openstack/openstack-zuul-jobs
Code Issues Proposed changes
openstack-zuul-jobs/playbooks/legacy/merlin-js-release-branch/run.yaml
Jeremy Stanley d3ff588013 Correctly revoke /etc/sudoers.d/zuul 
According to our zuul-worker DIB element the path we want to remove
to revoke zuul sudo access is /etc/sudoers.d/zuul:

http://git.openstack.org/cgit/openstack-infra/project-config/tree/nodepool/elements/zuul-worker/install.d/60-zuul-worker

Generated via:

    sed -i 's/zuul-sudo/zuul/' \
        `git grep --files-with-match '/etc/sudoers.d/zuul-sudo'`

Change-Id: Iea8cf915d815dbf876ca0cee74933f04152395b8
2017-09-28 19:19:04 +00:00

104 lines
3.6 KiB
YAML
Raw Blame History

- hosts: all
name: Autoconverted job legacy-merlin-js-release-branch from old job merlin-js-release-branch
tasks:
- name: Ensure legacy workspace directory
file:
path: '{{ ansible_user_dir }}/workspace'
state: directory
- shell:
cmd: |
set -u
set -e
set -x
# Prerequisites
sudo apt-get update
sudo apt-get install -y apt-transport-https lsb-release curl
DISTRO=$(lsb_release -c -s)
# Install via nodesource
curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | sudo apt-key add -
echo "deb https://deb.nodesource.com/node_4.x $DISTRO main" | sudo tee /etc/apt/sources.list.d/nodesource.list
echo "deb-src https://deb.nodesource.com/node_4.x $DISTRO main" | sudo tee -a /etc/apt/sources.list.d/nodesource.list
sudo apt-get update
sudo apt-get install -y nodejs
# Output to the log for debugging sake.
node --version
npm --version
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
set -e
set -x
CLONEMAP=`mktemp`
function cleanup {
# In cases where zuul-cloner is aborted during a git
# clone operation, git will remove the git work tree in
# its cleanup. The work tree in these jobs is the
# workspace directory, which means that subsequent
# jenkins post-build actions can not run because the
# workspace has been removed.
# To reduce the likelihood of this having an impact,
# recreate the workspace directory if needed
mkdir -p $WORKSPACE
rm -f $CLONEMAP
}
trap cleanup EXIT
cat > $CLONEMAP << EOF
clonemap:
- name: $ZUUL_PROJECT
dest: .
EOF
/usr/zuul-env/bin/zuul-cloner -m $CLONEMAP --cache-dir /opt/git \
git://git.openstack.org $ZUUL_PROJECT
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: /usr/local/jenkins/slave_scripts/install-distro-packages.sh
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
set -x
sudo rm -f /etc/sudoers.d/zuul
# Prove that general sudo access is actually revoked
! sudo -n true
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: /usr/local/jenkins/slave_scripts/run-jsbuild.sh build
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
set -e
set -x
/usr/local/jenkins/slave_scripts/version-properties.sh
source version.properties
# Clean/create a tarball directory
rm -rf tarballs
mkdir -p tarballs
# Create an archive tarball.
tar -czf $ZUUL_SHORT_PROJECT_NAME-$PROJECT_VER.tar.gz dist/
cp $ZUUL_SHORT_PROJECT_NAME-$PROJECT_VER.tar.gz tarballs/$ZUUL_SHORT_PROJECT_NAME-latest.tar.gz
mv $ZUUL_SHORT_PROJECT_NAME-$PROJECT_VER.tar.gz tarballs/
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
View Git Blame Copy Permalink