From b2645bbea43243bb2abec79898e208b1a1e66fbf Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Tue, 22 Jun 2021 17:31:59 -0700 Subject: [PATCH] Update promote/publish secrets and jobs This updates the promote and publish secrets and jobs to no longer rely on jinja templates in secrets since Zuul removed support for that. Instead, we use python string formatting, and pass in only known safe static variables (ie, the "zuul" hierarchy). Change-Id: Icf267c0313b451d20f28075717a0380c570fe30d --- playbooks/artifacts/promote.yaml | 9 ++++++++- playbooks/docs/promote.yaml | 25 ++++++++++++++++++++----- playbooks/tox-docs/publish.yaml | 11 +++++++++-- zuul.d/secrets.yaml | 22 ++++++++++++++++------ 4 files changed, 53 insertions(+), 14 deletions(-) diff --git a/playbooks/artifacts/promote.yaml b/playbooks/artifacts/promote.yaml index c4a38ab..667bfb1 100644 --- a/playbooks/artifacts/promote.yaml +++ b/playbooks/artifacts/promote.yaml @@ -28,7 +28,14 @@ register: files - name: Set target directory set_fact: - target_dir: "{{ afs.artifacts_path }}" + target_dict: "{{ afs.targets.default }}" + - name: Set target path + set_fact: + target_dir: "{{ target_dict.path.format(zuul=zuul) }}" + - name: Adjust target path + when: "target_dict.regex is defined" + set_fact: + target_dir: "{{ target_dir | regex_replace(target_dict.regex.pattern, target_dict.regex.sub) }}" - name: Get an AFS token include_role: name: create-afs-token diff --git a/playbooks/docs/promote.yaml b/playbooks/docs/promote.yaml index 1fb674f..1a0b88d 100644 --- a/playbooks/docs/promote.yaml +++ b/playbooks/docs/promote.yaml @@ -47,11 +47,18 @@ - name: Set target directory if master when: "zuul.branch == 'master'" set_fact: - target_dir: "{{ afs.docs_master_path }}" + target_dict: "{{ afs.targets.master }}" - name: Set target directory if not master when: "zuul.branch != 'master'" set_fact: - target_dir: "{{ afs.docs_branch_path }}" + target_dict: "{{ afs.targets.branch }}" + - name: Set target path + set_fact: + target_dir: "{{ target_dict.path.format(zuul=zuul) }}" + - name: Adjust target path + when: "target_dict.regex is defined" + set_fact: + target_dir: "{{ target_dir | regex_replace(target_dict.regex.pattern, target_dict.regex.sub) }}" - name: Get an AFS token include_role: name: create-afs-token @@ -60,11 +67,19 @@ path: "{{ target_dir }}" state: directory mode: 0755 + - name: Set redirect target directory + when: "target_dict.redirect is defined" + set_fact: + redirect_target_dir: "{{ target_dict.redirect.path.format(zuul=zuul) }}" + - name: Set redirect content + when: "target_dict.redirect is defined" + set_fact: + redirect_content: "{{ target_dict.redirect.content.format(zuul=zuul) }}" - name: Create redirect htaccess file - when: "afs.docs_redirect_path is defined and zuul.branch == 'master'" + when: "target_dict.redirect is defined" copy: - dest: "{{ afs.docs_redirect_path }}" - content: "{{ afs.docs_redirect_content }}" + dest: "{{ redirect_target_dir }}" + content: "{{ redirect_content }}" mode: 0644 - name: Upload to AFS include_role: diff --git a/playbooks/tox-docs/publish.yaml b/playbooks/tox-docs/publish.yaml index 8fff52f..8546606 100644 --- a/playbooks/tox-docs/publish.yaml +++ b/playbooks/tox-docs/publish.yaml @@ -8,9 +8,16 @@ name: write-root-marker vars: root_marker_dir: "{{ zuul.executor.log_root }}/docs" - - name: Set target directory + - name: Select target configuration set_fact: - target_dir: "{{ afs.docs_tag_path }}" + target_dict: "{{ afs.targets.tag }}" + - name: Set target path + set_fact: + target_dir: "{{ target_dict.path.format(zuul=zuul) }}" + - name: Adjust target path + when: "target_dict.regex is defined" + set_fact: + target_dir: "{{ target_dir | regex_replace(target_dict.regex.pattern, target_dict.regex.sub) }}" - name: Get an AFS token include_role: name: create-afs-token diff --git a/zuul.d/secrets.yaml b/zuul.d/secrets.yaml index 5f81821..cea5818 100644 --- a/zuul.d/secrets.yaml +++ b/zuul.d/secrets.yaml @@ -13,11 +13,19 @@ BLNr7dnEAAz+yGqLLDYzAiV6IOVDuFutSK35YWisEu0QZDIyP9TOzh17+49tIbWyPZFiw Gj8RrLn2EwsAQSXSYIGv2F0gjHKPugg8bFKS2E9rEnRGFEIutel6hnI9mlCUfU= service_name: service/opendev-zuul@OPENSTACK.ORG - docs_master_path: "/afs/.openstack.org/project/opendev.org/docs/{{ zuul.project.name }}/latest" - docs_branch_path: "/afs/.openstack.org/project/opendev.org/docs/{{ zuul.project.name }}/{{ zuul.branch | default('_error') | regex_replace('stable/', '') }}" - docs_tag_path: "/afs/.openstack.org/project/opendev.org/docs/{{ zuul.project.name }}/{{ zuul.tag | default('_error') }}" - docs_redirect_path: "/afs/.openstack.org/project/opendev.org/docs/{{ zuul.project.name }}/.htaccess" - docs_redirect_content: "RedirectMatch 302 ^/{{ zuul.project.name }}/?$ /{{ zuul.project.name }}/latest/" + targets: + master: + path: "/afs/.openstack.org/project/opendev.org/docs/{zuul[project][name]}/latest" + redirect: + path: "/afs/.openstack.org/project/opendev.org/docs/{zuul[project][name]}/.htaccess" + content: "RedirectMatch 302 ^/{zuul[project][name]}/?$ /{zuul[project][name]}/latest/" + branch: + path: "/afs/.openstack.org/project/opendev.org/docs/{zuul[project][name]}/{zuul[branch]}" + regex: + pattern: 'stable/(.*)$' + sub: '\1' + tag: + path: "/afs/.openstack.org/project/opendev.org/docs/{zuul[project][name]}/{zuul[tag]}" - secret: name: opendev-zuul-tarballs @@ -34,7 +42,9 @@ BLNr7dnEAAz+yGqLLDYzAiV6IOVDuFutSK35YWisEu0QZDIyP9TOzh17+49tIbWyPZFiw Gj8RrLn2EwsAQSXSYIGv2F0gjHKPugg8bFKS2E9rEnRGFEIutel6hnI9mlCUfU= service_name: service/opendev-zuul@OPENSTACK.ORG - artifacts_path: "/afs/.openstack.org/project/tarballs.opendev.org/{{ zuul.project.name }}" + targets: + default: + path: "/afs/.openstack.org/project/tarballs.opendev.org/{zuul[project][name]}" - secret: name: opendev-pypi