Overview of the verification flows
The following diagram illustrates the proposed review verification and merge verification flows
- Developer pushes a commit to Gerrit
- Gerrit triggers review verification job in Jenkins
- The template for review verification job is in ci-management/jjb/integration/integration-templates-csit.yaml and currently named as "{project-name}-unified-review-{stream}-PoC"
- The trigger is "gerrit-trigger-patch-submitted" and it is activated by any file change in the project
- Review verification build triggers artifact build job
- Artifacts should be created from the patch under review, unit tests executed and Sonar analysis performed here
- Optionally, the artifacts may be pushed to Onap Nexus (nexus.onap.org)
- Review verification job triggers docker build job
- The value of BUILD_ID Jenkins variable is passed to the docker build job as UNIQUE_DOCKER_TAG (along with PROJECT, BRANCH and GERRIT_REFSPEC)
- The triggered build is defined as "{project-name}-{stream}-{artifact-type}-docker-snapshot-PoC" in the review verification job template
- The build is blocking and fails the entire review verification job before moving it moves on to the next step on failure
- The only currently existing docker build job template that follows the expected naming pattern is defined in ci-management/jjb/global-templates-golang.yaml as "{project-name}-{stream}-golang-docker-snapshot-PoC"
- Optionally, the artifacts to be used can be pulled from ONAP Nexus (nexus.onap.org)
- Docker build job builds snapshot docker image(s) and pushes them to ONAP Snapshot Nexus3 (nexus3.onap.org)
- The docker build scripts and the created artifacts (either pulled from artifact Nexus in the previous step or created here on the fly) are completely based on the submitted patch in Gerrit
- The actual build script is specific to the project and has to be specified in the specific docker build job definition
- The build should tag the relevant docker image(s) with <version>-SNAPSHOT-<unique docker tag> using the UNIQUE_DOCKER_TAG value given as parameter
- Review verification job triggers CSIT job
- The value of BUILD_ID Jenkins variable is passed to the docker build job as UNIQUE_DOCKER_TAG (along with PROJECT, BRANCH and GERRIT_REFSPEC)
- The triggered build is defined as "{project-name}-{stream}-project-csit-PoC" in the review verification job template
- The build is blocking and fails the entire review verification job on failure
- The CSIT job template is defined in ci-management/jjb/integration/integration-templates-csit.yaml as "{project-name}-{stream}-project-csit-PoC"
- the template calls csit/run-project-csit.sh under the project's root directory via integration-run-project-test builder defined in ci-management/integration/integration-macros.yaml
- run-project-csit.sh is project-specific, but can take advantage of common scripts in integration/csit if considered useful
- run-project-csit.sh can and should run all the test plans of the project in one go and provide the results under csit/archives directory
- CSIT job pulls the docker images created in step 7. (by using project-specific setup scripts) and tests them
- The test cases to be executed are also from the patch under review
- Review verification job gives +1 or -1 verify vote to the review based on the overall success of the verification
- Once the commit is approved (+2'd) and submitted, Gerrit triggers merge verification job in Jenkins
- The template for merge verification job is in ci-management/jjb/integration/integration-templates-csit.yaml and currently named as "{project-name}-unified-merge-{stream}-PoC"
- The trigger is "gerrit-trigger-patch-merged" and it is activated by any file change in the project
- Merge verification build triggers artifact build job
- Artifacts should be created from the master, unit tests executed and Sonar analysis performed here
- Optionally, the artifacts may be pushed to Onap Nexus (nexus.onap.org)
- Merge verification job triggers docker build job in exactly the same way as review verification job triggers it in step 7.
- Optionally, the artifacts to be used can be pulled from ONAP Nexus (nexus.onap.org)
- Docker build job builds snapshot docker image(s) and pushes them to ONAP Snapshot Nexus3 (nexus3.onap.org)
- The procedure is the same as in step 7. except for the fact that the docker build scripts and the created artifacts are completely based on master
- Merge verification job triggers CSIT job in exactly the same way as review verification job triggers it in step 8.
- CSIT job pulls the docker images created in step 10. (by using project-specific setup scripts) and tests them
- Merge verification job triggers docker image staging job
- The value of BUILD_ID Jenkins variable is passed to the docker build job as UNIQUE_DOCKER_TAG (along with PROJECT, BRANCH and GERRIT_REFSPEC)
- The triggered build is defined as "{project-name}-{stream}-docker-staging-PoC" in the merge verification job template
- The staging job template is defined in ci-management/jjb/global-templates-docker.yaml as "{project-name}-{stream}-docker-staging-PoC"
- The actual staging script is specific to the project and has to be specified in the specific docker build job definition
- Docker image staging job pulls the docker image(s) built in step 10.
- Docker image staging job tags the docker images(s) with <version>-STAGING-latest and pushes them to ONAP Staging Nexus
Requirements and recommendations
The following requirements must be met and recommendations should be followed by any project that moves their CSIT tests to project repository:
- The project must define a review verification job based on "{project-name}-unified-review-{stream}-PoC" template (which is defined in ci-management/jjb/integration/integration-templates-csit.yaml)
- The following JJB variables must be defined in the project definition that defines the review verification job:
- project-name (project identifier that can be freely chosen)
- project (should correspond project's name in Gerrit)
- stream (list of supported branches)
- artifact-type (should match the type of docker snapshot PoC template)
- java-version
- mvn-version
- mvn-settings
- mvn-global-settings
- The project must define a job for building snapshot docker images from artifacts of given artifact-type based on any template following naming convention "{project-name}-{stream}-{artifact-type}-docker-snapshot-PoC"
- only golang available at the moment! New templates for java, python etc. should be added to support more projects
- The docker job definition must specify the project-specific script or method that
- builds the artifacts
- puts the artifacts into docker image(s)
- tags the docker image(s) with <version>-SNAPSHOT-<unique docker tag> where UNIQUE_DOCKER_TAG environment variable (passed down as Jenkins job input parameter) is used for the last part
- pushes the docker image(s) to ONAP snapshot Nexus
- The project must define a job for project-specific CSIT based on "{project-name}-{stream}-project-csit-PoC" template defined in ci-management/jjb/integration/integration-templates-csit.yaml
- The project must have csit/run-project-csit.sh that is responsible of the entire CSIT execution
- run-project-csit.sh should use the UNIQUE_DOCKER_TAG environment variable (passed down as Jenkins job input parameter) to specify the exact docker images to pull and run in startup phase
- Following the integration/csit subdirectory structure and using its run-csit.sh (by cloning the integration/csit and copying the common scripts to workspace) to execute the actual tests is recommended (at least for existing Robot CSITs) but not mandatory
- The project should define a merge verification job based on "{project-name}-unified-merge-{stream}-PoC" template (which is defined in ci-management/jjb/integration/integration-templates-csit.yaml)
- The project should define a job for tagging verified snapshot docker images as STAGING based on "{project-name}-{stream}-{artifact-type}-docker-staging-PoC" template (in ci-management/jjb/global-templates-docker.yaml)
- The docker job definition must specify the project-specific script or method that
- pulls the verified snapshot docker images identified by the UNIQUE_DOCKER_TAG environment variable (passed down as Jenkins job input parameter) from ONAP snapshot Nexus
- tags the docker image(s) with <version>-STAGING-latest
- pushes the docker image(s) to ONAP snapshot Nexus
- The docker job definition must specify the project-specific script or method that
Example project
PoC implementation of the above design is available in music project for reference
- All the related job and template changes done to ci-management repository are available in master, see
- ci-management/jjb/
- global-templates-docker.yaml
- global-templates-golang.yaml
- ci-management/jjb/integration/
- integration-macros.yaml
- integration/integration-templates-csit.yaml
- ci-management/jjb/music/
- music-distributed-kv-store.yaml
- music-distributed-kv-store-csit.yaml
- build-music-distributed-kv-store-image.sh
- tag-music-distributed-kv-store-image-staging.sh
- ci-management/jjb/
- The changes to music repository itself are available in open Gerrit review https://gerrit.onap.org/r/c/music/distributed-kv-store/+/114637
- The entire csit subdirectory
- changes to docker scripts to support unique tagging and staging
Open questions and remaining tasks
- The only snapshot docker build template currently available is for golang
- templates for java, python etc. should be added if no common template is feasible
- Do we need umbrella jobs for review and merge verification, or should we trigger docker jobs and chain CSIT to them directly?
- Making changes to the overall structure might be more complex without umbrella jobs
- Is BUILD_ID the best possible identifier to be used for unique docker tag?
- Most docker builds already use unique timestamp to identify the images, but using it between jobs is more complex (especially in case of umbrella jobs)
- This proposal replaces plain Maven/Makefile/other artifact build jobs completely
- Sonar builds seem to be completely separate scheduled builds anyway, and unsupported by any templates?
- Ideally all reviews should start with Sonar build and fail the review on violations