Merge pull request #25 from rpitonak/add-ci

rpitonak · web-flow · commit 3b136daad6d5 · 2019-07-04T16:34:33.000+02:00
Setup CI
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -0,0 +1,70 @@
+def onmyduffynode(script){
+    ansiColor('xterm'){
+        timestamps{
+            sh 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -l root ${DUFFY_NODE}.ci.centos.org -t \"export REPO=${REPO}; export BRANCH=${BRANCH};\" "' + script + '"'
+        }
+    }
+}
+
+def synctoduffynode(source)
+{
+    sh 'scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -r ' + source + " " + "root@" + "${DUFFY_NODE}.ci.centos.org:~/"
+}
+
+node('userspace-containerization'){
+
+    stage('Checkout'){
+        checkout scm
+    }
+
+    stage('Build'){
+        try{
+            stage ("Allocate node"){
+                env.CICO_API_KEY = readFile("${env.HOME}/duffy.key").trim()
+                duffy_rtn=sh(
+                            script: "cico --debug node get --arch x86_64 -f value -c hostname -c comment",
+                            returnStdout: true
+                            ).trim().tokenize(' ')
+                env.DUFFY_NODE=duffy_rtn[0]
+                env.DUFFY_SSID=duffy_rtn[1]
+            }
+
+            stage ("Setup"){
+                onmyduffynode "yum -y install epel-release"
+                onmyduffynode "yum -y install python36-pip python36-devel rpmdevtools docker ansible"
+                onmyduffynode "yum -y remove git"
+                onmyduffynode "curl -o /etc/yum.repos.d/git-epel-7.repo https://copr.fedorainfracloud.org/coprs/g/git-maint/git/repo/epel-7/group_git-maint-git-epel-7.repo"
+                onmyduffynode "yum -y install git-core"
+                onmyduffynode "pip3 install pre-commit"
+                onmyduffynode "pip3 install --upgrade pip"
+                onmyduffynode "export RPM_PY_SYS=true"
+                onmyduffynode "yum install -y rebase-helper krb5-libs krb5-devel krb5-workstation"
+                synctoduffynode "./." // copy all source files (hidden too, we need .git/)
+            }
+
+            stage ("Setup Openshift Cluster"){
+                onmyduffynode "ansible-playbook -v -i localhost, --connection=local ./files/install-openshift.yaml"
+            }
+
+            stage ("Image build"){
+                onmyduffynode "make test-image-build"
+            }
+
+            stage ("Tests"){
+                onmyduffynode "pytest --color=yes --verbose --showlocals ./tests"
+            }
+
+            stage ("Linters"){
+                    onmyduffynode "pre-commit run --all-files"
+            }
+
+        } catch (e) {
+            currentBuild.result = "FAILURE"
+            throw e
+        } finally {
+            stage("Cleanup"){
+                sh 'cico node done ${DUFFY_SSID}'
+            }
+        }
+    }
+}
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# Sandcastle
+# Sandcastle [![Build Status](https://ci.centos.org/job/sandcastle-master/badge/icon)](https://ci.centos.org/job/sandcastle-master/)
 
 Run untrusted code in a castle (OpenShift pod), which stands in a sandbox.
 
diff --git a/files/install-openshift.yaml b/files/install-openshift.yaml
@@ -0,0 +1,59 @@
+---
+- name: Install dependencies for sandcastle.
+  hosts: all
+  tasks:
+  - name: Install basic utilities which should be in a sandbox.
+    yum:
+      name:
+      - git
+      - rpmdevtools
+      - docker
+      state: present
+  - name:
+    pip:
+      executable: pip3
+      requirements: "{{ lookup('env','PWD') }}/tests/requirements.txt"
+  - name: Install packit
+    pip:
+      name:
+        - packitos
+        - kubernetes==8.0.0
+        - pytest
+        - flexmock
+      executable: pip3
+  - name: Disable SELinux
+    command: setenforce 0
+  - name: Disable firewall
+    command: systemctl stop firewalld # firewall on CentOS does not allow docker login into OpenShift registry
+  - name: Start docker deamon
+    command: systemctl start docker
+  - name: Create docker deamon config
+    file:
+      path: /etc/docker/daemon.json
+      state: touch
+  - name: Add OpenShift insecure registry into docker deamon config
+    copy:
+      content: |
+        {"insecure-registries" : [ "172.30.0.0/16" ]}
+      dest: /etc/docker/daemon.json
+  - name: Restart docker because config has changed
+    command: systemctl restart docker
+  - name: Install OpenShift server
+    yum:
+      name:
+      - centos-release-openshift-origin310
+      state: present
+  - name: Install OpenShift client
+    yum:
+      name:
+      - origin-clients
+      state: present
+  - name: Start Openshift cluster
+    command: oc cluster up --base-dir=/tmp
+    environment:
+      PATH: "{{ ansible_env.PATH}}:/usr/local/bin"
+      DOCKER_CONFIG: "/etc/docker/daemon.json"
+
+  # https://github.com/packit-service/sandcastle#developing-sandcastle
+  - name: Add permissions for service account
+    command: oc adm policy add-role-to-user edit system:serviceaccount:myproject:default
diff --git a/tests/requirements.txt b/tests/requirements.txt
@@ -1,3 +1,3 @@
-kubernetes
+kubernetes==8.0.0
 flexmock
 pytest

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# Sandcastle`
	`1`	`+# Sandcastle [![Build Status](https://ci.centos.org/job/sandcastle-master/badge/icon)](https://ci.centos.org/job/sandcastle-master/)`
`2`	`2`
`3`	`3`	`Run untrusted code in a castle (OpenShift pod), which stands in a sandbox.`
`4`	`4`