that packer will build on. (default: packer-cloud-env)

packer-version:

Version of packer to install / use in build. (default: 1.0.2)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

Packer Verify Build

Packer Verify Build job is essentially the same as the Packer Merge job. Trigger using its keyword, and will build a useable image. If the last patch set before a merge has a successful verify build, the merge job will not build the same image.

Template Names:
  • {project-name}-packer-verify-build-{platforms}-{templates}

  • gerrit-packer-verify-build

  • github-packer-verify-build

Comment Trigger:

verify-build|packer-build

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

platforms:

Platform or distribution to build. Typically json file found in the packer/vars directory. (Example: centos-7)

templates:

System template to build. Typically a yaml file or shell script found in the packer/provision directory. (Example: docker)

Optional parameters:
branch:

Git branch to fetch for the build. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 10)

gerrit_trigger_file_paths:

Override file paths to filter which file modifications will trigger a build.

gerrit_verify_triggers:

Override Gerrit Triggers.

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

openstack:

Packer template uses an OpenStack builder (default: true).

openstack-cloud:

Sets OS_CLOUD variable to the value of this parameter. (default: vex).

packer-cloud-settings:

Name of settings file containing credentials for the cloud that packer will build on. (default: packer-cloud-env)

packer-version:

Version of packer to install / use in build. (default: 1.0.2)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

update-cloud-image:

Submit a change request to update new built cloud image to Jenkins. (default: false)

Puppet Verify

Runs puppet-lint in the puppet-dir directory. Since puppet-lint runs recursively, we recommend to run from the base directory.

Template Names:
  • {project-name}-puppet-verify

  • gerrit-puppet-verify

  • github-puppet-verify

Comment Trigger:

recheck|reverify

Required Parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally set in defaults.yaml)

Optional Parameters:
branch:

The branch to build against. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 15)

gerrit_trigger_file_paths:

Override file paths which used to filter which file modifications will trigger a build. Refer to JJB documentation for “file-path” details. https://jenkins-job-builder.readthedocs.io/en/latest/triggers.html#triggers.gerrit

git-url:

URL clone project from. (default: $GIT_URL/$GERRIT_PROJECT)

puppet-dir:

Directory containing the project’s puppet module(s) relative to the workspace. (default: ‘’)

puppet-lint-version:

Version of puppet-lint to use for testing. (default: 2.3.6)

stream:

Keyword representing a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

Sonar

Runs the Jenkins SonarQube Scanner plug-in to analyze code for bugs, code smells and security vulnerabilities, and to upload the result (possibly including code-coverage statistics) to a SonarQube server or to SonarCloud.io.

Requires SonarQube Scanner for Jenkins

Configuration must set one of the parameters sonar-project-file or sonar-properties; they cannot both be empty.

Plug-in configurations
Manage Jenkins –> Configure System –> SonarQube servers
Manage Jenkins –> Global Tool Configuration –> SonarQube Scanner
  • Name: SonarQube Scanner (fixed)

  • Install automatically

  • Select latest version

Note

Optionally, set Sonar properties directly in the job definition by setting the sonar-project-file to "" and adding all properties under sonar-properties.

Template Names:
  • {project-name}-sonar

  • gerrit-sonar

  • github-sonar

Optional Parameters:
sonar-task:

Sonar task to run. (default: “”)

sonar-project-file:

The filename for the project’s properties (default: “sonar-project.properties”)

sonar-properties:

Sonar configuration properties. (default: “”)

sonar-java-opts:

JVM options. (default: “”)

sonar-additional-args:

Additional command line arguments. (default: “”)

sonarcloud-java-version:

Version of Java to run the Sonar scan. (default: “openjdk17”)

Sonar with Prescan

The same as the Sonar job above, except the caller also defines a builder called lf-sonar-prescan, in which they can put any builders that they want to run before the Sonar scan.

- builder:
    name: lf-sonar-prescan
    builders:
      - shell: "# Pre-scan shell script"
Template Names:
  • {project-name}-sonar-prescan

  • gerrit-sonar-prescan

  • github-sonar-prescan

Required Parameters:
lf-sonar-prescan:

A builder that will run before the Sonar scan.

Optional Parameters:
sonar-task:

Sonar task to run. (default: “”)

sonar-project-file:

The filename for the project’s properties (default: “sonar-project.properties”)

sonar-properties:

Sonar configuration properties. (default: “”)

sonar-java-opts:

JVM options. (default: “”)

sonar-additional-args:

Additional command line arguments. (default: “”)

sonarcloud-java-version:

Version of Java to run the Sonar scan. (default: “openjdk17”)

Sonar with Prescan Script

The same as the Sonar job above, except the caller must supply a shell script to run before the Sonar scan. This is commonly used to install prerequisites, build the project, execute unit tests and generate a code-coverage report.

Template Names:
  • {project-name}-sonar-prescan-script

  • gerrit-sonar-prescan-script

  • github-sonar-prescan-script

Required Parameters:
sonar-prescan-script:

A shell script that will run before the Sonar scan.

Optional Parameters:
sonar-task:

Sonar task to run. (default: “”)

sonar-project-file:

The filename for the project’s properties. (default: “sonar-project.properties”)

sonar-properties:

Sonar configuration properties. (default: “”)

sonar-java-opts:

JVM options. (default: “”)

sonar-additional-args:

Additional command line arguments. (default: “”)

sonarcloud-java-version:

Version of Java to run the Sonar scan. (default: “openjdk17”)