diff options
| -rwxr-xr-x | .gitmodules | 40 | ||||
| -rwxr-xr-x | Dockerfile | 75 | ||||
| -rwxr-xr-x | LICENSE.TXT | 38 | ||||
| -rwxr-xr-x | README.md | 31 | ||||
| -rwxr-xr-x | bootstrap | 50 | ||||
| -rwxr-xr-x | config.xml | 54 | ||||
| -rwxr-xr-x | ice-testengine | 81 | ||||
| -rwxr-xr-x | pom.xml | 122 | ||||
| -rwxr-xr-x | tox.ini | 19 |
9 files changed, 510 insertions, 0 deletions
diff --git a/.gitmodules b/.gitmodules new file mode 100755 index 0000000..e3afade --- /dev/null +++ b/.gitmodules @@ -0,0 +1,40 @@ +# ============LICENSE_START======================================================= +# org.onap.vvp/jenkins +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +[submodule "txcontainerkit"] + path = txcontainerkit + url = git@github.com:att-innovate/txcontainerkit.git diff --git a/Dockerfile b/Dockerfile new file mode 100755 index 0000000..1d7ecc5 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,75 @@ +# ============LICENSE_START========================================== +# org.onap.vvp/jenkins +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +FROM jenkinsci/jenkins:alpine + +# TODO revisit these additions. Are they all still needed after discarding +# containerkit? +USER root +RUN apk add --no-cache \ + bash \ + coreutils \ + curl \ + git \ + jq \ + openssh-client \ + py-pip \ + python \ + ttf-dejavu \ + unzip \ + zip \ + && : + +ENV JAVA_OPTS="-Djava.awt.headless=true -Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=-1" + +COPY \ + ice-testengine \ + bootstrap \ + /usr/local/bin/ + +# Insert a skeleton config.xml that enables security +COPY config.xml /usr/share/jenkins/ref/ + +# Insert our bootstrap before upstream's +RUN mv /usr/local/bin/jenkins.sh /usr/local/bin/upstream_jenkins.sh; \ + mv /usr/local/bin/bootstrap /usr/local/bin/jenkins.sh + +RUN pip install -U pytest pyyaml pytest-tap + +USER jenkins + +RUN install-plugins.sh notification workflow-aggregator tap diff --git a/LICENSE.TXT b/LICENSE.TXT new file mode 100755 index 0000000..53053c8 --- /dev/null +++ b/LICENSE.TXT @@ -0,0 +1,38 @@ +# +# ============LICENSE_START========================================== +# org.onap.vvp/jenkins +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. diff --git a/README.md b/README.md new file mode 100755 index 0000000..83cbe52 --- /dev/null +++ b/README.md @@ -0,0 +1,31 @@ +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# rkt-ice-jenkins (for kubernetes) + +## design considerations + +### goals + +- bog standard jenkins +- one admin user + - admin password defined in vault, not generated by jenkins +- no interactive setup on first launch +- ssh keys set +- turn on security by default (so anonymous doesn't have admin!) + +### ideas + +- no need for massive "initial home" tarball; just place the stuff we want and jenkins will install the rest as usual +- use groovy to set admin password + - nope: fragile, unreliable, and groovy is gross +- write users/admin/config.xml as templated k8s secret, insert password hash + - okay, but ansible has no bcrypt filter. need to store hashed. + - but paul says prefer environment variables + - but then any jenkins job has access to the hashed password +- write jenkins.install.InstallUtil.lastExecVersion jenkins.install.UpgradeWizard.state + - can't simply mount them; need some process to copy into place + +## design + +- tweak base image to insert bootstrap wrapper script +- store secrets wherever (/etc/secrets), bootstrap can apply them +- bootstrap can generate jenkins.install.InstallUtil.lastExecVersion & jenkins.install.UpgradeWizard.state diff --git a/bootstrap b/bootstrap new file mode 100755 index 0000000..b47c3c4 --- /dev/null +++ b/bootstrap @@ -0,0 +1,50 @@ +# ============LICENSE_START========================================== +# org.onap.vvp/jenkins +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +#!/bin/sh + +# This bootstrap is wedged in before the one that our upstream container uses. +# We perform our bootstrap actions, then call it. + +# Disable the interactive first-run installer. +for f in "InstallUtil.lastExecVersion" "UpgradeWizard.state"; do + fn="$JENKINS_HOME/jenkins.install.$f" + [ -e "$fn" ] || echo -n "2.46" > "$fn" +done + +# Now, run the upstream bootstrap. +exec /usr/local/bin/upstream_jenkins.sh "$@" diff --git a/config.xml b/config.xml new file mode 100755 index 0000000..9032d1b --- /dev/null +++ b/config.xml @@ -0,0 +1,54 @@ +<!-- +# ============LICENSE_START========================================== +# org.onap.vvp/jenkins +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property.--> +<?xml version='1.0' encoding='UTF-8'?> +<hudson> + <disabledAdministrativeMonitors/> + <version>1.0</version> + <numExecutors>2</numExecutors> + <mode>NORMAL</mode> + <useSecurity>true</useSecurity> + <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy"> + <denyAnonymousReadAccess>true</denyAnonymousReadAccess> + </authorizationStrategy> + <securityRealm class="hudson.security.HudsonPrivateSecurityRealm"> + <disableSignup>true</disableSignup> + <enableCaptcha>false</enableCaptcha> + </securityRealm> + <disableRememberMe>false</disableRememberMe> +</hudson> diff --git a/ice-testengine b/ice-testengine new file mode 100755 index 0000000..da085eb --- /dev/null +++ b/ice-testengine @@ -0,0 +1,81 @@ +# ============LICENSE_START========================================== +# org.onap.vvp/jenkins +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +#!/bin/sh + +# This is the job that every jenkins build launches to run validation functions +# against some VF. + +[ "$WORKSPACE" ] || { + echo "error: \$WORKSPACE not found; $0 is intended to be launched from Jenkins." + exit 1 +} + +clone_or_update(){ + # Given a repo, if we have a local clone already, update it. Otherwise, + # perform a shallow clone. + repo_name="$1" + repo_url="$2" + branch="${3:-master}" + if [ -d "$WORKSPACE/$repo_name" ]; then + git -C "$WORKSPACE/$repo_name" fetch --depth 1 --force origin "$branch" + git -C "$WORKSPACE/$repo_name" reset --hard origin/"$branch" + git -C "$WORKSPACE/$repo_name" gc + else + git clone --branch "$branch" --depth 1 --single-branch --recursive "$repo_url" "$WORKSPACE/$repo_name" + fi +} + +# Clone or update the repo containing the VF to be evaluated +clone_or_update "VF" "$git_repo_url" master + +# Clone or update the TestEngine Validation Suite repos +for repo in "ice-validationmgr" "ice-heat-validation" +do + clone_or_update "$repo" "git@github.com:att-innovate/$repo.git" develop +done + +# Run test suite(s) +cd "$WORKSPACE/ice-validationmgr" +pytest --tap-stream +cd "$WORKSPACE/ice-heat-validation/ice_validator" +pytest --tap-stream --template-dir="$WORKSPACE/VF" + +# Clean up; remove VF directory. (VF may bring along files >20G. Easier to +# waste bandwidth than deal with full disk. After we move to 31T root disk for +# workspace, we can perform this cleanup less aggressively. +rm -rf "${WORKSPACE}/VF" @@ -0,0 +1,122 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.onap.oparent</groupId> + <artifactId>oparent</artifactId> + <version>1.0.0-SNAPSHOT</version> + </parent> + + <groupId>org.openecomp.vvp</groupId> + <artifactId>vvp-jenkins</artifactId> + <packaging>pom</packaging> + <version>1.0.0-SNAPSHOT</version> + <name>vvp-jenkins</name> + + <properties> + <!--nexus--> + <sitePath>/content/sites/site/org/openecomp/vvp/${project.artifactId}/${project.version}</sitePath> + <!--maven--> + <timestamp>${maven.build.timestamp}</timestamp> + <maven.build.timestamp.format>yyyy.MM.dd.HH.mm</maven.build.timestamp.format> + <!--docker--> + <docker.tag>${project.version}-${timestamp}</docker.tag> + <docker.latest.tag>${project.version}-latest</docker.latest.tag> + </properties> + + <build> + <plugins> + <plugin> + <groupId>org.sonatype.plugins</groupId> + <artifactId>nexus-staging-maven-plugin</artifactId> + <version>1.6.7</version> + <extensions>true</extensions> + <configuration> + <nexusUrl>${onap.nexus.url}</nexusUrl> + <stagingProfileId>176c31dfe190a</stagingProfileId> + <serverId>ecomp-staging</serverId> + </configuration> + </plugin> + <plugin> + <groupId>io.fabric8</groupId> + <artifactId>docker-maven-plugin</artifactId> + <version>0.19.1</version> + <configuration> + <verbose>true</verbose> + <apiVersion>1.23</apiVersion> + <registry>nexus3.onap.org:10003</registry> + <images> + <image> + <name>openecomp/jenkins</name> + <alias>vvp-jenkins</alias> + <build> + <cleanup>true</cleanup> + <tags> + <tag>${docker.tag}</tag> + <tag>${docker.latest.tag}</tag> + </tags> + <dockerFileDir>${project.basedir}</dockerFileDir> + </build> + </image> + </images> + </configuration> + <executions> + <execution> + <id>clean-images</id> + <phase>pre-clean</phase> + <goals> + <goal>remove</goal> + </goals> + <configuration> + <removeAll>true</removeAll> + </configuration> + </execution> + + <execution> + <id>generate-images</id> + <phase>package</phase> + <goals> + <goal>build</goal> + </goals> + </execution> + + <execution> + <id>push-images</id> + <phase>deploy</phase> + <goals> + <goal>build</goal> + <goal>push</goal> + </goals> + <configuration> + <image>openecomp/vvp-jenkins</image> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> + <distributionManagement> + <site> + <id>ecomp-site</id> + <url>dav:${onap.nexus.url}${sitePath}</url> + </site> + </distributionManagement> + <repositories> + <repository> + <id>ecomp-releases</id> + <name>ECOMP Release Repository</name> + <url>${onap.nexus.url}/content/repositories/releases/</url> + </repository> + <repository> + <id>ecomp-snapshots</id> + <name>ECOMP Snapshot Repository</name> + <url>${onap.nexus.url}/content/repositories/snapshots/</url> + </repository> + <repository> + <id>ecomp-staging</id> + <name>ECOMP Staging Repository</name> + <url>${onap.nexus.url}/content/repositories/staging/</url> + </repository> + </repositories> +</project> + @@ -0,0 +1,19 @@ +[tox] +skipsdist=True +envlist = py27,py3,style +setupdir = jenkins/ + +[testenv] +distribute = False +commands = + {envpython} --version +deps = flake8 + +[testenv:style] +commands = flake8 + +[testenv:py27] +basepython=python2.7 + +[testenv:py3] +basepython=python3.6 |