Skip to content

Commit

Permalink
Bump version to 2.0.0 and increment version workflow base branch to 2…
Browse files Browse the repository at this point in the history
….x (#137) (#145)

Update dependency org.jenkins-ci.plugins:junit to v1166.1168.vd6b_8042a_06de (#143)



Fix Cve's (#139)



Add apt repo and the artifacts promotion setups  (#136)



---------

Signed-off-by: Peter Zhu <[email protected]>
Co-authored-by: Sayali Gaikawad <[email protected]>
  • Loading branch information
peterzhuamazon and gaiksaya authored Feb 22, 2023
1 parent 751423a commit 343d9cb
Show file tree
Hide file tree
Showing 10 changed files with 507 additions and 24 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/version-increment.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
uses: peter-evans/create-pull-request@v4
with:
token: ${{ steps.github_app_token.outputs.token }}
base: '1.x'
base: '2.x'
committer: opensearch-ci-bot <[email protected]>
author: opensearch-ci-bot <[email protected]>
commit-message: |
Expand Down
10 changes: 5 additions & 5 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ dependencies {
testImplementation group: 'junit', name: 'junit', version: '4.13.2'
implementation group: 'org.codehaus.groovy', name: 'groovy-all', version: '3.0.14', ext: 'pom'
implementation group: 'com.cloudbees', name: 'groovy-cps', version: '1.31'
testImplementation group: 'org.yaml', name: 'snakeyaml', version: '1.29'
testImplementation group: 'org.yaml', name: 'snakeyaml', version: '1.33'
testImplementation group: 'org.assertj', name: 'assertj-core', version: '3.4.1'
testImplementation group: 'com.lesfurets', name:'jenkins-pipeline-unit', version: '1.13'
}
Expand All @@ -32,7 +32,7 @@ configurations.all {
resolutionStrategy {
force group: 'com.google.code.gson', name: 'gson', version: '2.8.9'
force group: 'commons-codec', name: 'commons-codec', version: '1.15'
force group: 'com.google.protobuf', name: 'protobuf-java', version: '3.19.3'
force group: 'com.google.protobuf', name: 'protobuf-java', version: '3.21.7'
}
}

Expand Down Expand Up @@ -66,13 +66,13 @@ sharedLibrary {
pluginDependencies {
workflowCpsGlobalLibraryPluginVersion = '570.v21311f4951f8' // https://repo.jenkins-ci.org/public/org/jenkins-ci/plugins/workflow/workflow-cps-global-lib/
// see https://mvnrepository.com/artifact/org.jenkins-ci.plugins/<name>?repo=jenkins-releases for latest
dependency('org.jenkins-ci.plugins.workflow', 'workflow-cps', '2803.v1a_f77ffcc773')
dependency('org.jenkins-ci.plugins.workflow', 'workflow-cps', '3606.v0b_d8b_e512dcf')
dependency('org.jenkins-ci.plugins.workflow', 'workflow-multibranch', '2.26.1')
dependency('org.jenkins-ci.plugins', 'pipeline-input-step', '456.vd8a_957db_5b_e9') // https://repo.jenkins-ci.org/public/org/jenkins-ci/plugins/pipeline-input-step/
dependency('org.jenkins-ci.plugins', 'script-security', '1229.v4880b_b_e905a_6')
dependency('org.jenkins-ci.plugins', 'credentials', '1112.vc87b_7a_3597f6')
dependency('org.jenkins-ci.plugins', 'git-client', '3.11.1')
dependency('org.jenkins-ci.plugins', 'junit', '1166.va_436e268e972')
dependency('org.jenkins-ci.plugins', 'junit', '1166.1168.vd6b_8042a_06de')
dependency('org.jenkins-ci.plugins', 'mailer', '408.vd726a_1130320') // https://repo.jenkins-ci.org/public/org/jenkins-ci/plugins/mailer/
}
}
Expand Down Expand Up @@ -120,7 +120,7 @@ jacocoTestReport {
}
}

String version = '1.6.0'
String version = '2.0.0'

task updateVersion {
doLast {
Expand Down
62 changes: 62 additions & 0 deletions tests/jenkins/TestPromoteRepos.groovy
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package jenkins.tests

import org.junit.Before
import org.junit.Test
import static com.lesfurets.jenkins.unit.MethodCall.callArgsToString
import static org.hamcrest.CoreMatchers.hasItem
import static org.hamcrest.CoreMatchers.hasItems
import static org.hamcrest.MatcherAssert.assertThat

class TestPromoteRepos extends BuildPipelineTest {

@Override
@Before
void setUp() {
this.registerLibTester(new PromoteReposLibTester('opensearch', '123', 'yum'))
this.registerLibTester(new PromoteReposLibTester('opensearch', '123', 'apt'))
super.setUp()

}

@Test
public void test() {
super.testPipeline("tests/jenkins/jobs/PromoteRepos_Jenkinsfile")
}

@Test
void 'yum verification'() {
runScript("tests/jenkins/jobs/PromoteRepos_Jenkinsfile")
assertThat(getShellCommands('sh', 'curl'), hasItems('\n set -e\n set +x\n\n echo \"Pulling 1.3.0 rpm\"\n cd /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum\n curl -SLO https://ci.opensearch.org/dbc/opensearch/1.3.0/123/linux/x64/rpm/dist/opensearch/opensearch-1.3.0-linux-x64.rpm\n curl -SLO https://ci.opensearch.org/dbc/opensearch/1.3.0/123/linux/arm64/rpm/dist/opensearch/opensearch-1.3.0-linux-arm64.rpm\n\n ls -l\n '))
assertThat(getShellCommands('sh', 'aws'), hasItems('aws s3 sync s3://ARTIFACT_PRODUCTION_BUCKET_NAME/releases/bundle/opensearch/1.x/yum/ /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/ --no-progress'))
assertThat(getShellCommands('signArtifacts', ''), hasItems('{artifactPath=/tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/repomd.pom, sigtype=.asc, platform=linux}'))
assertThat(getShellCommands('sh', 'repomd.pom.asc'), hasItems('\n set -e\n set +x\n \n cd /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/yum/repodata/\n \n ls -l\n \n mv -v repomd.pom repomd.xml\n mv -v repomd.pom.asc repomd.xml.asc\n \n ls -l\n \n cd -\n '))
}

@Test
void 'apt verification'() {
runScript("tests/jenkins/jobs/PromoteRepos_Jenkinsfile")
assertThat(getShellCommands('sh', 'curl'), hasItems('\n set -e\n set +x\n\n echo \"Pulling 1.3.0 deb\"\n cd /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/apt\n curl -SLO https://ci.opensearch.org/dbc/opensearch/1.3.0/123/linux/x64/deb/dist/opensearch/opensearch-1.3.0-linux-x64.deb\n curl -SLO https://ci.opensearch.org/dbc/opensearch/1.3.0/123/linux/arm64/deb/dist/opensearch/opensearch-1.3.0-linux-arm64.deb\n\n ls -l\n '))
assertThat(getShellCommands('sh', 'aws'), hasItems('aws s3 sync s3://ARTIFACT_PRODUCTION_BUCKET_NAME/releases/bundle/opensearch/1.x/apt/ /tmp/workspace/artifacts/releases/bundle/opensearch/1.x/apt/ --no-progress'))
assertThat(getShellCommands('sh', 'aptly'), hasItems('#!/bin/bash\n\n echo \"Start Signing Apt\"\n rm -rf ~/.aptly\n mkdir $ARTIFACT_PATH/base\n find $ARTIFACT_PATH -type f -name \"*.deb\" | xargs -I {} mv -v {} $ARTIFACT_PATH/base\n aptly repo create -distribution=stable -component=main opensearch\n aptly repo add opensearch $ARTIFACT_PATH/base\n aptly repo show -with-packages opensearch\n aptly snapshot create opensearch-1.x from repo opensearch\n aptly publish snapshot -batch=true -passphrase-file=passphrase opensearch-1.x\n echo \"------------------------------------------------------------------------\"\n echo \"Clean up gpg\"\n gpg --batch --yes --delete-secret-keys RPM_SIGNING_KEY_ID\n gpg --batch --yes --delete-keys RPM_SIGNING_KEY_ID\n rm -v passphrase\n echo \"------------------------------------------------------------------------\"\n rm -rf $ARTIFACT_PATH/*\n cp -rvp ~/.aptly/public/* $ARTIFACT_PATH/\n ls $ARTIFACT_PATH\n\n '))
}

def getShellCommands(methodName, searchString) {
def shCommands = helper.callStack.findAll { call ->
call.methodName == methodName
}.collect { call ->
callArgsToString(call)
}.findAll { command ->
command.contains(searchString)
}
return shCommands
}
}
2 changes: 1 addition & 1 deletion tests/jenkins/jobs/AssembleManifest_rpm_Jenkinsfile.txt
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
signArtifacts.withCredentials([RPM_SIGNING_ACCOUNT_NUMBER, RPM_SIGNING_PASSPHRASE_SECRETS_ARN, RPM_SIGNING_SECRET_KEY_ID_SECRETS_ARN, RPM_SIGNING_KEY_ID], groovy.lang.Closure)
signArtifacts.echo(RPM Add Sign)
signArtifacts.withAWS({role=jenkins-prod-rpm-signing-assume-role, roleAccount=RPM_SIGNING_ACCOUNT_NUMBER, duration=900, roleSessionName=jenkins-signing-session}, groovy.lang.Closure)
signArtifacts.sh(
signArtifacts.sh(#!/bin/bash
set -e
set +x

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,25 @@
pipeline {
agent none
stages {
stage('promote') {
stage('promote yum repo') {
steps {
script {
promoteYumRepos(
promoteRepos(
jobName: "opensearch",
buildNumber: "123",
distributionRepoType: "yum",
manifest: "tests/data/opensearch-1.3.0.yml"
)
}
}
}
stage('promote apt repo') {
steps {
script {
promoteRepos(
jobName: "opensearch",
buildNumber: "123",
distributionRepoType: "apt",
manifest: "tests/data/opensearch-1.3.0.yml"
)
}
Expand Down
Loading

0 comments on commit 343d9cb

Please sign in to comment.