[vdsm] Jenkins and Gerrit.

Wed Aug 8 19:53:35 UTC 2012

On 08/08/2012 03:07 PM, Dan Kenigsberg wrote:
> On Wed, Aug 08, 2012 at 09:58:17AM -0400, Robert Middleswarth wrote:
>> On 08/08/2012 09:50 AM, Dan Kenigsberg wrote:
>>> On Wed, Aug 08, 2012 at 02:55:17PM +0200, Ewoud Kohl van Wijngaarden wrote:
>>>> On Wed, Aug 08, 2012 at 03:48:13PM +0300, Dan Kenigsberg wrote:
>>>>> On Wed, Aug 08, 2012 at 07:47:02AM -0400, Robert Middleswarth wrote:
>>>>>> I have setup patch review on Jenkins.info for newly submitted
>>>>>> patches and it seems to be working pretty well over all but last
>>>>>> night well tweaking the process I broken it for a few min but that
>>>>>> was long enough that about 50 jobs were marked -1 I will be fixing
>>>>>> that today by rerunning the jobs.  I am sorry if one of your patches
>>>>>> was dinged and it should be fixed by this time tomorrow.
>>>>> Thanks, Robert, for working on this. It is highly important for me to
>>>>> know that something is going to break the build before taking it in.
>>>>>
>>>>> However, would it be possible to have a repository where we can review
>>>>> the code of the robot?
>>>> It's Gerrit Trigger[1] and the code is on github[2].
>>>>
>>>>> I think it is important for the robot to be less noisy, and
>>>>> particularly, never give V+1. This task is reserved to humans that
>>>>> actually know what the patch should be doing.
>>>> The V+1 has been fixed. Will give 0 when they pass, -1 when they fail.
>>>>
>>>>> Also, I am not at all sure that the robot is limitting itself to be
>>>>> running code of trustworthy authors.
>>>> Eyal added a feature request for this[3]. This was the result of a
>>>> discussion on the infra mailing list[4].
>>> As much as I like (and need) this per-commit verification, I think we
>>> should not deploy it before the feature is implemented.
>>>
>>> BTW, Federico suggested to initiate the test only on request (when oVirt
>>> Jenkins CI Server is added as reviewer). This would allow a more silent
>>> start for CI.
>>>
>>> Thanks,
>>> Dan.
>> I already wrote a little bash code to do this outside the plug-in.
>> It will be in place by the end of the day.
> This kind of script is exactly the thing I'd like to be peer-reviewed
> before applied en mass to gerrit changes. Particularly due to the
> security implications.
>
> Regards,
> Dan.
If you are talking about the jenkins app that updates Gerrit that is has 
been in use on ovirt-node-devel for some time. As for the whitelist 
script that is like 4 lines.

git log --pretty="%ce" -n 1 >  $WORKSPACE/current_author.txt
grep -f $WORKSPACE/current_author.txt $WORKSPACE/jenkins-whitelist.txt
RETVAL=$?
[ $RETVAL -ne 0 ] && curl -u jenkins_bot:xxxxxx $BUILD_URL/stop;

It is simple and the files are generated outside of the repo so it 
should be safe.

-- 
Thanks
Robert Middleswarth
@rmiddle (twitter/IRC)