diff --git a/charts/gerrit/values_overrides/default.yaml b/charts/gerrit/values_overrides/default.yaml index c6a5c0ba..5b75ffef 100644 --- a/charts/gerrit/values_overrides/default.yaml +++ b/charts/gerrit/values_overrides/default.yaml @@ -59,8 +59,11 @@ gerrit: accountBase = ou=Users,dc=jarvis,dc=local accountPattern = (&(objectClass=inetOrgPerson)(uid=${username})) accountFullName = ${cn} + accountScope = sub groupBase = ou=Groups,dc=jarvis,dc=local - groupMemberPattern = (member=${dn}) + groupScope = sub + groupPattern = (&(objectClass=groupOfUniqueNames)(cn=${groupname})) + groupMemberPattern = (&(objectClass=groupOfUniqueNames)(uniqueMember=${dn})) localUsernameToLowerCase = true [httpd] # If using an ingress use proxy-http or proxy-https @@ -92,4 +95,4 @@ gerrit: # [remote "replica"] # url = http://gerrit-replica.example.com/git/${name}.git # replicationDelay = 0 - # timeout = 30 \ No newline at end of file + # timeout = 30 diff --git a/charts/jarvis-project/templates/Job-project.yaml b/charts/jarvis-project/templates/Job-project.yaml index 81a6865d..bfcb5fa6 100644 --- a/charts/jarvis-project/templates/Job-project.yaml +++ b/charts/jarvis-project/templates/Job-project.yaml @@ -32,10 +32,15 @@ spec: key: gerrit-username - name: GERRIT_HOST value: {{ .Values.params.gerrit.host }} + - name: GERRIT_LDAP_CN + valueFrom: + secretKeyRef: + name: {{ template "helpers.labels.fullname" . }} + key: gerrit-ldap-group-cn - name: GERRIT_URL - value: "https://{{ .Values.params.gerrit.host }}" + value: {{ printf "https://%s" $.Values.params.gerrit.host | quote }} - name: HARBOR_URL - value: "https://{{ .Values.params.harbor.host }}" + value: {{ printf "https://%s" $.Values.params.harbor.host | quote }} - name: PROJECT_LDAP_DN valueFrom: secretKeyRef: @@ -50,26 +55,22 @@ spec: - sh - -cex - | + alias gerrit_ssh="ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null -p 29418 \ + -i /run/jarvis/secret/gerrit-ssh-key ${GERRIT_USERNAME}@${GERRIT_HOST} " + # Create gerrit repo ( \ - ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \ - -p 29418 \ - -i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \ + gerrit_ssh \ gerrit ls-projects -r "^$JARVIS_PROJECT_NAME\$" | grep -q "^${JARVIS_PROJECT_NAME}\$" \ && - ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \ - -p 29418 \ - -i /run/jarvis/secret/gerrit-ssh-key "${GERRIT_USERNAME}@${GERRIT_HOST}" \ + gerrit_ssh \ gerrit set-project-parent \ {{ if eq $.Values.config.ci.verify true }} --parent Verified-Label-Projects {{ else }} --parent Non-Verified-Label-Projects {{ end }} \ --children-of Non-Verified-Label-Projects \ ) \ || \ - ssh -oStrictHostKeyChecking=accept-new -oUserKnownHostsFile=/dev/null \ - -p 29418 \ - -i /run/jarvis/secret/gerrit-ssh-key ${GERRIT_USERNAME}@${GERRIT_HOST} \ - gerrit create-project "${JARVIS_PROJECT_NAME}" \ - --owner Administrators \ + gerrit_ssh gerrit create-project "${JARVIS_PROJECT_NAME}" \ + --owner Administrators --owner ldap/${GERRIT_LDAP_CN} \ {{ if eq $.Values.config.ci.verify true }} --parent Verified-Label-Projects {{ else }} --parent Non-Verified-Label-Projects {{ end }} \ --submit-type MERGE_IF_NECESSARY \ --empty-commit diff --git a/charts/jarvis-project/templates/Secret-project.yaml b/charts/jarvis-project/templates/Secret-project.yaml index 23545ecb..931fc023 100644 --- a/charts/jarvis-project/templates/Secret-project.yaml +++ b/charts/jarvis-project/templates/Secret-project.yaml @@ -11,6 +11,7 @@ data: gerrit-ssh-key: "{{ b64enc ( .Values.params.gerrit.ssh_key ) }}" harbor-project-ldap-dn: "{{ b64enc ( .Values.params.harbor.member_ldap_dn.project ) }}" harbor-staging-ldap-dn: "{{ b64enc ( .Values.params.harbor.member_ldap_dn.staging ) }}" + gerrit-ldap-group-cn: "{{ b64enc ( .Values.params.gerrit.ldap_group_cn ) }}" ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Secret-project" ) }} diff --git a/charts/jarvis-project/values.yaml b/charts/jarvis-project/values.yaml index dc98e7f8..85c0f345 100644 --- a/charts/jarvis-project/values.yaml +++ b/charts/jarvis-project/values.yaml @@ -24,6 +24,7 @@ params: password: "" ssh_key: "" host: gerrit.jarvis.local + ldap_group_cn: "" harbor: host: harbor-core.jarvis.local member_ldap_dn: diff --git a/charts/jarvis-system/templates/Secret-gerrit.yaml b/charts/jarvis-system/templates/Secret-gerrit.yaml index 4e1c2129..9d3e6474 100644 --- a/charts/jarvis-system/templates/Secret-gerrit.yaml +++ b/charts/jarvis-system/templates/Secret-gerrit.yaml @@ -8,6 +8,8 @@ metadata: data: gerrit-authfile: "{{ b64enc ( printf "%s:%s" .Values.params.gerrit.user .Values.params.gerrit.password ) }}" gerrit-netrc: "{{ b64enc ( printf "machine %s login %s password %s" "gerrit.jarvis.local" .Values.params.gerrit.user .Values.params.gerrit.password ) }}" + gerrit-user: "{{ b64enc (.Values.params.gerrit.user) }}" + gerrit-password: "{{ b64enc (.Values.params.gerrit.password) }}" ... {{- end -}} -{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Secret-gerrit" ) }} \ No newline at end of file +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Secret-gerrit" ) }} diff --git a/charts/jarvis-system/templates/Task-createProjectAccess.yaml b/charts/jarvis-system/templates/Task-createProjectAccess.yaml index 6c9a6ab0..35f81212 100644 --- a/charts/jarvis-system/templates/Task-createProjectAccess.yaml +++ b/charts/jarvis-system/templates/Task-createProjectAccess.yaml @@ -123,9 +123,8 @@ spec: - name: checkout-repo image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_git" ) }} script: | - #!/bin/sh - set -eu -o pipefail -x - + #!/bin/bash + set -ex # A change ref has the format refs/changes/X/Y/Z where X is # the last two digits of the change number, Y is the entire # change number, and Z is the patch set. For example, if @@ -134,7 +133,6 @@ spec: change_ref="refs/changes/$(echo "0$(params.changeNumber)" | awk '{ print substr( $0, length($0) - 1, length($0) ) }')/$(params.changeNumber)/$(params.patchSetNumber)" echo $change_ref - CHECKOUT_DIR="$(workspaces.output.path)" cleandir() { @@ -142,7 +140,7 @@ spec: # # We don't just "rm -rf $CHECKOUT_DIR" because $CHECKOUT_DIR might be "/" # or the root of a mounted volume. - if [[ -d "$CHECKOUT_DIR" ]] ; then + if [ -d "$CHECKOUT_DIR" ] ; then # Delete non-hidden files and directories rm -rf "$CHECKOUT_DIR"/* # Delete files and directories starting with . but excluding .. @@ -157,6 +155,10 @@ spec: git init git config http.sslVerify "false" git config advice.detachedHead "false" + set +x + git config credential.username $(kubectl -n {{ $.Release.Namespace }} get secret {{ template "helpers.labels.fullname" . }}-gerrit -o=json | jq -r '.data."gerrit-user"' | base64 -d) + git config credential.helper "!echo password=$(kubectl -n {{ $.Release.Namespace }} get secret {{ template "helpers.labels.fullname" . }}-gerrit -o=json | jq -r '.data."gerrit-password"' | base64 -d); echo" + set -x git fetch $(params.repoRoot)/$(params.project) $change_ref git checkout FETCH_HEAD diff --git a/charts/jarvis-system/values.yaml b/charts/jarvis-system/values.yaml index 1400adb2..254df8b0 100644 --- a/charts/jarvis-system/values.yaml +++ b/charts/jarvis-system/values.yaml @@ -9,9 +9,9 @@ images: name: attcomdev/jarvis-connector repo: quay.io task_git: - tag: v0.18.1 - name: tekton-releases/github.com/tektoncd/pipeline/cmd/git-init - repo: gcr.io + tag: "1.0" + name: standard-container + repo: docker.io task_create_namespace: tag: "1.0" name: standard-container diff --git a/tools/gate/jarvis/500-deploy-gerrit.sh b/tools/gate/jarvis/500-deploy-gerrit.sh index 85c2104d..815252d9 100755 --- a/tools/gate/jarvis/500-deploy-gerrit.sh +++ b/tools/gate/jarvis/500-deploy-gerrit.sh @@ -145,19 +145,19 @@ function gerrit_bootstrap() { streamEvents = group Service Users [access "refs/*"] read = group Administrators - read = group Anonymous Users + read = group Project Owners revert = group Registered Users [access "refs/for/*"] addPatchSet = group Registered Users [access "refs/for/refs/*"] - push = group Registered Users - pushMerge = group Registered Users + push = group Project Owners + pushMerge = group Project Owners [access "refs/heads/*"] create = group Administrators create = group Project Owners editTopicName = +force group Administrators editTopicName = +force group Project Owners - forgeAuthor = group Registered Users + forgeAuthor = group Project Owners forgeCommitter = group Administrators forgeCommitter = group Project Owners push = group Administrators diff --git a/tools/gate/jarvis/5G-SA-core/amf/jarvis/development-pipeline/templates/config_map.yaml b/tools/gate/jarvis/5G-SA-core/amf/jarvis/development-pipeline/templates/config_map.yaml index 8598c200..e6add461 100644 --- a/tools/gate/jarvis/5G-SA-core/amf/jarvis/development-pipeline/templates/config_map.yaml +++ b/tools/gate/jarvis/5G-SA-core/amf/jarvis/development-pipeline/templates/config_map.yaml @@ -5,26 +5,28 @@ metadata: data: cluster.json: | { - "namespace": "{{ $.Values.namespace }}", - "use_existing_cluster": "true" + "namespace": "{{ $.Values.namespace }}", + "use_existing_cluster": "true" } image.json: | [ { - "image_from": "harbor-core.jarvis.local/library/ubuntu:focal", - "build_from_source": true, - "image_name": "amf", - "project": "amf", - "repo": "amf", - "image_fullname": "amf/amf:1.0", - "path": "images/amf", - "namespace": "{{ $.Values.namespace }}", - "build": { + "image_from": "harbor-core.jarvis.local/library/ubuntu:focal", + "build_from_source": true, + "image_name": "amf", + "project": "amf", + "repo": "amf", + "image_fullname": "amf/amf:1.0", + "path": "images/amf", + "namespace": "{{ $.Values.namespace }}", + "build": { "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/amf", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" - } + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" + } } ] chart.json: | @@ -39,7 +41,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/amf", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" }, "namespace": "{{ $.Values.namespace }}", "release_name": "amf", @@ -88,5 +92,5 @@ data: } cleanup.json: | { - "remove_artifacts": "true" + "remove_artifacts": "true" } diff --git a/tools/gate/jarvis/5G-SA-core/ausf/jarvis/development-pipeline/templates/config_map.yaml b/tools/gate/jarvis/5G-SA-core/ausf/jarvis/development-pipeline/templates/config_map.yaml index 6d234e7b..90a333f7 100644 --- a/tools/gate/jarvis/5G-SA-core/ausf/jarvis/development-pipeline/templates/config_map.yaml +++ b/tools/gate/jarvis/5G-SA-core/ausf/jarvis/development-pipeline/templates/config_map.yaml @@ -23,7 +23,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/ausf", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" } } ] @@ -39,7 +41,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/ausf", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" }, "namespace": "{{ $.Values.namespace }}", "release_name": "ausf", diff --git a/tools/gate/jarvis/5G-SA-core/mongodb/jarvis/development-pipeline/templates/config_map.yaml b/tools/gate/jarvis/5G-SA-core/mongodb/jarvis/development-pipeline/templates/config_map.yaml index 542e474a..fe4f173d 100644 --- a/tools/gate/jarvis/5G-SA-core/mongodb/jarvis/development-pipeline/templates/config_map.yaml +++ b/tools/gate/jarvis/5G-SA-core/mongodb/jarvis/development-pipeline/templates/config_map.yaml @@ -20,7 +20,9 @@ data: "path": "", "build": { "git_repo": "docker.io/bitnami/mongodb-sharded", - "tag": "4.4.3-debian-10-r44" + "tag": "4.4.3-debian-10-r44", + "user": "", + "password": "" } } ] @@ -35,7 +37,9 @@ data: "build": { "name": "https://charts.bitnami.com/bitnami", "local_repo": "bitnami_mongodb", - "target_loc": "/src/fetch/charts" + "target_loc": "/src/fetch/charts", + "user": "jarvis", + "password": "password" }, "namespace": "{{ $.Values.namespace }}", "release_name": "mongodb-bitnami", diff --git a/tools/gate/jarvis/5G-SA-core/nrf/jarvis/development-pipeline/templates/config_map.yaml b/tools/gate/jarvis/5G-SA-core/nrf/jarvis/development-pipeline/templates/config_map.yaml index 80c07a70..165dfcc4 100644 --- a/tools/gate/jarvis/5G-SA-core/nrf/jarvis/development-pipeline/templates/config_map.yaml +++ b/tools/gate/jarvis/5G-SA-core/nrf/jarvis/development-pipeline/templates/config_map.yaml @@ -23,7 +23,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/nrf", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" } } ] @@ -39,7 +41,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/nrf", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" }, "namespace": "{{ $.Values.namespace }}", "release_name": "nrf", diff --git a/tools/gate/jarvis/5G-SA-core/pcf/jarvis/development-pipeline/templates/config_map.yaml b/tools/gate/jarvis/5G-SA-core/pcf/jarvis/development-pipeline/templates/config_map.yaml index 5db831d5..312f7079 100644 --- a/tools/gate/jarvis/5G-SA-core/pcf/jarvis/development-pipeline/templates/config_map.yaml +++ b/tools/gate/jarvis/5G-SA-core/pcf/jarvis/development-pipeline/templates/config_map.yaml @@ -23,7 +23,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/pcf", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" } } ] @@ -39,7 +41,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/pcf", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" }, "namespace": "{{ $.Values.namespace }}", "release_name": "pcf", diff --git a/tools/gate/jarvis/5G-SA-core/smf/jarvis/development-pipeline/templates/config_map.yaml b/tools/gate/jarvis/5G-SA-core/smf/jarvis/development-pipeline/templates/config_map.yaml index 7d2b8b08..eb819b24 100644 --- a/tools/gate/jarvis/5G-SA-core/smf/jarvis/development-pipeline/templates/config_map.yaml +++ b/tools/gate/jarvis/5G-SA-core/smf/jarvis/development-pipeline/templates/config_map.yaml @@ -23,7 +23,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/smf", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" } } ] @@ -39,7 +41,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/smf", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" }, "namespace": "{{ $.Values.namespace }}", "release_name": "smf", diff --git a/tools/gate/jarvis/5G-SA-core/udm/jarvis/development-pipeline/templates/config_map.yaml b/tools/gate/jarvis/5G-SA-core/udm/jarvis/development-pipeline/templates/config_map.yaml index 700c1a3f..b0808f77 100644 --- a/tools/gate/jarvis/5G-SA-core/udm/jarvis/development-pipeline/templates/config_map.yaml +++ b/tools/gate/jarvis/5G-SA-core/udm/jarvis/development-pipeline/templates/config_map.yaml @@ -23,7 +23,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/udm", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" } } ] @@ -39,7 +41,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/udm", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" }, "namespace": "{{ $.Values.namespace }}", "release_name": "udm", diff --git a/tools/gate/jarvis/5G-SA-core/udr/jarvis/development-pipeline/templates/config_map.yaml b/tools/gate/jarvis/5G-SA-core/udr/jarvis/development-pipeline/templates/config_map.yaml index a151fbc4..93b94d37 100644 --- a/tools/gate/jarvis/5G-SA-core/udr/jarvis/development-pipeline/templates/config_map.yaml +++ b/tools/gate/jarvis/5G-SA-core/udr/jarvis/development-pipeline/templates/config_map.yaml @@ -23,7 +23,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/udr", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" } }] chart.json: | @@ -38,7 +40,9 @@ data: "git_repo": "{{ $.Values.git_repo }}", "target_loc": "/src/checkout/udr", "refspec": "{{ $.Values.refspec }}", - "version": "refs/changes/*:refs/changes/*" + "version": "refs/changes/*:refs/changes/*", + "user": "jarvis", + "password": "password" }, "namespace": "{{ $.Values.namespace }}", "release_name": "udr", diff --git a/tools/gate/jarvis/800-deploy-jarvis-projects.sh b/tools/gate/jarvis/800-deploy-jarvis-projects.sh index a5466d10..484ac00b 100755 --- a/tools/gate/jarvis/800-deploy-jarvis-projects.sh +++ b/tools/gate/jarvis/800-deploy-jarvis-projects.sh @@ -17,7 +17,7 @@ EOF generate_gerrit_creds_override COUNTER=0 -for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth 1 -type d -printf '%f\n'`; do +for jarvis_project in $(find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth 1 -type d -printf '%f\n'); do # Half of Jarvis-Projects will be made with required CI, half will be made with optional CI to # offer examples to developers using Jarvis. if (( COUNTER % 2 )); @@ -37,6 +37,8 @@ params: member_ldap_dn: project: cn=${jarvis_project}-harbor-users-group,ou=Groups,dc=jarvis,dc=local staging: cn=${jarvis_project}-harbor-staging-users-group,ou=Groups,dc=jarvis,dc=local + gerrit: + ldap_group_cn: ${jarvis_project}-dev-users-group EOF # shellcheck disable=SC2046 @@ -76,7 +78,7 @@ EOF git add -A git commit -asm "Add project code and .gitreview file" git review - change_id=`git log -1 | grep Change-Id: | awk '{print $2}'` + change_id=$(git log -1 | grep Change-Id: | awk '{print $2}') popd sleep 180 if (( COUNTER == 0 )); @@ -88,13 +90,14 @@ EOF done voting_ci="false" -for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth 1 -type d -printf '%f\n'`; do +for jarvis_project in $(find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth 1 -type d -printf '%f\n'); do + echo "--- processing ${jarvis_project} with voting_ci = ${voting_ci}" # Check jarvis pipeline run end=$(date +%s) timeout="4000" end=$((end + timeout)) while true; do - result="$(curl -L https://gerrit.jarvis.local/changes/${CHANGE_ID_COUNTER}/revisions/1/checks | tail -1 | jq -r .[].state)" + result="$(curl -u jarvis:password -SsL https://gerrit.jarvis.local/a/changes/${CHANGE_ID_COUNTER}/revisions/1/checks | tail -1 | jq -r .[].state)" [ $result == "SUCCESSFUL" ] && break || true [ $result == "FAILED" ] && exit 1 || true sleep 25 @@ -111,7 +114,7 @@ for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth end=$((end + timeout)) while true; do # Check that Jarvis-System has reported the success of the pipeline run to Gerrit, by checking the value of the Verified label - VERIFIED="$(curl -L https://gerrit.jarvis.local/changes/${CHANGE_ID_COUNTER}/revisions/1/review/ | tail -1 | jq -r .labels.Verified.all[0].value)" + VERIFIED="$(curl -u jarvis:password -SsL https://gerrit.jarvis.local/a/changes/${CHANGE_ID_COUNTER}/revisions/1/review/ | tail -1 | jq -r .labels.Verified.all[0].value)" [ "$VERIFIED" == 1 ] && break || true sleep 5 now=$(date +%s) diff --git a/tools/gate/jarvis/standard-container/assets/playbooks/git-microflow.yaml b/tools/gate/jarvis/standard-container/assets/playbooks/git-microflow.yaml index 6ce1f224..fd1d3160 100644 --- a/tools/gate/jarvis/standard-container/assets/playbooks/git-microflow.yaml +++ b/tools/gate/jarvis/standard-container/assets/playbooks/git-microflow.yaml @@ -11,7 +11,7 @@ - name: Run git clone task include_tasks: ./roles/git/tasks/main.yaml - when: data.stdout_lines |length > 0 + when: data.stdout_lines | length > 0 loop: "{{ data.stdout_lines | map('from_json') | batch(clone_async_batch_size) | list }}" loop_control: loop_var: "repos" diff --git a/tools/gate/jarvis/standard-container/assets/playbooks/roles/git/tasks/main.yaml b/tools/gate/jarvis/standard-container/assets/playbooks/roles/git/tasks/main.yaml index 456f9122..ba139e9e 100644 --- a/tools/gate/jarvis/standard-container/assets/playbooks/roles/git/tasks/main.yaml +++ b/tools/gate/jarvis/standard-container/assets/playbooks/roles/git/tasks/main.yaml @@ -4,11 +4,13 @@ _delay: "{{ git_check_status_delay | default(3) }}" - name: Run async git clone - git: - repo: "{{ repo.build.git_repo }}" - dest: "{{ repo.build.target_loc }}" - version: "{{ repo.build.refspec }}" - refspec: "refs/changes/*:refs/changes/*" + shell: | + if [ -n "{{ repo.build.user | default("", true) }}" ] && [ -n "{{ repo.build.password | default("", true) }}" ]; then \ + git config --global credential.username {{ repo.build.user }} && git config --global credential.helper "!echo password={{ repo.build.password }}; echo"; \ + fi + git clone {{ repo.build.git_repo }} {{ repo.build.target_loc }}; + cd {{ repo.build.target_loc }}; + git pull {{ repo.build.git_repo }} {{ repo.build.refspec }}; async: "{{ _async }}" poll: 0 loop: "{{ repos }}"