Overview of the verification flows
The following diagram illustrates the proposed review verification and merge verification flows
- Developer pushes a commit to Gerrit
- Gerrit triggers review verification job in Jenkins
- The templates for review verification job are in ci-management/jjb/integration/integration-templates-csit.yaml, named as "{project-name}-review-verification-<artifact type>-{stream}"
- The only currently supported artifact type in review verification templates is maven
- The trigger is "gerrit-trigger-patch-submitted" and it is activated by any file change in the project
- the job starts with artifact build
- Artifacts should be created from the patch under review
- Currently the first step just compiles the artifacts locally (with unit tests), but additional operations - for example sonar analysis - should be considered here
- The templates for review verification job are in ci-management/jjb/integration/integration-templates-csit.yaml, named as "{project-name}-review-verification-<artifact type>-{stream}"
- Docker build is started
- Docker build step builds docker image(s) to local temporary docker repository
- The docker build scripts and the created artifacts are completely based on the submitted patch in Gerrit
- The actual build script is specific to the project and has to be specified in the specific docker build job definition
- The build should differentiate local image from any that could be found from Nexus3
- Missing repository prefix in the image name is an obvious hint
- CSIT job is started
- this step calls csit/run-project-csit.sh under the project's root directory via integration-run-project-test builder defined in ci-management/integration/integration-macros.yaml
- run-project-csit.sh is project-specific, but can take advantage of common scripts in integration/csit if considered useful
- run-project-csit.sh can and should run all the test plans of the project in one go and provide the results under csit/archives directory
- CSIT job pulls the docker images created in step 4. (by using project-specific setup scripts) and tests them
- The test cases to be executed are also from the patch under review
- the setup script responsible of pulling the required images should ensure that the images are local
- To be considered: should CSIT ever be able to pull the images under test from Nexus?
- Review verification job gives +1 or -1 verify vote to the review based on the overall success of the verification
- Once the commit is approved (+2'd) and submitted, Gerrit triggers merge verification job in Jenkins
- The template for merge verification job is in ci-management/jjb/integration/integration-templates-csit.yaml and currently named as "{project-name}-merge-verification-<artifact type>-{stream}
- The only currently supported artifact type in merge verification templates is maven
- The trigger is "gerrit-trigger-patch-merged" and it is activated by any file change in the project
- the job starts with artifact build
- Artifacts should be created from master
- Sonar analysis and other possible additional artifact-related steps should be considered here
- Docker build is started
- Docker build step builds docker image(s) to local temporary docker repository
- The docker build scripts and the created artifacts are completely based on master
- The actual build script is the same as in review verification and used in the same way
- CSIT is started in exactly the same way as review verification
- CSIT job pulls the docker images created in step 10. (by using project-specific setup scripts) and tests them
Requirements and recommendations
The following requirements must be met and recommendations should be followed by any project that moves their CSIT tests to project repository:
- The project must define a review verification job based on one of "{project-name}--review-verification-<artifact type>-{stream}" templates (which is defined in ci-management/jjb/integration/integration-templates-csit.yaml)
- the only currently supported artifact type is maven - new templates must be created to support different artifact types (such as golang)
- The following JJB variables must be defined in the project definition that defines the review verification job:
- project-name (project identifier that can be freely chosen)
- project (should correspond project's name in Gerrit)
- stream (list of supported branches)
- java-version
- mvn-version
- mvn-settings
- mvn-global-settings
- The project must support CSIT as follows:
- The project must have csit/run-project-csit.sh that is responsible of the entire CSIT execution
- The setup scripts should be able to use locally built docker images
- Following the integration/csit subdirectory structure and using its run-csit.sh (by cloning the integration/csit and copying the common scripts to workspace) is possible but not mandatory
- The project should define a merge verification job based on one of "{project-name}-merge-verification-<artifact type>-{stream}" templates (which are defined in ci-management/jjb/integration/integration-templates-csit.yaml)
Example project
CCSDK/distribution
First actively used example of this design (excluding artifact build jobs) is now available
- All the related job and template changes done to ci-management repository are available in master
- ci-management/jjb/integration/
- integration-maven-jobs.yaml
- integration/integration-templates-csit.yaml
- ci-management/jjb/ccsdk/
- distribution.yaml
- ccsdk-csit.yaml
- ci-management/jjb/integration/
- The changes to ccsdk/distribution repository itself are available under https://gerrit.onap.org/r/admin/repos/ccsdk/distribution
- the entire csit subdirectory
Open questions and remaining tasks
- Is there any need for SNAPSHOT docker images in Nexus3?
- Is there any need for staging artifacts in Nexus? Who needs them, where and how? How does the staging repository even work?
- Should CSIT be able to test docker images from Nexus? If so, under which circumstances and for what purpose?
- Currently there are verification templates available only for maven artifact type - others (for example golang) may have to be added
- This proposal replaces plain Maven/Makefile/other artifact build jobs completely
- Sonar builds seem to be completely separate scheduled builds anyway, and unsupported by any templates?
- Ideally all reviews should start with Sonar build and fail the review on violations