tf-a-lts-create-release.yaml - ci/tf-a-job-configs.git - TrustedFirmware Git Browser

 - job:
     name: tf-a-lts-create-release
     node: docker-amd64-tf-a-jammy
     project-type: freestyle
     concurrent: false
     disabled: false
     description: Create a new TF-A LTS release from a tip of an LTS branch.
     properties:
     - build-discarder:
         days-to-keep: 365
         num-to-keep: 30
     - authorization:
         !include: authorization.yaml.inc
     parameters:
         - string:
             name: GERRIT_HOST
             default: 'review.trustedfirmware.org'
         - string:
             name: GERRIT_PROJECT
             default: 'TF-A/trusted-firmware-a'
             description: |
               TF-A Git project
         - string:
             name: GERRIT_BRANCH
             default: 'lts-v2.10'
             description: |
               Git branch to release from (lts-v2.8, lts-v2.10, etc.)
         - bool:
             name: SANDBOX_RUN
             default: true
             description: |
               Run sandbox simulation of a release. A tag will be created in
               separate "sandbox" namespace, and further actions like docs
               publishing or release email sending will be also sandboxed.
               Uncheck this only after running a simulation and verifying that
               everything is correct!
     wrappers:
         - credentials-binding:
           - ssh-user-private-key:
               credential-id: TFA_CI_BOT_USER_SSH_KEY
               key-file-variable: CI_BOT_KEY
               username-variable: CI_BOT_USERNAME
               passphrase-variable: ''
         - timestamps
     builders:
         - shell: |
             #!/bin/bash
             set -ex
             env | grep GERRIT
             echo SANDBOX_RUN=$SANDBOX_RUN
             git clone https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git
             git clone https://$GERRIT_HOST/$GERRIT_PROJECT
             DIR=$(basename $GERRIT_PROJECT)
             cd $DIR
             git checkout $GERRIT_BRANCH
             set +x
             nvm install
             set -x
             npm install --no-save standard-version
             #git tag

             echo "" >> readme.rst
             git config user.email "ci@trustedfirmware.org"
             git config user.name "Release CI"
             # Install Change-Id hook
             f="$(git rev-parse --git-dir)/hooks/commit-msg"; curl -o "$f" https://review.trustedfirmware.org/tools/hooks/commit-msg ; chmod +x "$f"

             if [ "$SANDBOX_RUN" == "true" ]; then
                 git commit -a -s -m "fix(readme): dummy commit for sandbox release"
             fi

             python3 $WORKSPACE/tf-a-ci-scripts/lts/lts-mangle-change-log.py remove-prefix docs/change-log.md >docs/change-log.md.tmp
             mv docs/change-log.md.tmp docs/change-log.md
             npm run release -- --release-as patch --tag-prefix lts-v
             python3 $WORKSPACE/tf-a-ci-scripts/lts/lts-mangle-change-log.py add-prefix docs/change-log.md >docs/change-log.md.tmp
             mv docs/change-log.md.tmp docs/change-log.md

             RELEASE=$(grep release docs/conf.py | sed -r -e 's/release = "(.*)"/\1/')

             git diff
             git commit -a -s -m "docs(changelog): changelog for lts-v${RELEASE} release"
             if [ "$SANDBOX_RUN" == "true" ]; then
                 TAG="sandbox/lts-v${RELEASE}-$(date +%Y%m%dT%H%M)"
             else
                 TAG="lts-v${RELEASE}"
             fi
             git tag $TAG

             mkdir -p ~/.ssh/
             ssh-keyscan -p 29418 $GERRIT_HOST >> ~/.ssh/known_hosts
             export GIT_SSH_COMMAND="ssh -i $CI_BOT_KEY -o 'PubkeyAcceptedKeyTypes +ssh-rsa'"

             #git push ssh://$CI_BOT_USERNAME@$GERRIT_HOST:29418/$GERRIT_PROJECT HEAD:refs/for/$GERRIT_BRANCH

             if [ "$SANDBOX_RUN" == "false" ]; then
                 # Push to the LTS branch
                 git push ssh://$CI_BOT_USERNAME@$GERRIT_HOST:29418/$GERRIT_PROJECT
             else
                 # If it's sandbox run, we still need to push commit to some branch,
                 # because otherwise the tag won't be visible in Gerrit (due to ACL
                 # model Gerrit uses: it resolve tag to a branch it belongs to, then
                 # checks ACLs on branch to see if a user has access to it; no branch
                 # == problems).
                 git push ssh://${CI_BOT_USERNAME}@${GERRIT_HOST}:29418/${GERRIT_PROJECT} HEAD:refs/heads/${TAG}-br
             fi
             # Push tag
             git push ssh://$CI_BOT_USERNAME@$GERRIT_HOST:29418/$GERRIT_PROJECT $TAG

             echo Release tag is created. Further processing happens in the job ${JENKINS_URL}job/tf-a-lts-release-tagged
	- job:
	name: tf-a-lts-create-release
	node: docker-amd64-tf-a-jammy
	project-type: freestyle
	concurrent: false
	disabled: false
	description: Create a new TF-A LTS release from a tip of an LTS branch.
	properties:
	- build-discarder:
	days-to-keep: 365
	num-to-keep: 30
	- authorization:
	!include: authorization.yaml.inc
	parameters:
	- string:
	name: GERRIT_HOST
	default: 'review.trustedfirmware.org'
	- string:
	name: GERRIT_PROJECT
	default: 'TF-A/trusted-firmware-a'
	description: \|
	TF-A Git project
	- string:
	name: GERRIT_BRANCH
	default: 'lts-v2.10'
	description: \|
	Git branch to release from (lts-v2.8, lts-v2.10, etc.)
	- bool:
	name: SANDBOX_RUN
	default: true
	description: \|
	Run sandbox simulation of a release. A tag will be created in
	separate "sandbox" namespace, and further actions like docs
	publishing or release email sending will be also sandboxed.
	Uncheck this only after running a simulation and verifying that
	everything is correct!
	wrappers:
	- credentials-binding:
	- ssh-user-private-key:
	credential-id: TFA_CI_BOT_USER_SSH_KEY
	key-file-variable: CI_BOT_KEY
	username-variable: CI_BOT_USERNAME
	passphrase-variable: ''
	- timestamps
	builders:
	- shell: \|
	#!/bin/bash
	set -ex
	env \| grep GERRIT
	echo SANDBOX_RUN=$SANDBOX_RUN
	git clone https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git
	git clone https://$GERRIT_HOST/$GERRIT_PROJECT
	DIR=$(basename $GERRIT_PROJECT)
	cd $DIR
	git checkout $GERRIT_BRANCH
	set +x
	nvm install
	set -x
	npm install --no-save standard-version
	#git tag

	echo "" >> readme.rst
	git config user.email "ci@trustedfirmware.org"
	git config user.name "Release CI"
	# Install Change-Id hook
	f="$(git rev-parse --git-dir)/hooks/commit-msg"; curl -o "$f" https://review.trustedfirmware.org/tools/hooks/commit-msg ; chmod +x "$f"

	if [ "$SANDBOX_RUN" == "true" ]; then
	git commit -a -s -m "fix(readme): dummy commit for sandbox release"
	fi

	python3 $WORKSPACE/tf-a-ci-scripts/lts/lts-mangle-change-log.py remove-prefix docs/change-log.md >docs/change-log.md.tmp
	mv docs/change-log.md.tmp docs/change-log.md
	npm run release -- --release-as patch --tag-prefix lts-v
	python3 $WORKSPACE/tf-a-ci-scripts/lts/lts-mangle-change-log.py add-prefix docs/change-log.md >docs/change-log.md.tmp
	mv docs/change-log.md.tmp docs/change-log.md

	RELEASE=$(grep release docs/conf.py \| sed -r -e 's/release = "(.*)"/\1/')

	git diff
	git commit -a -s -m "docs(changelog): changelog for lts-v${RELEASE} release"
	if [ "$SANDBOX_RUN" == "true" ]; then
	TAG="sandbox/lts-v${RELEASE}-$(date +%Y%m%dT%H%M)"
	else
	TAG="lts-v${RELEASE}"
	fi
	git tag $TAG

	mkdir -p ~/.ssh/
	ssh-keyscan -p 29418 $GERRIT_HOST >> ~/.ssh/known_hosts
	export GIT_SSH_COMMAND="ssh -i $CI_BOT_KEY -o 'PubkeyAcceptedKeyTypes +ssh-rsa'"

	#git push ssh://$CI_BOT_USERNAME@$GERRIT_HOST:29418/$GERRIT_PROJECT HEAD:refs/for/$GERRIT_BRANCH

	if [ "$SANDBOX_RUN" == "false" ]; then
	# Push to the LTS branch
	git push ssh://$CI_BOT_USERNAME@$GERRIT_HOST:29418/$GERRIT_PROJECT
	else
	# If it's sandbox run, we still need to push commit to some branch,
	# because otherwise the tag won't be visible in Gerrit (due to ACL
	# model Gerrit uses: it resolve tag to a branch it belongs to, then
	# checks ACLs on branch to see if a user has access to it; no branch
	# == problems).
	git push ssh://${CI_BOT_USERNAME}@${GERRIT_HOST}:29418/${GERRIT_PROJECT} HEAD:refs/heads/${TAG}-br
	fi
	# Push tag
	git push ssh://$CI_BOT_USERNAME@$GERRIT_HOST:29418/$GERRIT_PROJECT $TAG

	echo Release tag is created. Further processing happens in the job ${JENKINS_URL}job/tf-a-lts-release-tagged