openstack/openstack-zuul-jobs
Code Issues Proposed changes
openstack-zuul-jobs/playbooks/legacy/zmq-event-publisher-jenkinsci-upload/run.yaml
Jeremy Stanley d3ff588013 Correctly revoke /etc/sudoers.d/zuul 
According to our zuul-worker DIB element the path we want to remove
to revoke zuul sudo access is /etc/sudoers.d/zuul:

http://git.openstack.org/cgit/openstack-infra/project-config/tree/nodepool/elements/zuul-worker/install.d/60-zuul-worker

Generated via:

    sed -i 's/zuul-sudo/zuul/' \
        `git grep --files-with-match '/etc/sudoers.d/zuul-sudo'`

Change-Id: Iea8cf915d815dbf876ca0cee74933f04152395b8
2017-09-28 19:19:04 +00:00

39 lines
1.3 KiB
YAML
Raw Blame History

- hosts: all
name: Autoconverted job legacy-zmq-event-publisher-jenkinsci-upload from old job
zmq-event-publisher-jenkinsci-upload
tasks:
- name: Ensure legacy workspace directory
file:
path: '{{ ansible_user_dir }}/workspace'
state: directory
- shell:
cmd: |
set -x
sudo rm -f /etc/sudoers.d/zuul
# Prove that general sudo access is actually revoked
! sudo -n true
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
set -e
set -x
TAG=`echo $ZUUL_REF | sed 's/^refs.tags.//'`
FILENAME_HPI="$ZUUL_SHORT_PROJECT_NAME-$TAG.hpi"
# copy plugin artifacts from tarballs to local workspace
rm -rf *.hpi
curl -o $FILENAME_HPI http://tarballs.openstack.org/ci/$ZUUL_SHORT_PROJECT_NAME/$FILENAME_HPI
# deploy to maven repository
FILENAME_POM="$ZUUL_SHORT_PROJECT_NAME-$TAG.pom"
/usr/local/jenkins/slave_scripts/jenkinsci-upload.sh $ZUUL_SHORT_PROJECT_NAME $TAG \
$FILENAME_POM $FILENAME_HPI
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
View Git Blame Copy Permalink