opendev/system-config
Code Issues Proposed changes
system-config/modules/openstack_project/files/jenkins_job_builder/config/pypi-jobs.yaml
Clark Boylan d6b19ef205 Run pypi uploads more securely. 
To run pypi uploads more securely perform the `python setup.py sdist` on
a normal build slave, then copy the sdist to the pypi slave and perform
only the upload from that host.

Change-Id: Ie68d484ef6d129749186c792d0ced812ac25818b
Reviewed-on: https://review.openstack.org/16335
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
2012-11-19 18:45:20 +00:00

92 lines
1.8 KiB
YAML
Raw Blame History

- job-template:
name: '{name}-sdist-tarball'
node: precise
triggers:
- zuul-post
builders:
- gerrit-git-prep
- shell: |
#!/bin/bash -xe
BRANCH=$GERRIT_REFNAME
BRANCH_PATH=`echo $BRANCH | tr / -`
tox -v -evenv python setup.py sdist
cp dist/* dist/{name}-$BRANCH_PATH.tar.gz
publishers:
- tarball:
project: '{name}'
site: '{tarball-publisher-site}'
- console-log-post
- job-template:
name: '{name}-pypi'
node: pypi
triggers:
- zuul-post
builders:
- gerrit-git-prep
- shell: tox -v -evenv python setup.py sdist upload
publishers:
- tarball:
project: '{name}'
site: '{tarball-publisher-site}'
- job-template:
name: '{name}-pypi-sdist'
concurrent: false
block-downstream: true
node: precise
triggers:
- zuul-post
builders:
- gerrit-git-prep
- shell: tox -v -evenv python setup.py sdist
publishers:
- archive:
artifacts: 'dist/{name}*.tar.gz'
latest_only: true
- tarball:
project: '{name}'
site: '{tarball-publisher-site}'
- trigger:
project: '{name}-pypi-upload'
- console-log-post
- job-template:
name: '{name}-pypi-upload'
concurrent: false
node: pypi
builders:
- copyartifact:
project: '{name}-pypi'
filter: '{name}*.tar.gz'
- shell: |
/usr/local/jenkins/slave_scripts/pypi-upload.sh {name}
# Remove copied artifact
rm -rf {name}*.tar.gz
publishers:
- console-log-post
- job-group:
name: pypi-jobs
jobs:
- '{name}-docs'
- '{name}-sdist-tarball'
- '{name}-pypi'
- '{name}-pypi-sdist'
- '{name}-pypi-upload'
View Git Blame Copy Permalink